You may be calling it a data governance policy or an information management policy, but whatever you call it, the policy remains critical to helping your organisation achieve its strategic objectives. Data is the fuel that keeps your organisations moving. Whether it’s the confidential information of your suppliers and contractors, publically available information, or the personal information of your customers, the one underlying fact is that information has great value to your organisation. Having a data governance policy in place shows that your organisation appreciates the value of information, and is a useful tool for extracting the value out of that information.
A Data Governance Policy under King IV
As many organisations transition from King III to King IV, their governing bodies realise that they need to have data governance policies as part of implementing King IV. A good data governance policy allows your organisation’s governing body to set the direction for how management, and the rest of the people in the organisation, will handle information when carrying out their functions. King IV places the responsibility on the governing body to create a culture in the organisation where not only information but technology as well, are part of that organisation’s intellectual capital and are handled in a way that creates value for the organisation.
In order to create the value, King asks the governing body of your organisation to use information in a way that takes advantage of opportunities, manages risks (data breaches, for example), grows the organisation, and benefits society. You should, therefore, look at this policy as something that, at a high-level, sets the direction across the organisation for how you’ll achieve those different outcomes. Importantly, though, the policy cannot be a substitute for other more specific and detailed policies and procedures on each issue. Your organisation should still have separate policies that address the related issues fully.
What does the policy cover?
A data governance policy usually covers the following information-related issues:
- classification – principles that help determine who is responsible for caring for particular categories of information like your customers’ personal information, for example.
- conversion – principles for converting information from one format to another, such as digitising hard copy records into an electronic system.
- custodianship – principles for determining who is responsible for caring for particular categories of information,
- disposal – principles for dispossessing and destroying information.
- outsourcing – principles for outsourcing services involving information to suppliers.
- migration – principles for migrating information from one set of equipment and infrastructure to another, such as moving from an on-premise to a cloud solution.
- retention – principles for retaining information, including record types, storage mechanisms, and types of retention period (but not the actual retention periods themselves which need to be set out in a separate document).
- security – principles for securing information against unauthorised access or interaction (such as in an information security law context).
- sharing – principles for sending information to third parties and receiving it from them.
Actions you can take
- Govern your organisation’s data effectively and strategically by asking us to draft or review your data governance policy.
- Empower yourself with knowledge by asking us about the differences between King III and King IV.
- Gain the tools and more insight to help you transition from King III to King IV by attending our 2-hour Practical King IV Workshop on IT and Compliance Governance.
- Find out more about King IV by reading our King IV summary.
- Protect your intellectual property by instructing us to conduct an Intellectual Property Audit for you.
If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.