• Paul Peter Nicolai

Planning the future of Information Governance

Accommodating workplace operations to coronavirus raises the question of implications for critical infrastructures like data security and information governance. Any business handling sensitive customer data must accommodate remote working challenges to data security requirements.


While the global pandemic has put information management capabilities to the test, in many cases, prior investments in disaster recovery and business continuity planning and the infrastructure required for agile working have paid off.


Many have been able to adapt reasonably well to remote working under the circumstances without a significant impact on service delivery. There are critical areas where gaps have shown a need for policies and procedures actions to minimize security risks. These include:

  • Availability of laptops, monitors, peripherals and other remote working equipment for all staff

  • Secure remote access to documents in managed information repositories for all employees in compliance with policies

  • Defense against cyberattacks and an increase in COVID-19-related phishing scams.

  • Adoption of electronic signatures and notarization

  • Adoption of secure document scanning apps on employee smartphones

  • Use of image-on-demand services to retrieve paper-based records

  • Migration from paper-based billing to a digital invoicing

  • Collaborative review of certain types of documents

  • Consistency of application delivery across all platforms

For ISO certified operations, changes to internal processes must be made such that continued compliance with information security standards and regulatory requirements is ensured. There should be attention to where employees are storing data, and whether paper files are being properly secured or disposed of in home offices.


Actions should be undertaken to ensure that progress made in adopting good remote working practices not be lost when things return to normal. Companies are learning new things about their day-to-day business operations and should make decisions about how best to invest in preparations for future business interruptions.

There should also be consideration as to what IT direction changes should be applied or accelerated.

  • What is the future of desktop units versus laptops or notebooks

  • Training on the nuances of remote access and remote application use. More formal disaster recovery processes and procedures.

  • Digitizing remaining paper-based processes.

  • Requiring all processes to be accessible regardless of location.

  • Accelerate the implementation of and compliance with retention and destruction policies including remote work location issues.

Transition to a fully digital, remote-capable work environment, if possible, goes beyond setting up laptops and VPNs. For some, culture and behavior must be addressed. Some staffers find operations are more difficult when the team is no longer within shouting distance.


There are modern technology that allow:

  • Centralized management of multiple information repositories – including electronic documents and physical records— with an integrated view via a secure web-based systems

  • Automating classification of documents and assignment of the correct retention policies

  • Enforcement of retention policies by identifying physical and electronic records due for disposition and managing workflows for review, approval, and destruction

  • Reducing the volume of physical records stored and transition to a paperless or paper-lite environment

  • Ensuring compliance with regulatory and client requirements and capture an audit trail of all activity