Information Governance: Roles, Responsibilities, and Key Processes

Information governance is a program that implements decision‑making authority and support mechanisms to ensure the accuracy, completeness, consistency, accessibility, and security of enterprise information.

To maintain information governance, several roles must be defined and established within the business (not just IT). These three key roles are:

Data Governance Committee.

Data Steward.

Data Custodian.

At the highest level, the governance committee creates policies, the steward enforces policies/rules, and the custodian carries out all execution activities that cause data changes in the company’s systems.

Information governance must include an organizational component that focuses on data fidelity through overall data‑quality assessment and improvement, and assigns responsibility for data‑quality assurance to specific individuals. It also addresses data retention/disposal, security, privacy, and standards requirements. An organization’s information‑governance program can address all of these aspects or a subset, with many starting by focusing on data quality.

The scope, including which aspects of information governance and which data assets will be handled, is usually defined by the Data Governance Committee, which consists of business‑side stakeholders from across the organization who share decision‑making authority over policy and scope. The IT organization often facilitates interaction with the committee and provides input on technical opportunities and impacts.

Organizations can focus on data quality, master data consistency, or start with “dynamic” data. The location of data (on‑premises or cloud) is irrelevant; the principles of data governance and management remain consistent.

Main Responsibilities of the Data Steward

The primary responsibilities of a Data Steward include:

Assessing the current state of data fidelity, security, privacy, and retention within their scope.

Executing activities to achieve data‑fidelity improvement goals and comply with all other data‑governance policies.

Identifying the best methods to resolve data‑quality or consistency issues to meet objectives.

Working both within and outside their direct domain to implement changes that support data‑governance policy adoption.

Monitoring and tracking ongoing data‑fidelity (e.g., quality and consistency) levels and other metrics to evaluate compliance with data‑governance strategies.

Reporting to the Data Governance Committee when cross‑domain or cross‑functional data stewardship is needed, acting individually or as a team of stewards.

Key Programs and Processes in Information Governance

Define data‑governance metrics and conduct audits to benchmark data quality, retention, security, etc., and their impact on expected business outcomes.

Regularly publish data‑governance metrics through standard reporting mechanisms (e.g., data‑quality scorecards or dashboards).

Collaborate with business leadership (key business managers, department heads, executive teams) to quantify and clarify the business impact of policy violations.

Report and support policies authorized and signed by the Data Governance Committee.

Follow prescribed data‑fidelity methods to execute data‑quality improvement projects.

Actively participate in the design and deployment of applications and data‑integration processes to ensure standards, controls, and high‑quality data implementation per governance policies.

Promote successes, preferably in quantifiable business‑benefit terms, to further engage participants at all organizational levels.

Relationship Between Information Governance, Corporate Governance, and IT Governance

The overall goal of good governance is to increase the speed and effectiveness of decision‑making and processes, maximize the value created from information, and reduce costs and risks. Information governance is a subset of corporate governance and should not be viewed merely as a part of “IT governance,” because that view reinforces the misconception that information is solely an IT responsibility.

Information governance involves business stakeholders directly; many data elements are not under IT control, and effective governance requires their participation.

Below is a diagram showing the relationship among corporate governance, information governance, and business planning.

Governance Decisions

Effective governance narrows focus to aspects of the business that are important for risk, efficiency, or value. A successful Enterprise Information Management (EIM) project identifies the most valuable information and concentrates on it rather than attempting to control everything.

Figure 2 illustrates information‑governance components from a business‑decision perspective.

All organizations, regardless of size, have a vast potential information space to manage. By narrowing the focus, organizations can make progress. Selecting focus areas helps limit project scope to a manageable size. Typical focus areas include:

Business strategy and alignment – overall consistency of business and information goals, priority setting, and conflict resolution.

IT architecture, standards, and integration – information, metadata, storage, transmission, and system standards.

Data or information quality – standards, measurement, and maintenance of data quality.

Data or information access – sources, access rights, permissions, and usage.

Reporting – regular assessment of the availability and quality of information sources for business decisions.

Security and privacy – planning, controls, and response to security and privacy requirements.

Legal and regulatory compliance – planning, controls, and response to information‑risk factors and legal/ regulatory requirements for retention and disposal.

Some focus areas are best addressed by business lines (e.g., quality, privacy). Treating them solely as IT concerns limits business participation and reduces governance success. In many cases, a combination of business and IT expertise is required, especially for security, where risk identification is a business task but control implementation is an IT task.