Latest CGOC Information Governance Process Maturity Model Details How to Reduce Cost and Risk in the Age of Massive Data Stores

Share Article

Helps mature key processes related to global privacy compliance, data quality assurance, data leakage and theft, and more.

Improving Information Economics and Defensible Disposal of Unnecessary Data

“Information governance is critical for good corporate governance, and IG is now a business imperative,” said Anthony Diana, Partner at Reed Smith.

The CGOC (Compliance, Governance and Oversight Council) today announced the release of a major update to its Information Governance Process Maturity Model (IGPMM). The CGOC was established more than a decade ago to advance IG practices through research, thought leadership and peer-developed content. The IGPMM is a guide to maturing information governance (IG) processes, improving information economics, and enabling the defensible disposal of data debris. Practitioners have used the Maturity Model to benchmark their organizations’ IG programs against best practices, enabling them to build a step-by-step roadmap for reducing cost and risk.

“Information governance is critical for good corporate governance, and IG is now a business imperative,” said Anthony Diana, Partner at Reed Smith. “The hardest part of an IG program is getting started, and the CGOC Maturity Model provides the structure on which to build an effective IG program.”

In the age of big data, enterprises face unprecedented information management challenges, including managing data privacy in multi-jurisdictional environments, minimizing risks associated with data breaches, reducing data storage costs, and ensuring data used for analytics is accurate, up-to-date and appropriate. In response, organizations are prioritizing efforts to mature their IG processes, properly tier lower-value information, and eliminate data debris. The IGPMM is the comprehensive guide to making this happen by detailing best practices for 22 key processes related to Legal, Records Information Management (RIM), IT, Privacy & Security, and lines of business.

“Our updated Maturity Model reflects the changing realities our members confront as they seek to protect their organizations and control exploding data costs,” said Heidi Maher, CGOC Executive Director “Information value declines over time, but management costs remain constant, and eDiscovery costs and the risk of breaches actually increase. Today, Legal, RIM, IT, Security, Privacy, and business users all have a vital stake in working together to ensure regulatory compliance.” Added Eckhard Herych of Swiss-based Halfmann Goetsch Partners, “Thanks to this tool, major pharmaceutical companies I’ve worked with, including Novartis, were able to lower their information costs and risks, while enabling business users to find the information they need more easily.”

Updated by Heidi Maher, Executive Director, and Jake Frazier, Faculty Chair, of the CGOC, the latest release of the guide includes the following:

2017 CGOC Information Governance Process Maturity Model

  • The Privacy and Data Protection Obligations section now reflects evolving data privacy concerns, including the impact of the GDPR.
  • A new cost lever, Data Security: Cost Reduction through Process Maturity, helps organizations measure the impact process improvements can have on the per capita cost of a data breach.
  • The Cloud Computing process ensures IG safeguards are applied to non-traditional procurement and provisioning channels such as cloud services.
  • The Data Quality and Data Lineage processes focus on ensuring data is accurate and fit to serve its intended business or compliance purpose.

Three additional processes relate to data security best practices:

  • External Intrusion focuses on creating a framework for deterring, thwarting and identifying external bad actors.
  • Accidental Data Leakage focuses on developing safeguards around classifying confidential information and preventing it from leaving via the network or employee devices.
  • Insider Theft of Data focuses on preventing employees from stealing information assets.

To download the CGOC Information Governance Process Maturity Model, visit the CGOC website at

About CGOC (Compliance, Governance and Oversight Council)
CGOC (Compliance, Governance and Oversight Council) is a forum of over 3,400 legal, IT, privacy, security, records and information management professionals from corporations and government agencies. CGOC publishes reference guides and articles and conducts primary research. Its Benchmark Reports have been cited in numerous legal opinions and briefs and its ILG Leaders Guide has been widely referenced and adopted by organizations. CGOC has been advancing governance practices and driving thought leadership since 2004. For more information go to

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Maria Bradley
+1 415-509-0498
Email >
Visit website