5 Steps Good Governance
5 Steps to Good Governance How Self-Governing Documents Can Simplify Governance
5 STEPS TO GOOD GOVERNANCE
Let’s be honest – information governance is probably not your favorite thing. Which is exactly why it should be done efficiently and seamlessly, so that employees can focus on more exciting goals — innovative, business-growing goals.
5 STEPS TO GOOD GOVERNANCE / STEP 1
STEP 1
Decide that you won’t let it slide
Reason for not dealing with governance:
A very good reason to deal with it:
“Legacy tools are complicated and costly to maintain.”
Create a seamless system of record without interrupting workflow. • No paper boxes • Centralized solution
There are plenty of reasons why companies avoid dealing with information governance. And plenty of good reasons why they should. Modern, centralized, cloud-based content-
“Our employees should focus on growing the business, not dealing with compliance issues.”
Prevent unsanctioned sharing.
“It’s difficult to manage the different types of content across devices and platforms.”
Reduce liabilities and risk.
management solutions — with self-governing
• 1 in 4 employees upload sensitive data to the cloud • 1 in 3 files is shared with someone beyond the owner
documents — can make compliance more intuitive for employees, and allow for secure collaboration. Put simply: When compliance is easier, it actually happens.
• $18K eDiscovery costs for 1GB Data1 • $176.3M levied fines from FINRA in 20162 • $83K average cost for regulatory compliance for small business in the first year3
1. Gartner, 2016 2. FINRA 3. 2017 NSBA Small Business Regulations Survey
5 STEPS TO GOOD GOVERNANCE / STEP 2
STEP 2
Get all stakeholders on board It’s a good idea to assign one person to take the lead on information governance for your organization. But you will likely need buy-in from several executives in your organization, each with their own interest and requirements.
Compliance Managers
Legal Team
IT and Security
End users
Track the most important regulations and internal policies for document compliance and retention.
Monitor requirements for defensible discovery to minimize costs and legal risk.
Confirm security classification level and other requirements for protecting sensitive documents.
Preserve their ability to get work done without friction from security, governance, and compliance requirements.
5 STEPS TO GOOD GOVERNANCE / STEP 3
STEP 3
Determine which content can be self-governing Self-governing documents protect sensitive content by automatically following the intelligent policies you set. You can customize policies with specific levels of classification, time periods for retention and deletion, rules for external sharing, legal holds and more. Here’s a handy checklist for customizing your content governance policies.
Classification levels Choose from multiple levels, each associated with a specific security policy.
eDiscovery support Implement legal holds to preserve content during eDiscovery, and maintain audit trails of employees’ content changes.
Retention policies Determine a specified time period to retain content, and set actions to delete content after retention period.
Device security Require device encryption to access content, restrict access to corporate-owned devices, and control access to mobile content.
Deletion policies Determine who can permanently delete items from trash, and set automatic email archive of user activities.
Compliance policy Configure policies to comply with regulations for your industry, including FINRA and SEC 17a-4 for financial services and HIPAA for healthcare.
Document access Define sharing policies with collaboration whitelists and blacklists.
5 STEPS TO GOOD GOVERNANCE / STEP 4
STEP 4:
Keep it simple
Here’s how forward-thinking companies keep governance simple, and seamless: Self-Governing Documents They make retention simple for users and administrators. There’s no need to migrate files to a separate retention repository/system. Your retention
“Simplicity” is a perfectly valid information governance strategy. In fact, simple and secure file sharing is what allows your employees to focus on your business goals, whether it’s onboarding
policy simply follows each document— even if a user accidentally moves it to
“
Box Governance provides a nice simple DLP (Data Loss Prevention) solution. It allows us to whitelist and blacklist domains which is incredibly helpful from a collaboration standpoint. — Paul Falor, CIO, North Highland Consulting
a different location. Defensible Discovery Legal holds go into effect without any impact on the users, and without any action required from them.
new customers or bringing
Classification Cues
breakthrough innovation to
Employees are reminded of their
market.
document’s sensitive data through visual cues. If a file meets a specific confidentiality threshold, its external sharing is blocked automatically— taking the burden off the user.
“
As an insurance company, we handle a lot of sensitive information. We’re impressed that security classification lets us classify sensitive files at scale, and safeguard them with sharing policies that educate our users. — Jon Wooten, IT Manager, Engle Martin & Associates
5 STEPS TO GOOD GOVERNANCE / STEP 5
STEP 5
Talk to us Cloud Content Management with Box is the simple and secure way to modernize your IT infrastructure, bringing all of your people, information and applications together to transform how you work. From bakeries to 60% of the Fortune 500, Box powers more than 71,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP. To learn more about Box visit www.box.com and Box Governance solutions or call us at 1.877.729.4269.
5 STEPS TO GOOD GOVERNANCE
Let’s be honest – information governance is probably not your favorite thing. Which is exactly why it should be done efficiently and seamlessly, so that employees can focus on more exciting goals — innovative, business-growing goals.
5 STEPS TO GOOD GOVERNANCE / STEP 1
STEP 1
Decide that you won’t let it slide
Reason for not dealing with governance:
A very good reason to deal with it:
“Legacy tools are complicated and costly to maintain.”
Create a seamless system of record without interrupting workflow. • No paper boxes • Centralized solution
There are plenty of reasons why companies avoid dealing with information governance. And plenty of good reasons why they should. Modern, centralized, cloud-based content-
“Our employees should focus on growing the business, not dealing with compliance issues.”
Prevent unsanctioned sharing.
“It’s difficult to manage the different types of content across devices and platforms.”
Reduce liabilities and risk.
management solutions — with self-governing
• 1 in 4 employees upload sensitive data to the cloud • 1 in 3 files is shared with someone beyond the owner
documents — can make compliance more intuitive for employees, and allow for secure collaboration. Put simply: When compliance is easier, it actually happens.
• $18K eDiscovery costs for 1GB Data1 • $176.3M levied fines from FINRA in 20162 • $83K average cost for regulatory compliance for small business in the first year3
1. Gartner, 2016 2. FINRA 3. 2017 NSBA Small Business Regulations Survey
5 STEPS TO GOOD GOVERNANCE / STEP 2
STEP 2
Get all stakeholders on board It’s a good idea to assign one person to take the lead on information governance for your organization. But you will likely need buy-in from several executives in your organization, each with their own interest and requirements.
Compliance Managers
Legal Team
IT and Security
End users
Track the most important regulations and internal policies for document compliance and retention.
Monitor requirements for defensible discovery to minimize costs and legal risk.
Confirm security classification level and other requirements for protecting sensitive documents.
Preserve their ability to get work done without friction from security, governance, and compliance requirements.
5 STEPS TO GOOD GOVERNANCE / STEP 3
STEP 3
Determine which content can be self-governing Self-governing documents protect sensitive content by automatically following the intelligent policies you set. You can customize policies with specific levels of classification, time periods for retention and deletion, rules for external sharing, legal holds and more. Here’s a handy checklist for customizing your content governance policies.
Classification levels Choose from multiple levels, each associated with a specific security policy.
eDiscovery support Implement legal holds to preserve content during eDiscovery, and maintain audit trails of employees’ content changes.
Retention policies Determine a specified time period to retain content, and set actions to delete content after retention period.
Device security Require device encryption to access content, restrict access to corporate-owned devices, and control access to mobile content.
Deletion policies Determine who can permanently delete items from trash, and set automatic email archive of user activities.
Compliance policy Configure policies to comply with regulations for your industry, including FINRA and SEC 17a-4 for financial services and HIPAA for healthcare.
Document access Define sharing policies with collaboration whitelists and blacklists.
5 STEPS TO GOOD GOVERNANCE / STEP 4
STEP 4:
Keep it simple
Here’s how forward-thinking companies keep governance simple, and seamless: Self-Governing Documents They make retention simple for users and administrators. There’s no need to migrate files to a separate retention repository/system. Your retention
“Simplicity” is a perfectly valid information governance strategy. In fact, simple and secure file sharing is what allows your employees to focus on your business goals, whether it’s onboarding
policy simply follows each document— even if a user accidentally moves it to
“
Box Governance provides a nice simple DLP (Data Loss Prevention) solution. It allows us to whitelist and blacklist domains which is incredibly helpful from a collaboration standpoint. — Paul Falor, CIO, North Highland Consulting
a different location. Defensible Discovery Legal holds go into effect without any impact on the users, and without any action required from them.
new customers or bringing
Classification Cues
breakthrough innovation to
Employees are reminded of their
market.
document’s sensitive data through visual cues. If a file meets a specific confidentiality threshold, its external sharing is blocked automatically— taking the burden off the user.
“
As an insurance company, we handle a lot of sensitive information. We’re impressed that security classification lets us classify sensitive files at scale, and safeguard them with sharing policies that educate our users. — Jon Wooten, IT Manager, Engle Martin & Associates
5 STEPS TO GOOD GOVERNANCE / STEP 5
STEP 5
Talk to us Cloud Content Management with Box is the simple and secure way to modernize your IT infrastructure, bringing all of your people, information and applications together to transform how you work. From bakeries to 60% of the Fortune 500, Box powers more than 71,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP. To learn more about Box visit www.box.com and Box Governance solutions or call us at 1.877.729.4269.
