Information governance stakeholder management is a critical factor in determining whether IG initiatives thrive or fail. In the pages of IG history, two initiatives stand side-by-side as a study in contrast.
One has become rooted in organizational culture. Well-vetted and highly operationalized, it is enthusiastically supported at all levels. The other barely exists beyond its dust-covered charter. Its policies and procedures are scattered among the ROT (redundant, obsolete, trivial) data in which they lie. Some question whether these policies were even formally approved. And the mere thought of an audit causes program owners to cringe.
Why do some IG initiatives succeed while others fail? Perhaps the reason lies in how well their founders understand stakeholder management.
Why Information Governance Stakeholder Management Matters
IT, legal, risk, compliance, privacy, security, impacted business units, and information asset vendors form the essential lineup of stakeholders in any IG initiative. The IG professional is the coach who must ensure this diverse team performs well together on heavy issues like how to simultaneously respect each other’s often divergent interests while ensuring information assets are put to their highest and best use. There’s also the essential task of managing for risk and compliance.
It’s a weighty undertaking, and stakeholder coordination and collaboration can easily consume the IG professional. But get stakeholder management right, and your IG program stands a much better chance of reaching enduring success.
The IG professional must correctly identify each stakeholder and their interest relevant to their IG program. To do this, whether for the first time or when updating your stakeholder inventory, it can be helpful to think of each stakeholder as belonging to one of four categories:
- Approval: Those whose formal endorsement is required for all or any portion of your initiative.
- Support: Those who control the resources you’ll need.
- Consult: Those whose advice or expertise will shape your approach, whether immediately or in the long term.
- Inform: Those who should be kept in the loop, even if they’re not directly involved.
Approve, Support, Consult, Inform: ASCI, for short.
Categorizing stakeholders under this approach can lead to a more comprehensive and intentional IG strategy. It helps IG professionals avoid common pitfalls like overlooking key voices and reducing risks related to program resistance or conflicting expectations.
Let’s break down each category:
Those from Whom You Need Approval
These are your decision-makers, such as the executives or governing bodies whose formal backing is essential to move your initiative forward.
Examples:
- The C-suite (especially the CIO, CISO, and legal department)
- Governance committees
- Budget and finance officers
Strategy: When approaching “approval stakeholders,” be sure to present a compelling business case that lines up IG goals with organizational priorities like risk reduction, compliance, and operational efficiency. Use metrics and communicate in a language they’ll understand, such as describing things in terms of ROI, quantifying risk reduction, and specifically identifying cost savings.
Those from Whom You Need Support
“Support stakeholders” are your active bench of players; your operational decision makers. For example, if you’re adjusting a retention period, these are your authorizers. They may not have the authority to approve your initiative, but their active involvement and advocacy are crucial. They help implement and sustain the program.
Examples:
- Department heads from impacted business units
- IT, security, and privacy teams
- Records managers and data stewards
- Outside stakeholders like information asset vendors.
Strategy: Approach them early, listen to their concerns, and show how your IG initiative supports their goals. Empower them as agents of change. Also establish a streamlined process for policy and other IG updates. Their buy-in often determines whether the initiative gains traction or flounders.
Those You Should Consult
These individuals have valuable insights, experience, and technical knowledge that can shape your initiative’s success. While “consulting stakeholders” may not be directly involved in your initiative, their input can provide you with critical perceptions.
Examples:
- Frontline employees
- Legal and risk advisors
- External consultants
Strategy: Create structured feedback opportunities like interviews, workshops, and pilot programs. Make their input visible. Consultation builds trust.
Those You Need to Keep Informed
These are stakeholders who don’t need to be involved in decision-making or implementation but still should be kept up to date of your IG initiative’s goings on. Keeping them informed helps ease frictions, avoid resistance, issue spot, and manage risk.
Examples:
- Some customers.
- Marketing and public relations.
- Anyone else not already involved as a stakeholder who might influence perception and adoption, or champion your initiative from the sidelines.
Strategy: Use clear, concise communication to explain what’s happening, why it matters, and how it will affect the organization. Transparency builds credibility and helps prevent confusion or misinformation.
Final Thoughts
No one factor determines the success or failure of an IG initiative. But using the ASCI method as part of your stakeholder management can help ensure you haven’t left anyone out and are engaging the right people in the right way. It is a simple step that can be critical to building IG program momentum and long-term sustainability.
Also, as your IG initiative grows, don’t forget the importance of maintaining stakeholder relationships across personnel and organizational disruptions. Organizations change, roles change, priorities shift, and people move on. Throughout this turbulence, the IG professional must ensure information governance stakeholder management engagement continuity. In an uneven landscape, the IG professional who maintains this flow across their stakeholder team helps ensure their IG program will endure.
Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.