Information Governance Checklist for Enterprise Collaboration

During the time of COVID-19 and mandated remote work, leaders are working hard to give their organizations the best tools to maximize employee productivity. However, unplanned remote work can expose your organization to unnecessary risk.

The need for collaboration and information sharing is driving an unprecedented shift towards digital collaboration tools. Many organizations are fast-tracking the adoption of tools like Microsoft Teams, Slack, Yammer and Workplace from Facebook in an effort to enable a newly remote workforce. In fact, Aware's research shows that message volume in collaboration platforms are up 57% since the beginning of March. 

The data that flows through tools like Slack, Microsoft Teams, Workplace from Meta (formerly Facebook) and Yammer is unique; it is chatty, persistent and often unstructured in nature. The conversations contain many different types of communication—from daily pleasantries to the sharing of classified or sensitive data.

Start minimizing risk by sanctioning specific tools for employees to use. This limits the instances of shadow IT and allows leaders visibility into the data passing through their digital workplace.

Organizations need to make sure to pair these sanctioned tools with technology that offers a searchable archive, retention capabilities, compliance adherence, and the ability to hold data of interest. This is especially vital for organizations that must comply with the GDPR and CCPA, as well as with industry regulations like HIPAA or PCI.

Work through this checklist with your team to successfully create a holistic information governance strategy:

Need to save this list for later?
Send a PDF version straight to your inbox.

Information Governance Checklist for Enterprise Collaboration Tools

Define Data Access

• Involve the right stakeholders. The list often includes the collaboration platform owner, infosecurity, compliance and legal leaders.
  
  
• Define levels of access for communication data: Who can adjust records retention policies? Who can search and extract public or private messages? Who is in charge of data loss prevention management?

Reduce Shadow IT

• Understand where employees are collaborating. Be sure to consider both endorsed and shadow solutions.
  
  
• Define endorsed tools based on employee needs and the organization's ability to implement securely and quickly.
  
  
• Create (or modify existing) acceptable use policies for any newly sanctioned tools.
• Proactively communicate endorsed tools and policies to employees.

Information Governance & Enrichment Strategy

• Assess the organization's ability to handle the unique characteristics of collaboration data, including edits, deletions, private messages/hidden conversations, as well as files and attachments.
• Understand where collaboration data is stored (including any data backups or archives).
• Define how your organization’s records management policy applies to public and private communications, as well as direct chat in the digital workplace.
• Identify your ability to set dynamic retention policies that align with your records management policies, while also preserving important business context. Confirm your ability to purge data from the collaboration platform and any corresponding archives.
• Consider data enrichment technologies that apply metadata to messages for easy searchability, as appropriate for collaboration conversations. Applicable metadata could include modifications, deletions, message has attachment (define type) and includes images. Also consider additional AI/ML metadata.

Prevent Loss of Sensitive Data

• Outline your current sensitive data policies and how this applies to your digital workplace.
• Define how you identify and respond to instances of sensitive data sharing in your digital workplace (this often takes the form of content moderation or monitoring). Don't forget to consider instances of edited and deleted messages.

Regulatory & Compliance Obligations

• Outline procedures to satisfy Data Subject Access Requests, as outlined by Article 15 of the GDPR.
• Outline procedures to satisfy additional privacy requests, as outlined by the GDPR and CCPA, such as the right to be forgotten.
• Identify a rules-based solution to find and remove accidental sharing of PHI/PII/PCI and other confidential information, in order to comply with regulations like HIPAA, FINRA and others.

Streamline Legal and eDiscovery Workflows

• Review the Electronic Discovery Reference Model (EDRM) framework to understand the standards for discovery for electronically stored information.
• Identify a solution to create an immutable archive of conversation content, including context, that preserves edits and deletions.
• Develop a strategy to create and release legal holds, across all endorsed collaboration platforms.
• Assess efficient eDiscovery options to quickly filter through conversation data. Consider the ability to look for @ mentions, as well as the ability to export messages and message context.
• Understand your ability to leverage topics and big-data analysis to surface case analytics, participants and/or groups

Discover a unified front for enterprise collaboration compliance with Aware's information management solution.

Need to save this list for later?
Send a PDF version straight to your inbox.