Page cover

1.5 IM Governance

When we talk about "governance" in Information Management (IM), we simply mean: the rules, roles, responsibilities, and processes that guide how information is handled across an organization or a program.

Without clear governance, IM systems can become inconsistent, unsafe, or ineffective. Good governance ensures that data is managed responsibly, ethically, and efficiently, supporting both programming needs and protection standards.

1.5.1 What is IM Governance?

IM Governance refers to the structures and guidelines that define:

  • Who is responsible for managing which types of information.

  • How information should be collected, stored, shared, and protected.

  • What standards, policies, and tools must be followed.

  • How compliance is monitored and improved over time.

Good IM governance provides clarity and accountability β€” it makes sure everyone knows their role when it comes to programme data.

1.5.2 Why IM Governance is Important

  • Protects Sensitive Information: Ensures data privacy, protection, and responsible use.

  • Improves Data Quality: Sets standards for consistency, validation, and updates.

  • Supports Decision-Making: Makes sure that quality data is accessible to the right people at the right time.

  • Reduces Risks: Prevents misuse of information, breaches of confidentiality, and reputational damage.

  • Promotes Efficiency and Transparency: Aligns everyone in the organization around clear information workflows.

In humanitarian contexts, where data often relates to vulnerable individuals, strong IM governance is also a matter of ethics and duty of care.

1.5.3 Key Elements of Basic IM Governance

When organizing IM governance, it helps to focus on a few practical building blocks:

Element
Purpose

Roles and Responsibilities

Define who collects, manages, verifies, and approves data.

Policies and Standards

Set clear rules for data protection, data sharing, storage, retention, and deletion.

Tools and Platforms

Identify and standardize which tools are authorized for data collection, storage, and visualization.

Data Quality Assurance

Create basic processes for reviewing and validating data regularly.

Access Controls

Ensure that sensitive information is only accessible to authorized users.

Monitoring and Compliance

Establish light but regular checks to ensure policies are followed and gaps are addressed.

1.5.4 Examples of Basic IM Governance Actions

  • Assigning an IM focal point for each project or office.

  • Developing a simple IM policy or integrating IM into existing MEAL or program policies.

  • Creating a data sharing protocol for internal and external partners.

  • Mapping data flows for each project (e.g., from collection to analysis, including tools, people, and handoff points)

  • Integrating IM responsibilities into staff ToRs and performance plans.

  • Establishing a user access control list for shared databases.

  • Agreeing on a standard file naming convention for programme documents.

  • Reviewing and validating partner data collection tools before deployment to ensure alignment with project needs and standards.

  • Creating an internal IM reference guide or SOP summarizing where and how data is stored, shared, and updated.

  • Defining retention and deletion rules for different data types

REFERENCES & FURTHER READINGS:

Last updated