Introduction

Management of information should be a strategic concern in all organisations. They need information to function effectively and for decision-making. Increasingly, information has been recognised as an asset to be exploited as, for example, in intellectual property. This was first publicised in the KPMG report Information as an Asset: the board agenda (Hawley, 1995), confirmed through research (for example see Oppenheim,

Stenson and Wilson, 2002) and revived in 2019 through CILIP. Information law compliance takes place within broader information governance frameworks. Information governance refers to control of the use of information throughout its lifecycle from creation to preservation or destruction. The goal of information governance is to ensure the following:

• ◆ identification of information assets, their quality and their value to the organisation

• ◆ that the information is secure and is available and accessible however and whenever it is required and, at the same time, no unauthorised person can access it

• ◆ development, communication and implementation of policies and procedures for information management that address organisational goals, comply with all legal and regulatory frameworks and are responsive to change

• ◆ people within the organisation have the necessary knowledge, skills and authority to be aware of, and implement, appropriate policies and procedures.

Information governance frameworks

Information governance frameworks are concerned with the management of information in all its forms, information systems and information security, within the organisation. The scope of information governance frameworks also encompasses legal, regulatory and any external information that has an impact on the organisation's obligations. All staff involved in the creation, management, use and sharing of information should be covered by these frameworks, which set out policies and procedures and the rights and roles of staff, suppliers, users, customers and all other stakeholders.

Information governance frameworks should include a range of policies, recognising all aspects of information management and use. Such policies should include information, records and archives management; information systems and security; compliance with information-related laws, such as data protection, and copyright; and information sharing, including FoI in the case of public bodies. Staff training and development policies are also crucial to ensure policies are implemented correctly.