Information governance only works when someone is accountable for it. Many organizations have policies on paper that no one owns, enforces, or updates. A real program is defined by its structure — who decides, who acts, and who answers for the results.
Start with executive sponsorship
Information governance crosses departmental lines — records, legal, IT, security, privacy, and the business. Without senior sponsorship, no single department can compel the others to align. An executive sponsor gives the program authority, resolves cross-functional disputes, and signals that governance is a priority rather than an afterthought.
Establish a cross-functional body
Most mature programs create an information governance committee (or steering group) that brings the stakeholders together. Typical members include:
- Records management — retention and disposition expertise
- Legal — litigation holds, e-discovery, regulatory obligations
- IT — systems, storage, and technical implementation
- Information security — protecting information assets
- Privacy — personal-data obligations
- Business units — the people who create and use the information
This body sets policy, prioritizes initiatives, and adjudicates the trade-offs that inevitably arise between, say, keeping data for analytics and disposing of it to reduce risk.
Define clear roles
Beyond the committee, effective programs name specific roles: a records officer or information governance lead who runs day-to-day execution; record liaisons or coordinators embedded in business units; and clear ownership of each record series. Accountability has to land on identifiable people, not just “the organization.”
Write policy people can follow
Policy should be clear, current, and actionable: what to keep, for how long, how to protect it by sensitivity, and when to dispose of it. A retention schedule is the operational heart of the policy set. Aspirational policies that ignore how work actually happens get ignored.
Measure and improve
Governance is ongoing. Programs track metrics — defensible disposition completed, holds managed, schedule coverage, audit findings — and use frameworks like the Information Governance Reference Model (IGRM) to map how records, privacy, security, and legal interrelate. Regular review keeps the program aligned as laws, technology, and the business change.
The throughline is accountability: sponsorship at the top, a cross-functional body to decide, named roles to execute, and metrics to keep everyone honest. That structure is what turns information governance from a binder on a shelf into a working discipline.
Sources & further reading
Authoritative government and non-profit references.
- The Sedona Conference — Commentary on Information Governance — The Sedona Conference
How to cite this page
APA
RM University Editorial Team. (2026). Building an Information Governance Program: Roles and Accountability. Records Management University. https://www.recordsmgmt.org/articles/building-an-information-governance-program/
MLA
RM University Editorial Team. "Building an Information Governance Program: Roles and Accountability." Records Management University, 15 April 2026, www.recordsmgmt.org/articles/building-an-information-governance-program/.