How do you measure whether an information governance program is working?
Measuring an information governance (IG) program means looking beyond whether policies exist to whether they actually change how records are created, used, retained, and disposed of. A working program reduces risk, improves access to trustworthy information, and does so in ways you can demonstrate with evidence rather than assumptions. The most useful approach combines several categories of metrics and reviews them on a regular cadence.
Compliance and Risk Indicators
These show whether the organization is meeting its obligations:
- Retention compliance — the percentage of records held according to an approved retention schedule, and how much content is overretained or disposed of prematurely.
- Defensible disposition — whether routine, documented destruction is actually happening, with proper holds for litigation, audit, or investigation.
- Audit and assessment results — findings, repeat findings, and corrective actions closed on time.
- Incident measures — frequency and severity of breaches, misfiled sensitive data, or failures to produce records on request.
Operational and Quality Measures
Effectiveness also shows up in day-to-day performance:
- Speed and completeness of responses to records, legal-discovery, or public-records requests.
- Accuracy of classification and metadata, and the volume of duplicate, obsolete, or unclassified content (often called ROT).
- Findability — how quickly authorized users locate authentic, complete records.
Adoption and Culture
A policy no one follows is not working. Track training completion, the share of business units actively applying the schedule, and stakeholder feedback. Rising self-reported confidence and falling ad hoc exceptions are good signs.
Putting It Together
Set a baseline, define targets, and track trends over time rather than reading a single number. International guidance such as ISO 15489-1 frames records management as something to be monitored and continually improved, and authoritative program guidance treats periodic evaluation as a core requirement. Tie your metrics back to the outcomes leadership cares about — lower risk, lower cost, reliable access, and demonstrable compliance.
For related concepts and definitions, see the information governance topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- Records management policy and guidance — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). How do you measure whether an information governance program is working?. Records Management University. https://www.recordsmgmt.org/questions/how-do-you-measure-whether-an-information-governance-program-is-working/
MLA
RM University Editorial. "How do you measure whether an information governance program is working?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-do-you-measure-whether-an-information-governance-program-is-working/.
Related questions
- Big-bucket vs item-level retention schedules: how do I choose between them?
- Can a company be penalized for keeping data too long under privacy laws even if nothing was breached?
- Can a US company store records in the EU, or do data localization and cross-border transfer rules block it?
- Can executives or board members be held personally liable for information governance failures?
- Can information governance help reduce cloud storage costs, and how?