How do I assess my organization's information governance maturity and figure out the next level to target?
Assessing information governance (IG) maturity means taking an honest, evidence-based look at how well your organization creates, manages, protects, and disposes of information—and then setting a realistic target for improvement. Maturity assessment is a planning exercise, not a grade. The goal is to know where you stand and what to do next.
Pick a frame of reference
Most maturity models describe a progression along similar lines:
- Ad hoc / minimal — practices are informal, inconsistent, and undocumented.
- Developing — some policies exist but adoption is uneven.
- Defined / essential — policies, schedules, and roles are documented and broadly followed.
- Managed / proactive — practices are monitored, measured, and integrated into operations.
- Optimized / transformational — IG is continuously improved and supports broader business goals.
Recognized standards such as ISO 15489 and professional frameworks from bodies like ARMA International offer principles—accountability, transparency, integrity, protection, compliance, availability, retention, and disposition—you can score against.
Gather the evidence
Assess across people, process, and technology rather than relying on impressions:
- Policy and accountability — Do you have current records and retention policies? Is someone clearly responsible?
- Retention and disposition — Is there an approved retention schedule, and is it actually applied?
- Coverage — Does governance reach email, collaboration tools, and cloud systems, or only paper and shared drives?
- Legal and regulatory fit — Can you meet recordkeeping, privacy, and legal-hold obligations on demand?
- Training and culture — Do staff understand their responsibilities?
Interview stakeholders, review documentation, and sample real systems to confirm that stated practices match reality.
Choose the next level to target
Score each area against your chosen model and look for the lowest, highest-risk gaps first. Aim for the next level, not the top one—maturity advances one rung at a time. A practical target is specific and measurable: for example, “approve and publish a retention schedule covering all record series within twelve months.”
Prioritize areas where weakness creates the most legal, financial, or operational exposure. Document your baseline so you can reassess on a regular cycle and demonstrate progress over time.
For broader context on principles, roles, and program building, see the information governance topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- ARMA International — ARMA International
How to cite this page
APA
RM University Editorial. (2026). How do I assess my organization's information governance maturity and figure out the next level to target?. Records Management University. https://www.recordsmgmt.org/questions/how-to-assess-information-governance-maturity-and-set-next-target/
MLA
RM University Editorial. "How do I assess my organization's information governance maturity and figure out the next level to target?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-to-assess-information-governance-maturity-and-set-next-target/.
Related questions
- Big-bucket vs item-level retention schedules: how do I choose between them?
- Can a company be penalized for keeping data too long under privacy laws even if nothing was breached?
- Can a US company store records in the EU, or do data localization and cross-border transfer rules block it?
- Can executives or board members be held personally liable for information governance failures?
- Can information governance help reduce cloud storage costs, and how?