What happens if we treat information governance as just an IT project instead of a business-wide responsibility?
Information governance (IG) is the coordinated way an organization manages information as an asset across its full lifecycle, balancing value against legal, regulatory, and risk obligations. When it is handed to IT alone, the program is scoped to systems and infrastructure when it actually depends on policy, accountability, and behavior across the entire business. The result is a technically capable program that misses what governance is for.
What tends to go wrong
- Policy gaps. IT can store and secure information, but it cannot decide what is a record, how long it must be kept, or when it may be destroyed. Those determinations come from legal, compliance, and the business units that create the records.
- Misaligned retention. Without business input, retention rules are guessed or applied uniformly. Records get deleted too soon, exposing the organization to compliance failures, or kept too long, raising cost and discovery risk.
- Weak ownership. When “IT owns it,” everyone else assumes governance is handled. Day-to-day creators stop classifying, labeling, and disposing of information correctly, which is where most governance actually happens.
- Tool-first thinking. Technology becomes the goal rather than the enabler. A platform is deployed, but the rules, roles, and training that make it effective are never built.
Why it is a business-wide responsibility
Recognized practice treats records and information management as an organizational function supported by policy, defined responsibilities, and ongoing oversight — not as a single department’s tooling exercise. ISO 15489 frames records management as a systematic program requiring management commitment and assigned accountability throughout the organization, with technology as one component among policy, processes, and people.
That means leadership sets direction and funds the program; legal and compliance define obligations; business units own the records they create; and IT provides the secure, reliable systems that carry the rules out. Each role is necessary, and none substitutes for the others.
The practical takeaway
Treating IG as just an IT project usually produces good infrastructure attached to weak governance: information is stored safely but managed poorly. Sustainable programs assign clear cross-functional ownership, ground decisions in business and legal requirements, and use technology to enforce policy rather than define it.
For a fuller picture of how these pieces fit together, see the information governance topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- Records management (NARA) — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). What happens if we treat information governance as just an IT project instead of a business-wide responsibility?. Records Management University. https://www.recordsmgmt.org/questions/what-happens-if-information-governance-is-treated-as-just-an-it-project/
MLA
RM University Editorial. "What happens if we treat information governance as just an IT project instead of a business-wide responsibility?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/what-happens-if-information-governance-is-treated-as-just-an-it-project/.
Related questions
- Big-bucket vs item-level retention schedules: how do I choose between them?
- Can a company be penalized for keeping data too long under privacy laws even if nothing was breached?
- Can a US company store records in the EU, or do data localization and cross-border transfer rules block it?
- Can executives or board members be held personally liable for information governance failures?
- Can information governance help reduce cloud storage costs, and how?