The strategic umbrella from which Data Governance — and all information disciplines — derive.
Twenty-plus years designing, operationalizing, and enforcing enterprise IG programs across Fortune 500 firms and federal agencies. Deep practitioner expertise translating governance policy into defensible, measurable operational workflows — spanning data retention, legal holds, classification, DLP, AI governance, access reviews, and Outside Counsel Guidelines compliance.
Information Governance (IG) is the overarching enterprise framework governing how information is created, classified, retained, protected, and disposed of across its full lifecycle. Data Governance is a sub-discipline within IG, focused on data assets and stewardship. An enterprise with only a Data Governance program remains exposed across unstructured data, legal holds, records management, and compliance obligations that IG addresses holistically.
Based on the Information Governance Reference Model (IGRM), enterprise information must be governed across its complete lifecycle. My programs address each stage with policy, controls, platform enforcement, and compliance monitoring.
Defining the governance framework, roles, accountabilities, and policy architecture governing all information assets enterprise-wide.
Operationalizing retention schedules and records disposition programs — ensuring defensible, auditable information lifecycle management.
Defensible legal hold governance ensuring timely application, monitoring, and release across all enterprise repositories — zero compliance failures.
Enterprise-wide classification schema and DLP policy deployment — enforcing data access controls at rest, in transit, and at ingestion.
Establishing least-privilege access principles with periodic entitlement reviews across all collaboration and governance platforms.
Designing ongoing compliance monitoring programs with executive dashboards providing real-time visibility into IG policy adherence.
Every IG program I build is grounded in applicable industry standards — ensuring governance controls are both best-practice and defensibly aligned to the legal and regulatory environment the organization operates in.
The foundational framework organizing IG across all stakeholder groups — Legal, IT, Business, Privacy, Records, and Compliance. My programs follow IGRM's principle that "value + risk = retention."
Best practice framework for defensible legal hold management and eDiscovery readiness. My legal holds programs are designed to satisfy Sedona's defensibility requirements, including proportionality and audit trail documentation standards.
Federal information security controls governing data classification, access management, audit logging, and information protection. All IG controls aligned to these standards across AC, AU, MP, RA, SC, and SI control families.
Defense Industrial Base compliance framework with IG controls as prerequisites for certification. My programs established CMMC-required data classification, access controls, and audit governance — achieving zero failures across external CMMC audit reviews.
International standard for records management programs — defining principles for creating, capturing, and managing records across the enterprise. Informs retention schedule methodology and disposition governance.
Cross-regulatory requirements governing information handling in defense, financial services, and federal environments — each with distinct IG obligations addressed across my programs.