ISO Information Governance

A New ISO Standard on Information Governance

Share this article

The International Organization for Standardization, known as ISO, has been setting standards in the business world since the 1940s. Expert teams at ISO have developed more than 24,000 international standards impacting business processes in technology, manufacturing, the environment, energy, food safety, healthcare, quality and risk management, and many more.

This month, the Swiss-based organization that touts representation from 167 countries published a new standard to establish concepts and principles relating to information governance.

In the new ISO Standard 24143:2022 Information and documentation—Information Governance—Concept and Principles, ISO begins by identifying “information” as “a critical asset that is indispensable to support business processes and therefore, a foundation for the success of any business activities.”

This is consistent with pronouncements frequently heard from ACEDS and others that “information governance is the very foundation of e-discovery.” For anyone working in e-discovery (or adjacent areas), it is essential to have a good grasp of information governance.

The new ISO standard defines “information governance” as:

“a strategic framework for managing information assets across an entire organisation to support its business outcomes and obtain assurance that the risks to its information, and thereby the operational capabilities and integrity of the organisation, are adequately identified and managed. Information Governance includes but is not limited to policies, processes, procedures, roles and controls put in place to meet regulatory, legal, risk and operational requirements. Information Governance provides an overarching high-level framework that:

    • aligns all information-related activities with the mission and goals of an organisation, and its business, legal and societal obligations,
    • ensures a comprehensive and systematic approach to information by integrating processes relevant to directing and controlling information,
    • supports cooperation between stakeholders, and
    • creates a high-level basis for managing information regardless its form, type and format, informs education, professional development of the workforce and awareness about information-related obligations, risks and possibilities.”

Anyone who works in e-discovery or information governance (IG) knows that definitions for IG abound throughout the industry. ISO’s definition seems to crystalize both the strategic and the tactical components in a very clear and concise way.

Standard 24143 also defines other terms and concepts related to information governance. It was comforting to find that “e-discovery” is among the included concepts. They define it as the “process of identifying, collecting, preserving, reviewing and exchanging electronically stored information (ESI) for the purpose of using it as digital evidence.”

The new standard then outlines the strategic and operational benefits to organizations that implement IG policies and procedures, and it concludes by enumerating fifteen principles of information governance that provide a framework for ensuring that business and IG goals and objectives are aligned.

All corporations, nonprofits, government entities, and individuals create and store information, and no matter where they are in the world there also exists a maze of laws and regulations that require entities, particularly those in heavily regulated industries, to create and maintain certain information. The notion that organizations should undertake better understanding of the information they create, store, and dispose of should be part of every company’s strategic business objective.

This new standard from ISO brings further clarity to the importance of information governance and the management of information within a client organization.

For anyone interested, you may read an abstract of the new standard here. The full standard, consisting of about 20 pages, is available to purchase for $73 USD.

Go to to learn more about the International Organization for Standardization

Mike Quartararo on EmailMike Quartararo on LinkedinMike Quartararo on Twitter
Mike Quartararo
Mike Quartararo is the President of the Association of Certified E-Discovery Specialists (ACEDS), the world’s leading organization providing training and certification in e-discovery to law firms, corporate legal departments and the broader the legal community. He is also the author of the 2016 book Project Management in Electronic Discovery and has been successfully consulting in information governance, e-discovery, project management and legal technology for two decades, including 10-year stints at both Skadden Arps and Stroock. A graduate of the State University of New York, he is a certified Project Management Professional (PMP) and a Certified E-Discovery Specialist (CEDS). He frequently writes and speaks on e-discovery, legal operations, project management and technology topics. Reach him via email at [email protected] or on Twitter @mikequartararo.

Share this article