Book excerpt IG 2021 (5): IG also applies to SMEs – The GLAS model as a guide

We repeatedly hear the objection from various sides that information governance is only relevant for medium to large organizations. For managers and people without prior knowledge, the introduction: Information Governance for KLV (children, laymen and board members) is recommended.

This is not the case!

In principle, the topic of “information governance” is not specifically dependent on the size of the company; SMEs also have to master the challenges of the digital transformation: of course, the complexity of the tasks increases with the size of an organization, but this applies in general from a business economics perspective.

What is essential is the amount and types of data that are managed, in a certain context of the risk profile of the company / organization (risk exposure); for this we have developed the GLAS model, where it is about positioning the importance of information and its management (information management) in the organization.

The importance of information and data management can run from G eneral, L iving, A ctive to S trategic and fully data-centric (GLAS-Plus), with all the hybrids. The higher or strategically more important the production factor information is, the more urgent a corresponding “governance” (targeted control and steering) becomes.

Chap. 3: Basics

The importance of information in the company : the GLAS Plus model

“The positioning of information processing within the company can be done in various ways. A positioning model that we have further developed serves as an orientation aid for the correct positioning of information processing within the company. However, it is based more on strategic considerations and the 3-level scheme developed here, and less on information processing as a separate discipline. In addition to the first edition and in order to take account of digitalization, the model has been extended by one level : the GLAS-Plus model clearly shows how information processing should develop in the company.”

More on this in the book from p.82 , especially chap. 3.1.2, tables on pp.86-87 (Fig. 15b) ; the more regulated an industry, the more strategic the importance of information/data (banks and pharmaceuticals at the top).

However, it can also affect small SMEs if, for example, they do not have the security issue under control; often it is only then that one realizes how networked all processes are and what effects this can have if the control of business information does not take all relevant aspects into account. In 2021, the number of hacker attacks in Switzerland rose sharply again; among other things, confidential data from a trust company ended up on the darknet after the attack. There are many reasons to proactively take care of your data, do it today!

The following issues are specifically addressed in the guide through active data management (IG):


  • What is meant by modern ” information governance ” ? What components and subject domains does it include ?
  • How can digitization be managed ? What does it mean concretely for an organization ?
  • What strategic initiatives are necessary to ensure that new business models are feasible and that regulatory requirements can be met?
  • What impact have the developments of recent years had on the company’s organizational structures ?
  • What to consider when using data AI and what skills need to be built ?
  • What impact do external developments have on an organization and what change or development issues need to be addressed ?
  • What new laws or regulations govern the handling of electronic corporate data?
  • How to meet the requirements of corporate governance in the field of keeping and preserving business books and records ?
  • Where do industry-specific archiving regulations exist ?
  • What documents are subject to mandatory retention ?
  • What storage media are allowed ?
  • How to archive e-mails ?
  • What requirements does electronic communication place on auditing ?
  • How is data protection ensured together with information security ? Are our prevention measures sufficient to protect us from possible cyber attacks?
  • How to control and monitor personal data ?
  • What is the importance of certifications ?




Submit a Comment

Your email address will not be published. Required fields are marked *

Related articles

On 16.3. is Digital Cleanup Day

On 16.3. is Digital Cleanup Day

Tidying up is clearly not everyone's cup of tea, but we all know the good feeling that a tidy room, a tidy desk or ... a tidy drive! You can feel proud with a clear conscience, because deleting data also has an important effect on energy consumption. I have calculated...

read more
Dealing with data risks: Data breach notification

Dealing with data risks: Data breach notification

A data breach notification or "data breach notification" refers to the process by which an organization or company is required to notify the relevant data protection authorities and, if applicable, data subjects of a data breach that is likely to result in a high risk...

read more