The global skills and competency framework for the digital world

Information governance IRMG

The overall governance of how all types of information, structured and unstructured, whether produced internally or externally, are used to support decision-making, business processes and digital services. Encompasses development and promotion of the strategy and policies covering the design of information structures and taxonomies, the setting of policies for the sourcing and maintenance of the data content, and the development of policies, procedures, working practices and training to promote compliance with legislation regulating all aspects of holding, use and disclosure of data.

Moving to SFIA 8

There is an updated version of this skill for SFIA 8.

  • The skill has been renamed to Information management to avoid confusion or overlap with the new Governance GOVN skill
  • Descriptors relating to data protection have been extracted to a new SFIA skill called Personal data protection
  • The skill descriptions have been edited for readability and guidance notes have been added
  • Details available here - SFIA 8 Information management
  • SFIA 7 skill descriptions will remain available for you to use
  • Previous SFIA assessments are not impacted by this change.


Defined at these levels: 4 5 6 7

Information governance: Levels 1-3

This skill is not typically observed when working at these levels of responsibility.

Information governance: Level 4

Ensures implementation of information and records management policies and standard practice. Ensures effective controls are in place for internal delegation, audit and control relating to information and records management. Assesses and manages risks around the use of information. Provides reports on the consolidated status of information controls to inform effective decision making. Recommends remediation actions as required. Ensures that information is presented effectively.

Information governance: Level 5

Understands the implications of information, both internal and external, that can be mined from business systems and elsewhere. Makes decisions based on that information, including the need to make changes to the systems. Reviews new change proposals and provides specialist advice on information and records management, including advice on and promotion of collaborative working and assessment and management of information-related risk. Creates and maintains an inventory of information assets, which are subject to relevant legislation. Prepares and reviews the periodic notification of registration details and submits them to the relevant regulatory authorities. Ensures that formal information access requests and complaints are dealt with according to approved procedures. Contributes to development of policy, standards and procedures for compliance with relevant legislation.

Information governance: Level 6

Develops organisational policies, standards, and guidelines for information and records management ensuring that uniformly recognised and accepted data definitions are developed and applied throughout the organisation. Ensures that the business processes and information required to support the organisation are defined, and devises appropriate processes and data architectures. Identifies the impact of any relevant statutory, internal or external regulations on the organisation's use of information and develops strategies for compliance. Leads and plans activities to communicate and implement information management strategies. Coordinates information resources to meet specific business objectives whilst maintaining the principles of professional standards, accountability, openness, equality, diversity and clarity of purpose. Implements systems and controls to measure performance and manage risk.

Information governance: Level 7

Specifies at a strategic level the business functions and data subjects needed to support future business, thereby enabling the development of an Information Architecture. Establishes and communicates the organisation's information management strategy, developing it as an integral part of the business strategy. Directs information resources, to create value for the stakeholders by improving the performance of the organisation, whilst maintaining the principles of professional standards, accountability, openness, equality, diversity, and clarity of purpose. Responsible for compliance with regulations, standards and codes of good practice relating to information and documentation, records management, information assurance and data protection.