IG research in ITrust
The ITrust project’s Team Europe initiated two relevant studies in the field of IG. The first one focused on how to develop an IG policy and the second proposed a model, a method, and a tool for IG maturity assessment to apply in European public administration contexts.
IG policy as a main corporate guide: from vision to operations
The study initiated by Makhlouf Shabou and conducted between 2014 and 2016 aimed at developing an IG policy model (Makhlouf Shabou, 2019). This study analyzed a sample of 13 policies, from different types of institutions (universities and medical, state, and para-state institutions) originating from various countries and continents (America, Europe, and Oceania). It checked 19 indicators divided into four categories: content, format (style, content density, and level of detail), communication (language and mode of spreading, level of visibility), and validation (date of creation and entry into force, validating and review authority, frequency of revisions). This analysis was used as the method of validation of a policy model, which aimed to serve as a template for professionals to develop IG policies adapted to their own organizational context. However, the study determined that having a policy is not an end in itself, and that it does not mean the end of investment in IG.
Maturity model as a key tool for developing and managing IG in a public corporate context
A study conducted between 2016 and 2018 by Makhlouf Shabou and Lomas focused on researching IG within European public administrations and proposed a maturity model (Makhlouf Shabou, Guercio, Katuu, Lomas, &c Grazhenskaya, 2019; Makhlouf Shabou & Lomas, 2019). The resulting model includes five levels of maturity and ten dimensions: 1) responsibilities and roles; 2) stakeholder engagement; 3) framework and policy, including risk management; 4) information asset identification, creation, and ownership; 5) information value, quality, and delivery; 6) rights management; 7) records management; 8) information security and resilience; 9) long term preservation; and 10) monitoring and change management. The evaluation criteria relate to people (e.g. leadership, professional expertise, citizen inclusion, etc.), system (e.g. framework design, process development, software and tools, buildings and infrastructures, training, etc.), and ethics (e.g. laws, regulations, directives, standards, obligations, etc.). The assessment performed by the maturity model provides “a clear overview of the corporate information landscape and an accurate characterization of weaknesses and main gaps to be addressed” (Makhlouf Shabou et al., 2019, pp. 106-107) when considering developing an IG.