Is Your Information at Risk? Maybe it’s time for a health check.

Many organisations believe their records, data and information management is adequately handled, until a problem arises.  

It might be a failed audit, inability to locate information when needed leading to a right to information request that drags on for months or worse leads to a breach, lack of quality metadata for technology projects (e.g., AI capability, system design), or a system migration uncovering years of neglected content. These issues quickly show how vulnerable records and information practices can be. 

As organisations manage information across more systems and platforms the challenge becomes harder. Privacy obligations are increasing. Cyber security risks continue to grow. Digital transformation is accelerating. AI is putting new pressure on organisations to understand the quality, reliability and governance of the information they hold. Against that backdrop, it is not enough to assume existing practices are fit for purpose. An Information Management Health Check helps organisations understand where they stand today, where the risks are, and what to prioritise next. It provides a structured assessment of current capability and highlights the practical improvements needed to strengthen governance, reduce risk and support better use of information across the organisation.  

What is an Information Management Health Check? 

An Information Management Health Check is a benchmarking exercise that assesses how effectively an organisation creates, manages, protects, finds, retains and disposes of information.  

Based on ISO51489, the international standard for records management, our health checks emphasise the importance of authenticity, reliability, integrity, and usability to meet compliance, business, and accountability requirements. 

At its core, it asks a simple but important question: is information management working in practice? 

Rather than focusing on one system or policy in isolation, a health check looks at information management as a capability that underpins good governance, digital transformation, and trust. 

These capabilities typically include: 

  • strategy and governance 
  • monitoring, evaluation and resourcing 
  • creation and capture  
  • discovery and use of information 
  • retention and disposal 
  • information protection and risk management.  

Each area is assessed across progressive levels of maturity, from ad hoc and reactive practices through to embedded, well-governed and continuously improving approaches. 

Why a health check matters  

It helps identify risks early 

Weak information and records management creates real organisational risk. 

When information cannot be verified, located, or substantiated, consequences may include compliance breaches, legal liabilities, and reputational harm. For instance, the University of New South Wales (UNSW) breached the Fair Work Act between 2017 and 2022 due to deficiencies in recordkeeping, resulting in legal repercussions, reputational impact, and a substantial financial penalty. 

A health check helps identify risks before they emerge in an audit, investigation, system project or incident response. These risks may include: 

  • fragmented ownership and weak accountability 
  • inconsistent creation and capture practices 
  • poor metadata and information architecture 
  • difficulty locating authoritative information when needed 
  • weak disposal processes and over-retention 
  • gaps in access controls and information protection 
  • limited visibility of high-value or high-risk information assets.  

Identifying these issues early gives organisations the opportunity to take a more deliberate and proactive approach to risk reduction. 

It shows where technology can (and can’t) help 

Many organisations invest in technology in the hope that it will solve information management problems. Sometimes it helps. Often it does not address the real issue. 

Technology alone rarely fixes underlying capability gaps. If the underlying problems are unclear processes, lack of quality metadata, or gaps in accountability; simply implementing new technology can result in solutions that don’t quite meet the needs of the business.  

A health check helps organisations understand the root causes of their issues before major investment decisions are made. That means technology initiatives can be shaped by genuine business need and supported by the governance and controls required to deliver sustainable outcomes.  

It also shifts the conversation from what we’ve bought to what we’re actually achieving. 

It gives leaders a clearer basis for action 

One of the biggest challenges in information management is explaining its value to senior leaders. A health check provides a clear, structured narrative that executives can engage with. 

Instead of abstract discussions about “compliance” or “good practice”, leaders can see: 

  • Where the organisation currently sits on a maturity scale 
  • What “good” and “leading” practice looks like 
  • Which capability gaps present the greatest risk or inefficiency 

This makes it easier to prioritise investment, assign accountability, and align information management with broader governance, privacy, cyber security, and data initiatives. 

It supports steady, sustainable improvement 

A health check can position information management as an evolving organisational capability. Not every organisation needs to operate at the highest level in every area immediately. What matters is understanding what is fitforpurpose today and what needs to improve next. 

Over time, repeating the health check allows organisations to track progress, demonstrate value, and adapt as business and regulatory demands change. 

A stronger foundation for confident information use 

An Information Management Health Check is not just about compliance. 

It is about enabling organisations to use information confidently, knowing it is accurate, protected, discoverable, and defensible. 

When information is central to how an organisation operates, understanding the health of your information management capability is no longer optional. A structured health check provides the insight needed to move from reactive problem-solving to more deliberate, strategic management of information. 

If you want a clearer picture of how your organisation is managing information, RKI’s Information Management Health Check can help identify current risks, capability gaps and practical next steps. Contact us today for more information. 

Related Articles

Why ‘Good Enough’ Information Management Won’t Survive 2026 

Information governance is entering a new phase. AI adoption, cyber risk and regulatory scrutiny are forcing organisations to confront weaknesses in how information is structured, managed and governed.
Read More

Metadata and AI: The Perfect Match 

Discover how to unlock the full potential of Microsoft 365 for in-place information management. Learn how smarter governance, automation and configuration can strengthen control of your organisational information.
Read More

Unlocking the Potential of M365 for In-Place Management 

Discover how to unlock the full potential of Microsoft 365 for in-place information management. Learn how smarter governance, automation and configuration can strengthen control of your organisational information.
Read More