The Electronic Discovery Reference Model (EDRM) has released version 4.1 of its Information Governance Reference Model (IGRM), the first major revision since 2012. The update arrives as organisations confront AI adoption, expanding privacy obligations and growing pressure to coordinate information decisions across departments.
The IGRM is a reference framework that promotes policy and process integration across the people who create, manage and govern enterprise information.
Its stated purpose is to support conversations about information governance among diverse stakeholders, giving them a common language for decision-making. The model identifies seven stakeholder groups: business, IT, security, records and information management (RIM), legal, risk and privacy.
EDRM describes the IGRM as an intellectual framework rather than an implementation manual. It maps how information moves through a lifecycle, from creation or receipt through use, protection, retention and transfer, to eventual disposal.
At its centre sits a perpetual policy and process cycle. The model treats governance as never finished, evolving through the interplay between policy and real-world implementation.
“The world of information governance has changed profoundly over the past decade,” said Eric Mandel, IGRM project trustee and director of Global Advisory Services at KLDiscovery Ontrack.
“Bringing v4.1 to life was a collaborative effort by a remarkable community of practitioners who volunteered their expertise and energy,” he said. “This release reflects the collective wisdom of the team and a shared commitment to helping organizations navigate the evolving information challenges ahead.”
“In today’s information-driven world, and with the rapid evolution of AI, information governance is more important than ever before, both to control risks and to take advantage of new opportunities,” said David R. Cohen, CEO of ATJustice and chair of EDRM’s Board of Project Trustees.
“The updated IGRM provides a foundational model for teaching and understanding information governance and the critical roles of various organizational stakeholders in this process,” Cohen said.
Key enhancements include expanded guidance on unified governance structures and clearer articulation of stakeholder viewpoints and interdependencies, according to EDRM. The revision also offers frameworks for balancing value and risk, and strategies for operationalising governance at enterprise scale.
The model addresses the intersection of information governance and data governance as AI drives more business decisions. The accompanying User Guide notes the two disciplines are distinct but complementary.
Data governance focuses on structured data, quality and metadata within IT. Information governance is broader, covering unstructured and physical information across all seven domains.
The detailed User Guide explaining the model was completed by a reassembled project team in 2025 and has only now been published.
For records and information managers, the revision reinforces RIM’s position as a foundation of information governance. The User Guide describes RIM as having evolved from paper records management to strategic oversight of information across all formats and systems.
It argues that defensible disposal depends on good practice at the point of creation. Proper ownership, classification and storage at the front end make appropriate disposal possible at the back end.
The guide acknowledges that RIM faces the exponential growth of information, a proliferation of storage systems and competing demands over retention versus disposal. It positions RIM less as a rule-enforcer and more as a strategic enabler that helps reduce risk, control costs and improve efficiency.
That shift depends on partnerships. The guide says RIM needs business units to take ownership of naming, classification and storage decisions. It needs timely legal hold notices from legal teams, and system configuration from IT to automate retention and disposition.
The guide also stresses defensible disposition of redundant, obsolete or trivial information, often called ROT. Removing low-value data promptly reduces storage cost, breach exposure and discovery burden.
“Information governance is not the sole responsibility of any single department or stakeholder,” said Mary Mack, CEO and chief legal technologist for EDRM. “Effective governance requires collaboration, shared language, and a commitment to continuous improvement.”
Mack said the model would also serve as the foundation for a planned revision to the broader Electronic Discovery Reference Model, to be known as EDRM 2.0.
EDRM was founded in 2005 and produces resources for e-discovery, privacy, security and information governance. It says it has a presence in 145 countries across six continents.
The IGRM v4.1 and its User Guide can be downloaded from the EDRM website at https://edrm.net/resources/frameworks-and-standards/information-governance-reference-model/.