Information Governance Lab


Information governance (IG) is a holistic approach to managing information at organizational level in support of and comply with regulatory, legal risk, environmental and operational requirements. It implements policies, procedures, processes, roles, control, standards, metrics, technology and people where appropriate to treat information as a valuable business asset. The discipline encompasses more than conventional records and information management (RIM) when it incorporates information privacy; security and protection; risk and compliance; audit, e-discovery; creation, preservation and deletion of information; analytics; big data; IT management; business operations; and business intelligence. The current area of interests in this Lab are Long Term Digital Preservation; Content Management; ICT Governance; Data Governance; Information Security; Data Privacy; Risks Management; Legal Compliance; Litigation Readiness; and Records Management. This lab explores new policy and framework outlining acceptable behavior for managing, organizing, and sharing of information.


Head of Lab
Assoc.Prof.Dr. Mohamad Shanudin Zakaria
Dr. Umi Asma' Mokhtar
Dr. Ahmad Tarmizi Abdul Ghani

Research Focus

Table 1: Research Aims

Research Areas



Information Management, Information Management System, Records Management

Information management (IM)/IM System environments are comprised of legacy information resident in line of business applications, Enterprise Content Management (ECM), Electronic Records Management (ERM), Business Process Management (BPM), Taxonomy and Metadata, Knowledge Management (KM), Web Content Management (WCM), Document Management (DM) and Social Media Governance technology solutions and best practices.
The focus of IM is the ability of organizations to capture, manage, preserve, store and deliver the right information to the right people at the right time.

Records management (RM) is the supervision and administration of digital or paper records, regardless of format. RM activities include the creation, receipt, maintenance, use and disposal of records. In this context, a record is content that documents a business transaction.

The goal of RM is to help an organization keep the necessary documentation accessible for both business operations and compliance audits.

This outcome of this research aims to propose a framework/model that leads to change in the way people use information and records to engage in knowledge focussed activities.

The framework/model shall:

  • fulfil the focus or goal of research area, and
  • adhere to the principles of IM/RM body of knowledge, and
  • discover unique or new attributes to manage information and records, and
  • be able to make changes in patterns of people and/or organizations, or
  • use for decision-making, and for the coordination, control, analysis, and visualization of information in an organization.


Information Governance, Policy & Ethics: Long Term Digital Preservation; Content Management; ICT Governance.

information governance (IG) is a strategic approach to maximizing the value while mitigating the risks associated with creating, using, and sharing enterprise information.

This research aims to define the specification of decision rights and an accountability framework:

  • that ensure appropriate behaviour in the valuation, creation, storage, use, archiving and deletion of information.
  • that includes the strategies, processes, roles and policies, standards and metrics to ensure the effective and efficient use of information in enabling an organization to achieve its goals.


Information Security, Data Privacy; Risks Management.

Information security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

This study aims to effectively resolve information related issues and create processes to prevent future occurrence of issues related in security. The outcome will be in a form of framework/model of policies, process, or strategies to protect information from wrong party. The outcome must include:

  •  a series of documented, agreed, understood policies, procedures, and process that define how information is managed in a business to lower risks and vulnerability and increase confidence in an ever-connected world


Related Publisher

Table 2: Related Publisher (April 2020)




  • International Journal of Information Management,
  • MIS Quarterly: Management Information System
  • Computer and Security
  • Journal of Enterprise Information Management
  • Journal of Strategic Information Systems
  • Information Sciences
  • Comunicar Journal


  • Journal of Information Science


  • Information Systems Management
  • Information and Computer Security Journal
  • International Journal of Information Security         


  • Security and Communication Networks
  • Malaysian Journal of Computer Science


  • Records Management Journal
  • Information Development
  • International Journal Science and Management


General computing

Subjects Offered

Table 3: Subjects offered



Postgraduate Subjects

1. TTTTP6014 Information Policy and Ethics
2. TTTX6134 Cyber Law and Ethics
3. TTTX6144 Information Security Management

4. TTTX6254 Security Audit and Assessment

Undergraduate Subjects

TTTT3013 Computer Ethics and Social