An information governance framework is the structure that provides a holistic overview of the influences that inform how an organisation creates and manages its enterprise-wide information assets (records, information and data)1. It defines the roles, responsibilities, policies, standards, and processes for ensuring effective and secure information management. If a new and expanding enterprise has collected a large amount of data in a short period of time, it may face data breach and privacy risks if it does not have a robust and comprehensive information governance framework in place. Therefore, the IT steering committee’s first course of action should be to assess the current state of the information governance framework, identify any gaps or weaknesses, and implement improvements or changes as needed. This will help the enterprise to protect and preserve its information assets, comply with legal and regulatory requirements, and enable ethical and efficient use of information. Mitigating and tracking data-related issues and risks, modifying legal and regulatory data requirements, and defining data protection and privacy practices are important actions, but they are not the first course of action. They are more likely to be part of the implementation or improvement of the information governance framework after it has been assessed. References := Establishing an information governance framework