top of page
MATTERN LOGO (black).png

From Policy to Practice: Closing the Compliance Gap in Information Governance

Most law firms have information governance policies on the books. Retention schedules, destruction timelines, access controls—it’s all documented. But paper doesn’t protect a firm. Execution does.


In our experience, that’s where the trouble starts. There’s often a wide gap between the governance framework a firm thinks it’s operating under and what actually happens day to day. That gap creates real risk, and it’s wider than many firms realize.


Where Policy Breaks Down 

We’ve worked with dozens of firms that had robust policies that were never put into practice. Common breakdowns include:

  • Retention schedules that exist but aren’t enforced

  • Contracts with records vendors that lack accountability or oversight

  • Staff are unsure about the destruction rules or access protocols


At one Am Law 100 firm, the records policy said documents should be destroyed after seven years. In practice, files were being stored indefinitely, costing hundreds of thousands in unnecessary storage and creating avoidable exposure.


Why Execution Fails 

Most compliance failures trace back to three root causes:

  • No clear ownership. If no one’s responsible for enforcing a policy, it won’t happen

  • Inconsistent leadership attention. Governance isn’t revisited, updated, or tested

  • Vendor misalignment. Providers aren’t held to the firm’s standards or even monitored


We’ve seen firms assume a vendor was following destruction protocols, only to discover years of non-compliance when they finally checked. That’s not just a vendor problem; it’s a management issue.


Bridging the Gap 

Strong governance doesn’t come from writing better policies. It comes from managing the execution.

  • Leadership needs to treat governance as an ongoing responsibility

  • Department heads must own enforcement, not delegate it to the back burner

  • Vendors should be reviewed and held accountable for performance

  • Staff should have clear, practical guidance, not just a binder of policies


When governance becomes part of the firm’s operational muscle, compliance improves, risk drops, and costs stay in check.


The Mattern Perspective 

Almost any firm can write a decent governance policy. The firms that succeed are the ones that operationalize it. That means assigning responsibility, building in accountability, and treating governance like the risk management function it truly is.


We help firms bridge the gap between intention and action. If your governance program looks strong on paper but weak in practice, it’s time to fix that. We can help.


Contact us at info@matternassoc.com

 
 
bottom of page