I define Information Governance as How organizations manage/control the information they receive or create.
The linked model expresses this graphically.
Through the policies corporations adopt (and enforce), and the duties that corporate employees and agents have, corporations control the information (written and unwritten) that they receive, access, create, use, transmit, or store in the course of the corporation’s business.
“Protection” and “Compliance,” as used in this model, apply to the access to, and the creation, use, storage, and disposal of information, but in different ways.
This model works better for me than either the IGRM or the ARMA GARP approaches.