Information & Governance Advisory

Programmes don't fail because they lack information.
They fail because they can't trust it.

Most information problems are not technology problems. They are ownership problems.

In regulated and complex delivery environments, information risk is programme risk. When ownership is unclear, versions are untrusted, and when working practices vary, the consequences show up in assurance failures, rework, and decisions made on information nobody can rely on.

The work is practical and advisory. Establishing the ownership structures, operating practices, and accountability that let complex programmes control their information and trust it.

Start the Conversation
25+
25+ years on major programmes across Nuclear, Infrastructure, Utilities, Rail, Energy and Defence
4
Structured services — assessment, design, advisory, leadership
Framework to
implementation
Governance, ownership, and adoption

When Organisations Get in Touch

The signs are recognisable — even when the problem isn't yet named.

Information problems rarely present as information problems. They present as something else.

"We can't find the right version of anything."
"Nobody follows the process — everyone has their own way of working."
"We don't know what information we hold or where it lives."
"Our reporting can't be trusted because the underlying data can't be trusted."
"We're carrying significant information risk going into the next phase."
"The EDMS is in place but nobody uses it properly."
"We failed the audit because we couldn't evidence what we'd done."
"Key information walks out the door when people leave the programme."

Advisory Services

Structured, practical work.

Engagements are scoped clearly from the outset. The emphasis is on establishing ownership and control that the organisation can sustain without creating dependency on ongoing consultancy.

01
IM & Governance AssessmentFixed scope  ·  2–4 weeks

A structured diagnostic reviewing the current state of information management, document control, and operating practices across the programme or organisation. Covers ownership clarity, working practices, system usage, assurance readiness, and information risk.

The outcome is a clear picture of where information risk sits, what isn't working, and a prioritised route to addressing it.

02
Governance & Operating Model DesignFixed scope  ·  defined per engagement

Design and development of information operating models, ownership structures, accountability frameworks, standards, and working practices. Covers RASCI design, metadata strategy, document control procedures, retention and lifecycle policy, assurance frameworks, and role definitions. Aligned to ISO 19650 and relevant sector standards where applicable.

The outcome is an operating model the organisation can implement, sustain, and audit against. Ownership is defined at every level.

03
Programme IM AdvisoryFixed scope or ongoing

Senior advisory support across the information management lifecycle of a complex programme. Covers mobilisation, system governance, CDE and EDMS strategy, operating model design, PMO information leadership, and assurance readiness.

The outcome is a programme that controls its information from mobilisation through to handover, with the evidence to support it.

04
Embedded IM LeadershipEmbedded  ·  duration by agreement

Senior embedded resource operating as Information Manager, IM Lead, Records Lead, or Programme Information Adviser. Providing the governance authority, operating model thinking, and leadership to establish or stabilise the information function — not simply covering a vacancy.

The outcome is an information function that operates with clarity and consistency, with the capability and practices to sustain it beyond the engagement.

Areas of Specialism

The work typically covers areas such as:

Information operating model and ownership design Governance frameworks and accountability structures Information assurance and audit readiness Information risk assessment and management Records management and retention policy IM mobilisation for major programmes CDE and EDMS governance and adoption SharePoint governance and information architecture Metadata strategy and classification frameworks ISO 19650 and sector-specific standards Document control frameworks and working practices Governance health checks and maturity reviews

The Engagement

Beyond framework design.

The work spans advisory, governance, and structured delivery support, helping organisations move from framework design through to implementation, adoption, and assurance.

The focus remains ownership, governance, and sustainable operating practices. This is not managed services, outsourced document control, or operational staff augmentation. It is advisory-led work that can extend into implementation support where the organisation or programme requires it.

The focus is governance and operating model design rather than software selection. The work is platform-neutral and can support organisations using SharePoint, sector-specific CDEs, and other platforms. Technology follows ownership and governance, not the other way around.

Sectors

Environments where information control genuinely matters.

The background is in environments where the cost of unclear ownership and poor information control is real and visible. That experience shapes how the work is done.

Infrastructure
Water
Nuclear
Energy
Utilities
Rail
Defence
Major Programmes

The Point

Information risk is programme risk.

Background

25 years in environments where information clarity is not optional.

Supporting major programmes and regulated organisations to establish information governance, control, and assurance.

Working withComplex programmes & regulated organisations
First stepDiscovery conversation — 30 to 45 minutes

Lee Hopwood

Lee Hopwood

Over 25 years working inside complex programmes and regulated organisations, across delivery, document control, records management, and information management disciplines, I've repeatedly encountered the same underlying problem. Information risk is rarely a technology problem. It's an ownership problem.

That background spans infrastructure, water, nuclear, energy, utilities, rail, and oil and gas — environments where the consequences of unclear ownership and poor information control show up in audit findings, rework, assurance failures, and delivery risk.

Working across those disciplines rather than within a single one has given me a perspective that sees the whole operating picture — not just the standard, not just the system, not just the process, but how ownership, people, tools, and delivery interact in practice.

The information challenges that appear in major programmes are often less unique than they first seem. The language changes. The standards change. The scrutiny changes. But the underlying issues are usually familiar: unclear ownership, inconsistent ways of working, and information that cannot be trusted with confidence.

That's the work I continue to focus on today.

Get in Touch

Want to understand where information risk is sitting in your programme or organisation?

Start with a discovery conversation. Typically 30 to 45 minutes — to understand the situation, the operating environment, and whether there is a useful way to help. No pitch, no obligation.

Working withComplex programmes & regulated organisations
First stepDiscovery conversation — 30 to 45 minutes

Thank you — that's very helpful.

I'll be in touch within one business day to arrange a discovery conversation.