Joe Shepley
Managing Director

Data Privacy & Cybersecurity; Information Risk & Governance

Joe Shepley, PhD has been involved in information management for 19 years, both as a businessperson and a consultant. He has worked across a range of industries, from financial services, insurance, and energy, to life sciences, health care, and manufacturing. He understands how good information governance allows organizations to achieve business goals and reduce risk. Joe focuses on helping clients define the costs of poor information governance and articulate the tangible business that come from managing information properly. He is a frequent speaker at industry events (AIIM, ARMA, OpenText, IBM) and a prolific author on information governance (CMSWire, Oil and Gas Monitor, PCWorld, AIIM).

  • Experience

    Joe’s professional experience includes:

    • Information Governance Assessment and Benchmark: Led an engagement to assess the Information Governance (IG) program for the CISO of a top 25 life sciences organization and benchmark against peers as well as industry leaders in financial services, insurance, and energy, including a 24 month roadmap of initiatives required to raise their maturity, cost estimates for the roadmap initiatives, and a leadership presentation to CIO, CISO, and chief compliance officer.
    • Information Governance Program Design: Oversaw the design of an information governance (IG) program for the CIO of a Fortune 500 Exploration and Production organization, including a 24 month roadmap of initiatives required to implement the program and change management approach and collateral.
    • Data Governance Strategy: Led the development of a data governance strategy for the CISO and CIO of a large, single-state Blue Cross Blue Shield organization to help them address the risk posed by unmanaged PHI, including a 24 month roadmap of initiatives required to execute the strategy, a cost benefit analysis for the roadmap initiatives, and a board presentation.
    • Policy and Procedure Remediation: Oversaw the remediation of policies and procedures related to information governance for the general counsel of a pharmacy benefits manager, including the rewriting of deficient policies, authoring of new policies, and recommendations for how to evolve operational procedures across the organization to comply with the remediated policies.
    • HIPAA Assessment: Led the assessment of HIPAA compliance program for the CIO and CISO of a Fortune 1000 health care provider, including a compliance crosswalk that identified gaps and overlaps in controls for HIPAA and other obligations (NIST, HITECH, etc.) and a roadmap of initiatives to close Severity 1 gaps in three quarters.
    • Electronic Records Management Implementation: Oversaw the migration and classification of corporate records for back office functions from file shares and legacy SharePoint to records-management enabled OpenText for the general counsel of a Fortune 1000 mining organization. Included a defensible disposition playbook to enable client to continue the implementation for front office functions.
    • Data Cleanup and Migration: Led the cleanup and migration of file share data to Office365 for the CIO of a Fortune 500 electric and gas utility, including design of the target state SharePoint and Teams environment, deletion of stale and junk data, automated tagging of content during migration, and change management design and execution.
    • Information Architecture: Oversaw the development of an Information Architecture for eight departments for the CIO of a single-state Blue Cross Blue Shield organization to support data lifecycle management as well as improved findability and usability. Also developed train the trainer playbook and change management collateral to allow client to complete the information architecture for remaining departments.

  • News & events
    • DOCUMENT Strategy Forum, May 2019, “The Demise of the Document”, Anaheim, CA
    • Houston ARMA Spring Conference, April 2019, “Defensibility by Design for Records and Information Management”, Houston, TX
    • Houston ARMA Monthly Meeting, February 2019, “Information Architecture Workshop”, Houston, TX
    • Blue Cross Blue Shield Information Security Roundtable Fall Meeting, November 2018, “Reducing Information Risk Footprint Through Good Information Management”, Raleigh Durham, NC
    • Midwest Gateway Chapter HIMSS, November 2018, “Addressing Information Risk Through Key Information Management Best Practices for Healthcare”, St Louis, MO
    • DOCUMENT Strategy Forum, May 2018, “The Fast Track: Creating High-speed Digital Transformation Strategies”, Boston, MA
    • Veeva Regulatory Roundtable, 2016, “The Strategic Role of Regulatory Operations in the Transformation of Pharma”, Multiple Venues
  • Insights & innovation