Information Governance and Transparency though Records Management

From Wikibon

Revision as of 23:31, 22 February 2010 by Wikibon Daemon (Talk | contribs)
Jump to: navigation, search

Tip: Hit Ctrl +/- to increase/decrease text size)

Storage Peer Incite: Notes from Wikibon’s February 16, 2010 Research Meeting

Strong records management is now an important technique both for improving internal productivity and defending the enterprise against external and internal risks - Information Governance.

In this week's Peer Incite meeting, Wikibon took up the topic of Information Governance from the perspective of records management and the basic principles that define the role. We've captured the conversation and action items on the role of records exec and management, an information infrastructure and the importance of records management, and the value of thinking about information governance as part of all business decisions. We hope you enjoy this edition. G. Berton Latamore

Contents

Peer Incite: Information Governance and the Principles of Records Management

Michael Versace

On our February 16, 2010 Peer Incite, The Wikibon Project community discussed the topic of corporate information governance, trends, and the principles of enterprise records management. Wikibon was joined by three special guests:

  • Donald L. Martin, PhD, Department of Veterans Affairs, Office of Medical Inspector,
  • Sam McCollum, Strategic Information Management, ENMAX Corporation Canada, and
  • Jennifer Winch, Infrastructure Systems, PG&E.

Key Takeaways

  1. Content collaboration is not records management, all content are not records, and the distinctions are critical in information governance programs.
  2. Collaboration tools do not replace records management. Collaboration tools will continue to create business risk, as sites inside and outside the enterprise will remain difficult to compliance-manage.
  3. Records managers and content managers have diametrically opposed interests. Content managers are focused on collaboration, dynamic, open search, and user-driven activities, while records managers are focused on control, classification, security, and discovery.
  4. Records managers continue to demand better integration between content and official records systems. Policy integration is what they really want – it’s the place to start.
  5. Records management solutions contain the security, policy management, interoperability, and architectural framework for controlling costs and reducing information governance risks. Take this message to the Board room.
  6. Information governance should be part of every business decisions - for every new piece of data created, sourcing decision made, new system developed, application retired, businesses acquired or sold. Retrofitting information governance is hugely expensive and often ineffective.
  7. Policy automation will reduce business and operational risks
  8. End-to-end information governance is very difficult to achieve today for the largest firms. Mid size firms to small business have less information, less sophistication to manage, so the challenge is less but not 0.

Action item: The digital deluge continues, and execs, technology, and information management professionals could get washed out without an effective records program built on tried and true principles. These principles should form the discipline of an information governance program and information architecture. End-users should challenge vendors with integration requirements and pursue the goal of aligning the digital deluge with the creation of business value.

Are Legal and IT throwing the Records Management baby out with the bath water?

Gary MacFadden

In today’s fluctuating business and regulatory environment, enterprises are increasingly burdened with escalating litigation costs and the specter of lawsuits that threaten to run up millions in legal fees and adverse judgments as well as consume hundreds if not thousands of precious hours of employee productivity.

One of the biggest enablers of these phenomena are the changes to the Federal Rules of Civil Procedure (FRCP) governing Electronically Stored Information (ESI). These and other rules have precipitated a deluge of vendor solutions promising to “fix” problems stemming from legal or IT’s inability to efficiently and cost-effectively meet their enterprise’s ESI and litigation management requirements.

Why so many point solutions

Consequently, legal teams are too often driving technology or service provider adoption decisions based on their familiarly with legal-practice-specific solutions to address various activities defined by the Electronic Discovery Reference Model (EDRM), aided and abetted by a seemingly unending number of vendors great and small who are beating a path to the general counsel’s door promising yet another collection of point solutions to overcome the latest technological challenge or bottleneck. Chief among the complaints are lack of integration or interoperability, poor scalability, a population explosion of indexes, and siloed, replicated content - not to mention a lack of centralized policy management and transparency across the entire corpus of enterprise content and data.

Legal team tail wagging the records management dog

In too many cases, records management professionals and the products that support their efforts have been overlooked - not unlike how mainframe disciplines and best practices were largely ignored when PCs and network computing became the rage in the 1990’s. Recently, after a fair amount of criticism for a lack of clarity in the Information Management section of their model, EDRM embarked upon the IMRM Project to “provide a common, practical, flexible framework to help organizations develop and implement effective and actionable information management programs. The IMRM Project aims to offer guidance to Legal, IT, Records Management, line-of-business leaders, and other business stakeholders within organizations.”

Unfortunately, IMRM disregards the extensive work that ARMA International has done with its Generally Accepted Recordkeeping Principles GARP, which includes a wealth of advice on ediscovery practices and an information governance maturity model to help organizations improve their business practices, leverage their technology assets and lower their risks. Sadly, legal teams also fail to acknowledge the contribution that records management professionals can make and the proven technologies they have implemented over the years that provide a scalable, policy driven foundation for information governance.

Why records management matters

Mature records management (RM) solutions and best practices provide a foundation and framework on which records can be declared, secured, and managed. Information governance best practices, regardless of how much they can be automated, are inseparable from the human component, which includes employee education and training along with policies that can be adhered to without severely straining business workflows or losing vital corporate information assets. In addition:

  1. Think IM architecture and the requirements of the RM disciplines,
  2. Get records management right, and your compliance risks and costs go way down,
  3. Look to RM for accountability, transparency, operability, and defensibility,
  4. Think about functionality needed to manage unstructured data which constitutes the bulk of records.

HP TRIM and SharePoint example

The proliferation and use of Microsoft SharePoint as an ediscovery tool among all classes of enterprises has created a thriving cottage industry throughout the ranks of information management vendors and service providers. This is primarily due to the fact that while SharePoint is a popular and useful collaboration tool, today it lacks the policy management and repository scalability that most enterprises require. HP with the new features of its TRIM 7.0 RM solution allows SharePoint to act as the user interface while enabling organizations to “proactively capture, classify, and manage evidence of their decision making and business activities in an enterprise scalable records management system.” This includes the ability to declare hundreds of data or content types business records and allows for ESI to be discoverable in case of litigation or a compliance audit.

According to HP, the TRIM 7.0 solution offers these key customer benefits:

  1. Proven records management for your enterprise,
  2. Increased compliance and faster response to legal discovery requests,
  3. Improved employee productivity and business process efficiencies,
  4. Transparent records management and site archiving for SharePointm
  5. Built in compliance with the international standard for records management, ISO 15489,
  6. Compliance with US Department of Defense Security Standard DoD 5015.2 Chapters 2, 3, 4 and with other major standards.

Bottom line

The consensus among IT, RM and other line-of-business executives as well as the vast majority of industry pundits and even many e-discovery vendors is that legal should not be making critical technology decisions in a vacuum if at all. There are too many examples of poorly implemented, stop-gap solutions that neither scale nor conform with information governance best practices or take advantage of enterprise or service-oriented architectures that would support a superior view of enterprise wide data and, ultimately, provide greater assurance that all pertinent ESI is being managed properly while lowering risks and costs. Some more enlightened general counsels and litigators have engaged IT, RM, and other critical constituencies within the enterprise such as compliance and HR. However, the overwhelming evidence indicates that legal is in a reactive mode rather than taking a more strategic view.

Action item: CTOs and IT professionals need to help make the case to management and legal that records management solutions often contain the security, policy management, interoperability, and integration of disparate modules. In short, they provide a holistic architectural framework and approach that will ultimately serve the enterprise better in controlling costs and reducing risks. This means bringing records management practitioners, solutions and best practices to the table.

Preparing for the Cloud: Integrating Information Governance into Project Review

David Floyer

Most organizations have (or by now should have) an information governance policy monitored by a cross-organization governance and compliance group. As organizations get ready for the cloud, this group needs to take a more active role in ensuring that new technology deployment reduces risk and enhances compliance. An effective way of pushing this down to IT and the lines of business is to ensure that any new project that creates data or files inside or outside of the organization has a formal compliance review section.

The emphasis of the review should be on ensuring that compliance is built in for every new piece of data created, as retrofitting is hugely expensive and often ineffective; classification is low impact if it is done at file creation, very difficult if is done years later. A key elements in justifying any review will be cost avoidance of future eDiscovery activity and risk reduction.

Action item: Project and maintenance reviews should include the following types of questions:

  • How will all the data and files created be automatically classified with minimal user impact?
  • How will the new data and files be integrated into the formal recordkeeping processes?
  • What are the backup and recovery mechanisms required to ensure compliance?
  • How is disaster recovery for the new files and data to be included in the business continuance plan?
  • What are the risks of data loss, and how will they be mitigated?
  • Are the costs for all supporting processes included in the project?

Retrieved from "http://wikibon.org/vault/Information_Governance_and_Transparency_though_Records_Management"
Personal tools