Contributing Author: Sam McCollum
Introduction
At the July 29 2009 Peer Incite meeting, four Wikibon information management practitioners (see footnotes for names and profiles) discussed the essential elements of creating and implementing a SIM plan. The objective of this framework is to assist other organizations to create their own SIM plans faster and more efficiently. This is a work in progress, so please contribute ideas, share experiences and improve this framework.
Understand business requirement for a strategic information management plan
The key requirements for a plan will:
- Mitigate risk;
- Ensure compliance;
- Ensure capture of official information;
- Improve search and retrieval of information;
- Effective policies for security and privacy;
- Facilitate information of retention and disposition;
- Combine with business process improvements.
One essential element of achieving board approval for a SIM plan is to understand and quantify the scope of the problem, potential business exposure, and the targeted paybacks (e.g., risk mitigation, process efficiency, infrastructure savings). For example, a $1B company with 2,500 employees could expect have more than 10 million unstructured documents. Key knowledge workers would be expecting to create 10,000 documents. These documents are unstructured but more importantly unclassified.
At an early stage there should be agreement within the organization from the CEO and board level on the size of the unclassified data problem and the risks of not taking action.
Establish key SIM drivers for each key department
Business drivers for improved strategic information and content management might include:
- Efficiency for those departments that deal with a high volume of data and have search, lost documents and mislaid document concerns; companies have estimated that up to 12% in time savings that can be re-directed to core activities;
- ISO or other external requirements for document management (e.g., safety/environment/engineering groups);
- E-discovery cost of search, retrieval, culling and presentation (e.g., from legal department)
- Litigation issues of authenticity (who wrote what and when) and integrity (audit trains to prove nothing has been changed);
- The need to classify electronic information for retention and disposition;
- The issues of conflicting reports using the same information but different sources (version control);
- The management and integration of email into the corporate repository using ECM software;
- The need to improve information flow processes – using a business analyst as part of the ECM process.
Every organization will have a different set of priorities and requirements. The advantages of this approach include:
- Better understanding of the user’s information flow needs;
- Identifying the information flow disconnects and resulting unintentional non-compliance with regulatory, legislative, and corporate policies;
- More effective management of cultural change and better opportunity for project marketing;
- Initial focus on education (the why) and save training (the how) for later on in the process.
Combining business process improvement with SIM
If the user departments experience business benefits at each stage of the SIM, resistance to change will be lowered and cooperation/compliance easier to achieve. For example, starting with physical records can be a good starting point with many departments.
- Develop a standard classification and retention schedule and implement it as the management tool for Less Active physical records.
- Obtain senior management approval and active support.
- Expand the same structure for active records, driven by user department demand.
Creating an information records management (IRM) infrastructure
After developing the business requirements for the key departments, the next step is the development of an IRM infrastructure to support policy, training, audit and compliance. This must be established before any specific vendor technologies are considered. Important artifacts include:
- IRM policy and procedures;
- Training tools,
- Effective audit function;
- “Zones” with different management/retention policies for different types of data,
- Levels of solution for different departments, commensurate with the scale, importance, and risk profile.
These must be integrated into existing structured and unstructured data creation environments (e.g., support for “Zones” in Exchange, Outlook, Office, SharePoint).
Selecting tools and technologies
The selection of tools and technologies should be the final step in the process. Investment should be the minimum to effect change. Key considerations in selecting tools and technologies include:
- At this moment there is no single solution available from a vendor that will meet all requirement; all current single solutions will be overkill in some areas and lacking in others.
- Integration of solutions, therefore, will be necessary: technologies and vendors that do not facilitate and “play nice” with other solutions should be avoided.
- Short-term solutions to fix critical business problems may be necessary; however, the cost of replacing the solution should be built into the business case and budget.
- Solutions can and should be different for different departments/LOBs.
- The ability to effectively classify data in line with policy must be included in every tool selected.
Integrating SIM practice back into the business
Strategic information management is similar to quality, in that the end objective is the full integration of SIM requirements back into all business processes, and that skill in information management is ubiquitous. The requirement for people in SIM roles declines to an audit function, and even that long-term should be subsumed into audit. However, this goal is likely to be a decade away from being generally achievable.
Action Item: The establishment of a pragmatic strategic information management plan that is accepted and funded by the board is essential for all organizations. This should be justified by measuring the amount of the unclassified data within the organization and the expected and maximum risk this implies to the business. A time-line should be established for the reduction of unclassified data and reduction of risk. Meeting of these time-line objectives should be owned by the lines of business.
Footnotes: This framework was based on the contributions made on the July 29 2009 peer incite meeting from the following Wikibon professionals:
- Sam McCollum - Enmax
- Jennifer Winch - Pacific Gas & Electric Company
- Fareed Hosain - Standard Chartered Bank
- Michael "Mick" Talley - University Bank