Tip: Hit Ctrl +/- to increase/decrease text size)
Storage Peer Incite: Notes from Wikibon’s July 28, 2009 Research Meeting
In the past nine years, the once quiet field of information management has exploded, leaving both vendors and organizations of all sizes scrambling. On the one hand, the volume of unstructured, often very informal data and documents starting with email but rapidly expanding to include Instant Messages, spreadsheets, recorded telephone calls and teleconferences, with digital video on the horizon, has exploded. On the other, new business compliance requirements ranging from Sarbanes-Oxley to the expansion of legal discovery in civil torts and privacy requirements for individual medical records, has added both complexity and urgency to the issue. And growing public concern about digital identity theft and the publication of personal medical information has created increasing public pressure.
So far the reaction of both vendors and user organizations has been focused on point solutions. These do not begin to address the complexity of the problem. This newsletter, based on presentations by four experts from different industries at Tuesday's Peer Incite meeting, examines the overall issues. The conclusion: We desperately need a comprehensive, integrated solution that supports information management through its entire life cycle. And unfortunately as of today none of the vendors are showing any inclination to step up to that challenge. G. Berton Latamore
Co-author Gary MacFadden
Today, businesses of all sizes are challenged to keep up with the growth of digital information, data, and content. The growth in digital records, forecast to top 2.5 zetabytes worldwide by 2012, and the increasing percentage of digital records being designated of critical business value, places the onus on end-users to rethink information management strategies to create and deploy the most effective policies, processes, and technology solutions for digital content. See Functionality Set for Managing Unstructured Data Across the Enterprise
By all accounts, the vast percentage of the business records being created and managed today are digital. With the overwhelming growth of digital content – most notably e-mail with attachments, file system content, instant messages, wiki and web content,images and otherwise referred to as unstructured data – the management of electronic records has become an increasingly critical issue for corporations of all sizes. A few end-user statistics underscore the current state:
- As much as 50% of unstructured data is stored longer than it needs to be for business, regulatory, or legal purposes, with much of this content being retained indefinitely.
- Those firms that keep track of duplicate content, which most find difficult if not impossible to do, find duplication rates for unstructured data run as high as 20:1.
- Firms are increasing their storage capacities by 50% or more per year to accommodate the growth and retention of unstructured data.
- Unstructured data now accounts for up to 50% of all enterprise electronic records, including database records and transaction files.
- 63% of end-users rate the quality of digital records on shared drives to be poor or fair (source Wikibon).
- 42% rate the quality of email management to be poor or fair (source Wikibon).
Businesses can point to several trends and management practices that have led to this current state:
- The proliferation of desktop computing and storage, giving the end-user the ability to create, copy, and store content with little or no enforceable restrictions;
- The advent of email as a fundamental business tool and the basis for business transactions in many organizations;
- Lack of end-to-end information management automation across all content types, that, if available, would allow the enterprise to intelligently declare, classify, store, secure, retain, discover, and ultimately dispose of content;
- Regulatory mandates that encourage organizations to “retain all”, or be subject potentially to scrutiny and fines;
- Poor management practices with regard to retention and disposition policies, and the ability to control and enforce policies across businesses;
- In some cases, the inability to distinguish between digital content required to support the business and business transactions, and courtesy copies, artifacts, or transitory records maintained for operational expediency;
- The immaturity of the records management function when it comes to applying information management practices designed for the physical world to the digital environment;
- The inability to easily include users, policies and rights, and digital content in a clear and real time picture to allow the enterprise to enforce effective security and privacy requirements.
Over recent years, many organizations have implemented expensive infrastructure to manage unstructured data partly in response to new federal regulations. Most are resigned to the fact that these investments have turned out to be reactive, stopgap measures designed to address a specific problem, such as electronic discovery. For example, most commercially available archive and electronic discovery solutions are not truly unified or end-to-end. And since enterprise business practices and IT requirements vary greatly; no one architectural approach is clearly superior to another. In addition, many existing systems and processes don’t scale well. Performance is too often less than optimal, taxing knowledge and legal discovery efforts with additional operational and litigation costs. See EDiscovery woes: Not all the Vendors Fault
For those companies struggling with existing implementations – particularly larger installations of more than 5,000 end-users – many new point solutions have come to market to alleviate known bottlenecks in legacy systems’ authentication, auto-declaration, classification, culling, de-duplication, indexing, mailbox management, and search shortcomings. At the same time, there is a fair amount of M&A activity with some high profile examples, including purchases of Stellent by Oracle and Interwoven by Autonomy following the examples of IBM with the FileNet acquisition and Documentum by EMC. Clearly these vendors and others, such as Microsoft with major improvements coming for Exchange 2010 and SharePoint, believe that more end-to-end integration of digital content management and archiving solutions along with offering buyers key functions such as enterprise search, indexing and deduplication will improve enterprise control over unstructured data.
However, how successful these major vendors, along with Symantec and OpenText, will be in terms of delivering the ease of implementation, functional integration, scalability and speed-to-discovery they promise remains to be seen. Certainly the sector’s history for assimilation and fusing of major components and/or point solutions has been less than stellar.
Complicating the picture for users is the plethora of hybrid solutions incorporating cloud computing and the number of outsourced and SaaS services, including technology titans Google and Dell and an ever-increasing number of Microsoft partners, that offer to manage pieces of the solution or the entire process. It is generally accepted that this outsourced, cloud enabled, SaaS solutions business represents 50% or more of the entire market, with more service providers and solutions entering the market every quarter.
Nonetheless, information management professionals responsible for driving the firms' IM strategy need to consider what business processes need to be re-engineered, what new policies and practices are needed to ensure the effective use of some of these new, integrated, enabling technologies and, of course, identify and resolve technology gaps.
Action item: The impact and costs associated with the growth of unstructured data requires focus on business process, information governance policy, enforcement practices, and enabling technology. Traditional practices of the records manager must be assessed and reshaped in light of the digital content revolution. CIOs or CIMOs (Chief Information MANAGEMENT Officers) will be well served by taking a holistic view of information management (IM); what has worked, what hasn’t, what’s new in unstructured data management, and what drives business investments in unstructured data management. Drivers to consider are security, privacy, compliance, discovery, server and storage sprawl, and other operational risks and how compliance requirements change the role of the CIO/CTO/Information Management professional.
The need to mitigate glaring exposures has caused organizations to act in haste, implementing information risk management (IRM) strategies that are technology-led, narrowly focused on emails and lack a comprehensive view of broader requirements.
Audits and studies within most organizations will clearly demonstrate to executive leadership that millions of electronic records are not being managed, exposing the organization to unnecessary risk. Pressure from legal, compliance, records management and business lines have created a sense of urgency among CIO's to address this problem. As such, a mandate will often trickle down from the top IT executive in the form of the following edict:
"We need to manage our electronic records and we need to do it now."
This perceived need to 'do something' will lead to a project that is defined, funded and kicked off with a firm 14 month schedule. The project will be heavily technology-laden with clear plans for infrastructure and applications (often wired based on legacy email or document management systems).
At the July 28 Peer Incite research meeting we heard four practitioners underscore that the starting point for an information management strategy should not be the technology implementation, rather CIO's need to develop an information and records management (IRM) strategy and roadmap before allocating funds for technology.
Specifically, CIO's need to appoint an information management head who will lead the formation of an electronic records roadmap that envisions managing different types of unstructured data (e.g. email, IM's, documents and other business records). The roadmap should articulate the following:
- Basic principles and objectives,
- A methodology to automate data classification,
- Records management policies and procedures.
- Educational materials (for communicating 'the why'),
- Training materials (for transferring knowledge of 'the how'),
- Auditing and compliance parameters and metrics,
- A lifecycle strategy/plan for continuous improvement.
CIO's need to recognize that maturity levels and requirements will differ between various divisions and departments, and as such the outcomes will likely be a set of system and user deliverables that are diverse but share a common set of fundamental capabilities.
Out of this sequence a technology strategy becomes apparent and implementations have a higher degree of meeting business expectations.
Action item: For the past five years, knee-jerk reactions to information risk have led to technology implementations that are built on fragile or non-existent IRM roadmaps. The result has been flawed technology implementations that don't adequately address fundamental risks. In order to reduce wasteful spend, lower organizational risk, and develop systems that scale, CIO's must initiate the development of clear IRM strategies as the starting point. This effort will provide a credible means of guiding subsequent technology investments and improve overall business value.
Footnotes: Contributions for this piece came from:
- Jennifer Winch - Pacific Gas & Electric Company
- Sam McCollum - Enmax
- Fareed Hosain - Standard Chartered Bank
- Michael "Mick" Talley - University Bank
Contributing Author: Sam McCollum
At the July 29 2009 Peer Incite meeting, four Wikibon information management practitioners (see footnotes for names and profiles) discussed the essential elements of creating and implementing a SIM plan. The objective of this framework is to assist other organizations to create their own SIM plans faster and more efficiently. This is a work in progress, so please contribute ideas, share experiences and improve this framework.
Understand business requirement for a strategic information management plan
The key requirements for a plan will:
- Mitigate risk;
- Ensure compliance;
- Ensure capture of official information;
- Improve search and retrieval of information;
- Effective policies for security and privacy;
- Facilitate information of retention and disposition;
- Combine with business process improvements.
One essential element of achieving board approval for a SIM plan is to understand and quantify the scope of the problem, potential business exposure, and the targeted paybacks (e.g., risk mitigation, process efficiency, infrastructure savings). For example, a $1B company with 2,500 employees could expect have more than 10 million unstructured documents. Key knowledge workers would be expecting to create 10,000 documents. These documents are unstructured but more importantly unclassified.
At an early stage there should be agreement within the organization from the CEO and board level on the size of the unclassified data problem and the risks of not taking action.
Establish key SIM drivers for each key department
Business drivers for improved strategic information and content management might include:
- Efficiency for those departments that deal with a high volume of data and have search, lost documents and mislaid document concerns; companies have estimated that up to 12% in time savings that can be re-directed to core activities;
- ISO or other external requirements for document management (e.g., safety/environment/engineering groups);
- E-discovery cost of search, retrieval, culling and presentation (e.g., from legal department)
- Litigation issues of authenticity (who wrote what and when) and integrity (audit trains to prove nothing has been changed);
- The need to classify electronic information for retention and disposition;
- The issues of conflicting reports using the same information but different sources (version control);
- The management and integration of email into the corporate repository using ECM software;
- The need to improve information flow processes – using a business analyst as part of the ECM process.
Every organization will have a different set of priorities and requirements. The advantages of this approach include:
- Better understanding of the user’s information flow needs;
- Identifying the information flow disconnects and resulting unintentional non-compliance with regulatory, legislative, and corporate policies;
- More effective management of cultural change and better opportunity for project marketing;
- Initial focus on education (the why) and save training (the how) for later on in the process.
Combining business process improvement with SIM
If the user departments experience business benefits at each stage of the SIM, resistance to change will be lowered and cooperation/compliance easier to achieve. For example, starting with physical records can be a good starting point with many departments.
- Develop a standard classification and retention schedule and implement it as the management tool for Less Active physical records.
- Obtain senior management approval and active support.
- Expand the same structure for active records, driven by user department demand.
Creating an information records management (IRM) infrastructure
After developing the business requirements for the key departments, the next step is the development of an IRM infrastructure to support policy, training, audit and compliance. This must be established before any specific vendor technologies are considered. Important artifacts include:
- IRM policy and procedures;
- Training tools,
- Effective audit function;
- “Zones” with different management/retention policies for different types of data,
- Levels of solution for different departments, commensurate with the scale, importance, and risk profile.
These must be integrated into existing structured and unstructured data creation environments (e.g., support for “Zones” in Exchange, Outlook, Office, SharePoint).
Selecting tools and technologies
The selection of tools and technologies should be the final step in the process. Investment should be the minimum to effect change. Key considerations in selecting tools and technologies include:
- At this moment there is no single solution available from a vendor that will meet all requirement; all current single solutions will be overkill in some areas and lacking in others.
- Integration of solutions, therefore, will be necessary: technologies and vendors that do not facilitate and “play nice” with other solutions should be avoided.
- Short-term solutions to fix critical business problems may be necessary; however, the cost of replacing the solution should be built into the business case and budget.
- Solutions can and should be different for different departments/LOBs.
- The ability to effectively classify data in line with policy must be included in every tool selected.
Integrating SIM practice back into the business
Strategic information management is similar to quality, in that the end objective is the full integration of SIM requirements back into all business processes, and that skill in information management is ubiquitous. The requirement for people in SIM roles declines to an audit function, and even that long-term should be subsumed into audit. However, this goal is likely to be a decade away from being generally achievable.
Action item: The establishment of a pragmatic strategic information management plan that is accepted and funded by the board is essential for all organizations. This should be justified by measuring the amount of the unclassified data within the organization and the expected and maximum risk this implies to the business. A time-line should be established for the reduction of unclassified data and reduction of risk. Meeting of these time-line objectives should be owned by the lines of business.
This framework was based on the contributions made on the July 29 2009 peer incite meeting from the following Wikibon professionals:
- Sam McCollum - Enmax
- Jennifer Winch - Pacific Gas & Electric Company
- Fareed Hosain - Standard Chartered Bank
- Michael "Mick" Talley - University Bank
With all the portal solutions and networks being utilized in healthcare today, the focus of the "Security & Privacy Sub WG" of the "Southeast Michigan Healthcare Information Exchange", (SEM/HIE) is to agree on how to share data and run applications across networks. "Data Sharing" is the essential problem. The majority of solution for HIEs has been to select a portal solution and since most of the hospitals in SE Michigan have a portal, the thought has been to determine the sense of building another portal? SE Michigan decided that this makes little sense and has accepted the thought of making the HIE a neutral site, with an SOA architecture and infrastructure to process multiple solutions from the front end, (credential presentation in digitized form.) to the back end. (involving the claim and payment process.)
This model of an electronic, web-enabled transaction cuts across networks, domains, silos and multiple vendors providing services and represent the business associate, trading partners, and suppliers of the healthcare services industry. Common data and services are at the center of current discussions, a departure from current infrastructure which reflects the fragmented and diverse nature of healthcare and highlights the need to understand the business process models of the healthcare industry and the multiple data formats and messaging systems at different transaction points. The model illustrates that to provide for interoperability, which is the first step to integration, there is no one vendor, one solution and one outcome which can provide for completing the electronic transaction from end to end. The level of understanding, skill and deployment of such an extensive set of solutions overwhelms the capabilities of most vendors or "lead contractors".
Thus the view of "SEM/HIE" is that since security & privacy is an important "pre-condition" and no longer something to "be added later", a more collaborative environment, involving the stakeholders and participants representing the public and private sectors should be encouraged and in particular, the business level people should be engaged with the technical staff people of each of the stakeholders to determine an initial set of deployable policies that are agreed upon, articulated, understood and enforced, with sanctions, within an overall governance framework.
Action item: Technical solutions are available to begin this task and should be tested in an accepted venue, of policy agreement, before deployment in a collaborative setting, and the recognition that no one vendor, one solution and one outcome shall cover the end to end nature in the healthcare transaction, should be established and noted.
As buyers of so called “end-to-end” or “unified” information management (IM) solutions have found out, no single answer to the growing problem of data management exists, particularly when it comes to unstructured data. One need only look at the M&A activity of the largest players in the space (see Information Management meets Compliance) to understand that holistic unstructured data management (UDM) encompasses more than just email archiving, content or records management and storage systems.
At the July 28 Peer Incite research meeting we received confirmation from four practitioners, working in three highly regulated industries; Energy, Finance and Healthcare of the fact that defining IM business processes and technology integration are their biggest IM challenges.
The vast majority of IM implementations are “reactive”. The most common scenarios include the high cost of managing (including conversion from paper to electronic) or storing unstructured data, running out of floor space or power in the data center, reacting to impending litigation activities or mitigation of compliance and regulatory risk. One practitioner described this process as “bringing in a tool to solve a problem before you have truly defined the problem.” This problem definition process starts with articulating the policies, procedures and workflow around managing unstructured data types including emails and other forms of messaging, documents, images, web content and their associated metadata.
This reactive mode is fueled by technology vendors – aided and abetted by short-sighted service providers, regulators and buyers – who promise relief from costly litigation, data center sprawl and the inability to “discover” data assets and liabilities. In reality, there are no holistic end-to-end IM solutions to solve the UDM problem, only a collection of point solutions that either the customer or solutions provider has to integrate. And if you believe, as our panelists and nearly all the industry pundits do, that we are only seeing the tip of the UDM iceberg as unstructured electronically stored information (U-ESI) growth has truly reached exponential proportions, the problem only gets more complex
Therefore, the following steps are highly recommended before implementing any departmental or enterprise wide IM technology solution:
- Create an IM office chaired by a chief information management officer-like (CIMO) individual who has responsibility for the firm's overall IM vision and strategy. This group should have senior level departmental representation from audit, compliance, finance, IT, legal, operations, records management, and security.
- Develop your strategic IM plan to include high impact areas such as lowering costs and risks in eDiscovery, content management, knowledge and data mining, and IM infrastructure areas as well as looking for potential synergies with other departments or workflows to improve return on investment (ROI).
- Create polices that are reasonable and enforceable, and implement ongoing end-user training that emphasizes their responsibility as employees for the creation and disposition of content and the implementation of best practices.
- Map and document major procedures and processes to enhance both the employees and service providers’ view of your workflow. Many solutions fail at this stage when customers don’t take the time to understand what their goals and workflows are prior to implementation. It’s not always the vendor’s fault.
Once these steps are taken and potential high ROI impact areas are identified:
- Create your ROI and total cost of ownership (TCO) scenarios. Our panel strongly recommends using outside consultants to provide objective input free, hopefully, of political baggage or product bias to develop your unique IM profile.
- Develop your RFIs, RFQs, RFPs with specific business goals in mind. Remain cognizant that a piece-meal approach is necessary rather than a “boiling the ocean approach” However, look for solutions that have potential synergies from both a multi-departmental or enterprise perspective or a functionality perspective.
If you choose to get help from vendors in the RFP process, don’t rely on just one or two as, our panel points out, vendors tend to be less strategic in their thinking and, naturally, more focused on selling existing products.
Attributes to look for specific to Information Management solutions include:
- Interoperability or “openness” with your existing infrastructure - regardless of whether or not you choose an in-house, hosted or hybrid solution.
- A policy engine flexible enough to work with existing applications or enhance their functionality;
- Service based architecture that enables information sharing, and an ILM end-to-end view, personalized for many constituents across the enterprise;
- High performance, scalability and recoverability;
- Security, privacy, and authentication capabilities;
- Discoverability – ease and speed of searching, indexing and classifying data;
- Ease of Data Movement.
While this is by no means a comprehensive list of to-dos or in-depth descriptions of functionality sets, it is nevertheless the rule that most companies do not plan properly or anticipate fully the impact of unstructured data on their business or technology infrastructure.
Action item: Each enterprise needs a proactive integration approach comprised of a phased delivery of IT assets based on a well-thought-out, strategic, business-driven plan, informed by the realization that certain functions or capabilities will have to be added at later dates and that no single vendor is able to solve the entire information management or unstructured data management problem. IM executives responsible for their company’s overall data management strategy need to train their colleagues and focus on departmental or application integration opportunities to leverage existing IM assets such as archiving and ECM implementations where policies, procedures, processes or application functionality may intersect.
At the July 28th Peer Incite research meeting Prevent Unstructured Data from Fueling Business Risk we heard four practitioners across three global industries (energy, finance and healthcare), talk about the importance of organizational priorities and actions in information management, specifically priorities directed toward the tremendous growth in unstructured data. We heard the call for CIO's to develop an information and records management (IRM) strategy and roadmap to lead and inform technology decision making, and to look for opportunities and options to leverage information management toward revenue growth and margin improvements as they modernize business processes and integrate emerging technologies.
Over the last 5 years however, information management has been in reactive mode, responding to gaps in the environment exposed by legal or regulatory imperatives. These reactions have fueled both the retrofit of existing processes for classifying information for example (e.g., folder based classifications) and the acquisition of new point solutions to ease the pain of electronic discovery. In essence, organizations responded to the email smoking gun, and as a result have short-cut a true opportunity - an end-to-end assessment and strategy around the risks, costs, and requirements for effective information management across the complete cycle, from creation to final disposition.
What has been missing is proactive, strategic thinking about the unstructured data challenge, for the enterprise, the LOB, and SME. Information management is no longer only about messaging and storage (see Information Management Defined). Management needs to realize the degree to which unstructured data is permeating the organization, and assess the value and risks to improved customer service and competitive position, business productivity, and bottom line margins. The business challenge is to bring this chaos under control and ensure that all data is known, declared, and classified at source and managed to maximize value and minimize risk. Sustainable information management has to become part of the DNA of the organization and like quality imbedded in every business process.
Get the Answers
To start with, the assessment should be multi-phased and include:
- A definition of an all-in TCO for unstructured data.
- The identification of risks to the enterprise, including unrecognized value and lack of transparency, potential for fraud, and unsustainable integration costs.
- The generation of a current and baseline end-state information management automation, including standard terms and definitions from which to establish a management dialogue.
- Development of functionality sets and features for each business process component necessary for the creation, use, distribution, storage, access, security, privacy, maintenance, retention, and disposal of information (see Functionality Set for Managing Unstructured Data Across the Enterprise).
- A critical review of information management policy and governance capabilities. (Developing policies is the easy part; implementing policies that can be effectively managed and monitored is more difficult.)
- Identification of gaps in existing internal business and control processes, organizational resources, and technical platforms (see Information Management Wikitips).
Action item: Executive management need to ask and records and IT management need to be able to answer the following four questions about unstructured data and records:
- How many "undeclared or unclassified" records are being created and how much is it costing to maintain them over the next decade?
- What is the business exposure to the organization now and over the next decade?
- What opportunity costs do we incure due to the amount of undeclared or unclassified data?
- How do I create a company where documents and records are properly tied to a business purpose, classified and managed?
With these answers, business and IT leaders will more clearly understand the costs and risks to maintaining the current state of unmanaged data, justify the need to build compliance and governance capabilities into information or records management program, and establish a clear picture of end-user requirements for process, automation, and infrastructure improvement opportunities.
Despite the best efforts of business and technology users and their information management (IM) vendors and service providers to collaborate on needed functions and features for managing unstructured data, these efforts still fall short of the mark. While much of the responsibility rests squarely on a mostly “reactive” user community's failure to properly plan for IM technology roll-outs, the vendor and service provider community hasn’t done enough to support users by gaining a deeper understanding end-to-end requirements and bringing better integrated, mature solutions to the market. The EDRM model is just one example of an industry collaboration that could benefit from a more complete view of end-user requirements.
This conclusion was borne out at the July 28 Peer Incite research meeting where Wikibon members, including four practitioners working in three highly regulated industries, energy, finance, and healthcare, discussed the primary barriers to implementing successful IM related initiatives.
The key findings of the Peer Incite regarding vendors are:
- IM vendors tend to look at a specific problem/solution, such as deduplication or mailbox management, and sell their point product, rather than looking at the whole picture.
- This is a complex area, and products don’t address all aspects of the problem appropriately. Vendors need to work together to solve problems holistically, as no one vendor has all of the answers.
- Vendors need to involve users from multiple parts of customer organizations in product design.
- A permanent public / private collaborative is needed to meet the threat matrices and risks.
- Diverse stakeholders need to work together to test new methodologies prior to investing. Vendors need to drive this, pay for it and advance the initiative.
- Vendors need to involve users in customer advisory boards.
The predominant user view is that the largest players in the space are more focused on M&A activity (See Information Management meets Compliance) than gaining a deeper understanding of unstructured data management (UDM) requirements. Users are also firmly convinced that vendors have less incentive to understand their requirements and are more focused on selling what they have now. While everybody understands that vendors need sales to fund product upgrades, the user community is anticipating more mature, better integrated products and, so far, vendor behavior is not giving them much hope for the immediate future.
Action item: Vendors need to engage users more in the development of their strategic technology roadmaps and become more involved with a diverse group of users representing audit, compliance, finance, legal, records management and technology in order to see beyond their existing view. M&A activity and partnership agreements alone will not solve the IM solution integration problem. Therefore, vendors need to seek opportunities to work with complimentary technology and service partners - and competitors as well - in a public/private collaborative forum which steps up the dialogue with users and moves the IM solutions landscape more quickly towards a useful set of in-depth use-cases and requirements. This, users may hope, will lead to improved standards and a maturing of the IM solutions set for managing unstructured data.
Poor retention policies and unabated data duplication has created a mountain of risk and cost-ridden data - a great opportunity for GRS (getting rid of stuff). Desktop drives, network file systems, pst files, Sharepoint folders, and other end-user oriented storage locations are all good places to start (for other tips, see Information Management Professional Alerts).
A Change in Thinking
At the same time, end-users should get rid of the notion that a single vendor solution can satisfy all unstructured data management requirements across the enterprise. Business needs to accept the idea that different departments (in the same company) are at different levels of maturity that require different investment levels for policy, process, and automation improvement.
Enterprise Architecture of Information Management
Business managers should look at solutions from a business architecture perspective; identity a complete set of requirements; “gap” these requirements against your current environment, and look for needed solutions that support open standards to help guard against high integration costs. Also, plan to phase-in functionality given that business units will be at different maturity levels relative to automation and records management. Establish basic requirements that all can meet (e.g., a corporate folder structure) and scale up from that (e.g., to a full document management system and then ultimately an information management system).
By following this evolution, organizations will be able identify needed functionality, automate those processes that are largely manual today (information classification and policy enforcement) and defensibly delete data that should not be hanging around.
Action item: Organizations should initiate an information management GRS strategy across the enterprise. Key to this strategy is developing retention policies and automating data classification at the point of creation and use. This will allow organizations to take a full life cycle approach to information management and defensibly get rid of data that does not need to be retained.