Originating Author: David Floyer
Two different technology sets are required to mitigate risk:
- Compliance risk (leading usually to fines, but for some regulated industries potentially leading to shutdown) requires ensuring that all relevant emails are collected in an archive. Archive management must be able to prove to stakeholders and a court of law that the archive is complete and immutable, and that they have implemented reasonable fully documented procedures for managing the archive that have been scrupulously followed.
- Litigation and accountability risk which require technologies to analyze the archive, identify, and mitigate risk.
The two technologies are completely different. Establishing the basic archive infrastructure requires more attention to process than technology, and will not be refreshed very often (maybe every 15 to 20 years). It must be able to allow retrieval of emails within a reasonable time (usually 48 hours), and must allow simple and complete export of archive data to technologies that will analyze the data. The technologies will be similar across most industries. Outsourcing will common.
The technologies that analyze, identify and mitigate risk will change often and radically as the arms race between aggressive councils and defendants plays out. The technologies will be different for different industries and departments. Word filters, communication maps, contextual searches, inference machines and other technologies will come and go, and use the archive and other structured and unstructured data sources.
Action item: Separate the technologies and the teams that manage them. Like oil and water, avoid mixing.
Action Item:
Footnotes: