Current Affairs

June 22, 2010

Sécurité des systèmes d'information

Le CLUSIF a publié la semaine dernière son rapport biennal quant aux entreprises et à la sécurisation de leur système d'information.
S'appuyant sur les réponses de 350 sociétés de plus de 200 salariés, et sur l'analyse des 11 thèmes de la norme ISO 27002 (relative à la sécurité des SI), ce rapport souligne les failles actuelles ainsi que les améliorations mises en œuvre par les entreprises.

Restons optimistes

Nous retiendrons que les entreprises, reconnaissant leur dépendance vis à vis de informatique, sont de plus en plus nombreuses (73%, soit +14% par rapport à 2008)à formaliser leur politique en la matière (67 % confirment l'existence d'une charte Sécurité SI, + 17 % par rapport à 2008.

Une évolution qui s'explique sans doute par l'implication de plus en plus forte de la direction générale dans la politique de sécurité IT de l'entreprise. "La politique de sécurité de l'information des entreprises est massivement soutenue par la direction générale, qui a contribué pour plus de la moitié à son élaboration", constate le CLUSIF.

Il est également intéressant de relever que chez 47% des répondants, la fonction RSSI (responsable de la sécurité du système d'information) existe même si ces responsables sont un peu isolés dans l'entreprise.

Cette fonction est plus souvent liée à la DSI (36%) ainsi qu'à la direction générale (34%). Un second rattachement qui s'inscrit néanmoins en recul comparé à 2008 (45%).
Pour le CLUSIF, "ceci peut s'expliquer par l'arrivée plus nombreuse de RSSI au sein d'entreprises de tailles moyennes ayant un niveau de maturité en sécurité IT encore faible".

Des budgets épargnés

Les budgets restent très serrés, mais par rapport à 2008, la sécurité apparaît comme  une catégorie de dépenses plutôt épargnée.
Poutant le CLUSIF constate des disparités selon les secteurs d'activité. "61% des entreprises du secteur BTP et 43% des Transport et Télécoms ont augmenté leur budget en 2010 parfois de manière très importante : 15% des entreprises du BTP ont noté une augmentation de plus de 10% de leur budget"

Peut mieux faire

Le CLUSIF a ajouté dans son enquête le thème ISO 27002 numéro 9 (sécurité physique), et les résultats montrent pour 41% des entreprises, le responsable des « données papier » n’est pas clairement identifié.

33% (-7% vs 2008) des entreprises ne disposent toujours pas d’un plan de continuité d’activité pour traiter les crises majeures !…
Enfin, les aspects « conformité », pour lesquels des progrès restent à faire, au travers :

  • des « obligations CNIL » : en légère progression (68% « conforment », 20% « conforment pour leurs traitements sensibles », respectivement +4% et +1% vs 2008),
  • des audits de sécurité : 25% des entreprises n’en font toujours pas !…,
  • du tableau de bord de la sécurité informatique : 34% seulement en dispose (malgré les +11%).

A noter également, le sentiment de danger concernant la protection de la vie privée qui augmente (73% « mise en danger de la vie privée - fortement ou un peu », vs 60% en 2008).

Téléchargez l'intégralité des présentations faites par le CLUSIF autour du rapport 2010 sur les Menaces Informatiques et Pratiques de Sécurité en France.


Posted by Claude Super at 02:30 AM in Archiving solution, Current Affairs, Datacenter Solutions, French language, Information Governance, Management and Administration, Ouput Management, Records Management, Web/Tech | | Comments (0) | TrackBack (0)

May 07, 2010

Thoughts from IBM Impact 2010

I just got back from the IBM Impact conference in Las Vegas. I really didn’t know what to expect as this was my first time attending Impact. IBM invited me to present on information governance and explain how companies can better manage their risk around corporate information. Before departing to Las Vegas, I reached out to my network to learn this conference was primarily a technical conference. Historically, this conference may have focused on technology however it seems that IBM has done a great job introducing business topics to this event. 

During the conference, I heard great customer case studies about cloud computing, service oriented architecture, and business process management. I learned that the mainframe is not going anywhere anytime soon and how cloud computing is for real. I have to say the theme on Wednesday was my favorite – technology changing as fast as the business changes. We are all aware business strategies are forced to change in this economic climate and how quickly IT reacts will make or break an organization.  

However, companies also need to respond to external conditions such as new regulations and laws as well as litigation and competitive threats. Impact_2010_2 I was somewhat surprised there were limited conversations about the impact legal and compliance have on technology deployments and business processes. I certainly understand this may not be the primary audience for this type of discussion – but there is a very strong connection.

Enterprise systems exist to manage processes, line of business applications, and corporate information. There are hundreds, if not thousands, of different laws and regulations for managing corporate information. Exactly how does a company:

1) Capture these laws and regulations?

2) Understand the impact these regulations have on the business and IT organization?

3) Map the laws and regulations to their corporate information repositories?

4) Enforce the laws and regulations across the enterprise complex infrastructure?

This is where information governance comes in and why I attended Impact 2010. Information governance is an accountability program to enforce desirable behavior in the creation, use, archiving, and deletion of corporate information. Information governance enables companies to not only align IT with business – but also with the other corporate functions such as legal, finance, compliance, and records management.

An information retention schedule sets out the periods for which an organization’s corporate records should be retained to meet its operational and business needs and to comply with legal and other requirements. The retention schedule is just one component of information governance that protects the interests of the company and its stakeholders.

After my session and throughout the conference, I had fruitful discussions around the challenges of getting all the stakeholders (IT, business, compliance, and legal) on the same page to create the retention schedule. It’s quite difficult and there is no silver bullet. At the end of the day, each function needs to recognize the benefits of deploying an information governance framework and each function will need to give in order to receive.

The question I leave you with:

What if technology can change as fast as your information retention schedule?

See you next year in Las Vegas.

Posted by Tamir Sigal at 10:33 AM in Current Affairs, English language, Information Governance, Records Management, Web/Tech, Weblogs | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , ,

April 23, 2010

Review of AIIM 2010

I first attended AIIM back in 1997. Over the last few years, the AIIM conference managed to keep its momentum despite the consolidation of ECM vendors and tight travel budgets. This year’s AIIM conference seemed to be very busy as the expo hall was constantly crowded and some of the sessions were packed.  Here is my summary of AIIM 2010 – or should I say the unofficial SharePoint user conference.

SharePoint is Everywhere

Microsoft didn’t have a booth at AIIM in 1997. They only recently started to get involved with AIIM with the development and adoption of SharePoint 2007. In 2008, Microsoft claimed over a billion dollars in SharePoint sales. According to a recent Gartner survey, 50% of all organizations (large and small) have piloted or deployed SharePoint as a key element of their overall information infrastructures. During AIIM, I had the opportunity to see SharePoint 2010. Kudos to Microsoft. They enhanced the (much needed) search facilities, revamped the user interface, delivered basic records management capabilities, and with promised better scalability. I am now telling everyone “SharePoint 2010 was MY idea.” I counted over 20 different vendors offering a huge variety of services and products around SharePoint. There was even a dedicated SharePoint pavilion for partners, integrators and complementary technologies. I saw great demos from KnowledgeLake and NteliPath on imaging services for SharePoint. NextPage seems to have a unique information governance solution for SharePoint.

eDiscovery Pavilion

The concept of eDiscovery really didn’t exist at AIIM 1997. However, with the introduction of FRCP and the high costs associated with litigation, eDiscovery is becoming a hot topic within corporation. With AIIM being an “information management” association, it absolutely makes sense to discuss eDiscovery. However the current challenge for corporations with eDiscovery is getting alignment between IT, business, and legal. Furthermore, most of the discussions around eDiscovery have been limited to email archiving, reactive products (i.e. let’s search our 500 servers), and the consulting services to assist with eDiscovery. I didn’t hear many people at AIIM really talk about being proactive and what it takes to be litigation ready. There is a very well known case study by DuPont detailing the costs when companies do not have an information governance solution for eDiscovery readiness. The case study concluded over 39 million documents were reviewed during litigation that were past their retention period which cost in $12 million. Most of the ECM vendors at AIIM already have some type of message around eDiscovery (but did not really promote it) or will make one up before next year’s AIIM. For AIIM 2011, I predict there will be many more vendors in the eDiscovery pavilion.

Records, Records wherefore art thou Records?

At AIIM 1997, everyone (including me) was talking about efficient ways of keeping all the content in your business just in case someone may need it in the future. I agree with Barclay Blair that for most organizations keeping everything forever is not a viable option. I have said this before and know it’s not that simple to implement. When talking with customers, the biggest obstacle is to have agreement between all the stakeholders on exactly what needs to be kept and for how long. This conversation is not an hour long discussion and it’s no longer an IT or business decision. It involves legal, compliance, data security and finance. It also includes a proactive program which incorporates all the components of the lifecycle of the content – not just retention and disposal (data privacy, regulations, storage platforms, metadata). I discussed the difference between information governance and records management before and Greg Clark also wrote a good article on this topic.

Summary

AIIM 2010 was an excellent event for me. I was able to connect with customers, chat with partners, bump into old colleagues, and meet new people in this fascinating industry. At the end of the day, the main principal of AIIM hasn’t really changed since 1997. It’s all about companies using technology to efficiently better manage their number one asset – information. See you next year in Washington, DC.

Posted by Tamir Sigal at 07:38 AM in Current Affairs, English language, Information Governance, Weblogs | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , ,

April 15, 2010

Importance of PCI Compliance

Last week, I was finalizing my information governance presentation for the upcoming IBM Impact 2010 conference. I have this excellent slide that shows the relationship of the entire content lifecycle with the different stakeholders in the organization – Privacy Officer, Security Officer, legal counsel, and of course IT. When I usually present this slide I give specific examples related to HIPPA, Sarbanes Oxley, and DOD 5015.2. One example I sometimes leave out is the Payment Card Industry Data Security Standard (PCI DSS).

PCI applies to all organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. A simpler way of saying this – if any customer of that organization ever pays the merchant directly using a credit card or even with a debit card, then the PCI DSS requirements apply.

PCI is designed to prevent hackers and criminals for targeting credit card theft and its subsequent fraudulent use of customer data. The intent of PCI is to make it much harder to obtain credit cardholder data due to the more robust and standardized approach to data security. Unfortunately, as I have seen, many companies are still struggling to demonstrate PCI compliance. The costs and effort associated with meeting PCI requirements can sometimes be daunting. However, so can the fines. Fines can amount from $5,000 to $100,000 per month for PCI compliance violations. How about brand reputation and stock price?

Some of the requirements for PCI include building and preserving a secure network while maintaining a vulnerability management program. Also included is to implement strong access control which includes protecting and encrypting cardholder data. This includes new data being generated as well as content stored for years and years.

The PCI Security Standard Council published a new version (1.2) of the PCI DSS in October 1st 2008, which includes 12 major requirements. The Lifecycle Process for changes to PCI DSS is currently in stage 3; stage 5 is expected to end by September 30th 2010 with the publication of a new version. 

When defining and planning a PCI program scope, one of the first action items is to know what is in and what is out of scope - including systems, content repositories, storage platforms, networks, people, and processes. As I have said many times before, measure your risk but don't ignore it.

Posted by Tamir Sigal at 05:30 PM in Archiving solution, Current Affairs, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , ,

March 15, 2010

Records and Data Privacy – Should You Be Worried?

During the last few months, we heard of several high profile stories about data theft and privacy issues. While most of the recent cases we hear about involve banks or financial services – this can occur in any industry. For example, the BBC just reported the medical records of 2,000 patients were lost at Haywood Hospital. The records are of 2,000 patients who had physiotherapy at Haywood Hospital in 2006 and have since been discharged and may have been destroyed in error, under what it calls "confidential conditions".

This is just one of the reasons why information governance is a top priority at most of organizations worldwide. An information governance program allows companies to implement the correct security controls, data privacy rules, proper encryption methodologies and audit facilities.

Security controls – Who needs access to what? What should the user be allowed to do once they have access to the information (i.e. download or print)? How is the security being enforced across all the information silos? Safe

Data privacy rules – The legal protection of the right to privacy in general - and of data privacy in particular - varies greatly around the world. Who in your organization is monitoring these laws? How are these laws being implemented and enforced in your records management and electronic content management system? Does any information in the document (such as social security number) need to be redacted?

Encryption methodologies – There are dozens of different encryption methods and programs available. I am not an expert on encryption but do know some are good, some are not. What’s important is that when information gets archived, your organization utilizes the proper encryption tool so if data does leak out, it’s unreadable.      

Audit facilities – Most applications create an audit trail. Often times, these audit trails do not get analyzed or shared with the compliance team or auditors. Companies must keep track of who, what, when, where, and how.  Who accessed what?  When did they access it?  Where did they access it from? How did they access it (internal application versus CRM system)?

Bottom line, information within the organization must be treated as an asset but also as a liability. So the next time you open a bank account and provide a significant amount of personal data to a total stranger – just hope they have a well defined information governance program in place.

{picture courtesy of rpongsaj from Flickr}

Posted by Tamir Sigal at 06:42 AM in Current Affairs, Datacenter Solutions, English language, Enterprise Archiving and Retrieval, Records Management, Weblogs | | Comments (1) | TrackBack (0)

Technorati Tags: , , , , , , , , ,

March 02, 2010

RSD Announces New YouTube Channel

A few years back, my friend sent me a rare video of Bruce Springsteen performing Rosalita in a small New Jersey club. He then challenged me to type anything into the search box to get immediate results. I was instantly hooked (and so were you) – spending countless hours looking for rare performances and watching some of the funniest videos from around the world. 

In the last 18 months, companies started using YouTube as a communication channel. RSD is pleased to announce a new channel on YouTube. The channel will be used to share industry trends, best practices, customer case studies, executive interviews, and exciting product news. We hope you enjoy the channel and welcome comments and feedback. 

Hurry up – get some popcorn and start watching!

 






 

Posted by Tamir Sigal at 06:58 AM in Current Affairs, English language, Web/Tech | | Comments (0) | TrackBack (0)

February 05, 2010

Summary of LegalTech 2010 – Are You Ready for Litigation?

As I walked into the Hilton on Sixth Avenue, I knew this conference was going to be good. The liveliness was present a few blocks away as some protesters were objecting the “pay by gigabyte” model for eDiscovery services.  After spending $4 to check my coat (thanks Hilton!), I walked into the expo hall and began my journey into LegalTech 2010.

First and foremost, I was amazed how many vendors offered eDiscovery solutions. Thanks to FRCP Rule 26(a), all electronic stored information (ESI) is admissible in courts. Many vendors have jumped on the bandwagon with the promise of helping litigation teams find the smoking gun. Most of the vendors I talked to at the conference blurred the lines between software and services. At one point, I was looking for the exhibitor who had the sign “me too”. This is clearly a market primed for consolidation (mergers, acquisitions, fall out).

I was able to learn about new technologies such as Nexidia who have this unique indexing facility to search audio files (without transcription). Redact-It from Informative Graphics has a comprehensive redaction facility to address data privacy requirements (for example, hide social security numbers from documents). There were only a couple of vendors who touted information governance – which was not a surprise.

Most of the vendors on the market look at eDiscovery as a reactive processes – sending in a SWAT team in the middle of the night to search servers. The high costs of litigation are now forcing companies to bring eDiscovery tools and the process in-house. However, companies need to look at the bigger picture.

Organizations need to be proactive and prepared for litigation – otherwise stiff penalties will ensue along with uncontrolled costs. CourtroomGavelHistorically, records management and legal discovery were managed as two distinct domains. Moving forward, these two disciplines are coming together since they are both fighting to solve the same issue – the explosion of ESI and being prepared for litigation. 

It’s pretty simple – saving everything forever is not a sustainable solution. Corporations require a mechanism to policy-manage information and to align it to the correct levels of accessibility, protection, and retention.  This includes structured and unstructured content stored in disparate silos (i.e. ECM repositories, SharePoint, data warehouses, databases). Companies need to look for proven solutions to proactively manage information lifecycle while providing secure access to support eDiscovery.

Here’s the problem.  Being proactive costs money – and it costs money today! This is a time when budgets have been trimmed, resources are constrained, projects are being managed under a microscope, and priorities are constantly being scrutinized. I have heard people compare information governance to a number of things:

Dental hygieneJake Frazier, a Compliance and eDiscovery Attorney for EMC, used the analogy that if eDiscovery is the root canal, information governance is the brushing and flossing. If a corporation performs diligent maintenance of its information, there is much less content that has to be processed through eDiscovery.

Insurance policy – You pay your insurance premiums just in case something happens. You can’t decide to buy auto insurance after you get into a car accident. The same holds true with information governance and eDiscovery. Implementing an information governance program after you have a multimillion dollar lawsuit detailed in the Wall Street Journal will only help your next potential litigation.

These are great analogies. I personally like to compare the cost of information governance and eDiscovery to credit cards. If you pay now to have an information governance program, you will be better prepared and will pay less when eDiscovery happens. If you don’t have information governance, when a lawsuit occurs you will pay more for eDiscovery.

So, pay now or pay later. Regardless, you will pay.

Posted by Tamir Sigal at 09:45 AM in Current Affairs, English language, Information Governance, Records Management | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , ,

January 25, 2010

Review of Lotusphere 2010

Last week, I was very fortunate to attend Lotusphere in Orlando – and it was not just because of the weather.  For starters, this was my first official Lotus event and I was looking forward to being part of a recognized high-quality event.  Swandolphin2 It also presented me with a golden opportunity to learn about innovative solutions, network with fellow peers, and discover new trends.  So for what it’s worth, here is my review.

E-mail archiving is everywhere

There were at least ten different vendors at the event offering e-mail archiving.  I am not surprised since e-mail has captured the attention of the media, executive management, U.S governmentindustry analysts, and IT surveys.  I managed to speak to most of these vendors and tried to identify the differences between the various offerings.  It all came down to user interface, references and scalability.  IONET Software (all the way from New Zealand who flew 27 hours for the event) had a neat simple user interface, Extracomm from the Toronto area seemed to have a solid reference base, and Symantec claimed scalability (measured in number of mailboxes).      

The perfect storm – it’s not just about e-mail

One of the reasons executive management takes e-mail archiving to heart is the challenge of eDiscovery.  As I indicated last month, when it comes to eDiscovery readiness there is much more than e-mail.  It’s about anything stored electronically – statements, transaction reports, documents, letters, databases, audio/video files, images, etc.  It is not me saying this…read Rule 26(a) to the Federal Rules of Civil Procedures (FRCP).

Most of the vendors at Lotusphere who touted eDiscovery used it only in the context of e-mail.  A couple of vendors went beyond e-mail including EMC (thanks to their acquisition of Kazeon).  This will change at next year’s Lotusphere.

Quickr is taking off

We all like (or pretend to like) collaboration – wikis, blogs, social media, file sharing, documents, etc.  Lotus Quickr seems to be a pretty good team collaboration suite for helping users share content.  On the surface, it looks very competitive to Microsoft’s SharePoint.  In 2010, it will be interesting to see if Quickr takes market share away from SharePoint and if companies will really migrate their documents to the Quickr platform.

Just like with any collaboration suite, companies will need to address the challenges around lifecycle management, scalability, and integrating with other corporate content buried in enterprise content management (ECM), records management (RM) and information archiving suites.  Alfresco made an announcement at the event to address some of these challenges and Infosys seemed to have an innovative solution to bridge the gap between Quickr and ECM systems.  For a nominal fee, IBM should be able to address some of these challenges as well.

I will make sure my next year’s budget includes a trip to Lotusphere.  In the meantime, please let me know what you thought of Lotusphere 2010.

Posted by Tamir Sigal at 04:57 AM in Current Affairs, English language | | Comments (3) | TrackBack (0)

Technorati Tags: , , , , , , , ,

January 07, 2010

Information Management: Ten Things You Should NOT Do In 2010

Happy New Year.  So, we are almost into our second week of 2010 and I am enjoying all the 2010 predictions, resolutions, recommendations, and the ultimate “to do” lists.  In 2010, I am looking forward to continuing my conversations with current and future customers as well as industry pundits regarding the challenge of managing the explosion of information – in formats and volume. 

So instead of another list of predictions or telling you what to do this year, here is what you should not to do in 2010: 

Do not ignore the risk – Controlling risk is fundamental to conducting business and managing information.  Every e-mail we write, document we create, correspondence we send, and voice mail we leave can eventually become a record in a legal case and (ultimately) cost the company a substantial amount of money.  It’s simply impossible to ignore this risk – regardless of organization size, industry, or geographic location.  Measure it, don’t ignore it.    

Do not discount the information governance hype – Sure this is easy for me to say because I am playing my part in creating this hype – but the excitement around information governance is becoming a reality.  Information governance provides a comprehensive framework to manage risk (and pain) related to compliance with laws and regulations regarding the creation, retention and disposition of business records.  As you are reading this, companies are forming committees, budgets, and detailed road maps around information governance.  

Do not complicate retention policies – Keeping everything forever doesn’t seem to work and deleting everything is certainly not an option, so the sensible solution is to define retention policies and hope they get enforced across all applications.   It scares me when I hear a company has thousands of distinct retention policies.  Control the amount of “retention buckets” you have and focus your efforts on ensuring they are centrally managed and enforced. 

Do not rely on search alone I cringe when I hear people consider search engines as a solution to solve their information management challenges.  Search is certainly one piece of the puzzle, but it’s only a portion of the solution.  What about policy enforcement, Web presentment, data privacy, workflow, collaboration, legal hold, lifecycle management, etc, etc, etc. 

Do not copy the competition – It’s a small world.  Chances are you know someone (who knows someone) among your top competitors.   We all follow each other, hear (and sometimes spread) rumors about each other, and simply go along with what the competitor does.  Although this strategy may work in certain cases, this will not work when undertaking information governance.  The high level goals are the same but each company is unique with different short- and long-term objectives. 

Do not bypass management – I hate to be the messenger, but information governance requires complete support from executive management since it spans across all facets of the organization and the entire IT infrastructure.  In fact, most information governance projects are initiated using the “top down” approach. 

Do not be a sole hero – We all want to be heroes but I guarantee it won’t work in this case.  Computer-woman In fact, the only way to be successful is to build a solid partnership between the business, technical and legal functions.  So, bring lots of donuts to meetings and listen to each other.  The decisions you make as a team regarding business processes, retention policies, security rules, data standards, and regulations will be critical.    

Do not forget about the operational content – In the last couple of years, companies primarily focused on unstructured documents (i.e. MSFT Office) and e-mail.  However, this is only a portion of the information in the enterprise.  What about the ERP/CRM reports, transaction statements, and images?

Do not neglect end-users requirements – Often times, end-users are ignored or pushed to the side.  In 2010, do not neglect requirements from business units and end-users.  They will appreciate being included and so will management. 

Do not buy without trying it first – Before you sign the purchase order, deploy a proof of concept.  I personally like to see things working before making a commitment.  While the solution may sound wonderful on paper (trust me, it always does) – the proof is in the pudding.

Posted by Tamir Sigal at 04:48 AM in Archiving solution, Current Affairs, English language, Information Governance, Records Management | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , ,

December 21, 2009

It’s 10pm, Do You Know Where your e-mail is?

The Bush White House e-mail controversy which surfaced in 2007 has been stealing the news these past few days.  In case you didn’t hear, the Executive Office of the President agreed to restore 94 days of missing e-mails from 2003-2005.  The previous administration failed to recover over 20 million missing e-mails which will now be transferred to the National Archives for preservation and eventual release.

Regardless of your political views, I think this recent change of events is newsworthy, timely, and all too familiar.  It seems every time we turn the page in the Wall Street Journal, we hear about vicious lawsuits with astonishing facts and supporting documentation.   Most of the evidence focuses around e-mail and associated attachments – and no wonder – according to a recent survey from IDG Research, 62% percent of executives rate eDiscovery a top driver for email management strategies.

However, there is a lot more to litigation readiness than emails and attachments – but that’s a different story for a different day.

So when I hear the White House knowingly continued to use a broken system for preserving electronic records, I often wonder how many companies out there are in the same boat.  Companies who know they have a problem but are either ignoring it, wishing it will all go away, or struggling to deploy the proper controls and archiving services.  It’s not an easy problem to fix but certainly one that needs to be acknowledged and addressed.  If you type “Email archiving” into Google, you will get over 2 million hits with vendor promises to solve your e-mail management issues.  So how come it’s not universally resolved?

The fact is – it’s not that simple to fix.  In addition to having a robust effective archiving Email platform, companies need to manage the policies and ensure they are properly enforced.  The retention policies must be clearly defined (and agreed upon by management with approval from legal), communicated to everyone in the organization, and then accurately enforced across all e-mail servers and applications.  And then how do you handle the proliferation of Blackberries, iPhones, Instant Messaging applications, personal email accounts, and those handy SMS messages?

This is where Information Governance comes in.  Information Governance is a solution framework to manage risk (and pain) related to compliance with laws and regulations regarding the retention and disposition of business records.  The framework enables proactive and central information management with a systematic process across business functions and isolated silos of information.  This is precisely the reason Information Governance is becoming a top priority for all C-level corporate executives and including now the President of the United States.

Posted by Tamir Sigal at 09:44 AM in Archiving solution, Current Affairs, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , ,

Categories

Twitter Updates

    follow me on Twitter