Enterprise Archiving and Retrieval

January 18, 2012

How to Form an Information Governance Committee

When embarking on an information governance initiative for the enterprise, conventional wisdom continually indicates that one of the first steps should be the formation of an information governance committee.  This is easier said than done.  How can you be sure that the right parties are at the table?  How do you gain buy-in from other departments in a siloed organization?  How do you align interests and objectives in a productive manner?  If you want to see your information governance program succeed, forming a committee is a key step... but where do you start?

RSD is hosting a complimentary webinar to address this very subject.  Join RSD's Director of Marketing Tamir Sigal on Thursday, February 2, 2012 at 11am EST as he walks through the steps required to form an effective information governance committee, the challenges you can expect to encounter, and why a committee is necessary for the success of any information governance program.

Register here!

Posted by Nicole Lindenbaum at 07:55 AM in Enterprise Archiving and Retrieval, Information Governance, Management and Administration, Records Management | | Comments (1) | TrackBack (0)

October 26, 2011

Observations from the ACC Annual Meeting

Hello from Denver! We are wrapping up our presence at this year's annual meeting of the Association of Corporate Counsel (ACC). Early season snowflakes are flying, and conference attendees may end up spending a day or so more in Denver than originally planned. No time better than now to post some thoughts on the last three days.

We’ve not sponsored a booth, reception, or water cooler at ACC before. And while I’ve had numerous conversations with inside counsel (Chief Legal Officers, General Counsel, Assistant General Counsel, etc.) over the last year or so, I’ve never had the opportunity to talk to so many of these individuals at one time. I had dozens of interesting conversations with conference attendees, and learned quite a bit in the process.

Lesson 1: e-Discovery is not the issue I thought it was

One of the significant benefits of adopting an information governance solution like RSD GLASS is a significant, even measurable improvement in e-Discovery efficiency. And this makes sense. RSD GLASS provides a single source of search and access to governed records. These records are those most likely to be requested in the event of litigation, and / or those most likely to be scrutinized as a result of a compliance audit. By placing these records under governance ensures that records are managed in accordance with policy and relevant statutes, which likely results in a dramatic decrease inthe sheer volume of content to be searched and evaluated for potential relevancy. Counsel have a single solution for searching, accessing, and placing litigation holds on this content, across all governed repositories. The efficiency comes from not having to repeat the same search and hold process across countless file plans, repositories, and jurisdictions.

I thought this was going to be a compelling message for this audience. By and large, I was mistaken. Most of the attendees I spoke with already had an e-Discovery solution in place, in parallel with existing records management solutions and technologies. Some had spent significant sums of money purchasing and implementing these solutions, and most were still in the process of doing so. But the majority of conversations I had suggested that these folks were pleased with their e-Discovery solution, or, if not, had the expectation that they eventually would be happy with it.

The logical next step in this discussion is how information governance changes the way companies approach e-Discovery.

Lesson 2: "Information Governance" is a relatively empty label for this crowd

I am fond of describing RSD GLASS as an information governance platform. This allows me to expound on our unique approach to information governance, and also calls out the fact that RSD GLASS is more than a simple application or solution. As well it should be, given the complexities of the business and technical challenges it addresses.

Therefore, in answer to the question, “So what does RSD do?” I began by explaining how RSD GLASS solves information governance challenges, including multi-jurisdictional policy development, cross-repository enforcement, and secure information access. I was surprised at how poorly the topic of information governance resonated with inside counsel. In deepening the conversation, I learned that corporate counsel tends not to get inolved in solving information governance challenges. It's not so much that any of these individuals felt that these benefits were unimportant; no attorney is going to say that policy enforcement is unimportant (although many admit that, nevertheless, their company does not abide by its retention schedule). Rather, it is simply a matter of priorities. They told me their primary interest is in securing the tools, assets, resources and information they need to respond to litigation. This focus is singular and narrow, in sharp contrast to the global perspective addressed by information governance.

The good news is that, well, when it comes to helping handle litigation, we have good news for them as well. And this benefit opened a few eyes this week.

Lesson 3: Defensible Disposition is really, really difficult

RSD GLASS is a significant factor in establishing a legally defensible disposition program. Consider the position of corporate counsel who has implemented RSD GLASS. The conversation with the court can go something like this:

Court: “Give us all records related to this litigation.”

Corporate Counsel of an RSD GLASS Customer: “We have some records related to the matter, but not all of them.”

Court: “Why don’t you have everything that has been requested?”

RSDGCC: “Because we have a corporate information governance policy in place. We have enforced this policy on our records, regardless of their potential relevance to this matter. In fact, here are the full audit trails that show what policy was in place at the time these records were declared, and how the policy was enforced not just on these records you requested, but all records. Disposition is not haphazard; we consistently enforce our policy.”

Court: “Well then. Let’s proceed with what we’ve got.”

100% of the corporate counsel I spoke with these first two days of ACC were unable to have this conversation, because their corporate records management policy is either sporadically enforced, or not enforced at all.

100% of the corporate counsel I spoke with these first days of ACC wished they could have this conversation with the court. These people will greatly benefit from an information governance solution like RSD GLASS.

Lesson 4: Corporate Counsel are resourceful people

As we did last week with ARMA, we sponsored a hybrid scavenger hunt / marketing campaign around RSD GLASS. Conference attendees had the opportunity to come by the booth and grab buttons. Each button had a letter on it: G, L, A, or S. The first group of five who could spell GLASS all won iPads. We had no winners on the first day. In fact, given the audience, this was somewhat problematic, as we were accused of rigging the game, and not distributing a required letter. “We are litigators… a class action suit may result here, if you don’t have any winners.”

Yesterday morning, around 11:00 AM, we finally had our winning group. It started with a single individual who had not previously heard of RSD or our iPad giveway promotion, but quickly understood that the point of the exercise was an interactive one. Find others, whether you know them or not, and get them invested in the promotion. She recruited a handful of others, who then traded business cards and contact information. Within an hour or so, this group of strangers spelled out GLASS. iPads for five! They celebrated with much enthusiasm. It was fascinating to watch this group network.

IMG_1463

Congrats to our winners, and thanks everyone for stopping by the booth.

Posted by James Amsler at 10:59 AM in Archiving solution, Buisiness Information Delivery, Enterprise Archiving and Retrieval, Information Governance, Records Management, Weblogs | | Comments (6) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , ,

October 19, 2011

Thoughts from ARMA 2011 Conference – My Three Takeaways

I just returned from the ARMA 2011 conference, held at the Gaylord Resort at the National Harbor in Maryland. I have been to ARMA several times in the past (more times that I would like to admit) and happy to see Gaylord_national_harborARMA is pushing the envelope with the program and content. This is certainly required to keep the records management function relevant in today’s organization.

Going up, 17th floor please

The first time I attended ARMA, most of the attendees were either in the basement or locked away somewhere in some offsite storage facility. Records mangers were focused on paper records, ensuring records were retained in reliable and authentic manner and are ultimately disposed of in accordance with a retention schedule. Today, things are much different:

  • Explosion in electronic content (formats, storage)
  • Defined and stringent eDiscovery requirements
  • Laws and regulations across multiple jurisdictions
  • IT systems (often times with cryptic names)
  • Privacy and security concerns

I am not going to bore you (again) on the consequences of information mismanagement – brand damage, stock price, fines, and revenue. This is precisely why the management of corporate information is becoming a topic of discussion at the executive level. Records management is beginning to report into legal and getting a seat at the table where strategic decisions are being made. I do warn you this trend is a little slow according to the latest Forrester survey, but it is changing. Galina Datskovsky, the president of ARMA suggested inserting yourself into these conversations about better ways of managing information.

Oh no, this blog is a record

It just occurred to me, “managing information” is just so broad and I hate when vendors use this term (oh wait, sorry). The term “information” means different things to different people. For some, this means paper records stored in some warehouse off the NJ Turnpike. For others in marketing, it may be the twitter feed on their products. Very different – for obvious reasons. I recall six years ago at ARMA, the big thing people were talking about was email. This year, ARMA decided to make the Tuesday morning general session around social media and records management. Wow, talking about pushing the envelope. This is from the same organization that not long ago was touting "electronic records were the future of records management."

The session (in the format of a vendor panel), talked about the many steps a company needs to integrate records management program with their social media strategy. The best takeaways from this session include:

  • It all starts with policies – I have been saying this for years. Regardless of the source, format, location of the information, you need to define and validate the policies.
  • Policies include more than retention – Everyone on the panel agreed policies should include data privacy, address metadata concerns, and address security concerns.
  • All jurisdictions are not treated equal – This is a no brainer but should be mentioned. Each geographic region has its own set of laws, regulations, and requirements. This is especially around data privacy.

My favorite part of the session was when one of the panelists claimed their technology can determine if my tweets and blogs are sarcastic. Now, that’s awesome!

So, the second take away from ARMA is more practical advice on how to best govern all corporate records, which is currently outside the records management function. According to statistics, records management only deals with 10%-15% of the information within the organization – file shares, C drives, ERP systems, and social media content (blogs, tweets, etc). No surprise, SharePoint was a big discussion point. But that’s a different topic for another day.

Finally, information governance means something

Information governance is being used more and more –and not only by the vendors. At several customer meetings in our beautiful private suite, I asked the question. Does your company use the term information governance? The resounding answer was “yes”. We have customers leveraging the GARP maturity model to assess their information governance needs across departments and jurisdictions. Barclay Blair was walking around the expo floor asking people how they defined information governance. Can’t wait to see the results.

RSD defines information governance as the means of enforcing the desirable behavior in creating, using, managing, and deleting of all corporate information. Information governance is not search. Information governance is not a mechanism to justify increasing storage costs. Information governance does not mean you need to roll out hundreds of crawlers on your users desktops. Finally, information governance does not mean auto classification (which by the way does require some discussion).

At this year’s ARMA, RSD decided to declare itself as “the official sponsor of information governance”. This is for a reason. In addition to delivering a proven and patent-pending solution to market, RSD’s Bassam Zarkout was the only person at ARMA 2008 talking about information governance before information governance even was discussed by anyone. Now that’s cool.

Final words

Even though I think the show was a little slower this year, the event was excellent. I would like to personally thank ARMA for a great event and for all the attendees who took part in our contest. Who knew, the letter “A” was the most valuable button. RSD gave away five iPads - go Apple stock price. I would also like to thank Bob Williams from the Cohasset Group for organizing the MER Experience. The feedback from this track was extremely positive and I am proud RSD was part of this program.

Comments, questions, concerns?  I would love to hear from you. See you in Chicago.

Posted by Tamir Sigal at 12:18 PM in Current Affairs, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management, Weblogs | | Comments (5) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , ,

September 30, 2011

Governing Cloud-Based Content – Both Easier and Harder than it Seems

Once in awhile, as we did this past Wednesday, we’ll talk to a forward-thinking customer who realizes that the question is inevitable, whether they are creating cloud-based content or not: how to govern it?

First the Good News

On its face, the question is simple enough. With RSD GLASS, customers can govern records of any format, regardless of where they reside and how they are stored. And we allow in-place governance, which means that our customers don’t have to migrate content from the existing repository / archive / email server / storage system / physical inventory / etc. to our system. If we can do this, can we not also govern cloud-based content? The answer is the same as for any other repository: it depends.

First, it depends on what kind of governance you wish to employ. Are we talking just simple retention and disposition? E-discovery activities and litigation holds? Or are there additional lifecycles you’d like to automatically enforce, such as storage, metadata, and security lifecycles?

Second, once the governance controls are understood, we then need to determine if the repository supports those controls. If so, and if there is a means for accessing those controls via an API or similar technical interface, then the answer is yes, we can govern that content.

And that is true for cloud-based content as well. Re-read the previous paragraph, substituting “repository” for “cloud provider”, and our position is clear: if the cloud provider supports the governance control, and if they provide a means for leveraging it, then yes, we can govern that content. Intuitively, this makes sense: the nebulous (heh, you see what I did there?) nature of cloud-based content refers mainly to how it is accessed: usually via hyperlink, if not through an application that hides the access from the user. In the back-end, the a cloud-based record still resides somewhere… perhaps in a SharePoint repository, or perhaps on a proprietary repository specific to the cloud provider. All the provider has to do is expose the services offered by the repository, and we’ve got ourselves governance.

Mind you, not all service providers support these types of controls; many did not take governance into account when architecting their offerings. If you are in the market for a Repository-As-A-Service type offering, and if you want the option of governing cloud content in place, these are important questions to ask before you sign.

 

Location, Location, Location

 

But hold on there, Sparky, there is an important consideration that is usually forgotten. But ignoring it can put your company at serious risk of violating important data privacy statutes. We know, despite how the information is accessed, that at the end of the day, it’s sitting there somewhere. Where? No really, WHERE? One of the key benefits of adopting an information governance approach such as the one enabled by RSD GLASS is the ability to demonstrate that you are managing your company information in accordance with applicable laws and regulations. Cloud providers may move data around their infrastructure to maximize internal resource utilization, and minimize cost. They have the ability to move information from, say, a server in France to another in India. From the user’s perspective, this migration is transparent. The same http or https still returns the requested record. From a compliance perspective, however, this could represent a specific violation of European data privacy laws. And no governance technology would be aware of the violation, nor would it be able to prevent it.

 

The Trend: More of This

I won’t lie to you: this doesn’t come up much. Of the customers and prospects I visit, maybe 1 in 5 currently keeps records (mostly email) on a cloud-based infrastructure. But the trend is clear: this issue looms on the horizon. Asking the right questions now will enable you to govern this content with the same confidence as content on traditional repositories and storage systems.

Posted by James Amsler at 10:53 AM in Archiving solution, Current Affairs, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management, Web/Tech | | Comments (3) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , ,

August 19, 2011

Governing Content on File Shares – Having Your Cake, and Eating It Too

Our customers come to us with a dizzying array and variety of Information Governance challenges. Many customers have unique needs… for example, one of our European customers has asked that we help them govern specific set of physical records: prototype parts created by their suppliers and R&D division, and stored away somewhere in crates in a large warehouse. (After all, not all physical records are documents.) We've also been asked to provide a governance solution for CAD Designs, Audio / Visual Records, and multi-component records comprised of many forms and supporting documents (discrete records in their own right).

Although there are often unique requirements such as these, there is also a consistent set of challenges voiced by nearly every customer and prospect we visit. These include:

  • Multi-jurisdictional policy development
  • Repository-agnostic policy enforcement
  • Cross-repository search and records access

A significant percentage of our customers and prospects (95% or more) tell us that at least two of these issues are high-visibility challenges they must solve in the next year. RSD GLASS represents a unique approach companies are using today to address these problems. Customers, partners, and friends of RSD already know this, so I won’t go into much detail today* on how we solve these Information Governance challenges. 

* - That said, if you are new here, why not take a look at our webinars and other resources. Lots of good stuff there.

Rather, there is a common request I am hearing these days, and I would like to take a moment to explore it in depth. The question goes something like this: “Can you help us govern our content on our network and file shares?”

Peel That Onion, Try Not To Cry

On its face, the requirement seems harmless enough. The organization has some "stuff" on its network, network-addressable storage devices, and local C: drives. They want to apply their retention schedule to it. Unfortunately, when I start asking questions, and they look at the problem a little more closely, they often realize there are some unspoken requirements behind this request:

  1. Little-to-no disruption. They usually want to govern the content in place. After all, legal and business users know where to find things on the network. (Don’t they?)
  2. They want to automatically classify content. This means scrubbing metadata (which is file system metadata, not record metadata) and document content to infer whether it is a record or not. If a given document or file is a record, classify it according to the corporate taxonomy of records, and apply and enforce the appropriate retention. This is an especially important requirement for customers who have a poor sense as to what records are on their network.
  3. Once a document is declared as a record, they want to block attempts to edit or delete the record outside of our governance platform. That is, they want to prohibit a user or system administrator from accidentally (or not) modifying or deleting the record from within the file system itself.

At this point in the conversation, the innocuous little request to govern content on file shares is now revealed to be a much more complex problem than first thought. On the one hand, the customer wants to employ all the necessary governance controls to meet regulatory and legal obligations. On the other hand, they want things to be exactly as they are today. What's so hard about that?

“One Word Can Really Bring You Round – Changes”

 The complexity behind the problem is the same problem ECM originally was supposed to help solve: the network / file share environment is inherently un-governable, from a Records Management perspective. Without specific and potentially very costly IT project work and ongoing administration, the required governance controls to identify, classify, and manage records is simply not possible at a technical level. More simply, a document or folder on a network can be changed or deleted. A record residing on a network or C: drive is not immutable. If it is not immutable, it is not a record.

And the Court will not admit it as such.

So Can This Be Done?

Thankfully, there are solutions. I’ve already suggested the most common solution: ask IT to solve it. IT defines and administers a set of permissions that describe who can read / write / access various drives and network directories where records may reside. They then trust their users (or their chosen auto-categorization technology) properly classify records. IT then applies the appropriate retention periods to these records, using a very small number of categories. To help, the network directory may mirror the taxonomy of corporate records. Enforcement is manual, entrusted to the IT / Network Administrator who periodically purges records with expired retention periods. The Audit Trail is the network log.

I’ve met a customers who have taken this approach; a few can make it work. Cost and complexity of administering such a program increase exponentially as they incorporate more than a few record types, business units, and / or jurisdictions. It can only work in relatively simple, localized, highly-cohesive environments, whose records are rarely, if ever subject to e-Discovery requests or litigation holds.

Most of the companies we talk to don’t fall in any of these categories. The records environment is complex. They lack unlimited IT and network administration budgets. IT and Records Management do not always work in lockstep. They are in highly regulated or litigious verticals. Their needs make it impractical or outrageously expensive to employ network technology as the RM enforcement mechanism. They know this; that’s why they bring us in.

From our perspective, we prefer to take a step back, and examine this question as a business / cultrual one, not a technology one. We examine why they want to maintain records on the network. We remind our customers that, in all likelihood, much of what resides on the network is probably not a record. Then we focus on the small subset of documents that truly are records, and develop an Information Governance program that:

  • Prevents the unwanted or unintentional editing or deletion of records
  • Allows authorized access
  • Automatically (if desired) enforces appropriate lifecycle actions, including declaration, disposition, and a whole host of intermediate actions between these milestones as required by privacy statutes and other policies
  • Provides corporate counsel with defensible disposition, showing when, how, and why records were disposed
  • Allows litigation holds to be placed on records, thereby freezing the lifecycle of potentially relevant records
  • Maintains an audit trail of all actions

The specifics of how these benefits are achieved differ from one implementation to the next. It may be necessary to move records (or a subset of records) to a traditional repository that supports these types of governance controls. RSD GLASS includes a component specifically designed for providing business and legal users the secure cross-repository search and access they expect.

In other environments, the benefit of this kind of migration does not justify the cost of moving records. Instead, these customers ask us to leave those records in place, but still calculate and transmit lifecycle action messages that are then manually enforced by the relevant administrator. To ensure appropriate governance, we can require to manually verify that they have performed the required actions, and record this verification in the Audit Trail.

Often, we take a blended approach: migrating some records to be governed in a repository, and enabling manual governance on the remainder of records left on the network. The openness of our platform and repository-agnostic approach gives us great flexibility to architect the right solution. In the end, we can meet the needs and govern records currently residing on the network.

It’s just a little more complicated than it first seems.

Posted by James Amsler at 01:30 PM in Archiving solution, Buisiness Information Delivery, English language, Enterprise Archiving and Retrieval, Information Governance, Management and Administration, Records Management | | Comments (2) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , , ,

June 21, 2011

Information Governance - What's The Point, Anyway?

Months in the making, we have finally reached the last entry in our epic, 3-part series mapping the retail best practices with a comprehensive Information Governance Program. (If you missed the first entries in the series, please take a look at the Introduction, then parts One and Two. Go ahead. We’ll wait.)

Having done the hard work of creating the centralized corporate policy, including applicable jurisdictional variances, and putting in place the infrastructure required to support it in the field, one might be persuaded that the rest of the program falls neatly into place as a matter of course. After all, that’s hard work, those first two phases. It involves a lot of people, including executives at the highest levels of the organization. Doesn’t the inertia generated by the sheer mass of the effort pull the project across the finish line?

Indeed, that was one of my takeaways from last month’s MER Conference… there was little to no discussion about what to do after you have defined and rolled out your RM / IG policy. Instead, session after session focused on how hard it is to get to that point in the first place. MER attendees left well-versed on the complexities of defining and enforcing retention schedules, and how difficult it is to overcome these using traditional RM approaches. There was no information on what to do next, or even why to go about this sort of thing in the first place. I would argue that the next step in this process is the most crucial, yet most neglected phase of the program: making content available to the people who require it.

Why Go To The Store?

As we’ve done in the previous entries in this series, let’s first consider the question from the retail point of view. The whole point in going through the heavy lifting of creating useful and easily navigable store layouts and then rendering those models into physical locations was to make it possible for customers to find what they want and purchase it. Consider the customer expectations… First and foremost, they expect to be able to find what they are looking for without needing help. This means the environment should be logically organized from THEIR perspective. They expect a safe, clean, and, better yet, visually appealing environment. They expect appropriate enforcements to be in place to ensure safety, collect taxes, and enforce age restrictions on the purchase of governed content such as firearms and prescription drugs. Finally, they expect the products they find to be of good quality, at a fair price.

There are some secondary audiences to be accommodated… company representatives will periodically visit the store to do inventories and ensure compliance with corporate standards. Government inspectors may also visit from time-to-time to ensure compliance with health and safety laws.

Each of these constituencies will have a satisfactory experience if the retailer has been sufficiently diligent in the earlier phases of the project. Successful retailers understand this. Those who fail to deliver on their customers’ expectations soon find themselves out of business.

The Expectations of the Information Governance Consumer

Who is the Information Governance Consumer? Say it with me, now: “EVERYONE!” (Don’t forget this; it will be important later.) The entire company is responsible for, and benefits from, good Information Governance practices. Having narrowed the target audience down thusly, let’s talk about what the Information Governance Consumer’s expectations should be.

In short, they should have the same expectations as a retail customer. They should be able to quickly and easily find the information they need (assuming they have the appropriate rights to it). They expect to have this access without having to go too far out of the way for it… that is, it should be available within the context of their day to day business activities. They expect the information to be relevant, high-quality, and specific to their needs. They should also expect that appropriate lifecycle actions are performed on the information as required by law, industry best practices, or internal standards and guidelines. If something is supposed to be moved or deleted, it should be.

Unfortunately, the Information Governance Consumer is usually frustrated. Too often, they:

  • Cannot quickly and easily find the information they need, whether they have access to it or not.
  • Use search engines hopelessly clogged with irrelevant or out-of-date entries.
  • Have to go well out of their way to get the information they need.
  • Must sift through rows and rows of records to find something relevant to the task at hand.

We have failed to meet the needs of the Information Governance Consumer. (And who, again, is the Information Governance Consumer? That’s right, everyone.)

Where Did We Drop The Ball?

The cause of these difficulties is simply identified, but difficult to address. Let’s review.

  1. Define a central policy for managing corporate information, including jurisdictional variances as needed.
  2. Create an infrastructure for managing that information in the field in accordance with the policy.
  3. Deliver this governed content to the consumers who require it.

The failure occurs in step 3. The traditional Records Management approach abdicates this responsibility, and lays it at the feet of technology vendors to provide access to the content in their repositories. This means that business users, auditors, corporate counsel, and others who need access to the information must do so in a repository-specific manner. In practice, this means two things: first, they need to know where the information is; second, given the where, they need to know how to get it.

Would we do this to a retail customer? Would we organize an entire store according to brand?

“All the Nike stuff goes in this section… shoes, golf clubs, and apparel. All the Yamaha stuff goes over there, motorcycles, boat engines, and pianos.”

Or worse, by delivery mechanism (distributor)?

“Take everything off the next truck that arrives, and dump it in that corner. The customers will figure out what they want.”

If we set up a store with this mindset, customers would visit once and leave in frustration, never to return. We’d be out of business immediately. And yet, this is exactly what we expect out of our Information Governance Consumer.

The solution, of course, is to replicate the model proven by our friends in the retail industry. Remove the technology component from information access. Replace it with a repository agnostic search capability that can be easily embedded within the context of existing line-of-business applications, GUI’s, and / or portals. Business Consumers, such as customer service or field sales representatives, will never again have to consider which repository to search when looking for a given record. Legal counsel would not need a separate E-Discovery Tool, nor repository / platform specific means for searching through content and placing a litigation hold on potentially relevant records. Compliance and audit teams can use the same platform to ensure that information is being managed in accordance with standard laws and regulations. Lifecycle actions, such as disposition, removal of personally identifiable information, and transfers between repositories or storage tiers, can be tied to automated events generated by external systems, and automatically enforced. In this way, the beneficiaries of a comprehensive Information Governance program are actually ahead of their retail peers. They’d love to be able to automatically dispose of expired food and medication sitting on their shelves.  

To many of you, this state may seem implausible, an ideal state to be realized well in the future. ”How can I be sure my file plan is an accurate reflection of my policy? How can I account for the jurisdictional variances in relevant laws and regulations? How can I automatically enforce lifecycle actions across my repositories, while providing secure, fast, and simple access to information?”

This is exactly the value proposition behind RSD GLASS, our patent-pending Information Governance Platform. It’s a unique, revolutionary approach. Our customers are realizing these benefits today.

Want to learn more? We did a webinar last week on this very topic. Or, just give us a holler.

Posted by James Amsler at 12:56 PM in Buisiness Information Delivery, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management | | Comments (3) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , , , ,

May 27, 2011

The MER Rookie

The MER Conference was held in my backyard this past week. Hordes (well, hundreds) of industry experts descended upon Michigan Avenue and generally behaved themselves, much as you’d expect of a group of people with graduate degrees in Library Sciences.

We did not host a booth this year. Rather, we sponsored the MER Podcast Series. A number of my RSD colleagues had previously attended a dozen or MER Conferences, and recommended it enthusiastically. I’m glad they did. I attended a Pre-Conference Tutorial, and as many Case Studies and Panel Discussions as I could manage. Here are a couple of observations from a MER Rookie.

Orthodox Records Management 101

My Pre-Conference Tutorial was the AIIM Electronic Records Management Practitioner Certificate Program, facilitated by former Marine Drill Sergeant and Professional Chocolate Connoisseur Jessie Wilkins. For me, this was a useful and thoroughly welcomed introduction into traditional Records Management principles. It provided a nice foundation for the rest of the week’s sessions, as well as important context for my conversations with customers and prospects steeped in these concepts. This is exactly what I expected from this tutorial, and I was glad to get it.

What I was unprepared for was the extent to which the rest of the conference continued to beat on the same themes. In fact, a template for speaker abstracts might go something like this: “Tried and true RM practices will likely suffice, so long as you account for (insert session topic here).” More specifically, I heard the following specific tenets of orthodox RM in multiple sessions:

  • Define a small number of very general and highly inclusive buckets of records. It’s just too hard to expect people to adhere to complex retention schedules.
  • Manual retention enforcement means RM’s must be diligent about reminding people of the policy, and why they should be adhering to it.
  • Event-driven retention, though useful, is very difficult. Instead, apply a broad time-based retention period that will likely meet your intent, even if that means over-retaining some content.
  • Auto-classification doesn’t work well for unstructured content, regardless of what the vendors say. RM’s will spend more time reclassifying improperly classified content than they would have spent manually classifying it (or asking users to do so) in the first place.

To this MER Rookie, the irony was obvious: on the one hand, stay with the tried-and-true RM approaches. On the other, these approaches don’t address:

  • Accounting for applicable laws, regulations, industry best practices, and internal standards and guidelines.
  • Enforcing jurisdictional variances on these mechanisms.
  • Making content readily and securely available for business users.
  • Applying those policies across a heterogeneous landscape of repositories.

At the risk of channeling Solomon on you, is there nothing new under the sun? In fact, in the few instances where any of these items were mentioned, the speaker or panel did so in the context of how difficult it is to solve these problems. For example, I did hear Julie Gable mention that the future of RM is automatic enforcement of policy… but even here, she left me with the sense that she wistfully regarded this as an ideal future state we may reach some day, shortly after we solve cold fusion and everybody has flying cars.

Records Managers as Salespeople

This theme cut across multiple sessions; there was no single session (that I am aware of) dedicated to this topic. In a nutshell, the takeaway for me was that RM’s need to constantly sell their organization and colleagues on the value of adherence to good RM principles. The difficulty here is that people, including executives, legal, and accounting professionals who should know better, are predisposed to over-retain their records. “Abide by the retention schedule” is not something people want to hear.

In the past, the sales message has been focused on the doom and gloom side. “If we don’t behave ourselves here and consistently apply our retention schedule, bad things will happen.” I sensed widespread agreement that there needs to be a positive side to this message, focusing on improved competitiveness or operational efficiency. I found no information on how to build a business case around this, except for the usual mention of reducing storage costs. In Teresa Drabenstadt’s outstanding session on a RIM Program she helped institute at CUNA Mutual, she cited some impressive storage cost savings as a key benefit. Otherwise, the storage argument seemed unpersuasive to me.

The best friend RM’s have in this process is an enlightened, supportive, and empowered executive sponsor. Indeed, every successful case study mentioned executive support as a key factor. NOBODY, however, had any insight into how to get your executive team on board with an RM / IG program, if the idea wasn’t spawned at the executive level in the first place. Failing this, the best an RM can hope for is incremental improvement in adherence to the retention schedule.

Next Year

I’m absolutely looking forward to returning to MER next year. However, knowing what I know from this year’s conference, I think it may also be beneficial for me as an individual and RSD as a company to assume the role of friendly agitator. MER, and the field of Records Management, needs this. In my informal conversations with fellow attendees, I sensed frustration in the lack of new messages and themes.

As a MER Rookie and RSD employee, I am not disappointed by this. If anything, it is further confirmation of our strategy and positioning of RSD GLASS. After this week, I’m more convinced than ever that our approach is unique and revolutionary. I believe an RSD GLASS customer success story will make for a useful and informative Case Study session.

We are well positioned to lead the conversation away from the shortcomings and pitfalls of traditional Records Management approaches. We’d rather focus on the benefits of a repository agnostic Information Governance platform on which you can define fine-grained, multijurisdictional policies that account for laws and regulations, and automatically enforces these in your file plans.

Posted by James Amsler at 09:39 AM in Archiving solution, Buisiness Information Delivery, English language, Enterprise Archiving and Retrieval, Information Governance, Management and Administration, Records Management, ROI, Weblogs | | Comments (4) | TrackBack (0)

Technorati Tags: , , , , , , , , ,

March 28, 2011

It's Alive! It's Alive!!

(This is the second in a three part discussion on Information Governance. For the first part, see What's So Special About Lebanon, Kansas.)

Sorry for the delay in posting the continuation of our series here. It’s been a crazy time for us at RSD. Since last time, we’ve visited customers in Illinois, Wisconsin, Michigan, Washington DC, and Texas, sharing our vision for Information Governance. Our message is getting a lot of traction among our existing customer base, and also with potential new customers. Oh, and did you read our Peugeot Press Release? You did, right? We promise there will be more to come.

Last time, we hypothesized a retail enterprise, and imagined how they might create and validate one or more standard store templates. The science behind developing these models is well-established and sophisticated, and frankly beyond the ken of regular folks like me. Our retailer accounted for laws, regulations, union rules, architectural demands, and a number of other constraints, and defined a corporate template for how their store should be organized. Their next step, and the topic of this entry, is how they'd begin building stores in accordance with their template(s).


As it turns out, this process closely parallels that which Information Governance Steering committees take in building out a corporate Information Governance model. They:

  • Define a standard policy, including the hierarchy of corporate information, metadata, and fine-grained retention schedules on all the above.
  • Define required jurisdictional variances on the policy, as required by law, internal standards and guideliness, industry best practices, or all the above.
  • Engage required constituencies to validate the policy.

This is fun and wonderful, and may even impress friends and neighbors at cocktail parties. However, it’s also absolutely worthless unless you translate the abstract corporate vision into something tangible and useful.

Making the Model Come Alive

From this point, our hypothetical retailer would take those models and templates, and build stores according to the standards they describe. There may be several such models… perhaps different layouts for small, medium, and large stores… urban settings versus suburban or rural… maybe even variations that account for regional variances in distribution patterns or partners. Living, breathing people would take an empty warehouse, and, in accordance with centrally defined standards, add lighting, shelves, coolers, counters, registers, and other services required by customers as they shop.

At RSD, we are proud of IG policy engine. It’s very intuitive, and provides a means for defining, validating and publishing multi-jurisdictional policies. An important competitive differentiator for us is the ability to take these policies and create jurisdiction-specific (and / or business unit specific) File Plans from them. Imagine…

  • … handing over to Records Managers and business users the information they specifically need, and only the information they specifically need. All content is relevant and actionable.
  • … their reaction to having fine-grained validated retention schedules pre-built into those File Plans, rather than defined and implemented in a separate technology or medium. (And yes, metadata, I am looking at you, too.)
  • … being able to automatically enforce the lifecycle actions that have been defined in those policies.
  • … being able to define and enforce lifecycle actions on record metadata independently from record content.
  • ... enforcing those lifecycle actions automatically. If you are into that sort of thing.

Our RSD GLASS customers are doing all of this today.

In many ways, those responsible for managing File Plans with our Information Governance platform are doing the same work as the workers building stores. They take a corporate vision and make it a reality. In short, they are taking the centrally defined standard, and making it come to life.

Frankenstein

All that’s necessary for our imaginary retailer to start making money is to deliver desired goods and services to consumers. For that, they…

Ah, but I get ahead of myself.

Posted by James Amsler at 09:17 AM in Buisiness Information Delivery, English language, Enterprise Archiving and Retrieval, Information Governance, Records Management, Weblogs | | Comments (6) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , ,

January 28, 2011

CMIS 2.0 – Where Are You?

A couple of weeks ago, I attended a Webinar titled “The Content Management Interoperability Services (CMIS) Standard: What is it and Where is it Going?” The Webinar gave great insight into the standard with great use cases on how organizations can and should leverage the standard. A few immediate things popped up during the event:

  • CMIS is much more than federated search – The Webinar did a great job explaining the different use cases for CMIS. Certainly the most popular (and sought out) feature is federated search, however CMIS enables easy publication of content from one repository to another or the move from an active repository to an archived/records repository. Handshake CMIS also enables communication from a business application to a repository. Business applications can now be deployed in a content repository independent manner, allowing implementation teams to focus on the user experience without relying on an expert from each ECM vendor.
  • Not all ECM vendors have adapted the standard – A standard is only good if everyone in the industry embraces it. Most vendors are behind it, and they are showing their support through specific actions and endorsements. Vendors include Alfresco, EMC, IBM, Nuxeo, and even Microsoft (with SharePoint 2010). Notable missing vendors include Autonomy and Hyland
  • Records Management functionality is still missing – The key to effective information governance is to enforce the corporate retention schedule and policies across the disparate infrastructure. Define policy once and enforce across many. This is one of the top requests I hear from customers (and some of the other vendors as well). This was discussed during the Webinar and hope the vendor community will soon agree on a standard for ILM functionality. I understand some of the vendors may be hesitant to let an external application manage the content lifecycle in their repository. I know, it’s a trust thing. However, at some point ECM vendors need to start trusting third party applications for performing ILM functionality.

So…in summary, CMIS is a great standard enabling companies to leverage their existing ECM infrastructure. Many companies are still waiting for core records management functionality to be part of the CMIS standard. Here’s to CMIS v 2.0…or should we rename it to, RMIS.

Photo courtesy of Flickr By lumaxart (Scott Maxwell)

Posted by Tamir Sigal at 06:29 AM in English language, Enterprise Archiving and Retrieval, Information Governance, Records Management, Web/Tech | | Comments (3) | TrackBack (0)

Technorati Tags: , , , , , , , , , , ,

May 21, 2010

Push, Pull, quels services pour l'information ?

Mise en exergue à la fin des années 90, la distinction "Push/Pull" ne fait plus recette aujourd'hui dans les débats.

Avec le web 2.0 et l'apparition des réseaux sociaux, les responsables marketing tentent de marier les deux avec opportunisme, tandis que les consommateurs et utilisateurs que nous sommes se satisfont d'une approche orientée "pull" ressentie comme plus respectueuse et moins agressive.

Côté entreprise, il semble que l'orientation soit bien différente et que le "push" soit toujours synonyme d'efficacité.

La valorisation de l'information par une distribution sélective

Le travail quotidien dans l'entreprise est bien plus exigeant en terme de disponibilité des informations que la participation à des réseaux sociaux ou plus simplement la consultation de portail web.

Pour répondre aux besoins de rapidité des utilisateurs, les outils "push" font merveille dans la distribution des informations et des documents.

La distribution permet de valoriser une information au service de l'activité de l'utilisateur. Il peut s'agir d'une alerte liée à une métadonnée ou d'un document résumant une transaction ou encore un rapport financier statuant sur une situation à un instant t.
Cette information ou ce contenu est délivré dans le format adapté au besoin de l'utilisateur (courrier électronique, pièce jointe, feuille de calcul, flux CSV ou XML, etc.).
La distribution en push facilite l'interopérabilité des applications par la rapidité à laquelle les informations sont communiquées mais également par sa facilité d'intégration dans une architecture opérationnelle.

Les outils ou fonctionnalités push permettent à la fois un contrôle et une finesse dans la diffusion de l'information pour optimiser les solutions de gestion de contenus et de gouvernance de l'information.

La valorisation de l'information par une exposition pertinente

Ces qualités font que le mode "push" est souvent ressenti comme très efficace mais peu adapté à certains de types de contenus et/ou de public.

Le mode "pull" largement représenté par les sites tant professionnels (mise à disposition de factures, de relevés, etc.) que sociaux (exposition de photos, d'informations, d'avis, etc.) convient bien pour une approche marketing.
Il véhicule et valorise une image de transparence et d'ouverture de l'entreprise.

L'exposition permet à chacun de trouver et de sélectionner, à sa convenance, l'information dont il a besoin. Les fonctionnalités "pull" sont idéales pour valoriser un patrimoine informationnel au service d'une relation client.

Si avec le "push" l'entreprise étendue et l'économie du savoir deviennent une réalité avec le "pull" c'est l'entreprise "citoyenne" (au sens acteur de la vie sociale et économique) du monde qui s'affiche.

"Push-Pull" ou "Push" versus "Pull" ?

Il est probable que les deux ont leur place. Il convient d'être pragmatique et d'utiliser la meilleure technique selon la cible, le contenu et surtout son objectif.

La gouvernance de l'information ne pousse pas à privilégier l'une ou l'autre de ces méthodes pour autant que les actifs informationnels soient utilisés au mieux des intérêts de son propriétaire.
C'est pour cette raison qu'il serait contre productif d'abandonner la distribution en faveur d'une exposition systématique.

Chacun comprend l'intérêt de déposer en "mains propres" de chaque récipiendaire concerné l'information sensible plutôt que de l'afficher dans un espace (même protégé).

Posted by Claude Super at 05:44 AM in Archiving solution, Buisiness Information Delivery, Enterprise Archiving and Retrieval, French language, Information Governance, Ouput Management, Print Management, Records Management | | Comments (2) | TrackBack (0)

Next »

Categories

Twitter Updates

    follow me on Twitter