RSD: Weblogs

Weblogs

July 01, 2010

Implementing an Information Governance Solution

Dear Customer,

Thank you very much for the recent purchase order for our information governance solution. You should be receiving the software CD in the next couple of days. Please insert the CD and after you run D:\setup, point to the applications that have the highest risk. It’s that simple. If you run into issues, access our online help system. Thank you again for your business and good luck.

Sincerely,

Your information governance vendor

I wish it was that simple and so do you. In reality, implementing an information governance solution requires more than software and running D:\setup.exe. Your company must document and validate (with executive management) the goals of an information governance program. Management needs to understand where in the company is the biggest risk. Is it in a particular line of business? Is it within a specific jurisdiction? Is it across a set of user groups (i.e. sales, finance, manufacturing)? Select a few areas and determine requirements, timelines, and budget constraints. Wait that’s right, you don’t have any budget constraints.

Step One – Create Information Governance Policy

One of challenges companies are grappling with is capturing all the requirements mandated by applicable laws and mapping them to corporate information and the various business applications and processes. Companies must hold cross functional meetings (stakeholders from legal, IT, business, compliance, and risk) to begin defining information governance policies. As I've stated before, information governance policies have some similarities to records management policies but also have lots of unique attributes. In addition to retention/disposition, information governance policies also include data privacy rules, eDiscovery requirements, metadata management, laws and regulations, as well as storage migration rules. This allows you to get “executive alignment” for managing the entire lifecycle of the record.

Once the policies are defined and validated, it’s time to publish the details to everyone in the organization. This should be published in PDF or HTML as well as an electronic format which can integrate with business applications across jurisdictions. By centralizing the definition of information governance policies, you reduce business risk while lowering your overall policy administration costs.

Stay tuned for step two.

Photo is courtesy of somegeekintn/Casey Fleser from Flickr

Posted by Tamir Sigal at 11:11 AM in Archiving solution, English language, Information Governance, Records Management, Weblogs | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: ECM, EIM, Electronic Records, enterprise content management, enterprise information management, implementation, Information Governance, policy, policy management, Records Management, retention, retention management, RM

June 21, 2010

Don Rumsfield and Information Governance

I was at a barbecue over this past weekend having a general discussion on the latest news, global economy and hottest technology trends when somehow the topic of Don Rumsfield’s infamous speech about known unknowns came up. This speech goes back to February 12, 2002 when former United States Secretary of Defense Donald Rumsfeld made a statement relating to the unstable situation in post-invasion Afghanistan. As I was driving home, it occurred to me the "there are known knowns..." statement can easily map to the information governance challenges companies are facing today.

“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we now know we don’t know. But there are also unknown unknowns. These are things we do not know we don’t know. ”

—Former United States Secretary of Defense Donald Rumsfeld

There are known knowns – these are things we know that we know.

We all know corporations are dealing with huge volume of information – data about customers, employees, transactions, product development, and operations. According to a well-known survey by IDC, the amount of digital information created annually will grow by a factor of 44 from 2009 to 2020. Even though more than 70% of the information is generated by individuals, organizations are responsible for managing and protecting 80% of it. We know this is an issue in terms of employee productivity, value creation, and risk mitigation.

Employee productivity – Thanks to popular search engines and social media sites, we know we can find information we are looking for very quickly. Corporate employees are expecting the same capabilities when they come into the office Monday morning. Employees are more technical savvy these days. Employees know what they are looking for; they just spend too much time looking for it. Management knows this because they are in the same boat.
Value creation – There is tremendous value in corporate information, so we know we can’t delete everything immediately. Companies must keep information to support their customers, drive product innovation, and make critical business decisions.
Risk mitigation – We all know there is risk associated with information so I am not going to repeat what you already know. Bottom line, why keep information around if you don’t need it?

There are known unknowns. That is to say, there are things that we now know we don’t know.

We now know there will be ongoing eDiscovery requests and they are not going away anytime soon. According to a Gartner study, at any point in time many corporations are involved in an average of 86 lawsuits. Legal counsel doesn’t know when the next lawsuit will occur, who will be involved, and what information the courts will be looking for. Nevertheless, organizations need to be prepared and consider deploying a proactive eDiscovery project.

We now know there will be new rules and regulations around information management. With the various headlines in the last couple of months and the continuing global financial crisis, we do know there will be tougher regulations with new compliance laws. We just don’t know the details yet.

We also now know data privacy is becoming a hot topic around the world – from employee email privacy considerations to Facebook to Twitter. It seems like there is no end. Just last week, the Swiss parliament agreed to help IRS identify secret UBS accounts in tax probe. We don’t know when this will end and how this will evolve in the next couple of years.

Finally, we do know now solving the information governance challenge must be a top-down approach – otherwise it will be difficult to succeed. One of the key questions I get from customers is where to start, when to delete content, and how to go about managing this process. Someone within the organization (typically from legal) needs to stand up and bring the issue to the attention of the executives. Executives must first acknowledge there is an issue and then have a commitment to resolve it. This will only work when management brings in various stakeholders from the organization including legal, business, compliance, and IT.

But there are also unknown unknowns. These are things we do not know we don’t know.

Companies do not know what’s going to happen in the next 5-10 years. Surely, companies have strategies, growth tactics, mission statements, and contingency plans – but at the end of the day companies have very little control over external factors, mergers and acquisitions, new technology offerings, and the competition. This is precisely the reason why an information governance program is required. Information governance is an accountability program to enforce desirable behavior in the creation, use, archiving, and deletion of corporate information. I like to explain it as a vehicle to drive value from information and as an insurance policy on the unknown unknowns.

Posted by Tamir Sigal at 11:50 AM in English language, Information Governance, Records Management, ROI, Weblogs | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: audit, data governance, data privacy, ECM, EIM, Electronic Records, enterprise content management, enterprise information management, Information Governance, Records Management, RM, security

May 07, 2010

Thoughts from IBM Impact 2010

I just got back from the IBM Impact conference in Las Vegas. I really didn’t know what to expect as this was my first time attending Impact. IBM invited me to present on information governance and explain how companies can better manage their risk around corporate information. Before departing to Las Vegas, I reached out to my network to learn this conference was primarily a technical conference. Historically, this conference may have focused on technology however it seems that IBM has done a great job introducing business topics to this event.

During the conference, I heard great customer case studies about cloud computing, service oriented architecture, and business process management. I learned that the mainframe is not going anywhere anytime soon and how cloud computing is for real. I have to say the theme on Wednesday was my favorite – technology changing as fast as the business changes. We are all aware business strategies are forced to change in this economic climate and how quickly IT reacts will make or break an organization.

However, companies also need to respond to external conditions such as new regulations and laws as well as litigation and competitive threats. I was somewhat surprised there were limited conversations about the impact legal and compliance have on technology deployments and business processes. I certainly understand this may not be the primary audience for this type of discussion – but there is a very strong connection.

Enterprise systems exist to manage processes, line of business applications, and corporate information. There are hundreds, if not thousands, of different laws and regulations for managing corporate information. Exactly how does a company:

1) Capture these laws and regulations?

2) Understand the impact these regulations have on the business and IT organization?

3) Map the laws and regulations to their corporate information repositories?

4) Enforce the laws and regulations across the enterprise complex infrastructure?

This is where information governance comes in and why I attended Impact 2010. Information governance is an accountability program to enforce desirable behavior in the creation, use, archiving, and deletion of corporate information. Information governance enables companies to not only align IT with business – but also with the other corporate functions such as legal, finance, compliance, and records management.

An information retention schedule sets out the periods for which an organization’s corporate records should be retained to meet its operational and business needs and to comply with legal and other requirements. The retention schedule is just one component of information governance that protects the interests of the company and its stakeholders.

After my session and throughout the conference, I had fruitful discussions around the challenges of getting all the stakeholders (IT, business, compliance, and legal) on the same page to create the retention schedule. It’s quite difficult and there is no silver bullet. At the end of the day, each function needs to recognize the benefits of deploying an information governance framework and each function will need to give in order to receive.

The question I leave you with:

What if technology can change as fast as your information retention schedule?

See you next year in Las Vegas.

Posted by Tamir Sigal at 10:33 AM in Current Affairs, English language, Information Governance, Records Management, Web/Tech, Weblogs | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: cloud computing, data governance, ECM, EIM, governance, IBM Impact 2010, Impact, Information Governance, Records Management, RM, Websphere

April 23, 2010

Review of AIIM 2010

I first attended AIIM back in 1997. Over the last few years, the AIIM conference managed to keep its momentum despite the consolidation of ECM vendors and tight travel budgets. This year’s AIIM conference seemed to be very busy as the expo hall was constantly crowded and some of the sessions were packed. Here is my summary of AIIM 2010 – or should I say the unofficial SharePoint user conference.

SharePoint is Everywhere

Microsoft didn’t have a booth at AIIM in 1997. They only recently started to get involved with AIIM with the development and adoption of SharePoint 2007. In 2008, Microsoft claimed over a billion dollars in SharePoint sales. According to a recent Gartner survey, 50% of all organizations (large and small) have piloted or deployed SharePoint as a key element of their overall information infrastructures. During AIIM, I had the opportunity to see SharePoint 2010. Kudos to Microsoft. They enhanced the (much needed) search facilities, revamped the user interface, delivered basic records management capabilities, and with promised better scalability. I am now telling everyone “SharePoint 2010 was MY idea.” I counted over 20 different vendors offering a huge variety of services and products around SharePoint. There was even a dedicated SharePoint pavilion for partners, integrators and complementary technologies. I saw great demos from KnowledgeLake and NteliPath on imaging services for SharePoint. NextPage seems to have a unique information governance solution for SharePoint.

eDiscovery Pavilion

The concept of eDiscovery really didn’t exist at AIIM 1997. However, with the introduction of FRCP and the high costs associated with litigation, eDiscovery is becoming a hot topic within corporation. With AIIM being an “information management” association, it absolutely makes sense to discuss eDiscovery. However the current challenge for corporations with eDiscovery is getting alignment between IT, business, and legal. Furthermore, most of the discussions around eDiscovery have been limited to email archiving, reactive products (i.e. let’s search our 500 servers), and the consulting services to assist with eDiscovery. I didn’t hear many people at AIIM really talk about being proactive and what it takes to be litigation ready. There is a very well known case study by DuPont detailing the costs when companies do not have an information governance solution for eDiscovery readiness. The case study concluded over 39 million documents were reviewed during litigation that were past their retention period which cost in $12 million. Most of the ECM vendors at AIIM already have some type of message around eDiscovery (but did not really promote it) or will make one up before next year’s AIIM. For AIIM 2011, I predict there will be many more vendors in the eDiscovery pavilion.

Records, Records wherefore art thou Records?

At AIIM 1997, everyone (including me) was talking about efficient ways of keeping all the content in your business just in case someone may need it in the future. I agree with Barclay Blair that for most organizations keeping everything forever is not a viable option. I have said this before and know it’s not that simple to implement. When talking with customers, the biggest obstacle is to have agreement between all the stakeholders on exactly what needs to be kept and for how long. This conversation is not an hour long discussion and it’s no longer an IT or business decision. It involves legal, compliance, data security and finance. It also includes a proactive program which incorporates all the components of the lifecycle of the content – not just retention and disposal (data privacy, regulations, storage platforms, metadata). I discussed the difference between information governance and records management before and Greg Clark also wrote a good article on this topic.

Summary

AIIM 2010 was an excellent event for me. I was able to connect with customers, chat with partners, bump into old colleagues, and meet new people in this fascinating industry. At the end of the day, the main principal of AIIM hasn’t really changed since 1997. It’s all about companies using technology to efficiently better manage their number one asset – information. See you next year in Washington, DC.

Posted by Tamir Sigal at 07:38 AM in Current Affairs, English language, Information Governance, Weblogs | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: AIIM, AIIM 2010, AIIM2010, ECM, EIM, Electronic Records, enterprise content management, enterprise information management, Information Governance, Records Management, RM

March 15, 2010

Records and Data Privacy – Should You Be Worried?

During the last few months, we heard of several high profile stories about data theft and privacy issues. While most of the recent cases we hear about involve banks or financial services – this can occur in any industry. For example, the BBC just reported the medical records of 2,000 patients were lost at Haywood Hospital. The records are of 2,000 patients who had physiotherapy at Haywood Hospital in 2006 and have since been discharged and may have been destroyed in error, under what it calls "confidential conditions".

This is just one of the reasons why information governance is a top priority at most of organizations worldwide. An information governance program allows companies to implement the correct security controls, data privacy rules, proper encryption methodologies and audit facilities.

Security controls – Who needs access to what? What should the user be allowed to do once they have access to the information (i.e. download or print)? How is the security being enforced across all the information silos?

Data privacy rules – The legal protection of the right to privacy in general - and of data privacy in particular - varies greatly around the world. Who in your organization is monitoring these laws? How are these laws being implemented and enforced in your records management and electronic content management system? Does any information in the document (such as social security number) need to be redacted?

Encryption methodologies – There are dozens of different encryption methods and programs available. I am not an expert on encryption but do know some are good, some are not. What’s important is that when information gets archived, your organization utilizes the proper encryption tool so if data does leak out, it’s unreadable.

Audit facilities – Most applications create an audit trail. Often times, these audit trails do not get analyzed or shared with the compliance team or auditors. Companies must keep track of who, what, when, where, and how. Who accessed what? When did they access it? Where did they access it from? How did they access it (internal application versus CRM system)?

Bottom line, information within the organization must be treated as an asset but also as a liability. So the next time you open a bank account and provide a significant amount of personal data to a total stranger – just hope they have a well defined information governance program in place.

{picture courtesy of rpongsaj from Flickr}

Posted by Tamir Sigal at 06:42 AM in Current Affairs, Datacenter Solutions, English language, Enterprise Archiving and Retrieval, Records Management, Weblogs | Permalink | Comments (1) | TrackBack (0)

Technorati Tags: Data Privacy, ECM, EIM, Electronic Records, enterprise content management, enterprise information management, Haywood Hospital, HSBC, Information Governance, Records Management

February 23, 2010

Réseaux sociaux, contenu et responsabilité des entreprises ?

Nous sommes de plus en plus nombreux à partager des informations au travers de Twitter (microblogging) ou des sites comme Linkedin ou encore Facebook, YouTube, etc.

Les entreprises sont également très intéressées par ces nouveaux espaces de communication nés avec le web 2.0 et elles n'hésitent pas à les utiliser à des fins très explicites.
RSD communique sur Twitter mais également sur Linkedin ainsi qu'au travers d'autres plateformes.

L'incroyable augmentation des volumes d'information échangés

La multiplication des espaces a automatiquement engendré une croissance impressionnante des échanges.

En effet, selon une étude réalisée par Nielsen, les "accros" des réseaux sociaux sont également des "mordus" du courrier électronique.

Alors que l'on aurait pu penser le contraire, il semble que la participation active à ce type de sites est à l'origine d'un usage plus intensif du courrier électronique !

Mais ce contenu n'est le plus souvent pas important et ne mérite pas d'autre attention que celle de l'instant ou on le reçoit !
Ceci est vrai pour les contenus "privés" échangés entre amis ou proches ou mis à disposition de la communauté (photos, récits d'expériences, etc.) mais il s'avère que pour les contenus d'entreprise la réalité peut s'avérer bien plus complexe.

La quête du Graal ou l'aiguille dans la botte de foin.

Trouver la bonne information peut relever de l'exploit vu les volumes publiés et nous sommes tous à la recherche des meilleures solutions.

Si la plupart d'entre-nous continue à privilégier les moteurs de recherche, nombreux (20% selon Nielsen) sont ceux qui commencent par les réseaux sociaux!

Il y a "trop" de contenus à disposition !

Comment aller rapidement à l'information pertinente, utile ?
En quel média ou type de site puis-je avoir confiance?
La réponse pour beaucoup d'entre-nous est dans les blogs ou les forums, pas encore dans les réseaux sociaux même s'ils se révèlent être un moyen d'accès à l'information.

L'entreprise doit composer avec ces nouveaux comportements.

Et elle le fait comme en témoigne le nombre de messages "commerciaux" diffusés au travers de ces outils!

Ces messages sont généralement contrôlés tant dans le fond que la forme par les organisations et il n'y a pas grand risque de ce côté si ce n'est celui d'une mauvaise communication (nul n'est à l'abri d'un erreur!).

S'il y a risques, il faut les chercher du côté des informations publiées hors du contrôle de l'entreprise.

La publication de l'appréciation des clients et/ou des partenaires d'une qualité de produits ou de services réalisés à partir de critères objectifs fait partie des règles du jeu de notre économie basée sur une concurrence loyale et les risques sont réels pour l'entreprise.

L'anticipation sera également préférable à la réaction en ce qui concerne les informations propagées, divulguées, partagées par les acteurs des réseaux sociaux au sujet des entreprises pour lesquelles ils travaillent, avec lesquelles ils contractent et au succès desquelles ils concourent.

Permettre un accès libre à FaceBook ou Linkedin au bureau est un acte de gestion d'entreprise.

Mettre en œuvre une charte d'utilisation de ces réseaux au bénéfice de l'entreprise est une décision de gouvernance de l'information.

Si aujourd'hui, certaines compagnies ont décidé de s'engager dans des procédures internes de contrôle des informations communiquées sur ces réseaux, c'est bien par anticipation.

Cette démarche pro active par rapport à ces contenus est révélatrice du niveau de maturité dans l'approche des questions relatives à la gestion de l'information par l'entreprise.

--------------------------------------------------

Posted by Claude Super at 02:33 AM in Archiving solution, Buisiness Information Delivery, Enterprise Archiving and Retrieval, French language, Information Governance, Records Management, Weblogs | Permalink | Comments (0) | TrackBack (0)

January 14, 2010

Volume to the Sixth Power

Scalability. Now that’s perhaps one of my all time favorite marketing terms. All software vendors offer a flexible solution that is open and scalable, right? According to Wikipedia, scalability is a system which indicates its ability to either handle growing amounts of work in a graceful manner or to be readily enlarged.

When it comes to information governance, exactly how do you define and measure scalability? Most people in the enterprise content management (ECM) and information management market will tell you it’s the amount of stored data (i.e. number of documents stored or actually storage size). While this is certainly one valid metric, there is more. Much more. It’s something I often refer to as volume⁶.

Volume¹ – Content

So, let’s get the obvious one out of the way. On a daily basis, companies have employees producing gigabytes and applications generating terabytes of information. This ends up being stored somewhere –typically in one or more repository. An easy indicator of measuring scalability is the vendor track record for supporting or managing petabytes or even exabytes of information.

Volume² – Format Types

There are practically thousands of different types of information within the enterprise – print streams, images, ERP/CRM reports, Office documents, databases, e-mail, Website content, instant messages and rich media such as audio and video files. Each content type has different formats – each with its own unique needs. Some repositories are better than others at handing certain formats which is precisely one of the reasons companies have multiple repositories. Information governance must take into account the variety of formats and repositories in the organization. More on this next month…

Volume³ – Jurisdictions, Regulations, and Laws

I attended a recent Webcast from D4 Discovery that indicated there are over 14,000 information retention laws. Exactly how does a global organization follow and manage these regulations? How about enforcement of these laws? There are clear indications the number of laws will increase in the next few years.

Volume⁴ – Platforms and Storage Devices

Life will be beautiful (and way too boring) if there was one platform, operating system and storage technology in the enterprise. Platforms and operating systems range from Windows, Mac, UNIX, to the mainframe. Then you have storage solutions and hierarchical storage management (HSM) products such as WORM, IBM TSM, Veritas NBU, EMC Centera, and HP Omniback. An IT leader from a fortune 100 company once told me, “We have one of each”. Makes sense. Your information governance framework must take all of these environments into consideration.

Volume⁵ – Applications

Applications run your business – billing, customer service, accounting/finance, human resources, supply chain management, procurement, IT service management, etc, etc, etc. Oh yeah, don’t forget your LOB (line of business) applications. These systems generate and consume an infinite amount of information. How easy and fast can your ECM system capture content from these isolated systems? How about providing these various applications secure and fast access to this content?

Volume⁶ – Users

What if (and yes, a big what if) you only have one person accessing your ECM system that’s managing petabytes of information? Is this still considered scalable? Some people will claim yes. However, this is not true. It’s also about the amount of access and concurrent requests made to the system.

So, the next time you talk with your information governance vendor – ask them how they define scalability. I define it as volume to the sixth power: (content) plus (formats) plus (jurisdictions) plus (platforms/storage) plus (applications) plus (users).

Now that’s scalability.

Posted by Tamir Sigal at 12:43 PM in Buisiness Information Delivery, English language, Enterprise Archiving and Retrieval, Information Governance, Weblogs | Permalink | Comments (1) | TrackBack (0)

Technorati Tags: Business Records, Corporate governance, ECM, eDiscovery, eDiscovery Readiness, EIM, Electronic Records, enterprise content management, enterprise information management, Information Governance, information lifecycle management, Litigation Readiness, Records Management, Retention, Risk Management

RSD

Blogs Home

Categories

Archives