260 likes | 277 Views
This article explores the common characteristics of information management programs, the concept of "Unified Records Management," and provides guidelines for making long-term storage decisions.
E N D
Long Term Storage Paper versus Electronic INFORMATION MANAGEMENT Alan Wheelock Iron Mountain Consulting Services October 17, 2012
What do these words have in common? • Glamorous • Romantic • Captivating
Common Characteristics of Information Management Programs these Days …… • 72% of organizations stated that they are ‘very committed’ to RIM improvement • But 72% have no strategic plan • 80% now have Formal RIM Policies • But 63% are inconsistent in their application of the Policies!
… and • Only 43% of companies believe that they have a legally credible retention schedule in place • Only 37% of companies say that their P&P’s are consistently applied • Only 15% of companies have a formal , consistent audit and review of their RIM policies and procedures
The Cart Can’t Come Before the Horse INFORMATION MANAGEMENT
Prior to Making Long Term Storage Decisions Prerequisites • Form and consistently convene an Information Governance Steering Committee • Bring your program to the appropriate ‘maturity’ level • Consider the concept of “Unified Records Management” as the basis for your “go forward” strategy
Unified Records Management Establish a foundation Unify physical records Unify electronic records • 77% have formal, policy-driven processes to protect private information from unauthorized or inadvertent access • 83% report that they are unable to locate hardcopy records when needed, due in large part to the fact that not all records, across all locations, are indexed • Only 35% say they can classify and index user-created electronic records at time of creation or later in their lifecycle
Unified Records Management Unified Records Management
XYZ Corp Records Data Analysis IM Connect Usage: 33%
What does Good Look Like? IM Connect Usage: 87% This is a real IM client
Records Aging Analysis Records More than 10 years old XYZ Corp: 36% Sample Customer: 18.3%
Policy and Procedures • Include electronic records management based on: • ISO Standard 15489 – Records Management • NARA Policy/Guidelines • ARMA’s Generally Accepted Recordkeeping Principles (GARP) • Model Requirements for the Management of Electronic Records (MoReq2) • Include social network usage • Facebook • Twitter • Blogs • Wikis • Reconcile with Info Sec and Info Privacy policies • Personally Identifiable Information (PII) • Payment Card Industry (PCI) • Personal Health Information (PHI)
Assess your Schedule • Age • Legal research date • Mergers/acquisitions/divestitures • Construction • Size: trend is bigger “buckets” • Orientation (function is best practice) • eRecords inclusion • 90% business records are electronic • Global requirements • Enterprise-wide is best practice • Adoption and compliance • Consistency leads to defensibility Consider development of “e-version” to facilitate management of electronic records
Apply retention to paper records • On-site: active/inactive • Conduct periodic “clean-up” or “compliance” days • Institute a “System of Record” to manage active records • Establish a process to transition records from active to inactive • Off-site • Classify cartons according to Retention Schedule • Calculate destruction eligibility • Institute formal destruction authorization/certification process • Use ROI to fund other Records and Information Management projects • Imaged originals • Determine which need to be kept in paper format to satisfy state or federal authorities • Consider long-term retention requirements for imaged records (explore alternative media) • Institute consistent destruction of originals, when permissible
Apply retention to structured records • Use risk-based approach • Determine risk categories based on litigation, investigation, FOIA requests, and audit profile • Prioritize based on potential for fines, sanctions, damage to brand , growth • Assess applications • Identify high-risk business processes / work flows • Compare records management functionality to best practice • Develop plan for filling gaps • Apply macro rules for destruction • Apply “haystack” rules based on function to determine destruction eligibility • Protect preservation of “held” data Collaborate with Legal, IT, Compliance, and Records Management
Apply retention to unstructured records • SharePoint 2010 • Enforce governance for site creation/provisioning • Establish rules in Retention Center • Use Schedule terms in Content Hub • Provide pre-tagged templates • File Shares • Provide alternative (SharePoint, ecrm) • Establish department level foldering consistent with Schedule • Desktops/laptops • Protect content (PII, IP) using technology Consider auto-classification tools for legacy “clean-up” Provide employee training and awareness
Apply retention to e-mail • Use archive (on premises or in cloud) • Move off active email server • Enhance search capabilities for early case assessment, FOIA, etc. • De-dupe • Terminate use of PST and NSF files • Filter and classify • Identify non-record formats • Use role-based classification • Leverage Active Directory • Accommodate filers and pilers • Use auto-classification • Destroy • Calculate destruction eligibility of archived e-mail 80% of responsive data for discovery is email Archive
Long Term Storage Considerations Electronic Signatures in Global and National Commerce Act (‘E-SIGN’ Act) • In place since 2000 • Has a host of rules related to retention • Must be an accurate representation of the record • Remains accessible to all persons entitled to access it • In a form that is capable of being accurately reproduced. Uniform Electronic Transactions Act (“UETA”) • In place since 1999 • Adopted by 47 states
Long Term Storage Considerations (cont) • E-Sign excludes several significant categories of transactions/records; • Laws governing wills, codicils, or testamentary trusts • Laws governing adoption, divorce, or other matters of family law • Cancellations of utility services, health or life insurance benefits • Recall notices on a product that effects health or safety • Notices regarding evictions, foreclosures, repossessions, etc. • Court proceedings documents
Additional Decision Considerations Paper is a very cost effective media for long term storage • Format remains universally accessible and readable. • Long term storage of paper is far cheaper that digitizing. • Can be quickly digitized if the need arises. • Can be digitized (imaged) on demand if records periodically become active Vital records are typically retained in paper and microfilm versus electronic When planning for Long Term archival storage of electronic records, consider: • Accuracy and integrity of the e-version • Future accessibility particularly as it pertains to discovery and regulation. • The impact of technological change
IMPLEMENTATION FAILURETHE most common cause for a failed program, and undoubtedly the biggest barrier to making sound Long Term Storage Decisions • Failure typically traced to: • Lack of a permanent steering committee • Lack of a dedicated RIM management person or team • Lack of senior management commitment • Lack of accountability + audit • Lack of maintenance and continuous improvement
Questions & Answers INFORMATION MANAGEMENT