340 likes | 538 Views
Enterprise Records Knowledge Conference 2010 The FOG of Information Governance Information Governance Architecture and Implementation. May 20 th , 2010 Sacramento, California. Agenda. Introduction Challenges of Information Governance Realities on the ground Information Governance Platforms
E N D
Enterprise Records Knowledge Conference 2010 The FOG of Information GovernanceInformation Governance Architecture and Implementation May 20th, 2010 Sacramento, California
Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion
Speaker Bassam Zarkout Chief Technology Architect RSD Corporation Email: bza@rsd.com Mobile: 1-613-7913033
RSD Corporate Background • Founded in Geneva, 1973 • Offices in New York, London, Paris, Zürich, Madrid • More than 1,200 customers worldwide • Over 2,000,000 users • Pioneer in high-volume mainframe report and output management • EOS (Enterprise Output Solution) • Innovator in records and document management, and Information Governance • RSD Folders • RSD GLASS™
Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion
Corporate Challenges • Information Governance (IG) challenge • An urgency at the executive level in every enterprise • Initial efforts to “tame the beast” have resulted in… • Solutions with unsound designs • The proliferation of content repositories • Skyrocketing management and admin overhead costs Patriot Act Growing urgencyto gain controlof this dynamic Basel II SEC 17a-4 MiFID Title 21 CFR 11 DoD 5015.2
Managing Corporate Risk is Critical • Managing information-related risks is critical • Enabling legal and regulatory compliance • Maximizing operational value of information assets • Improving competitiveness • Three key terms to explore • Governance, Risk Management, and Compliance • Enterprise Information Management • Information Governance Enterprise Information Management Business Intelligence Governance, Risk Management, and Compliance (GRC) Information Governance Physical Security Financial Reporting Compliance ECM RM Imaging Systems IDARS
What does Information Governance provide? • Solve RM problem • Too much information • No easy mechanism to address compliance and disposition • Address eDiscovery problem • Reduction of ESI discovery burden for information retained • Information accessible within authenticated and auditable context • Address compliance and legal concerns • Compliance and legal requirements are enforced within Information Governance (IG) policy, procedures and methods • Bridge gap between RM and IT • Management by policy enforcement at a Tier 2 level or below • Address cost of governance • Efficiently manage very large records management programs • Integrate functions of managing record lifecycle • Retention and disposition, ediscovery, data privacy, system overhead costs, auditability, etc.
Managing Corporate Risk is Critical Enterprise IG Platforms Federated RM eDiscovery Email Archiving Electronic RM New Laws? New Regulations? Financial Crisis 2008 HIPAA New Laws? Morgan Stanley E-Discovery irregularity fine $1.58b New Regulations? Enron Scandal Sarbanes-Oxley Zubulake-UBS Warburg FRCP 2006 Goldman Sachs 9/11 Patriot Act DoD 5015.2 MoReq
Information Governance Challenges Patriot Act Complexity of requirements growsexponentially with size of organization Basel II SEC 17a-4 Current Generation Solutions MiFID Title 21 CFR 11 DoD 5015.2
Legal and Regulatory Landscape Hundreds and in some cases thousands of laws and regulations * Depending on vertical
Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion
Realities on the ground End Users End Users Laws Regulations Internal Policies Best Practices Etc. Content Producers - MS Office - MS SharePoint - Alfresco - Business Applications - Other Content Consumers - MS SharePoint - Alfresco - Business Applications - Other Privacy Officer Legal Counsel Risk Officer Security Officer Other Officer Compliance Officer The FOG of Information Governance Corporate Records Retention Schedule? Capture Information? Retrieve Information? Security? Cost Governance? eDiscovery & Holds? Lifecycle Event Sources - Business Applications - Processes Data Privacy? Corporate IT Standard Metadata Definitions? Events that impactinformation lifecycle? System Admin? Business Managers Records Management? Storage ILM? Corporate RM BOD Federated RM Functionality? Other Jurisdictions Jurisdiction C Jurisdiction n Jurisdiction A Other Repositories RSD Folders ECM System ECM System Other Repositories
Types of Record Formats - Paper - Film - Fiche Unstructured content (high volumes) - MS-Office - PDF - Other Other - MS Exchange - Lotus Notes - IM - Other Entries in data warehouse Structured content (very high volumes) Entries in SQL Database - AFP - PDF - Other
Multiple facets of information lifecycle policies Legal Counsel Security Officer Other Officer Privacy Officer Privacy Officer Risk Officer Compliance Officer IT IT IT RM
Multiple facets of information lifecycle policies Legal Counsel Security Officer Other Officer Privacy Officer Risk Officer Compliance Officer ? Corporate IT Declassify Record Comply with government de-classification requirements Dispose of Record Comply with legal and regulatory record retention requirements Anonymize Record Comply with Privacy requirements Declare as Record Comply with legal and regulatory record retention requirements Move Content to Storage Tier n Reduce costs of storing content Operational Usage of Content Delete Content Index Reduce costs of storing content indexes Corporate RM BOD days weeks months years decades
Evolution in the solutions landscape Current Solutions Landscape To be continued… Structured Content Repositories RM ECM IDARS Data Privacy Policies Control & Admin Policies Control & Admin Repository eDiscovery Policies Control & Admin Repository Policies Control & Admin Policies Control & Admin Repository Policies Control & Admin Repository Next Generation Intelligent Content Addressable Storage Repositories Policies Control & Admin Repository Size of bubbles not to scale
Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion
Evolution in the solutions landscape Current Solutions Landscape Creative Solution Strategy Structured Content Repositories RM Corporate Information Governance Policies ECM Rules (Policies) IDARS Data Privacy Information Governance Corporate/Regional/Jurisdictional Control and Administration Processes Policies Control & Admin Policies Control & Admin Repository eDiscovery Policies Control & Admin Repository Tools (Control &Admin) Data Privacy Audit Mgmt Records Mgmt Policies Control & Admin eDiscovery Other Policies Control & Admin Repository Policies Control & Admin Repository Information Repositories Regional/Jurisdictional/Local Next Generation Intelligent Content Addressable Storage Repositories Tools (Repositories) Content in Data Whse Content in ECM Systems Policies Control & Admin Repository Content in IDARS Content in CAS Systems Size of bubbles not to scale
Key Differences with existing RM/ECM Technologies • Modular architecture aligned with emerging market specifications • Comprehensive repository-independent IG policy • Human readable (Web or PDF based) analog policies • Application readable/integratable digital policies • Integration of all facets of the record lifecycle • Retention and disposition • Security declassification lifecycle • Data privacy lifecycle • Migration of electronic records across storage tiers (storage ILM) • Metadata lifecycle (very granular) • Content index lifecycle • Other • Standardized record metadata definitions • “Business” and “Operational” events integrated with lifecycle functions of IG Platform
Enterprise Information Governance Solution Platform Information Governance Steering Committee End Users End Users Laws Regulations Internal Policies Best Practices Etc. Content Producers - MS Office - MS SharePoint - Alfresco - Business Applications - Other Content Consumers - MS SharePoint - Alfresco - Business Applications - Other Privacy Officer Legal Counsel Security Officer Risk Officer Other Officer Compliance Officer Enterprise Information Governance Solution Platform Information Governance Policies - Retention and Disposition - Data Privacy - Discovery - Migration across storage tiers - Standard Metadata Definitions - Other Capture Information Retrieve Information Security Cost Governance eDiscovery & Holds Lifecycle Event Sources - Business Applications - Processes Standard Metadata Definitions Data Privacy EDiscovery & Holds Corporate IT Standard Metadata Definitions Events that impactinformation lifecycle Control and Administration of lifecycle for ALL information System Admin Business Managers Records Management Storage ILM Corporate RM BOD Enforce lifecycle actions Other Jurisdictions Jurisdiction C Jurisdiction n Jurisdiction A Other Repositories RSD Folders ECM System ECM System Other Repositories
Enterprise Information Governance Solution Platform Information Governance Steering Committee End Users End Users Laws Regulations Internal Policies Best Practices Etc. Content Producers - MS Office - MS SharePoint - Alfresco - Business Applications - Other Content Consumers - MS SharePoint - Alfresco - Business Applications - Other Privacy Officer Legal Counsel Security Officer Risk Officer Other Officer Compliance Officer Enterprise Information Governance Solution Platform Information Governance Policies - Retention and Disposition - Data Privacy - Discovery - Migration across storage tiers - Standard Metadata Definitions - Other Capture Information Retrieve Information Corporate IG Policies Security Cost Governance eDiscovery & Holds Lifecycle Event Sources - Business Applications - Processes Standard Metadata Definitions Data Privacy EDiscovery & Holds Corporate IT Events that impactinformation lifecycle Control and Administration of lifecycle for ALL information System Admin Business Managers Records Management IG Policies IG Policies Storage ILM IG Control & Admin IG Control & Admin Corporate RM BOD Enforce lifecycle actions Enforcement Enforcement Other Jurisdictions Jurisdiction C Jurisdiction n Jurisdiction A ECM System Other Repositories RSD Folders ECM System Other Repositories
File Plan Security • ACL Security • Inherited from Master Classification • Inherited from parent to child within File Plan • ACL assignments can be modified by Security Officer or Administrator • Security Classification • Inherited from Master Classification • Inherited from parent to child within File Plan • Security Classification can be increased but NOT decreased • Metadata-value Security • Inherited from Master Classification • Inherited from parent to child within File Plan • Right to change field value limited to authorized Security Officers • Repository Security • Security assigned to Object in Repository respected in IG Platform • Security Accreditation (used within US DoD) http://www.archives.gov/isoo/training/marking-booklet.pdf http://metadata.dod.mil/mdr/irs/DDMS/documents/ICS2007-500-2SecurityMarkingMetadata.pdf
Information Governance Platform Benefits • Enable legal and regulatory compliance • Mitigate overall corporate risks by supporting the implementation and operation of an effective and agile enterprise-wide Information Governance Program • Maximize operational value of information assets • Address pressing needs for advanced content access and information lifecycle management • Transparent access to corporate content in all repositories (structured and unstructured) • Improve competitiveness • Provide cost governance capabilities through the use of advanced IT-centric as well as business and compliance centric information lifecycle functions • Reduce overall cost of infrastructure • Reduce overall cost of storage • Reduce amount of information stored on Tier 1 storage through granular management of information lifecycle
Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion
Information Governance Programs • Definition • IG Programs support compliance and accountability regarding corporate information throughout their lifecycle • Primary objectives • Enable legal and regulatory compliance and mitigate related risk • Maximize operational value of information assets • Improve competitiveness Information Governance Programs RM Programs
Information Governance Programs • Superset of RM Program • Features analogous methodologies and processes • Create and manage corporate policies and procedures about how information should be “properly looked after” consistently • Carry out policies and procedures • Enforce policies on corporate information • Maintain audit trail of these activities Information Governance Programs RM Programs
Main activities in the IG Program • Develop and maintain IG policies and procedures at corporate and jurisdictional levels • IG Steering Committee • Deploy IG policies and procedures into jurisdictions • Manage information lifecycle in business units and department • Perform control and administration of IG activities • Enforce IG lifecycle actions on information • Maintain audit trail on above Corporate Jurisdictions & Legal Entities Corporate Corporate IG Policies:- Retention and disposition- Data Privacy- Electronic discovery- Lifecycle of content- Lifecycle of content indexes- Lifecycle of metadata- Other Jurisdictions & Legal Entities IG Policies in Jurisdictions and Legal Entities Business Units File Plans in Business Units controlled by IG Policies Information Governance Steering Committee Corporate IG Policies Business Units Local IG Policies (Jurisdictions) IG Control and Administration Activities IG Enforcement Activities Repository Repository
Corporate RM Programs versus Corporate IG Programs Conventional Corporate RM Program Jurisdiction #1 Corporate RM Program Manual Retention Policy Development Policy in Excel/Email/Paper/PDF Management of unstructured documents Retention policy ONLY Little or no involvement of IT File Plan File Plan File Plan Records Admin Legal Counsel Risk Officer Corporate IT Records Admin Records Admin Records Admin Records Admin Retention Schedule Retention Schedule Manual RM RMA Jurisdiction #2 File Plan File Plan File Plan File Plan Retention Schedule Retention Schedule Manual Administration of RM Program Manual RM RMA Records Admin Jurisdiction #n Corporate RM File Plan File Plan File Plan File Plan File Plan File Plan End User Corporate RM Retention Schedule Retention Schedule Retention Schedule RMA Manual RM
Corporate RM Programs versus Corporate IG Programs Information Governance Program Jurisdiction #1 Corporate IG Program All facets of Information Lifecycle Management of all forms of records Policies in application integratable form Direct involvement of IT File Plan File Plan File Plan Records Admin Legal Counsel Risk Officer Corporate IT Records Admin Records Admin Records Admin Records Admin IG Policies IG Control & Admin Enforcement Jurisdiction #2 File Plan File Plan File Plan File Plan Integrated Administration of IG Program RRS IG Policies IG Control & Admin Records Admin Enforcement Jurisdiction #n Corporate RM File Plan File Plan File Plan File Plan File Plan File Plan End User Corporate RM IG Policies RRS RRS IG Policies IG Policies IG Control & Admin IG Control & Admin IG Platform technology deployed at Corporate Enforcement Enforcement
Information Governance Steering Committee Privacy Officer Legal Counsel Security Officer Risk Officer Other Officer Compliance Officer Corporate IT: Manage corporate information and IT infrastructure Corporate RM:- Manage process of creating IG policies- Ensure that policies are up to date- Ensure policies are available to field personnel Legal Counsel: Responsible for legal department within organization - must be able to act decisively regarding legal challenges that face organization. Risk Officer: Manage risk matters within organization Privacy Officer: Oversee and manage compliance with Privacy laws and regulations Compliance Officer: Oversee and manage compliance issues within organization Security Officer: Responsible for security matters within organizations, including data security Other Officer: Other corporate officer BOD: Board of Directors with primary responsibility for approving corporate IG policy Other: Depends on organization. Corporate IT Corporate RM BOD
Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion
Discussion Thankyou! Bassam Zarkout bza@rsd.com