1 / 34

Enterprise Records Knowledge Conference 2010

Enterprise Records Knowledge Conference 2010 The FOG of Information Governance Information Governance Architecture and Implementation. May 20 th , 2010 Sacramento, California. Agenda. Introduction Challenges of Information Governance Realities on the ground Information Governance Platforms

mikasi
Download Presentation

Enterprise Records Knowledge Conference 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Records Knowledge Conference 2010 The FOG of Information GovernanceInformation Governance Architecture and Implementation May 20th, 2010 Sacramento, California

  2. Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion

  3. Speaker Bassam Zarkout Chief Technology Architect RSD Corporation Email: bza@rsd.com Mobile: 1-613-7913033

  4. RSD Corporate Background • Founded in Geneva, 1973 • Offices in New York, London, Paris, Zürich, Madrid • More than 1,200 customers worldwide • Over 2,000,000 users • Pioneer in high-volume mainframe report and output management • EOS (Enterprise Output Solution) • Innovator in records and document management, and Information Governance • RSD Folders • RSD GLASS™

  5. Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion

  6. Corporate Challenges • Information Governance (IG) challenge • An urgency at the executive level in every enterprise • Initial efforts to “tame the beast” have resulted in… • Solutions with unsound designs • The proliferation of content repositories • Skyrocketing management and admin overhead costs Patriot Act Growing urgencyto gain controlof this dynamic Basel II SEC 17a-4 MiFID Title 21 CFR 11 DoD 5015.2

  7. Managing Corporate Risk is Critical • Managing information-related risks is critical • Enabling legal and regulatory compliance • Maximizing operational value of information assets • Improving competitiveness • Three key terms to explore • Governance, Risk Management, and Compliance • Enterprise Information Management • Information Governance Enterprise Information Management Business Intelligence Governance, Risk Management, and Compliance (GRC) Information Governance Physical Security Financial Reporting Compliance ECM RM Imaging Systems IDARS

  8. What does Information Governance provide? • Solve RM problem • Too much information • No easy mechanism to address compliance and disposition • Address eDiscovery problem • Reduction of ESI discovery burden for information retained • Information accessible within authenticated and auditable context • Address compliance and legal concerns • Compliance and legal requirements are enforced within Information Governance (IG) policy, procedures and methods • Bridge gap between RM and IT • Management by policy enforcement at a Tier 2 level or below • Address cost of governance • Efficiently manage very large records management programs • Integrate functions of managing record lifecycle • Retention and disposition, ediscovery, data privacy, system overhead costs, auditability, etc.

  9. Managing Corporate Risk is Critical Enterprise IG Platforms Federated RM eDiscovery Email Archiving Electronic RM New Laws? New Regulations? Financial Crisis 2008 HIPAA New Laws? Morgan Stanley E-Discovery irregularity fine $1.58b New Regulations? Enron Scandal Sarbanes-Oxley Zubulake-UBS Warburg FRCP 2006 Goldman Sachs 9/11 Patriot Act DoD 5015.2 MoReq

  10. Information Governance Challenges Patriot Act Complexity of requirements growsexponentially with size of organization Basel II SEC 17a-4 Current Generation Solutions MiFID Title 21 CFR 11 DoD 5015.2

  11. Legal and Regulatory Landscape Hundreds and in some cases thousands of laws and regulations * Depending on vertical

  12. Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion

  13. Realities on the ground End Users End Users Laws Regulations Internal Policies Best Practices Etc. Content Producers - MS Office - MS SharePoint - Alfresco - Business Applications - Other Content Consumers - MS SharePoint - Alfresco - Business Applications - Other Privacy Officer Legal Counsel Risk Officer Security Officer Other Officer Compliance Officer The FOG of Information Governance Corporate Records Retention Schedule? Capture Information? Retrieve Information? Security? Cost Governance? eDiscovery & Holds? Lifecycle Event Sources - Business Applications - Processes Data Privacy? Corporate IT Standard Metadata Definitions? Events that impactinformation lifecycle? System Admin? Business Managers Records Management? Storage ILM? Corporate RM BOD Federated RM Functionality? Other Jurisdictions Jurisdiction C Jurisdiction n Jurisdiction A Other Repositories RSD Folders ECM System ECM System Other Repositories

  14. Strained Relationship between RM and IT

  15. Types of Record Formats - Paper - Film - Fiche Unstructured content (high volumes) - MS-Office - PDF - Other Other - MS Exchange - Lotus Notes - IM - Other Entries in data warehouse Structured content (very high volumes) Entries in SQL Database - AFP - PDF - Other

  16. Multiple facets of information lifecycle policies Legal Counsel Security Officer Other Officer Privacy Officer Privacy Officer Risk Officer Compliance Officer IT IT IT RM

  17. Multiple facets of information lifecycle policies Legal Counsel Security Officer Other Officer Privacy Officer Risk Officer Compliance Officer ? Corporate IT Declassify Record Comply with government de-classification requirements Dispose of Record Comply with legal and regulatory record retention requirements Anonymize Record Comply with Privacy requirements Declare as Record Comply with legal and regulatory record retention requirements Move Content to Storage Tier n Reduce costs of storing content Operational Usage of Content Delete Content Index Reduce costs of storing content indexes Corporate RM BOD days weeks months years decades

  18. Evolution in the solutions landscape Current Solutions Landscape To be continued… Structured Content Repositories RM ECM IDARS Data Privacy Policies Control & Admin Policies Control & Admin Repository eDiscovery Policies Control & Admin Repository Policies Control & Admin Policies Control & Admin Repository Policies Control & Admin Repository Next Generation Intelligent Content Addressable Storage Repositories Policies Control & Admin Repository Size of bubbles not to scale

  19. Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion

  20. Evolution in the solutions landscape Current Solutions Landscape Creative Solution Strategy Structured Content Repositories RM Corporate Information Governance Policies ECM Rules (Policies) IDARS Data Privacy Information Governance Corporate/Regional/Jurisdictional Control and Administration Processes Policies Control & Admin Policies Control & Admin Repository eDiscovery Policies Control & Admin Repository Tools (Control &Admin) Data Privacy Audit Mgmt Records Mgmt Policies Control & Admin eDiscovery Other Policies Control & Admin Repository Policies Control & Admin Repository Information Repositories Regional/Jurisdictional/Local Next Generation Intelligent Content Addressable Storage Repositories Tools (Repositories) Content in Data Whse Content in ECM Systems Policies Control & Admin Repository Content in IDARS Content in CAS Systems Size of bubbles not to scale

  21. Key Differences with existing RM/ECM Technologies • Modular architecture aligned with emerging market specifications • Comprehensive repository-independent IG policy • Human readable (Web or PDF based)  analog policies • Application readable/integratable  digital policies • Integration of all facets of the record lifecycle • Retention and disposition • Security declassification lifecycle • Data privacy lifecycle • Migration of electronic records across storage tiers (storage ILM) • Metadata lifecycle (very granular) • Content index lifecycle • Other • Standardized record metadata definitions • “Business” and “Operational” events integrated with lifecycle functions of IG Platform

  22. Enterprise Information Governance Solution Platform Information Governance Steering Committee End Users End Users Laws Regulations Internal Policies Best Practices Etc. Content Producers - MS Office - MS SharePoint - Alfresco - Business Applications - Other Content Consumers - MS SharePoint - Alfresco - Business Applications - Other Privacy Officer Legal Counsel Security Officer Risk Officer Other Officer Compliance Officer Enterprise Information Governance Solution Platform Information Governance Policies - Retention and Disposition - Data Privacy - Discovery - Migration across storage tiers - Standard Metadata Definitions - Other Capture Information Retrieve Information Security Cost Governance eDiscovery & Holds Lifecycle Event Sources - Business Applications - Processes Standard Metadata Definitions Data Privacy EDiscovery & Holds Corporate IT Standard Metadata Definitions Events that impactinformation lifecycle Control and Administration of lifecycle for ALL information System Admin Business Managers Records Management Storage ILM Corporate RM BOD Enforce lifecycle actions Other Jurisdictions Jurisdiction C Jurisdiction n Jurisdiction A Other Repositories RSD Folders ECM System ECM System Other Repositories

  23. Enterprise Information Governance Solution Platform Information Governance Steering Committee End Users End Users Laws Regulations Internal Policies Best Practices Etc. Content Producers - MS Office - MS SharePoint - Alfresco - Business Applications - Other Content Consumers - MS SharePoint - Alfresco - Business Applications - Other Privacy Officer Legal Counsel Security Officer Risk Officer Other Officer Compliance Officer Enterprise Information Governance Solution Platform Information Governance Policies - Retention and Disposition - Data Privacy - Discovery - Migration across storage tiers - Standard Metadata Definitions - Other Capture Information Retrieve Information Corporate IG Policies Security Cost Governance eDiscovery & Holds Lifecycle Event Sources - Business Applications - Processes Standard Metadata Definitions Data Privacy EDiscovery & Holds Corporate IT Events that impactinformation lifecycle Control and Administration of lifecycle for ALL information System Admin Business Managers Records Management IG Policies IG Policies Storage ILM IG Control & Admin IG Control & Admin Corporate RM BOD Enforce lifecycle actions Enforcement Enforcement Other Jurisdictions Jurisdiction C Jurisdiction n Jurisdiction A ECM System Other Repositories RSD Folders ECM System Other Repositories

  24. File Plan Security • ACL Security • Inherited from Master Classification • Inherited from parent to child within File Plan • ACL assignments can be modified by Security Officer or Administrator • Security Classification • Inherited from Master Classification • Inherited from parent to child within File Plan • Security Classification can be increased but NOT decreased • Metadata-value Security • Inherited from Master Classification • Inherited from parent to child within File Plan • Right to change field value limited to authorized Security Officers • Repository Security • Security assigned to Object in Repository respected in IG Platform • Security Accreditation (used within US DoD) http://www.archives.gov/isoo/training/marking-booklet.pdf http://metadata.dod.mil/mdr/irs/DDMS/documents/ICS2007-500-2SecurityMarkingMetadata.pdf

  25. Information Governance Platform Benefits • Enable legal and regulatory compliance • Mitigate overall corporate risks by supporting the implementation and operation of an effective and agile enterprise-wide Information Governance Program • Maximize operational value of information assets • Address pressing needs for advanced content access and information lifecycle management • Transparent access to corporate content in all repositories (structured and unstructured) • Improve competitiveness • Provide cost governance capabilities through the use of advanced IT-centric as well as business and compliance centric information lifecycle functions • Reduce overall cost of infrastructure • Reduce overall cost of storage • Reduce amount of information stored on Tier 1 storage through granular management of information lifecycle

  26. Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion

  27. Information Governance Programs • Definition • IG Programs support compliance and accountability regarding corporate information throughout their lifecycle • Primary objectives • Enable legal and regulatory compliance and mitigate related risk • Maximize operational value of information assets • Improve competitiveness Information Governance Programs RM Programs

  28. Information Governance Programs • Superset of RM Program • Features analogous methodologies and processes • Create and manage corporate policies and procedures about how information should be “properly looked after” consistently • Carry out policies and procedures • Enforce policies on corporate information • Maintain audit trail of these activities Information Governance Programs RM Programs

  29. Main activities in the IG Program • Develop and maintain IG policies and procedures at corporate and jurisdictional levels • IG Steering Committee • Deploy IG policies and procedures into jurisdictions • Manage information lifecycle in business units and department • Perform control and administration of IG activities • Enforce IG lifecycle actions on information • Maintain audit trail on above Corporate Jurisdictions & Legal Entities Corporate Corporate IG Policies:- Retention and disposition- Data Privacy- Electronic discovery- Lifecycle of content- Lifecycle of content indexes- Lifecycle of metadata- Other Jurisdictions & Legal Entities IG Policies in Jurisdictions and Legal Entities Business Units File Plans in Business Units controlled by IG Policies Information Governance Steering Committee Corporate IG Policies Business Units Local IG Policies (Jurisdictions) IG Control and Administration Activities IG Enforcement Activities Repository Repository

  30. Corporate RM Programs versus Corporate IG Programs Conventional Corporate RM Program Jurisdiction #1 Corporate RM Program Manual Retention Policy Development Policy in Excel/Email/Paper/PDF Management of unstructured documents Retention policy ONLY Little or no involvement of IT File Plan File Plan File Plan Records Admin Legal Counsel Risk Officer Corporate IT Records Admin Records Admin Records Admin Records Admin Retention Schedule Retention Schedule Manual RM RMA Jurisdiction #2 File Plan File Plan File Plan File Plan Retention Schedule Retention Schedule Manual Administration of RM Program Manual RM RMA Records Admin Jurisdiction #n Corporate RM File Plan File Plan File Plan File Plan File Plan File Plan End User Corporate RM Retention Schedule Retention Schedule Retention Schedule RMA Manual RM

  31. Corporate RM Programs versus Corporate IG Programs Information Governance Program Jurisdiction #1 Corporate IG Program All facets of Information Lifecycle Management of all forms of records Policies in application integratable form Direct involvement of IT File Plan File Plan File Plan Records Admin Legal Counsel Risk Officer Corporate IT Records Admin Records Admin Records Admin Records Admin IG Policies IG Control & Admin Enforcement Jurisdiction #2 File Plan File Plan File Plan File Plan Integrated Administration of IG Program RRS IG Policies IG Control & Admin Records Admin Enforcement Jurisdiction #n Corporate RM File Plan File Plan File Plan File Plan File Plan File Plan End User Corporate RM IG Policies RRS RRS IG Policies IG Policies IG Control & Admin IG Control & Admin IG Platform technology deployed at Corporate Enforcement Enforcement

  32. Information Governance Steering Committee Privacy Officer Legal Counsel Security Officer Risk Officer Other Officer Compliance Officer Corporate IT: Manage corporate information and IT infrastructure Corporate RM:- Manage process of creating IG policies- Ensure that policies are up to date- Ensure policies are available to field personnel Legal Counsel: Responsible for legal department within organization - must be able to act decisively regarding legal challenges that face organization. Risk Officer: Manage risk matters within organization Privacy Officer: Oversee and manage compliance with Privacy laws and regulations Compliance Officer: Oversee and manage compliance issues within organization Security Officer: Responsible for security matters within organizations, including data security Other Officer: Other corporate officer BOD: Board of Directors with primary responsibility for approving corporate IG policy Other: Depends on organization. Corporate IT Corporate RM BOD

  33. Agenda • Introduction • Challenges of Information Governance • Realities on the ground • Information Governance Platforms • Information Governance Programs • Examples • Discussion

  34. Discussion Thankyou! Bassam Zarkout bza@rsd.com

More Related