290 likes | 456 Views
The New Information Governance World . Galina Datskovsky , Ph.D., CRM Chair of the Board, ARMA International. Agenda. Records Management and Information Governance Responding with Governance RIM Professionals, Archivists and their role in the new organization
E N D
The New Information Governance World Galina Datskovsky, Ph.D., CRMChair of the Board, ARMA International
Agenda • Records Management and Information Governance • Responding with Governance • RIM Professionals, Archivists and their role in the new organization • How to bring up RIM professionals in organizations
Traditional Records Management • Practice of maintaining an organization’s records from the point of creation to the point of disposal • This includes: • Gathering • Classifying • Storing • Securing • Applying policy • Archiving • Disposing
Changing face of the Archive • Archivists receive electronic content • National Archives of the US • Management • Public Access • Preservation
Desired State - Governance • Capture sufficient metadata and content when informationis created to govern effectively • Handle information as part of a systemized, repeatable and defensible process with reasonable protocols • Establish clear policy, rules and privacy expectations for use, access and security of systems, including social networking sites • For cloud environments, verify and limit data location
What changed? • Great reliance on electronic communication • Surge of information • Higher costs
Backbone of Any Organization • “When records are well-managed, agencies can use them to assess the impact of programs, to reduce redundant efforts, to save money, and to share knowledge within and across their organizations. In these ways, proper records management is the backbone of open Government.” • The White House Memorandum re: Managing Government Records, November 28, 2011
Litigation – a Reputation Problem • U.S. District Judge James Selna, who is overseeing the consolidated cases against Toyota Motor Corp. related to millions of vehicle recalls in 2009 and 2010, primarily for issues of sudden unintended acceleration (SUA), has approved the discovery plan for the multidistrict litigation (MDL). Hundreds of lawsuits have been consolidated under Judge Selna’s court. • 20 April 2010 — Toyota Motor Corp. agreed to pay a record $16.4 million fine that the National Highway Traffic Safety Administration (NHTSA) imposed on the company after finding that Toyota waited four months to report sudden acceleration defects in its vehicles. • .
Judicial Watch v Department of Commerce • A U.S. District Court judge invited Judicial Watch to seek sanctions against the Department of Commerce for its initial mishandling of FOI Act requests for information on the late Commerce Secretary Ron Brown. • The record in this case establishes beyond any reasonable dispute that the search was inadequate, unreasonable and unlawful under the FOIA. • The DOC failed to search entire offices that were likely, if not certain, to hold responsive documents. • Documents were destroyed, discarded, and given away, sometimes without being searched to determine if they were responsive, other times with full knowledge thatthey were responsive. • The court ordered the production of agency records foundto be improperly withheld, awarded attorney fees and litigationcosts and issued a specific "written finding" of suspected arbitrary or capricious conduct.
Business Reality • Today’s RIM Professional must: • Understand Business needs • Help Business move forward • Understand the culture and nature of the business
What is Necessary of Today’s Professional • Understand multiple languages • Language of IT • Language of Compliance • Language of Legal • Language of the Business • Global needs • Local needs
Understanding the business • How do we do that? First, we must understand that the problems of businesses have changed. There’s a world of chaos that is organizational information. Unfortunately only approximately 7% - 9% of enterprise content can be considered official records. If that’s all you manage and care about then you can only hope to be 7-9% relevant to your organization. • What about the other 91% of information? It lives and grows exponentially in servers. It walks out the door on portable devices. It lives in the cloud. It’s being duplicated on hard drives and in SharePoint sites. And it must all be governed. Help your organization solve its pressing pain points. Show how you can help them become more efficient while minimizing risk.
Return On Investment • RIM Professional Must Understand the Desire of the Business for a Return on Investment, for example: • Less Disk Space and Infrastructure • Business efficiency • Ability to do business internationally • Regulatory Compliance • Information Security and Protection
Today’s Governance Professional • Let’s talk concrete examples here. When it comes to retention and disposition, do you strive for perfection? If you do, the process may never really happen.. Striving for perfection costs us time – and may leave us paralyzed to act. As they say, the perfectis the enemy of the good. Instead, let’s discuss retention and disposition differently. Our focus should be on legally defensible retention and disposition. • Take initiative, don’t Complain after the fact if you were not consulted.
How Does Today’s Professional Assess the Organization • The Generally Accepted Recordkeeping Principles Help Guide the Professional and the Organization • Accepted Internationally • Help the Professional Align Various Business Functions
What are The Principles accountability A transparency integrity protection T I P compliance availability retention disposition C A R D http://www.arma.org/garp
ARMA Principles Principle of Accountability A senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for records and information management to appropriate individuals. The organization adopts policies and procedures to guide personnel and ensure that the program can be audited. • Principle of Transparency An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties. • Principle of Integrity An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability.
ARMA Principles • Principle of Protection An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection. • Principle of ComplianceAn information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies. • Principle of AvailabilityAn organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information.
ARMA Principles • Principle of RetentionAn organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements. • Principle of DispositionAn organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies.
Maturity Model • Five levels • Less than 5 may be acceptable because of: • Organization risk tolerance • As measured against peers or competitors
Best Practices to be Followed by the RIM Professional • Content Accessibility • Effective and efficient access to enterprise information • Fast response to FOIA, audit, investigations • Control and Awareness • Control over and insight into content sources across the organization • Single policy authority • Ensure policy is applied consistently across information silos • Proactive management of content via retention policies • Storage and productivity efficiencies via systematic removal of ROT (redundant, outdated, trivial content) • Compliance, Oversight and Accountability • Transparency to enterprise content and user actions on that content
Where to Start? • Perform an Assessment • Multiple stakeholders complete assessment tool • Analyze preliminary score • Valid starting metric • Benchmark against best practices and future progress • Perform risk assessment • Identify and prioritize high risk areas • Perform detailed gap analysis • Perform future state analysis • Develop strategic road map
Assessing Information Governance Streamline Policies And Procedures Governance Tools & Technology Enhance Current Tools – Install New Tools Update Infrastructure Infrastructure The Principles Regulatory Preparedness, Efficient Information Management, and Improved ROI
Risk/Reward Analysis Low Risk/Reward Maturity Risk Mitigation Compliance Low Risk/Reward Area Medium Risk/Reward Area High Risk /Reward Area High Risk/Reward Phase 5: Transformational Phase 1: Sub-Standard Phase 2: In Development Phase 4: Proactive Phase 3: Essential Low Maturity Level High Maturity Level
Today’s information governance professional • Archivist or RIM Professional • Technology savvy • Understand the organizational landscape and mission • Highly organized • Understand retention principles • Understand the difference between perfect and good enough • Understand the meaning of reasonable effort • Understand preservation as it relates to electronically stored information • Understand how to apply physical records principles in the new world • Understand the nature of global business needs • Good communication skills
Why do Businesses Need RIM Professionals • Competitive advantage • Alignment of multiple functions: Legal, IT, Business Process • Control of the greatest asset – Information • Risk Mitigation • Program Ownership
Certification and Education • Focus on skills discussed in the presentation as well as the traditional skills • Teach Language of IT • Teach Risk mitigation and legal principles • Teach International Business requirements • Teach ROI • Use ARMA as a resource for sample curricula • Use the Certificate and Certification courses offered
Partner with Technology • “Greater reliance on electronic communication and systems has radically increased the volume and diversity of information that agencies must manage. With proper planning, technology can make these records less burdensome to manage and easier to use and share. But if records management policies and practices are not updated for a digital age, the surge in information could overwhelm agency systems, leading to higher costs and lost records.” • The White House Memorandum re: Managing Government Records, November 28, 2011