Nowadays, records exist in electronic form all over the business, often well beyond the .... have retention policies, th
AIIM Market Intelligence Delivering the priorities and opinions of AIIM’s 75,000 community
Industry
Watch Information Governance - records, risks and retention in the litigation age
Underwritten in part by:
Send to a friend 4
aiim.org I 301.587.8202
About the Research
Our ability to deliver such high-quality research is partially made possible by our underwriting companies, without whom we would have to return to a paid subscription model. For that, we hope you will join us in thanking our underwriters, who are:
HP Auton omy 1 Market, Spear Tower, 19th Floor, San Francisco, CA 94105 USA Phone: +1 415.243.9955 Web: www.autonomy.com
Iron Moun tain 745 Atlantic Avenue, Boston, MA 02111 Phone: +1 800.899.5766 Web: www.ironmountain.com
Nu ix Techn ology UK Limited, 5th Floor, 68 Lombard Street, London, EC3V 9LJ, England Phone: +44 (0)207.868.1936 Email:
[email protected] Web: www.nuix.com
Reca ll 180 Technology Parkway Norcross, GA 30092 USA Phone: +1 888.Recall6 (732.2556) Email:
[email protected] Web: www.recall.com
RS D 300 Brickstone Square, Suite 603 Andover, MA 01810 USA Phone: +1 978.409.2486 Sales phone: +1 978.409.2486 x105 Email:
[email protected] Web: www.rsd.com
S AP 3999 West Chester Pike, Newtown Square, PA 19073 USA Phone: +1 610.661.1000 Web: www.sap.com
StoredIQ 4401 West Gate Blvd., Suite 300 Austin, TX 78745 USA Phone: +1 512.334.3100 Sales phone: +1 512.334.3146 Email:
[email protected] Web: www.storediq.com
Process Used and Survey Demographics While we appreciate the support of these sponsors, we also greatly value our objectivity and independence as a non-profit industry association. The results of the survey and the market commentary made in this report are independent of any bias from the vendor community. The survey was taken using a web-based tool by 548 individual members of the AIIM community between January 18, and February 11, 2013. Invitations to take the survey were sent via e-mail to a selection of the 75,000 AIIM community members. Survey demographics can be found in Appendix 1. Graphs throughout the report exclude responses from organizations with less than 10 employees, and suppliers of ECM products or services, taking the number of respondents to 512
© 2013 AIIM - The Global Community of Information Professionals
1
Information Governance
Axceler 7 Swallow Place, London W1B 2AG England Phone +44 (0)207.850.0199 Email:
[email protected]
- records, risks and retention in the litigation age
AS G Softwa re Solution s 1333 Third Avenue South Naples, FL 34102 USA Phone: +1 800.726.5555 Email:
[email protected]
In dustry
Rather than redistribute a copy of this report to your colleagues, we would prefer that you direct them to www.aiim.org/research for a free download of their own.
Watch
As the non-profit association dedicated to nurturing, growing and supporting the Information Management community, AIIM is proud to provide this research at no charge. In this way, the entire community can leverage the education, thought leadership and direction provided by our work. We would like this research to be as widely distributed as possible. Feel free to use this research in presentations and publications with the attribution – “© AIIM 2013, www.aiim.org”
About AIIM In dustry
About the Author
Watch
AIIM has been an advocate and supporter of information professionals for nearly 70 years. The association mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and Big Data. AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community: practitioners, technology suppliers, integrators and consultants.
Doug Miles is head of the AIIM Market Intelligence Division. He has over 25 years’ experience of working with users and vendors across a broad spectrum of IT applications. He was an early pioneer of document management systems for business and engineering applications, and has produced many AIIM survey reports on issues and drivers for Capture, ECM, Records Management, SharePoint, Mobile, Cloud and Social Business. Doug has also worked closely with other enterprise-level IT systems such as ERP, BI and CRM. Doug has an MSc in Communications Engineering and is a member of the IET in the UK.
2
Information Governance
© 2013 AIIM - The Global Community of Information Professionals
- records, risks and retention in the litigation age
© 2013 AIIM - Find, Control, and Optimize Your Information 1100 Wayne Avenue, Suite 1100, Silver Spring, MD 20910 Phone: 301.587.8202 www.aiim.org
Table of Contents C lou d, SaaS and Outsourcing . . . . . . . 21 Outsource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Spending Plans: Spen ding Plan s . . . . . . . . . . . . . . . . . . . . . 23
Introduction: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Key Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Conclusion and Recommendations:
Paper vs. Electronic:
C onclusi on and Recomme ndati on s . . 24 Recommendations . . . . . . . . . . . . . . . . . . . . . . 24 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Paper vs. Electronic . . . . . . . . . . . . . . . . . . 5 Alignment of Practices . . . . . . . . . . . . . . . . . . . . 5
Appendix 1 - Survey Demographics:
Appendix 2 - Overall Comments:
Governmen t Policies . . . . . . . . . . . . . . . . . 9 Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Appendix 2 - Overall Comments . . . . . 28
Underwritten in part by:
Automated Classi fication . . . . . . . . . . . . 15 Is it Working? . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
ASG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Axceler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 HP Autonomy . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Iron Mountain . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Nuix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Recall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 RSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 StoredIQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Emails and Social:
About AIIM:
Emails and Social . . . . . . . . . . . . . . . . . . . 16 Social . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Content Storage and Retention: C onte nt Storage and Re tention . . . . . . 12 Is it Working? . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Automated Classification:
E-Discovery: E-Dis covery . . . . . . . . . . . . . . . . . . . . . . . . . 19 Jurisdictions . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Consequences . . . . . . . . . . . . . . . . . . . . . . . . . 20 Deletion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
© 2013 AIIM - The Global Community of Information Professionals
3
Information Governance
Government Policies:
Risks and Rewards:
- records, risks and retention in the litigation age
Ri sks and Re wards . . . . . . . . . . . . . . . . . . . 6 Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Rewards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Su rvey Demographi cs . . . . . . . . . . . . . . . 26 Survey Background . . . . . . . . . . . . . . . . . . . . . . 26 Organizational Size . . . . . . . . . . . . . . . . . . . . . . 26 Geography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Industry Sector . . . . . . . . . . . . . . . . . . . . . . . . . 27 Job Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
In dustry
Cloud, SaaS and Outsourcing:
About the Research . . . . . . . . . . . . . . . . . . 1 Process Used, Survey Demographics . . . . . . . . 1 About AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 About the Author . . . . . . . . . . . . . . . . . . . . . . . . . 2
Watch
About the Research:
Introduction In dustry
Nowadays, records exist in electronic form all over the business, often well beyond the reach of the traditional custodians. So we now need much wider “Information Governance Policies” to ensure that our corporate information (and our customers’ information) is secure and is easily located. In particular, businesses are increasingly faced with the possibility of high profile criminal, commercial and patent cases that hinge on evidence from electronic documents, from emails, and even from social network comments. So these records need to be “discoverable” and presentable to regulators and lawyers. And as the argument moves on from “how do we keep stuff?” to “how can we defensibly get rid of stuff?”, we need to examine what shape enterprise records management takes and, in the big data age, how do we keep a lid on the escalating costs of content storage?
Watch
Once upon a time, records meant paper documents. They lived in file cabinets, and they were managed and maintained by secretaries, librarians and archivists who knew the rules, and applied them diligently. When space for more file cabinets ran out, the records were put in boxes, marked with a destruction date, and shipped out to a box store (a paper records outsource provider). When the destruction date was reached, the box store would take care of destroying it, and recording the fact that it had been done.
In this survey, we look at the risk profile around electronic records, the keep-all versus delete-all options, the international view of e-discovery, and the implications of social, mobile and cloud on RM policies. We also look at the development of enterprise-wide governance policies, and how they translate into system strategies.
n Effective information governance is crippled by poor training. Only 16% regularly train all staff. 31% do no training at all. n Senior management is ignoring the risks. 31% of respondents report that poor electronic records-keeping is causing problems with regulators and auditors. 14% are incurring fines or bad publicity. n The answer to the data problem is to let the computer do the filing. 14% are already doing autoclassification of electronic records, 37% are keen to do it. n Despite good intentions, the delete button isn’t being pressed. Electronic records aren’t being deleted even when retention periods are set. n IT is losing its ability to transform business. For a third of organizations, 90% of IT spend adds no new value. n Something has to be done about content accumulation. For 29% the response to the information deluge is “buy more discs”. n Emails are acknowledged as records, but the filing systems are chaotic. 73% include email in their retention policies, but most rely on manual methods to file them. n Social content management is not even on the radar. Less than 15% of organizations are even trying to include social postings in their retention schedules. n Cloud is not in everyone’s future. 46% of organizations would “definitely not” or “probably not” consider using cloud for managing electronic records. 23% would consider using their existing paper records outsourcer for cloud services. n The content may be electronic but the e-discovery mechanisms are still manual. 53% are still reliant on manual processes for e-discovery searches across file shares, email and physical records. n 45% of organizations plan to increase their records management spend over the next two years. In particular, automated classification is set for strong growth, along with enterprise search, RM modules, E-discovery and email management.
© 2013 AIIM - The Global Community of Information Professionals
4
Information Governance
n Progress toward the “Paperless Office” is slow. For 42% of organizations, the volume of paper records is still increasing.
- records, risks and retention in the litigation age
Key Findings
Paper vs. Electronic
Watch
By comparison, in our 2011 report1, more organizations were seeing a decrease than an increase – a positive gap of 10%, which was a big change from 2009 where the negative gap of 34% was much greater than today. We have no firm explanation for this apparent return to growth for paper records. It could simply be that during the downturn of 2009-2011 overall transaction volumes decreased. It could be that more vigorous savings were called for on office costs, or that box store costs were scrutinized more closely, leading to a more general clear out of file boxes - and that now they are creeping back in. Or it could be that a number of back-file scanning projects have been run down and not re-instated.
In dustry
In theory, the increasing focus on keeping records in electronic form should be resulting in a decrease in the volume of paper records. However, in Figure 1 we see a somewhat chequered picture. Overall, the volume of paper records is increasing in 42% of organizations, and decreasing in 34% - a “negative gap” of 8%. In the largest organizations (5,000+ employees), the gap closes to 3% whereas in mid-sized and smaller organizations, the gap is 11%.
Figure 1: Is the volume of your paper records: (N=508)
0%
0% 10% 5% 15% 10% 20% 15% 25% 20% 30% 25% 35% 30% 35% 5%
Increasing Increasing rapidly rapidly
Stable Stable
5,000+ 5,000+ emps emps
Decreasing somewhat Decreasing somewhat Decreasing Decreasing rapidly rapidly
Alignment of Practices Given that most businesses are now managing at least some of their records as electronic, it is interesting to compare how the traditional records management practices are transferring from the paper world. Figure 2: How well are these aspects of your electronic records-keeping aligned with your paper records-keeping practices? (N=508)
-80%-40% -60%-20% -40% 0% -20%20% 0% 40% 20% 60% 40% 80% 60% 80% -80% -60% Access control Access control declara!on guidance RecordsRecords declara!on guidance Fileplan/classifica!on/taxonomy Fileplan/classifica!on/taxonomy Reten!on Reten!on periodsperiods Implementa!on of dele!on/destruc!on Implementa!on of dele!on/destruc!on a#er reten!on a#er reten!on period period of compliance Audit ofAudit compliance agreements for outsource Service Service agreements for outsource Legal hold Legal hold Not aligned We no policies AlignedAligned Not aligned We have nohave policies for this for this © 2013 AIIM - The Global Community of Information Professionals
5
Information Governance
10-500 10-500 emps emps 500-5,000 500-5,000 emps emps
- records, risks and retention in the litigation age
Increasing somewhat Increasing somewhat
Audit of compliance Service agreements for outsource
Figure 3: Which of the following types of electronic content do you include in your retention policies and RM processes? (N=505)
In dustry
Of course, although most organizations have retention policies, they are not always applied as widely as they could be across different types of content.
Watch
These results show that in approximately half of the organizations surveyed there is still considerable inequality between the practices applied to paper records, and those applied to electronic records and, of course, that some organizations have large gaps in Legal their policies hold for both. Of most interest here is the fact that most organizations do have policies on retention periods, and that along with legal hold, these are the most likely to be aligned between electronic and paper. However, when it comes to the implementation of deletion or destruction of records after the Aligned Not aligned have no indicating policies for this retention period, the number of organizations with alignment drops byWe nearly half, that deletion of electronic records is not taking place as per the policies.
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Electronic docs such as images, word processor docs, spreadsheets and PDFs Emails
SharePoint content Public website content Instant messaging Internal social biz applica!ons such as staff blogs, wikis, micro-blogs, etc. Dynamic or personalized content such as webpages, tailored promo!ons, etc. External social media such as company blogs, LinkedIn groups, Twi&er, etc. We do not include any form of electronically stored informa!on
Email was at one time widely considered to be transient or conversational and therefore not recorded, but now is treated (selectively) as a record by 73%. Most organizations record application-generated output, but very few record dynamic or personalized content. In some organizations collaborative SharePoint content is considered transient, but in most it very quickly builds up, and a records and retention policy of some form becomes essential. Instant messaging is also considered transient by most, but can be implicated in breaches of acceptable use and insider malpractice. While retention periods are widely set for both paper and electronic records, they are much less likely to be implemented for electronic records
Risks and Rewards For many years the argument has raged as to whether records management and information governance has a “positive benefit” in terms of sharing knowledge and making it more accessible, or whether it is merely a “negative benefit,” avoiding compliance risks and litigation costs. In this survey, rather than pitch these two against each other in the same question, we have split the discussion into risks and rewards.
© 2013 AIIM - The Global Community of Information Professionals
6
Information Governance
Documents stored in ERP, CRM and project management systems
- records, risks and retention in the litigation age
Applica!on-generated output records such as invoices, statements, delivery notes, etc.
Risks Before looking in detail at Figure 4, we should perhaps point out that most of these risks apply to most organizations, but respondents were asked to pick the three most significant for their organizations.
10%
20%
30%
40%
50%
60%
Excess ligaon costs or damages resulng from poor records keeping Loss of customer confidence or bad publicity from data loss
Watch
0%
In dustry
Figure 4: Which of the following do you consider to be the three biggest risks to your company from a failure of information governance? (N=500)
Loss of intellectual property or company confidenal informaon Inability to respond to requests (Freedom of Informaon)
Regulator acon from loss/exposure of personally idenfiable informaon Poor outcome of customer/supplier disputes due to gaps in comms trail Criminal prosecuon for allowing personally sensive data to be lost
Excess litigation costs are clearly seen as the biggest risk of a failure of information governance, and we will explore 10% 20% 30% 40% 50% and 60%customer-related 70% 80% this in more detail later. Since information governance 0% also includes protecting confidential data, the bad publicity and loss of customer confidence from a data leak is also of considerable consequence. As we have seen in recent storage cases such Sony, a security breach can damage a carefully created brand identity almost Reduce and as infrastructure costs overnight, and organizations can incur significant fines from data regulators – or in some regions, a criminal prosecution. Loss of a company’s own intellectual property can, of course, be hugely damaging, and the inability to and share our knowledge resources respondExploit to Freedom of Information (FOI) requests can incur fines from government sector regulators.
Faster response to events, accidents, press acvies, FOI enquiries, etc.
Rewards
More personalized and accurate service to
For many, many years, the arguments for scanning paper records to reduce physical office costs have been well customers rehearsed. However, as organizations have become deluged with more and more electronic content, the issue of retention andBe!er deletion has come to the fore in order to put some restraint on the seemingly exponential growth in disc customer/supplier relaonships storage. In Figure 5 we can see that this is now considered to be the key benefit of good information governance, pushing the ability to exploit and share knowledge resources into second place.
Support for potenal big data iniaves
Be!er reputaon/improved shareholder value Faster and cheaper financial audits Control social media for posive benefit
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% © 2013 AIIM - The Global Community Information Professionals Ge"ng to grips ofwith electronic records
7
Information Governance
Audit qualificaons due to inadequate records
- records, risks and retention in the litigation age
Infringement of industry-specific compliance regulaons
Poor outcome of customer/supplier disputes due to gaps in comms trail Criminal prosecuon for allowing personally sensive data to be lost Figure 5: Which three of the following do you consider to be the biggest benefits to your company from good information governance? (N=506)
Watch
Reduce storage and infrastructure costs Exploit and share our knowledge resources Faster response to events, accidents, press acvies, FOI enquiries, etc.
In dustry
0% 10% 20% 30% 40% 50% 60% 70% 80%
More personalized and accurate service to customers Be!er customer/supplier relaonships Support for potenal big data iniaves
Control social media for posive benefit
0% such 5% as 10% 20% accidents, 25% 30% 35% 45% FOI Faster and more agile response to a wide range of events bad15% weather, press40% activities, enquiries, social media storms, and so on, is also a clear benefit of the ready access to electronic records on an enterprise-wide basis,toincluding mobile and remote connections. Ge"ng grips with electronic records We then see a customer service element, which is particularly true for financial and utility organizations, where many years of acquisitions and mergersDealing have created potential disruption of customer records. These organizations are with emails also more likely to look to personalizing their offers, and are at the forefront of big data analytics to forecast trends Compliance of records content. and opportunities based monitoring/enforcement on the aggregate of their stored
governance policies
Including mulple systems and repositories in the records regime
Concerns
As the custodians of corporate information, records managers and IT managers are the most likely to know where Poor classificaon of content within their organization’s vulnerabilities lie,ECM/SharePoint and these are likely to be reflected in their concerns and immediate priorities.
Defensible disposion/deleon Dealing with rapidly increasing storage requirements Dealing with content on smartphones and tablets SharePoint volume growth Security against data the#/ unauthorized access
Planned, but not started, 9% © 2013 AIIM - The Global Community of Information Professionals
No plans, 3% Incorporated within our enterprise-wide Informaon Management Strategy, 30%
8
Information Governance
Faster and cheaper financial audits
- records, risks and retention in the litigation age
Be!er reputaon/improved shareholder value
Faster and cheaper financial audits Control social media for posive benefit Figure 6: Which three of the following are giving you the biggest cause for concern right now? (Max THREE) (N=457)
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Watch
Dealing with emails Compliance monitoring/enforcement of governance policies Including mulple systems and repositories in the records regime
In dustry
Ge"ng to grips with electronic records
Poor classificaon of content within ECM/SharePoint Defensible disposion/deleon
SharePoint volume growth Security against data the#/ unauthorized access
No plans, Given the mismatch indicated earlier between electronic records policies and those for paper records, it is no 3% highly, with emails being of particular concern. Even with surprise that getting to grips with electronic records figures Planned, but policies in place, monitoring and is clearly of concern for many of our respondents, especially Incorporated within our across notenforcement started, multiple repositories and other enterprise systems. Then comes poor classification of content inInformaon ECM systems, and enterprise-wide 9% Management Strategy, particularly SharePoint, and this is leading the move towards automated classification and tagging. Defensible 30% deletion and dealing with increasing storage requirements come next. Off the radar in Figure 6, and perhaps victims of the “three options” limit, are the implications of company In process, but unofficial use of cloud-based sharing sites. Both issues figure strongly in other AIIM contributions to social sites, and not there yet, surveys, but are secondary for many in the day-to-day fight to stay compliant for core records.
22%
Standalone Informaon The biggest risk from poor information governance is considered to be increased litigation costs and damages. Governance policy accross Reduction in storage costs is considered to be the biggest benefit – followed closely by exploitation and sharing of the organizaon, knowledge resources, and faster response to events. 14%
We have a number of Records Management policies but they are not integrated, 17%
Governance Policies
Each part of the organizaon has its own Informaon Governance policy, 4%
Corporate policies for managing records and protecting information may be included as part of an overall Information Management Strategy, or they may standalone within an Information Governance Policy. Many organizations are working to achieve a uniform policy across the enterprise, but as we will see, this can be something of a struggle, not least because of the different privacy laws and legal mechanisms in different countries.
© 2013 AIIM - The Global Community of Information Professionals
9
Information Governance
Dealing with content on smartphones and tablets
- records, risks and retention in the litigation age
Dealing with rapidly increasing storage requirements
SharePoint volume growth Security against data the#/ unauthorized access Figure 7: How is your organization dealing with information governance policies? (N=464)
In process, but not there yet, 22%
In dustry
Incorporated within our enterprise-wide Informaon Management Strategy, 30%
Watch
Planned, but not started, 9%
No plans, 3%
Standalone Informaon Governance policy accross the organizaon, 14%
As one might expect, progress varies but 44% have some level of enterprise-wide policy in place, and 21% have multiple, non-integrated policies. Results are fairly consistent across different sizes of organization although midsized organizations seem to struggle the most, with 25% reporting to be in-process but not there yet. 18% of smaller organizations have no policies or plans. However, simply having a policy in place does not ensure that good information governance occurs. Half of those with a policy admit that it is largely un-referenced and un-audited. At the bottom of the scale, 22% are not taking this seriously, relying on accepted practice or hiding behind their systems for protection. Overall, 48% could be considered to be working hard to achieve enterprise-wide conformance. Figure 8: Which of the following do you think best describes the way that information governance policy is regarded in your organization? (N=463)
We have li"le in the way of official policy, just accepted prac!ce 11% We rely on our ECM/RM systems and firewalls for governance, 5%
It’s in place, It’s important and it’s communicated and enforced 15% We have a policy but it’s largely un-referenced and un-audited, 16%
It’s very variable accross different departments, 15%
© 2013 AIIM - The Global Community of Information Professionals
0%
Nobody takes much interest, 6%
We are working hard to achieve a corporate-wide view, 33%
10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
10
Information Governance
Each part of the organizaon has its own Informaon Governance policy, 4%
- records, risks and retention in the litigation age
We have a number of Records Management policies but they are not integrated, 17%
We are working hard to achieve a corporate-wide view, 33%
We are working hard to achieve a corporate-wide view, 33%
Emails It’s very variable accross Instant messaging different departments, 15% Mobile
Internal social business content
Customer data Nobody IT Emails
10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
RM
Compliance/ Legal
Marke!ng
HR
IM Commi"ee
Governance of customer data is mandated in most countries by data protection acts, but as we can see, Instant messaging responsibility for ensuring compliance is equally likely to be IT, Records Management, Compliance/Legal or Marketing. IT are mostly responsible for emails, and almost universally responsible for IM, Mobile, and cloud shares – Mobile although in a third of organizations, no one is allocated this responsibility. Governance of external social business 0% 5% HR10% 15% 20%little25% 35% internal content and websites is as likely to fall to marketing, with taking surprisingly interest30% in managing Cloud shares social business content.
New recruits External social media content All staff, regularly Training Internal social business content staff, occasionally/ad This spread ofAll responsibilities somewhathoc begs the question of how well trained those outside of the records or Public website content compliance departments are toRM deal with the compliance aspect of many of these content types, rather than merely staff only the technical aspects.
management On the broader topic ofSenior staff Compliance/ to observe theLegal approved policies, the picture is disappointing. Nobody ITtraining RM Marke!ng HR IM Commi"ee Only 24% train new recruits on their governance policies and only 16% regularly train all staff. 18% only train their records No management staff and 31% do no information governance training at all. Figure 10: Do you allocate specific staff training-time to information governance? (Check those that apply) (N=463)
0%
5%
10%
15%
20%
25%
30%
35%
New recruits All staff, regularly All staff, occasionally/ad hoc RM staff only Senior management No
© 2013 AIIM - The Global Community of Information Professionals
11
Information Governance
External social media content
- records, risks and retention in the litigation age
Cloud shares
0% Public website content
In dustry
Customer data
Watch
Nobody takes It’s very variable We have li"leaccross in the much interest, different departments, way of official policy, Responsibility 6% 15% prac!ce just accepted It’s in place, It’s important An information governance policy information types are governed, 11% will set responsibilities for ensuring that anddifferent it’s communicated and best practice would suggest that an information governance committeeand should be established to monitor and enforced police the policy. Only 5% of organizations work this way. We did ask if information governance has been discussed 15% We rely ECM/RM at board levelon in our the last two years, and 46% said Yes, with only 13% saying No, and an understandable 41% of Don’t systems and firewalls Knows. for governance, 5%in your organization takes responsibility for governance of the following Figure 9: Who information (N=458) We have a policytypes? but it’s largely un-referenced and un-audited, 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 16%
0% 10% 20% 30% 40% 50% 60% 70% 0% 10% 20% 30% 40% 50% 60% 70% All of the below All of the below
Watch
Figure 11: Which of the following elements are included in your information governance policy? (Check all that apply) (N=455)
In dustry
New recruits All staff, regularly All staff, regularly All staff, occasionally/ad hoc All staff, occasionally/ad hoc RM staff only Scope RM staff only Senior management For many organizations, the scope of their information governance policy would seem to be somewhat behind the Senioremphasizing management reality of current issues, the need for it to be a living document that is reviewed and updated annually or No bi-annually. No
Informa!on reten!on Informa!on reten!on
Use of cloud-based content sharing Use of cloud-based content sharing None of these None of these Only 18% have a sufficiently comprehensive policy that covers all of these areas. Taking these into account, over 80% in total have included information retention and access restrictions in their policy. While 75% include data protection of personally identifiable information, this is likely to be a legal requirement for almost any organization that keeps personnel records of employees. Only 57% are dealing with “information in motion” i.e. laptops, USB sticks, etc. Only 49% have a policy on mobile access and only 27% are covering cloud-based file shares.
Most organizations are making progress on setting an information governance policy, but there are a number of shortcomings in the scope, and we have identified a huge gap between having an approved policy on the shelf, and having trained and informed staff who work to the policies every day.
Content Storage and Retention It has been well documented elsewhere that an increasing proportion of the IT budget in most organizations is merely paying to maintain the infrastructure; to keep up with storage, security and upgrade needs. In our survey, three quarters of the respondents felt that 75% or more of their budget was not adding any new value to the business. For a third it is 90% of IT spend that adds no new value. These numbers are remarkably consistent across different sizes of organizations. Picking up on the storage aspect of this dilemma, we asked what strategies were being followed to manage the increase in storage volumes and costs.
© 2013 AIIM - The Global Community of Information Professionals
12
Information Governance
Audit of compliance Audit of compliance Laws and regula!ons in mul!ple Laws and regula!onsjurisdic!ons in mul!ple jurisdic!ons Mobile access and on-device storage Mobile access and on-device storage
- records, risks and retention in the litigation age
Access/confiden!ality Access/confiden!ality Data protec!on and personally iden!fiable Data protec!on and personally iden!fiable informa!on informa!on Legal holds and e-discovery Legal holds and e-discovery Informa!on exposure/sharing (including Informa!on exposure/sharing (including Freedom of Informa!on) Freedom of Informa!on) Informa!on in mo!on – laptops, Informa!on in mo!on laptops, USB –s!cks, etc. USB s!cks, etc. Taxonomy and classifica!on Taxonomy and classifica!on
In a third of organizations, only 10% of the IT budget is adding new value to the business.
Implement an ECM/ERM system to replace file-shares Rigorously implement retenon policies and deleons manually
In dustry
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Watch
Figure 12: Which of the following strategies have you adopted to deal with the cost of rapidly increasing information volumes? (Check all that apply) (N=411)
Automate retenon polices and deleons Consolidate storage into larger data centers
Use automated data cleaning/data reducon agents Move to a cloud model for content/records storage Our strategy is to just go on buying more discs We don’t have a strategy, so we’ll just go on buying more discs It is good to see that further roll-out of ECM and RM systems is considered the most significant part of the storage reduction strategy, and, of course, it is much harder to apply retention policies to content which is not managed by such a system. While manual enforcement of deletion should not be so difficult, 28% would like to automate this process so that no one person is called upon to press the “Confirm Delete” button. Storage consolidation, hierarchical segmentation and outsourcing are listed ahead of automated data-cleaning and data reduction agents, which is surprising. Many people see these products as pre-migration tools used to clean up and de-duplicate data before moving it to another system, but many of the products are also able to retrospectively apply or update metadata based on specific business rules, which then allows the retention system to come into play. There is some desperation at the bottom of the table, with 29% expecting to just go on buying more discs, including 9% who have actually made that their strategy.
Is It Working? There are two key issues here. Firstly, if retention periods are not being enforced or implemented, then there will be no reduction in storage volumes. Secondly, many document record types have retention periods that start at 6 years, so only content archived more than six years ago (~2007) will be coming up for deletion, and many systems have not been in place that long. As we see in Figure 12, 29% of organizations are waiting for their retention periods to kick-in. Of course an implication here is that if you continue to delay starting a records management project, you face a long wait until it can help with your storage issues – and this would apply to the 14% who don’t have retention policies, and to some extent to the 20% who have them but are not following them. The good news is that of those who have enforced policies, 27% are seeing worthwhile or significant reductions.
© 2013 AIIM - The Global Community of Information Professionals
13
Information Governance
Outsource content/records storage
- records, risks and retention in the litigation age
Segment data for hierarchical storage/archive
Figure 13: To what extent are your data retention policies reducing your storage requirements? (N=420)
10%
15%
20%
25%
30%
We have them but they are mostly not followed 0%
5%
10%
15%
20%
25%
30%
Don’t have them
Haven’t yet kicked-in for most of our Don’t have them records
In dustry
5%
Watch
0%
We haveOnly them but they are mostly not making a small difference followed Haven’t yet kicked-in for most of our They make a worthwhile difference records TheyOnly are making having aasignificant effect small difference
Returning to Actually the topic makes of automated agents, wethings found that of the 53% of organizations that are using them in some it worse – more form or other, half are using them to flag deletion candidates and 36% to detect duplicate files. Security enforcement to store 10% and 20%response 30% speeds 40%of their 50% is another popular application (51%), and 36% monitor0% the efficiency ECM system or SharePoint systems using agents.
Flag for dele!on based on applica!on Figure 14: Do you useof any automated agents to perform any of the following functions: (N=409) reten!on rules
Detect security risks and misallocated 0% access or confiden!ality
10%
20%
30%
40%
50%
Flag for dele!on based on applica!on Detect duplicaterules files of reten!on Detect security risks and Monitor performance andmisallocated resilience of access ECM/ERM or confiden!ality system Detectbased duplicate files Tag/add metadata on rules Monitor performance andfrequency resiliencefor of Measure access ECM/ERM system hierarchical storage Pre-migra!on data selec!on or Tag/add metadata based on rules metadata mapping Measure access trivial frequency for Detect/par!!on/delete or nonhierarchical storage important content Pre-migra!on data selec!on or used metadata Not mapping Detect/par!!on/delete trivial or nonimportant content Not used We are doing it We have no plans, successfully accross 17% how much their a number We did actually ask the users of automated agents use has of reduced storage requirements or costs, content types, but received very variable results with a third achieving reductions of 5% or less, a third achieving between 5% and We don’t think it We are doing it 8% 20% reduction, and awould third achieving centers compared to the cost of work well25% to 80% reductions. Given the cost of datasuccessfully accross Wea are the agent software, it seems that many users could achieve verydoing rapid it ROI from these enoughlikely for us, one orproducts. two We have no plans, successfully accross 3% content types, 17% a number of 6% content types, We tried it but We don’t think it We are doing it 8% didn’t proceed, would work well successfully accross 2% © 2013 AIIM - The Global Community Information enoughoffor us, Professionals one or two 3% content types, Our system
14
Information Governance
They are having a significant effect
- records, risks and retention in the litigation age
Actually makes it worse – more things They make a worthwhile difference to store
Flag for dele!on based on applica!on of reten!on rules Detect security risks and misallocated access or confiden!ality Detect security risks and misallocated access or confiden!ality Detect duplicate files
Of those organizations that set retention periods and enforce them, 44% consider that the associated storage cost Detect duplicate files reductions have yet to kick in, but 27%and areresilience seeing “worthwhile” or “significant” reduction already. Monitor performance of
hierarchical storage
Measure access frequencyclassification, for In this report we have already alluded to automated and it does seem to be a concept that has come of storage age. Many early implementations ofhierarchical ECM ERM struggled due to the reluctance of employees to tag content with Pre-migra!on dataand selec!on or metadata mapping keywords, or file it with the appropriate classification. Equally, many search and e-discovery issues have cropped up Pre-migra!on data selec!on or due to poor classification and misfiling. Full-text search can help, and is much easier with electronic documents than metadata mapping Detect/par!!on/delete trivial nonwith scanned images, but it tends to return too or much indiscriminate content.
Watch
Tag/add metadata based on rules Automated Classification Measure access frequency for
In dustry
ECM/ERM system Monitor performance and resilience of ECM/ERM system Tag/add metadata based on rules
important Detect/par!!on/delete trivialcontent or non-
Given the current sophistication of rules-based techniques, and the speed of processing across large amounts of important content content, auto-classification has reached the stage where it produces better results than manual tagging. It can be Not used used at the point where documents are saved, or as a post-process cleanup - almost as a big data application. used with auto-classification, 29% are just now getting started, Although only 14% of organizations are activelyNot on-stream and 32% express a strong wish to do so; in total 65% wish to go down this path. Figure 15: How would you best describe your overall plans for automated declaration/classification of records? (N=420)
We’re just ge"ng We’re started,just ge"ng 29% started, 29% We are keen to automate as Weasare soon wekeen can, to automate as 8% soon as we can,
3%
It’s something we to do It’splan something inwe the future, plan to do 24% in the future,
8%
24%
When it comes to the accuracy of automated declaration or classification, most users are finding it the same or better than expected, albeit that many find it difficult to measure, and there is a high percentage of those who simply don’t know. Figure 16: How would you describe the accuracy of automated declaration/ classification that you are achieving? (N=151 using automated classification)
0% Much be#er than expected
0%
5% 10% 15% 20% 25% 30% 35% 40% 5% 10% 15% 20% 25% 30% 35% 40%
Muchthe be#er expected About samethan as expected About sameasasexpected expected Not the as good Not as good as expected It’s hard to actually measure this It’s hard to actually measure this Don’t know Don’t know
© 2013 AIIM - The Global Community of Information Professionals
15
Information Governance
2% Our system doesn’t give us Our system the op!on, doesn’t give us the3% op!on,
- records, risks and retention in the litigation age
We are doing it We have no plans, successfully accross We are doing 17% a number of it We have no plans, successfully accross content types, 17% a number We don’t think it We are doing it 8% of content types, successfully accross would work well We don’t think it We 8% enough for us, oneare or doing two it would3% work well successfully accross content types, enough for us, one6% or two 3% We tried it but content types, didn’t proceed, 6% We tried it but didn’t2% proceed,
In many ways, email is the poster-boy for automated classification. Persuading staff to sift and file their emails is notoriously difficult, and we are already familiar with the ability of parsing- agents to decide which of our emails are spam, and which are not, based largely on the content, so an extension to records filing is easy to accept. Having said that, in the survey office documents, scanned images and incoming PDFs seem to be the most immediate candidates.
10%
0%
10%
20%
30%
40%
50%
Watch
0%
60%
Office documents Incoming scanned
In dustry
Figure 17: Are you using automated declaration/classification for the following record content types? (N=105)
Incoming electronic (PDF, Web, etc.) Email SharePoint On exit from process workflow Output documents to customers
Internal social business systems External social systems
20%
30%
40%
50%
60%
Automated classification seems to have come of age, with a large majority of organizations keen to get started with it. emails andhappy when with we run of We delete Those that have triedas it are the out results.
space, change servers or staff leave
We delete all emails older than 3/6/12 months We delete all emails Social older than 2/3/4 years Emails and When AIIM researched email management in 20093 we found a very confused picture. At that time some were still We keep everything – just in case taking the view that emails were transient and had no place as part of the “official record” (despite the 2006 FRCP ruling in the US regarding Electronically Stored Information - ESI). Since then, many high profile cases, both civil and Employees expected to manually criminal, haveare been settled largely on thedeclare basis of email evidence. However, the strategies that organizations are or save important emails assomewhat records confused. choosing to deal with this issue are still
We automa"cally classify important emails Expecting employees to be diligent and make their own decisions on which emails to archive and where to archive as records them seems to still be the prevalent view (55%). Only 3% are using auto-classification in this context, and it may be that records are very wary to of swamping User clientsmanagers (eg, Outlook) archive network their RM systems with poorly catalogued emails. There are still those who insist on rigid deletion after fixed PST time files periods (23%) and those who keep everything (14%). One aspect that seems to have changed is that 20% of organizations (rising to 27% of the largest) now use a dedicated email We archive to a degree dedicated email archive and archive with some of automated deletion. run rules-based dele"on
We use outsource/cloud for email archiving
We have no policy
0%
10%
20%
30%
40%
We don’t do social © 2013 AIIM - The Global Community of Information Professionals
We don’t consider it necessary to save social ac"vi"es as records
16
Information Governance
Instant messaging
- records, risks and retention in the litigation age
Website content
Website content Instant messaging Internal social business systems Figure 18: Which of theExternal followingsocial applysystems to your organization’s overall philosophy regarding email? (N=412)
0%
10%
20%
30%
40%
50%
60%
We delete all emails older than 3/6/12 months We delete all emails older than 2/3/4 years
In dustry
Watch
We delete emails as and when we run out of space, change servers or staff leave
We keep everything – just in case Employees are expected to manually declare or save important emails as records We automa"cally classify important emails as records
We use outsource/cloud for email archiving It’s likely that mul"ple copies exist on desktops, mobiles and laptops We have no policy
0%most organizations 10% 20% 30%a policy, 40% When compared to 2009, one thing that has improved is that do actually have although we have noticed that the arrival of “bottomless mailboxes” in Exchange 2010 and Exchange 365 seems to have created some confusion with technical people: a personal We don’t do social mailbox, no matter how large, is not an archive, and does little for searchability and sharing of email information. We don’t consider it necessary to save social ac"vi"es as records
Social
Therefor arerecords social interac"ons could be important The dilemma managers that regarding content published on internal or external social platforms is that: there we are notof, currently recording them is a lot of it, it’s hardbut to grab hold and there are more pressing problems to solve. However, 37% realize that there are social interactions that could be important that are not currently being saved or archived. We don’t know how to get access to social records to store and manage them We are saving internal social ac"vi"es as records but not external We are saving external social ac"vi"es as records but not internal We are saving both as records Nobody is looking at this
© 2013 AIIM - The Global Community of Information Professionals
We select them manually into our RM
0%
10%
20%
30%
40%
17
Information Governance
We archive to a dedicated email archive and run rules-based dele"on
- records, risks and retention in the litigation age
User clients (eg, Outlook) archive to network PST files
We archive to a dedicated email archive and run rules-based dele"on We use outsource/cloud for Weemail have archiving no policy Figure 19: How would you best describe your organization’s overall philosophy regarding social content? (N=405)
10%
20%
30%
40%
We don’t consider it necessary to save social ac"vi"es 0% as records
10%
20%
30%
40%
We don’t do social
Of those 15% who are saving social content to their RM system, a third are manually selecting, with only 5% Nobody looking automatically selecting and tagging onisentry to at thethis RM system. For the largest organizations, 20% are saving social content, with 10% using auto-tagging. In a similar way to emails, dedicated archives for social content seem to be an 0%repository 10% 20%and another 30%place to40% inevitable solution, albeit that they create an additional for the future search during ediscovery. Retention periods vary considerably.
We select them manually into our RM
Figure 20: Which of the following apply to your saving of social records? (N=61 saving social as records) system(s)
We automate selec"on and tagging into our 0% RM system(s) Wearchive select everything them manually into our RM We to dedicated onsystem(s) premise storage We automate selec"on and tagging into our We use a social content publishing system RM system(s)
10%
20%
30%
40%
We archive everything to dedicated onWe use a cloud-based archive premise storage We use social content publishing Weaset reten"on periods to 1-2system years We set reten"on periods to longerarchive than 2 We use a cloud-based years We setWe reten"on periods to 1-2 years don’t set reten"on periods We set reten"on periods to longer than 2 years We don’t set reten"on periods For many companies, embracing social media platforms has required a big decision in terms of balancing the risks and the rewards. We have argued before that if security and acceptable-use are particular issues, then look to the more robust social business platforms rather than forgo the potential benefits altogether. The same could also be said of the need to record social interactions: the risk could be more acceptable than the effort required to do it, and if you are going to do it, then it has to be done in a way that stands up to scrutiny. In this vein, we asked those who © 2013 AIIM - The Global Community of Information Professionals
18
Information Governance
We are saving both as records
- records, risks and retention in the litigation age
We are saving external social ac"vi"es as records but not internal Nobody is looking at this
Watch
We don’t do social There are social interac"ons that could be important but we are not currently recording them We don’t consider it necessary to save social ac"vi"es records We don’t know how to get access to social as records to store and manage them There are social interac"ons that could be important butinternal we aresocial not currently them We are saving ac"vi"esrecording as records but not external We don’t know how to get access to social records to and as manage them We are saving external social store ac"vi"es records but not internal We are saving internal social ac"vi"es as records but not external We are saving both as records
In dustry
0%
We have no policy
are storing social as records if they have made use of them for any reason. As we can see, 34% have used their social business records and some of these incidents are of a very high profile. Figure 21: Have you needed to reference your social media records, and if so, for which of the following? (N=58 saving social as records)
Watch
Yes Staff disciplinary acon Staff dismissal
In dustry
0% 5% 10% 15% 20% 25% 30% 35% 40%
Resolve a customer/cizen dispute or complaint Defend a criminal case Defend a civil case
Only 15% of organizations are saving social media Staff disciplinary aconrecords, but of those, 34% have referenced them, mostly to resolve a customer or citizen dispute, but also for staff0% disciplinary actions (17%,) (9%). 20% 40% including 60% staff dismissal 80%
Staff dismissal Pre-trial request by a!orneys (eg, US –style) Resolve a customer/cizen dispute or complaint Judge-directed disclosure (eg, UK-style)
E-Discovery
Defend a criminal case Jurisdictions No defined disclosure (civil law, eg, France,
Germany) The scope, timing and impact of legal discovery regulations vary considerably across different international regions. Defend a civil 59% of organizations in our survey need to dealcase with multiple jurisdictions. This includes the 25% of non-US Compeon/an-trust, fraud, trading operations that sometimes need to comply with US-style pre-trial e-discovery requests. Given that privacy laws also invesgaon vary considerably between regions, it is no surprise Pursue a civil casethat 18% of organizations have struggled to produce a universal information governance policy. All of the above
Figure 22: Which styles of ESI (Electronically Stored Information) disclosures does your organization need to be able deal with? (Check all that apply) (N=403)
0%
0%
20%
20%
40% 40%
Pre-trial request a!orneys (eg, US –style) Manual searchbyacross file shares, email and physical records Judge-directed disclosure (eg, UK-style) In-system search within each of No defined law, eg, France, severaldisclosure ECM and (civil RM systems Germany)
60% 60%
80% 80%
10-500 emps 500-5,000 emps
Compeon/an-trust, fraud, trading Portal search/enterprise search invesgaon across mulple repositories
5,000+ emps
All of the above E-discovery mechanism/module within single ECM/ERM system Dedicated e-discovery mechanism across mulple ECM/ERM systems 0% © 2013 AIIM - The Global Community of Information Professionals
Manual search across file shares, email and physical records
20%
40%
60%
80% 19
Information Governance
Yes
- records, risks and retention in the litigation age
Pursue a civil case 0% 5% 10% 15% 20% 25% 30% 35% 40%
Pre-trial request by a!orneys (eg, UScomplaint –style) Defend a criminal case Judge-directed disclosure (eg, UK-style) Defend a civil case Germany) Although dedicated e-discovery systems and e-discovery modules for ECM systems have been around for quite a Pursue a civil case fraud, while, the majorityCompeon/an-trust, of our correspondents still rely trading on a manual search across file shares, email and physical records – invesgaon symptomatic of the fact that multiple repositories of live documents, electronic records and paper records exist in No defined disclosure (civil law, eg, France, Mechanisms
20%
40%
60%
80%
Pre-trial request by a!orneys (eg,0% US –style) 20%
40%
Manual search acrossdisclosure file shares, Judge-directed (eg, UK-style) email and physical records No defined disclosure (civil law, eg, France, In-system search within each of Germany) several ECM and RM systems Compeon/an-trust, fraud, trading invesgaon Portal search/enterprise search across mulple repositories All of the above
60%
80%
10-500 emps
20%
40%
60%
80%
As a reinforcement of this finding, we asked if respondents feel that their organization has a consistent and effective e-discovery mechanism across all ofwithin their physical In-system search each ofand electronic records. Overall, only 9% have achieved this, but a further 29% are optimistic that theyand areRM getting there. Another 24% have plans, but 20% consider the task to be simply several ECM systems 10-500 emps 10-500 500-5,000 5,000+ “too difficult”. This is surprisingly consistent across different sizes of Overall organization. emps 500-5,000 emps empsemps Portalpoor search/enterprise search Been fined or suffered publicity as a result of accidental 14% 4% 8% 28% across mulple repositories lossorganizations or exposure ofhave customer or staff-sensave data? 5,000+ emps Most a manual e-discovery mechanism with only 9% feeling that they have a consistent and effective system. One-fifthemployees of respondents consider that itwith would be near impossible to achieve such a capability in Disciplined or dismissed for failure to comply 21% 13% 16% 34% their organization. E-discovery mechanism/module governance policies?
within single ECM/ERM system
Had issues with your regulatory authories or auditors (not 31% 15% 26% 49% court-based) due to lack of complete electronic informaon? Dedicated e-discovery mechanism Consequences Had the validity and completeness of your electronic records, across mulple ECM/ERM Organizations understandably reticent to disclose how often and email trails orare records -keeping policies quesoned in court or their records 18% 8%data protection 13% systems 29%fail, or systems indeed whenaffected they help achieve a legal “win”. Even within the organization, this information may be confidential – as they have thetooutcome? evidenced in the 45% respondents who were unable (or unwilling) to answer questions in this section. Successfully used theofdefense of procedural records deleon in 11% 1% 8% 28% court to explain un -retained records? Figure 24: In the past 3 years, has your organization: (N=~270, answering Yes or No. Excludes ~120 Don’t Knows) Overall
10-500 emps
500-5,000 emps
Been fined or suffered poor publicity as a result of accidental loss or exposure of customer or staff-sensave data?
14%
4%
8%
28%
Disciplined or dismissed employees Dramac,for failure to comply with governance policies? 8%
21%
13%
16%
34%
31%
15%
26%
49%
18%
8%
13%
29%
11%
1%
8%
28%
Had issues with your regulatory authories or auditors (not court-based) due to lack of complete electronic informaon? Had the validity and completeness of your electronic records, email trails or records -keeping policies quesoned in court or they have affected the outcome? Successfully used the defense of procedural records deleon in
Minor, 54%court to explain un -retained records?
5,000+ emps
Substanal, 38%
© 2013 AIIM - The Global Community of Information Professionals
20
Information Governance
5,000+ emps
- records, risks and retention in the litigation age
500-5,000 emps
E-discovery mechanism/module within single ECM/ERM system 0% Dedicated e-discovery mechanism across mulple ECM/ERM Manual search across systems file shares, email and physical records
In dustry
0%
Figure 23: What is your primary e-discovery mechanism? (N=352 excl. 57 Don’t Know)
Watch
most organizations. E-discovery is often used as the justification for investment in enterprise search, and for content portals spanning multiple repositories, but capability would take things a step further, placing a Allaoftrue thee-discovery above legal hold on records found, and surfacing them into a review process that facilitates a steadily reducing pipeline. This optimizes the level of legal attention required at each step, greatly reducing costs.
across mulple repositories
5,000+ emps
E-discovery mechanism/module within single ECM/ERM system Figure 24 contains a number of “headline” findings. In the last three years: Dedicated e-discovery mechanism
across mulple ECM/ERM
n 14% of organizations have suffered from embarrassing data loss systems
n 21% have disciplined or dismissed employees for non-compliance with governance policies
Overall 500-5,000 5,000+ As might be expected, larger organizations score nearly double in many of these10-500 areas with, for example, 28% emps emps emps suffering from embarrassing data loss – an arguably bigger disaster for a large organization or well-known brand fined poorhalf publicity a result of accidental than Been a small oneor–suffered and nearly havingasissues with auditors or regulators.. 14% 4% 8% 28% loss or exposure of customer or staff-sensave data? Disciplined or dismissed employees for failure to comply with
governance policies? Deletion
21%
13%
16%
34%
Dramac, 8%
Posive, 38%
Minor, 54%
Substanal, 38%
Negave, 62%
Losing data has been embarrassing or damaging for 14% of organizations, doubling to 28% of large organizations. Not deleting records can cause trouble from fines, damages and costs, with 46% of organizations reporting considerable financial impact.
Cloud, SaaS and Outsourcing We have often said that asking records managers to put their records in the cloud is going to really call into question cloud security and reliability. However, as we found in previous Industry Watch surveys2, there is a general agreement that most IT applications will inevitably move to the cloud over the next 4-5 years – and also that there are big differences between public clouds, government clouds, outsource clouds and private clouds. However, on the whole we found that 16% would be happy to adopt a cloud or SaaS system for their records, or are already doing so (5%), with a further 38% holding back until they consider security and reliability to have matured.
© 2013 AIIM - The Global Community of Information Professionals
21
Information Governance
Figure 25: Overall, how would you describe the financial impact (positive or negative) of fines, damages or costs resulting from cases or potential cases which hinged around the validity, completeness or retention of your electronic records? (N=174, excl. 233 Don’t Know or N/A)
- records, risks and retention in the litigation age
Hadon issues with your regulatory or auditors (not28% of larger organizations have used their procedural We see the bottom row of Figureauthories 24 that 11% overall and 31% 15% 26% 49% based) due to lacktoofjustify complete electronic informaon? policycourtof planned deletions un-retained records to a court of law. Broadening the question slightly, we asked if un-deleted recordsand (paper or electronic) held beyond records, their nominal retention period had affected the strength of a Had the validity completeness of your electronic courtemail casetrails or potential court case. 17% responded that had or (26% of large although was a or records -keeping policies quesoned in itcourt 18%organizations), 8% 13% there 29% they have theitoutcome? mixed view as affected to whether had generally strengthened or weakened the case – for smaller organizations, it was definitely something case. When it comes Successfully usedthat the weakened defense of the procedural records deleontointhe financial impact of cases that hinge around the 8% 28% validity, completeness retention of records, there was a much stronger11% view that 1% there is substantial (38%) or even court to explain unor -retained records? dramatic (8%) financial impact, and in two-thirds of cases that impact would be negative.
Watch
n 18% have been questioned in court about their records
In dustry
n 31% have had issues with their regulators
Figure 26: Would you consider adopting a Cloud/SaaS system for your records? (N=403)
No, definitely not, 10%
Yes – already do, 5%
In dustry
No, probably not, 36%
Watch
Yes – acvely considering/ planning it, 11%
Yes – but only when security and reliability mature, 38%
Yes – acvely considering/ planning it, 11%
Volume scanning for archive to our RM Outsource system
In many ways, the cloud equivalent for physical records is the ever-popular outsourced box-store or document services outsource. Over the years, most organizations have come to trust the fact that their records will not be lost, and that these Volume scanning for digital mailroom specialist companies can offer expertise, resource and ever-expanding storage space - all three of which can be hard to SaaS/cloud provider for electronic records find internally. Users are also familiar with the terms of Service Level Agreements (SLAs) with these suppliers. We asked, management therefore, how likely respondents are to consider using their existing outsourced supplier for a number of additional services No, probably including SaaS or cloud services for managing electronic records – and whether they might take it further and include the 36%resource/repository Cloud storage outsourcing of their legal not, discovery requirements.
Yes – but only
As we can see if we take Figures 24 and 25 together, security and reliability are key factors in the choice of a cloud supplier, when security Outsourced legal discovery andSaaS reliability and that as a result over 25% would consider using their existing outsource for cloud and services. 23% would also mature, 38% within one search consider them for outsourced legal discovery, no doubt to combine the paper and electronic archives exercise, but also to provide an assurance the process Sck withthat paper only would be carried out in a way that is acceptable to a court. Figure 27: How does your existing paper-records outsource supplier (box store) fit with your strategy for electronic records storage? (N=340. Line length indicates “Unlikely”)
Already do this Have plans Would be a strong candidate 0% 10% 20% 30% 40% 50% 60% 70%
Physical storage with scan-on-retrieval
% of organizaons Volume scanning for archive to our RM -30% -20% -10% 0% 10% 20% 30% 40% 50% system Volume scanningphysical for digital mailroom for managing records System SaaS/cloud provider forERM electronic records Dedicated system(s) management ERM modules or add-ons Cloud storage resource/repository e-Discovery applicaons or modules Outsourced legal discovery Enterprise search Sck with paper only Automated classificaon tools Defensible deleon/compliance monitoring Already do this Email management/Email archive
© 2013 AIIM - The Global Community of Information Professionals
Social records management
Have plans
Would be a strong candidate 22
Information Governance
not, 10% Physical storage with scan-on-retrieval
- records, risks and retention in the litigation age
These views are remarkably consistent across different sizes of organization, although as we found in the Cloud report2, larger organizations are much more likely to be thinking in terms of private clouds, and the smallest ones in terms of public clouds. If anything, it is the mid-sized organizations that are little more reluctance back to our 0% showing 10% a 20% 30% 40% overall. 50% Looking 60% 70% Yesfrom – already survey from 20111, the number generally in favor of cloud has gone up 41% to 54%, and the number already using it No, definitely do, 5% has increased from 2% to 5%.
Physical storage with scan-on-retrieval Volume scanning for archive to our RM system Volume scanning for digital mailroom
54% of respondents are prepared to put their records in the cloud, but most of these (38%) are waiting for security and reliabilitySaaS/cloud to mature. 25% wouldfor consider using their paper records outsource to provide cloud or SaaS services. provider electronic records
management
Sck with paper only
When it comes to specific areas, only physical records management systems and paper records outsource show any sign of declining spend overall. Email management, ERM systems and modules, and enterprise search are the most popular areas for spending.
Already do this
Have plans
Watch
Records management spendOutsourced has been consistently rising over the past few years. This year we measured 45% of legal discovery organizations planning to increase their RM budget over the next two years, with just 14% decreasing. This is almost exactly the same as we measured1 in November 2011.
In dustry
storage resource/repository Spending Cloud Plans
Would be a strong candidate
Figure 28: What are your spending plans for the following product areas in the next 12 months compared to the last 12 months? (N=399. Line length indicates “We don’t spend anything on this”)
% of organizaons -30% -20% -10% 0% 10% 20% 30% 40% 50%
Dedicated ERM system(s) ERM modules or add-ons e-Discovery applicaons or modules Enterprise search Automated classificaon tools Defensible deleon/compliance monitoring Email management/Email archive Social records management Outsource paper records Outsource electronic records Cloud provision for records management Much Less
Less
More
Much More
If we look in Figure 28 at the number of organizations who are increasing their spend compared with those maintaining their current spend, we see that automated classification tools show the greatest growth, along with % also of organizaons Increased spend enterprise search and email archiving – which may have an elementshowing of auto-classification.
-10%
0%
10%
20%
30%
40%
50%
60%
Automated classificaon tools Enterprise search Email management/Email archive e-Discovery applicaons or modules ERM modules or add-ons Dedicated ERM system(s) Defensible deleon/compliance monitoring Social records management
© 2013 AIIM - The Global Community of Information Professionals
Cloud provision for records management
23
Information Governance
- records, risks and retention in the litigation age
System for managing physical records
Cloud provision for records management Much Less
Less
More
Much More
Figure 29: What are your spending plans for the following product areas in the next 12 months compared to the last 12 months? (N=399)
% of organizaons showing Increased spend 0%
10%
20%
30%
40%
50%
60%
Enterprise search Email management/Email archive e-Discovery applicaons or modules ERM modules or add-ons
Watch
Automated classificaon tools
In dustry
-10%
Dedicated ERM system(s) Defensible deleon/compliance monitoring Social records management Cloud provision for records management
Outsource paper records
Budgets for records management continue to increase with 45% of organizations planning to spend more, and only 14% looking to spend less. Automated classification tools, enterprise search and email management are likely to be the biggest growth areas.
Conclusion and Recommendations We have seen that progress is being made on the formulation of information governance policies that can be applied across the enterprise, and that investment continues to grow for records and information management systems. We have seen that a key driver is to prevent escalating legal and compliance costs, with a third of organizations taking some degree of impact from poor practices or incomplete records. We have identified that non-alignment of policies for physical records and electronic records is an issue, and that even where an all-encompassing information governance policy exists, non-enforcement is a problem, particularly when it comes to deletion of electronic records that are beyond their retention period. We have also observed a considerable interest in automated classification mechanisms for use both at the time of record declaration, and as a way to improve the metadata of existing content. This improves searchability and usefulness for big data analytics, but also helps to exploit retention periods as a way to decrease storage volumes. Some users are beginning to experience a reduction in storage volumes from the enforcement of retention periods, but for many the benefits have yet to kick in. Email management is still a major concern for our respondents, and is one of the key areas for the application of automated classification and retention management. Company-relevant interactions on social platforms are recognized as an issue, and a number of organizations are beginning to bring them under records management, but most have yet to take any action. Interest in cloud storage of records is increasing slowly, and we have identified that existing paper records outsourcers may offer a more reassuring service for cloud and SaaS compared to other suppliers.
Recommendations
n Look to your existing policies and seek to align your electronic records practices with those that you already have for physical records. n If you do not have an up-to-date Information Governance Policy that is supported across the enterprise, kick-off a project to create one. Do not consider this to be something for the records management or compliance departments: look to set up an information governance committee with representation from all areas of the business.
© 2013 AIIM - The Global Community of Information Professionals
24
Information Governance
Outsource electronic records
- records, risks and retention in the litigation age
System for managing physical records
1. “Records Management Strategies – plotting the changes” AIIM Industry Watch, December 2011, www.aiim.org.research 2. “Content in the Cloud” AIIM Industry Watch, October 2012, www.aiim.org.research“ 3. “Email Management- the good, the bad and the ugly” AIIM Industry Watch, May 2009, www.aiim.org.research
© 2013 AIIM - The Global Community of Information Professionals
25
Information Governance
- records, risks and retention in the litigation age
References
In dustry
Watch
n If you already have an Information Governance Policy but it is not being enforced, determine ways to monitor compliance. Look particularly at the implementation of deletion for electronic records beyond their retention period, and see if this can be automated. n Ensure that new staff and existing staff are fully trained on compliance with the policy. n Your Information Governance Policy needs to evolve over time to include new media and new content types such as social content. n Raise the issue of the effect of managed retention on storage volumes. Ask the question, “What if we continue to do nothing?” Consider using automated agents to de-duplicate content and to reallocate metadata. This will assist with retention enforcement. n Look for automated classification capabilities in your existing systems or future purchases. These can make a big difference to user acceptability and to the accuracy of indexing. n In particular, consider using auto-classification to deal with your email archiving. Ensure you have clear policies in place, preferably ones that do not rely on individual actions. n Don’t wait until you need an e-discovery process – you may be given a short time limit. Have processes and mechanisms in place. n Your outsource paper records provider may be able to offer you cloud or SaaS services that would evolve your records storage methods and provide improved discovery procedures.
Appendix 1: Survey Demographics
Organizational Size Survey respondents represent organizations of all sizes. Larger organizations over 5,000 employees represent 36%, with mid-sized organizations of 500 to 5,000 employees at 37%. Small-to-mid sized organizations with 10 to 500 employees constitute 26%. Respondents (36) from organizations with less than 10 employees or from suppliers of ECM products and services have been eliminated from the results.
over 10,000 emps, 27%
11-100 emps, 8%
101-500 emps, 18% 5,001-10,000 emps, 9%
501-1,000 emps, 10%
5,001-10,000 emps, 9%
501-1,000 emps, 10%
1,001-5,000 emps, 27% 1,001-5,000 emps, 27%
Geography
Middle East, Africa, S. Africa, 1% 2% Middle East, Asia, Far East, Africa, S. Africa, 1% 2%
East, 76% of the participants are based in North America, with Asia, most Far of the remainder (15%) from Europe. Australia, NZ, 5%
Eastern Europe, Australia, NZ, Russia, 5%1%
Central/S. America, 1% Central/S. America, 1%
Eastern Europe, Other Western Russia, 1% Europe, 6% Other Western UK, Ireland, 8% Europe, 6% UK, Ireland, 8% US, 60%
Canada, 16%
US, 60%
Canada, 16%
Bureau/Outsource, 2%
IT & High Tech — not ECM, 2%
Professional Bureau/Outsource, IT & High Tech — Services and Legal, not ECM, 2% 2% 3% Professional Consultants, 3% Services and Legal, © 2013 AIIM - The Global Community of Information Professionals 3% Charity, Not-forProfit, 3%
Other, 7% Other, 7%
Government & Public Services Local/State, 19% Government & Public Services Local/State, 19%
26
Information Governance
11-100 101-500 emps, 8%emps, 18%
- records, risks and retention in the litigation age
over 10,000 emps, 27%
Watch
548 individual members of the AIIM community took the survey between January 18, and February 11, 2013, using a Web-based tool. Invitations to take the survey were sent via email to a selection of the 65,000 AIIM community members.
In dustry
Survey Background
UK, Ireland, 8%
US, 60%
Canada, 16%
Industry Sector
US, 60% 15%. The Local and National Government together make up 25%, Finance, Banking and Insurance represent Canada, remaining sectors are fairly evenly16% split. To avoid bias, suppliers of ECM products and services have been eliminated from all of the results.
IT & High Tech — not ECM, 2%
Other, 7%
Other, 7%
Government & Public Services Local/State, 19% Government & Public Services Local/State, 19% Government & Public Services Na!onal, 6%
Consultants, 3% Healthcare, 4%
Mining, Oil & Gas, Retail, Transport,6% Real Estate, 6%
Educa!on, 6%
Insurance, 7% Finance/Banking, 8% Power, U!li!es, Telecoms, 6% Insurance, 7%
Mining, Oil & Gas, 6%
Educa!on, 6%
Power, U!li!es, Telecoms, 6%
23% of respondents are from IT, 63% have a records management or CEO, information management role, plus 3% from President, legal or corporate compliance. 7% are line-of-business managers. Managing Legal/Corporate
Council/Corporate Compliance, Business 3% Consultant, 3% Legal/Corporate Council/Corporate Compliance, Business 3% Line-of-business Consultant, 3% exec., dept head or process owner, 3% Line-of-business exec., dept head or process owner, 3% Head of records/ informa!on management, 33% Head of records/ informa!on management, 33%
© 2013 AIIM - The Global Community of Information Professionals
Director, 1%
President, CEO, Managing Director, 1%
Other, 4% IT staff, 10% Other, 4%
Head of IT, 3% IT staff, 10% IT Consultant or Project Head of IT, 3% Manager, 10% IT Consultant or Project Manager, 10% Records or document management staff, 30% Records or document management staff, 30%
27
Information Governance
Government & Public Services Na!onal, 6% Finance/Banking, 8%
- records, risks and retention in the litigation age
Charity, Not-for-& Engineering Profit, 3% 4% Construc!on, Healthcare, 4% Pharmaceu!cal and Chemicals, Engineering & 4% Construc!on, 4% Manufacturing, Aerospace, 5% Pharmaceu!cal and Chemicals, 4% Retail, Transport, Real Estate, 6% Manufacturing, Aerospace, 5%
Job Roles
In dustry
Professional Services and Legal, Bureau/Outsource, 3% 2% Consultants, 3% Professional Services and Legal, Charity, Not-forProfit,3% 3%
IT & High Tech — not ECM, 2%
Watch
Bureau/Outsource, 2%
Appendix 2 Do you have any general comments to make about information governance in your organization? (Selective)
n Our paper records are more reliably managed than our electronic ones.
In dustry
n Our records management situation is one that has gotten completely out of control. We’ve only been lucky thus far, that we have not been sued.
Watch
n I feel we do a very good job with our records management and information governance program.
n As large and federal government-connected as my company is, our official records management and retention policies, and even more importantly, the actual practices, are so higgledy-piggledy that we are an international disaster waiting to happen. n Our cloud platform already does much of what is outlined here and all in one system. It’s nice.
n We have no way to manage electronic records - employees are expected to manage their electronic records in accordance with our RM retention policies but there are no controls in place to ensure it is done. n It’s been a hell of a job so far...still sifting through unearthed repositories. n I have been with my current organization only for a short amount of time and everything is on legal hold. n There is a general willingness to accept these risks as opposed to dedicating the funds and resources to improving the situation. n We have a RM program that includes electronic records and we train but it will take us years and years to actually get into compliance with our policy. n I don’t believe enough businesses yet realize that physical and electronic records must be consistently managed in the same manner.
© 2013 AIIM - The Global Community of Information Professionals
28
Information Governance
n We have begun the process to formalize the inclusion of electronic records into our retention schedules and integrate them with the paper records requirements.
- records, risks and retention in the litigation age
n Our employees and executives believe that the Record Schedule is only for paper records although it clearly indicates it is for both paper and electronic.
UNDERWRITTEN IN PART BY ASG In dustry
ASG’s enterprise content management portfolio enables business users and infrastructure technology management of all skill levels to quickly and easily access, manage, and own all essential business information.
Watch
A recognized innovator in enterprise IT and business software solutions, ASG Software Solutions has been optimizing 85 percent of the world’s most complex IT organizations for over 25 years. We create and deploy unique software solutions that reduce cost, mitigate risk and improve service delivery throughout the IT lifecycle. ASG’s comprehensive solutions help you solve today’s challenges, such as cloud computing and big data, while driving your business forward by providing insight and control across cloud, distributed and mainframe environments.
ASG’s world class enterprise content management portfolio includes: • ASG-V iew Direct®, the world’s most scalable, full-featured enterprise content retention, storage and archiving suite, which supports all platforms, databases, storage devices, data formats and volumes of enterprise content in distributed and mainframe environments.
• ASG-Records Manager ™, which facilitates the automatic capture, classification and disposition of electronic transactional records in high-volume environments according to varied information • ASG-WorkflowDirec t®, incorporates process automation for integrating content with business processes, people and computer systems, while coordinating, managing, automating, and measuring content-centric processes independent of underlying applications.
www.asg.com
Axceler Axceler liberates collaboration to spark innovation. We help companies soar to new heights in innovation by providing the safety net that makes collaboration powerful, safe, and productive. By providing visibility and control, we mitigate the organizational risks that come with collaborative platforms and free employees from constraints on creativity, speed, and cooperation. Our solutions help you: • Get up and running - Move your files to SharePoint quickly and safely. If you’re already using SharePoint, we can
help you simplify migrations across versions. • Gain visibility - Use dashboards to explore and analyse your SharePoint environments. Take the insight you gain
and turn it into smarter business decisions. • Take control - Enforce SharePoint governance and security, on-premise and in the cloud. Automatically run your
environment according to your governance plan — from permissions to storage to application use. Axceler’s award-winning solutions include: • ControlPoint for SharePoint Administration: Get visibility and gain control over your SharePoint environment • ControlPoint for Office365 Adminstration: Manage your SharePoint Online environment in the cloud, on-premise or both • ControlPoint for SharePoint Migration: Lower the cost and shorten the time of your SharePoint migration • ControlPoint FileLoader: Quickly and easily move from file shares to SharePoint • ControlPoint Change Manager: Easily propagate changes within your SharePoint environment
As collaborative platforms become a more critical part of your business, Axceler helps you keep them organized, secure, and focused on innovation. Today, more than 2,700 organizations worldwide use our solutions to control and optimize their SharePoint environments and ControlPoint is the #1 product for SharePoint administration. Headquartered in Woburn, MA, USA, Axceler has offices in Seattle, Los Angeles, London and Sydney. For more information visit www.axceler.com, or follow us on Twitter at @Axceler.
www.axceler.com
© 2013 AIIM - The Global Community of Information Professionals
29
Information Governance
• ASG-Total Content Integr ator™, which provides a unified, federated, content aggregation and integration technology for transparent search, discovery and presentation of electronic documents, records and other content anywhere in the enterprise.
- records, risks and retention in the litigation age
• ASG-Cypress®, a modular document output and customer communication management suite that facilitates ingesting, composing, formatting, personalizing and distributing content to support physical and electronic communications.
UNDERWRITTEN IN PART BY
Watch
HP Autonomy is a global leader in software that enables organizations to process and understand virtually any type of information, including structured, semi-structured, and unstructured data—including social media, email, documents, video, audio, text, web pages, as well as information in structured databases. Our powerful information management and analytic tools for structured information, together with the ability to extract meaning in real time from virtually any type of information, delivers powerful capabilities for organizations seeking to gain the highest Return on Information.
In dustry
HP Autonomy
HP Autonomy’s product portfolio offers solutions for enterprise search, analytics, business process management, and OEM operations. We offer information governance solutions for eDiscovery, content management and compliance, as well as marketing solutions for web content management, online marketing optimization, and rich media management—all geared to helping companies grow revenue. HP Autonomy’s wide range of offerings enable today’s professionals to access, manage, and collaborate with information across multiple channels, including mobile, social, and the cloud using their device of choice. Please visit auto nomy.com to find out more.
With Iron Mountain Records Management services, you’ll have the resources you need to effectively store and safeguard your information assets. By leveraging our proven capabilities and best practices, you’ll be able to: • Keep it safe. Employ storage processes designed to protect your critical records from a myriad of internal and external threats. • Get it when you need it. Classify, store and track your records online, following proven best practices, so you’ll be able to retrieve a particular piece of information as efficiently as possible. • Manage with experience. Leverage the insights and expertise needed to maximize scarce resources and make records management a seamless extension of your everyday operations. • Records Storage - Leverage our network of records storage facilities to safeguard your information using advanced environmental security and access controls. Your records will be tagged and classified using your own terminology and made available on our intuitive Iron Mountain Connect™ web portal, helping you quickly locate and retrieve the information you need. • Document Imaging - Digitize your hardcopy records using our Document Conversion Services, which enable you to design a scalable imaging program that scans your records on either an upfront or as-needed basis — and makes them readily accessible across your organization. • Secure Shredding services provide onsite or offsite destruction programs that are available on an ongoing or project basis, helping you dispose of information in a compliant, reliable and cost-effective way. • Records Management Consulting - Consulting Services provide the insights you’ll need to establish, manage and customize your records management program. You’ll have access to expertise that helps you address the complexities of complying with the growing number of state and federal regulations governing records management. • Records Management Technology - Turn to Accutrac® Software to consistently manage the lifecycle of your records. When your records move between your office and our storage facility, they will be protected by InControl®, our patented technology that safeguards information in transit and delivers an auditable chain-of-custody.
www.ironmountain.com
© 2013 AIIM - The Global Community of Information Professionals
30
Information Governance
Iron Mountain
- records, risks and retention in the litigation age
www.autonomy.com
UNDERWRITTEN IN PART BY Nuix
The Nuix indexing engine can process the largest storage systems within days and weeks rather than months and years. Our light metadata scan enables information managers to gain an understanding of tens of terabytes of data within 24 hours.
In dustry
Nuix is unique in its ability to process massive volumes of data at great speed. It can normalize data stored in archives, email and collaboration systems, file shares, hard drives and other common data stores.
Watch
Nuix is a worldwide provider of information management technologies, including eDiscovery, electronic investigation and information governance software. With Nuix, you can process, understand and govern the unstructured data in your organization faster and more reliably than with any other technology on the market.
The Nuix Luminate platform combines our powerful data processing technology with defensible processes to light up dark data. It enables organizations to: • Reduce storage, eDiscovery and investigation costs • Fix records management shortcomings • Reduce business risks • Open up new sources of value.
Using Nuix’s powerful searching and classification tools, information managers can identify and mitigate the risks of privacy data and other regulated content stored in unsecured locations or sent outside the organization. And by providing deep insights into the content of unstructured data, Nuix enables organizations to mine this information for business value and productivity.
www.nuix.com
Recall Recall is a global leader in information management, helping some 80,000 customers securely manage information throughout its life-cycle. The company has more than 300 dedicated operation centers, spanning five continents in more than 20 countries. Because our core business is information management, everything we do - from internal system improvements to research and development of new technologies – is focused on improving how we store, safeguard and provide access to your valuable information. Recall makes expert use of the latest technology to optimize each stage of our service delivery in order to provide you with the best systems and service the industry has to offer. As an industry innovator Recall was the first information management company to use radio frequency identification (RFID) for the purposes of securely tracking and storing client’s paper documents, media, and files. Today Recall is still the only information management company which provides audit reports, powered by RFID, of their client’s holdings with an over 99.9997% accuracy rate. Security is our top priority. This is especially important today where data breaches and identity theft are a growing concern. Our facilities are upheld to the most stringent security practices, and our secure destruction facilities have received a AAA certification from the National Association for Information Destruction. Recall offers services that help your business manage information throughout its life-cycle from creation to destruction including document storage and retrieval, digital conversion, data protection and secure destruction services. The recent addition of our Information Governance solutions enables us to bring best-in-breed solutions to help organizations proactively manage their physical and electronic records and information. Recall provides businesses with more than secure information management – we provide peace of mind.
www.recall.com © 2013 AIIM - The Global Community of Information Professionals
31
Information Governance
Nuix streamlines and automates the records classification process to locate and manage intellectual property, contracts and financial, legal and human resources records stored outside existing management systems.
- records, risks and retention in the litigation age
In most organizations, more than half the data they retain is redundant, obsolete or trivial. Nuix technology empowers organizations to index and classify all corporate data so they can make defensible and cost-effective decisions about what to delete and retain. Removing this valueless space-filler can dramatically reduce storage costs and decrease the time, expense and disruption of eDiscovery, compliance audits and digital investigations.
UNDERWRITTEN IN PART BY
RSD GLASS ® is a patent-pending platform used to manage global corporate information governance programs for electronic and physical records. Using RSD GLASS ® , companies create corporate policies that are actively enforced across organizational and jurisdictional boundaries, IT systems, content repositories, and paper archives.
Watch
Founded in 1973 in Geneva, with offices in North America: New York and Boston; in Europe: Geneva, Paris, London and Madrid; and in Asia-Pacific: Singapore and Sydney, RSD is the leading provider of information governance (IG) solutions for the enterprise. RSD products help companies reduce operating costs and risk exposure through robust information governance programs that span multiple jurisdictions and decades-long lifecycles.
In dustry
RSD
RSD GLASS ® customers keep the records they need to grow their business, and safely delete the records they are allowed to – reducing storage and other operating costs, risk exposure, and legal fees. Unlike alternative solutions, RSD GLASS ® manages multi-jurisdictional policies, granularity of governance events, and active policy enforcement – wherever governed content resides – across the potentially decades-long lifecycle. RSD GLASS ® enables the largest companies in the world to make better business decisions and mitigate risk associated with information management.
SAP® Extended ECM by Open Text To overcome the disconnect between structured processes and unstructured information, SAP offers a groundbreaking solution. The SAP® Extended Enterprise Content Management (SAP Extended ECM) by Open Text is integrated with SAP Business Suite software such as the SAP ERP application. SAP Extended ECM enables management of unstructured content in the context of the processes and transactions supported by your enterprise applications, giving you content-enriched business processes. As shown in the figure, key functionality includes document management (version control, access control, and approvals); collaboration (with shared work spaces, approval workflows, and records management (for the full lifecycle of both electronic and physical records); and archiving (for access to archived information across any storage medium). With SAP Extended ECM, users of SAP software can attach unstructured documents and entire ECM work spaces to transactions in SAP applications, and no longer have to log into multiple applications to find information. Users of other applications can be given access to SAP information via the SAP Extended ECM interface, allowing them to leverage SAP content without extensive training. As organizations move to standardize and streamline core business processes, they increasingly find the need to interconnect unstructured information with those highly structured operations. The SAP® Extended Enterprise Content Management by Open Text can help you meet this challenge. SAP Extended ECM is also designed to minimize total cost of ownership from the IT perspective. The product is powered by the SAP NetWeaver® technology platform, and uses SAP user management tools to minimize administrative overhead.
© 2013 AIIM - The Global Community of Information Professionals
www.sap.com 32
Information Governance
www.rsd.com
- records, risks and retention in the litigation age
This is accomplished through: • A policy engine called RSD GLASS ® Policy Manager that captures and validates all the requirements mandated by applicable laws and regulations and those required by the business, and transforms them automatically into coded policies for use and enforcement in the field. • Policy enforcement and information lifecycle management using RSD GLASS ® Governance Manager for structured repositories of information accross business functions, jurisdictions, and affiliates within complex IT infrastructures. • RSD GLASS ® Governance Dashboards for measuring and overseeing your information governance program.
UNDERWRITTEN IN PART BY
Named by Gartner as a 2012 “Cool Vendor”, StoredIQ enables organizations to make important business decisions faster; to expose what’s relevant in a critical litigation matter; to know what’s no longer needed or just clouding the issue and raising costs; to be able to respond confidently to any regulatory or customer inquiry.
Watch
StoredIQ, an IBM Company, enables organizations to gain visibility and control over Big Data and rapidly connect people to business-critical information. With StoredIQ, companies can identify, analyze, and act on unstructured data — where it lives—to meet their data intelligence, eDiscovery, and information governance requirements.
In dustry
StoredIQ
Built on a powerful, unified platform which dynamically manages data in-place, StoredIQ improves the speed and reliability of information management, lowering legal costs and compliance risks, while meeting the stringent requirements that IT departments demand. Industry-leading companies rely on StoredIQ solutions to solve Big Data problems and manage their information more efficiently to reduce cost and risk. Quickly deployed within the enterprise, StoredIQ identifies, analyzes and acts on what’s important across petabytes of data — without moving it to a repository or specialty application—to deliver immediate ROI.
Enterprise Content Management Training Program The changing needs of ECM are shifting towards effective collaboration and social business.
Take control of your information assets. The AIIM E nterprise Content Managm ent (ECM) Tr ain ing Program covers best practices for designing, implementing, and using ECM environments. The program is available both as a c lassr oom c ou rse and as onlin e self-pac ed lear ning. Designed for information professionals that need to create, capture, store, preserve, and deliver information more effectively for departmental processes and across the enterprise, this program has been updated in 2012 from the ground up. The program includes completely new content on knowledge management, social business, use of mobile devices, content analytics, and much more. Students will learn how to plan, implement, and improve ECM environments. The information provided in the progam is applicable across all industries and business processes, and is independent of any particular technology or vendor solution. The AIIM Enterprise Content Management (ECM) Program is offered in three streams: P ractitioner, Spec ialist and Master. n n
n
The P ractitioner program presents strategies, methods and tools for managing content. The Specialist program covers global best practices for planning and implementing ECM, integrating ECM into collaborative business processes, and builds on topics covered in the Practitioner program. The Master program provides a thorough understanding of ECM with the main elements from the above programs and includes a practical case study exercise.
Courses Include: n Organizing Content
n ECM Program Strategy n Search and Retrieval n Applications and Solutions n Information Governance n Business and Technology Assessment n Social Business n Building a Foundation
n Understanding ECM Architecture n Establishing a Project Plan n Process & Workflow n Deployment & Operations
aiim.org/ecmtraining © 2013 AIIM - The Global Community of Information Professionals
33
Information Governance
www.storediq.com
- records, risks and retention in the litigation age
No other company has this vision. No other company provides this kind of intelligent solution that works like you do to unlock the value of Big Data. Contact StoredIQ to learn more about how our solutions can benefit your business, and take the first step toward turning your company into a truly ‘data-driven’ enterprise.
AIIM (www.aiim.org) has been an advocate and supporter of information professionals for 70 years. The association mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. Founded in 1943, AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, nonprofit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community, with programs and content for practitioners, technology suppliers, integrators and consultants.
© 2013 AIIM 1100 Wayne Avenue, Suite 1100 Silver Spring, MD 20910 +1 301.587.8202 www.aiim.org
© 2013 AIIM - The Global Community of Information Professionals
AIIM Europe The IT Centre, Lowesmoor Wharf Worcester, WR1 2RR, UK +44 (0)1905 727600 www.aiim.eu