Implementing an ERM Program: The Issues, Challenges, and Strategies

About This Presentation

Title:

Implementing an ERM Program: The Issues, Challenges, and Strategies

Description:

Managing Electronic Records Without an ERMS. RM and IT: ... Optical disks (CDs, DVDs, etc.) Flash drives. External hard disks. Smart phones and PDAs ... – PowerPoint PPT presentation

Number of Views:160

Avg rating:3.0/5.0

Slides: 151

Provided by: jess162

Category:

more less

Transcript and Presenter's Notes

Title: Implementing an ERM Program: The Issues, Challenges, and Strategies

1
Implementing an ERM ProgramThe Issues,
Challenges, and Strategies

Jesse Wilkins
April 17, 2008

2
Seminar Agenda

A.M. Implementing ERM
Implementing an ERM Program
Managing Electronic Records Without an ERMS
RM and IT Collaboration for Success
P.M. Emerging Electronic Records Management
Accessing Electronic Records in 5, 50, 500 Years
Effective Email Management
RM 2.0 Managing Records in the Cloud

3
Session 1Implementing an ERM Program
4
Session Agenda

Paper vs. Electronic Records
Implementing the ERM Program

5
Paper vs. Electronic Records
6
Setting the Stage

Explosion of information
161 exabytes created or copied in 2006
Up to 95 created electronically
80 never printed
Digital vs. paper
How do you print an Oracle database?

7
Whats the big deal?

Paper records
Self-contained
Human readable
Robust
Mature technology
Authentic and trustworthy
Electronic records
Might beor not.

8
The paper problem
9
The electronic problem?
Source for images Wikimedia Commons
10
Whats the big deal with e-records?

Not human readable
Not even visible
Anyone can create a ton of records
And email them to everyone
And create tons of perfect binary copies
And in 10 years they wont be readable anyway!

11
Really, whats the big deal?

Records management is about managing records
regardless of media
Electronic records are more complex and more
fragile than analog records
Electronic records must be actively managed to
ensure reliability, trustworthiness, and
authenticity

12
Implementing the erm program
13
Implementing the ERM program
ERM implementation lifecycle
2. Information Governance
6. Business Systems Requmts.
7. Business Classificatn Schemes
10. Pilots Model Offices
11. Roll-out
12. Post Implementn.
9. IT Infra- structure
3. Concept of Operations
8. Users User Involvement
5. Business Case
14
Project management

Assemble an effective project team
Determine the scope of the program, projects
Include stakeholder, user points of view
Identify priority vs. other projects
Determine a realistic schedule

15
ERM governance

Policy
Procedure
Other instruments
Job aids and references

16
Develop the charter

Also referred to as concept of operations
Identifies what the program is to accomplish at a
high level
Includes anticipated benefits
Describes the to-be, ERM-enabled state of the
organization

17
User involvement

Users need to be involved early and often
If the system doesnt meet their needs, they
wont use it

18
The business case for ERM

Identify the benefits of the ERM program
Financial
Non-financial
Non-tangible
Beware the limitations of the compliance
argument
And the pitfalls of Chicken Little or
disengagement

19
Business requirements

Determine what is required for the ERM program to
be compliant
Policies and instruments
Processes
Roles and training
Technologies
Prioritize according to most urgent need

20
Develop the BCS

Develop the business classification scheme
Select the approach organizational, functional,
matter-centric
Draft the top-level scheme and get feedback
Iterate through successive levels
Get business unit approval of the BCS

21
IT infrastructure

IT infrastructure will impact the way the ERM
solution is implemented
Identify existing IT infrastructure
Ensure ERM solution fits the IT infrastructure
And RM requirements!

22
Pilot the program

Run the program in a controlled environment
Easier to make corrections or changes
Allows users to test-drive the program
Develop and test training materials
Get support staff and power users trained

23
Roll out the program

Go-live for the entire program
Could still be implemented in a phased approach
Train users on expectations
Change management and communication

24
Change control

Most requests for change come during
implementation and acceptance testing
Important to have a change control process
Scope creep
The iron triangle

25
Change management

Different aspects of change
Fear of change?
Communication is the key to managing change
Up and down the organizational chart
Training is part of communication and vice versa

26
Questions?
27
Session 2Managing Electronic RecordsWithout an
ERMS
28
Session Agenda

The network share problem
Desktops and laptops
Removable media

29
The network share problem
30
The network share problem

Many organizations have shared directories
But there are some issues
Duplication of files
Multiple versions of files
Potential deletion of records
Accessibility without control framework
Limit to storage space available
Takes up lots of space
Lots of files stored on network shares are not
records
Or even work-related!

31
How do organizations address this today?

Set passwords or access controls
Set quotas on network shares
And enforce them
Sometimes
Buy more storage
Back up everything periodically to optical or
tape, then purge
Do nothing
None of this helps the records issues

32
Dealing with records on shares

Take small steps
Create folders that match the file plan at the
top level
Gradually add levels
Create usage guidelines
Consider using technology to take control of
shares
Sharepoint?

33
Desktops and laptops
34
Desktops, laptops, and other hidey holes

Records can be stored many places on individuals
PCs
My Documents
In folders on the desktop
In application folders
In .PST files
In temporary folders
On a personal laptop

35
The problem with local file storage

Many of the same issues as with network shares
Duplication of files
Multiple versions of files
Potential deletion of records
Accessibility without control framework
Limit to storage space available
Takes up lots of space
Plus the files rarely get backed up!

36
Dealing with records stored on PCs

Start with the policy
Consider locking down PCs
Watch out for side effects
Consider locking down PCs except for a specified
directory (e.g. My Documents)
Use centralized technology to retrieve records
from those directories

37
Removable media
38
Removable media

Come in many form factors and capacities
Cheaper and hold more every week
Includes
Optical disks (CDs, DVDs, etc.)
Flash drives
External hard disks
Smart phones and PDAs
MP3 players
Compact Flash cards, etc.

39
Removable media issues

Many of the same issues as with network shares
Duplication of files
Multiple versions of files
Potential deletion of records
Accessibility without control framework
Lots of files stored on them are not records
Plus they are generally not under any
organizational control
Easy to lose and may have records on them!

40
Managing removable media

Prohibit their use(?)
Address appropriate usage in policies
Purchase removable media for use by employees
(and address in policies)
Some provide encryption, passwords, biometrics
Consider employing technology to limit or track
usage
Label and track media and location

41
Conclusion

Network shares, PCs, and removable media present
challenges for records managers
There are less costly solutions available to
address but you get what you pay for
A longer-term approach will almost certainly
require technology assistance
But any solution has to start with policies -
TANSTAAMB

42
Questions?
43
Session 3RM and IT Collaborating for Success
44
RM and IT

IT is RMs most important stakeholder even
more important than legal. No significant RM
initiative can even be attempted let alone
successfully accomplished without a close
partnership with IT.
David O. Stephens, CRM, FAI

45
Session Agenda

A record by any other name
RM vs. IT The way the world looks
Recommendations for bridging the gap

46
A record by any other name
47
A record by any other name

Record
Document
Archive
Records management

48
Record

RM information created, received, and maintained
as evidence and information by an organization or
person, in pursuance of legal obligations or in
the transaction of business
IT A group of related fields that store data
about a subject (master record) or activity
(transaction record). A collection of records
make up a file.
Source TechEncyclopedia.com

49
Document

RM recorded information or object which can be
treated as a unit
All records are documents, but not all documents
are records
IT The individual electronic objects on servers,
workstations, and laptops, such as PDF, Word,
etc.

50
Archive

RM The documents created or received and
accumulated by a person or organization and
preserved because of their continuing value.
The building or part of a building in which
archives are preserved and made available for
consultation.
IT Offline or backup storage, e.g. to tape or
optical media
Might include offsite storage of backup media

51
Records management

RM field of management responsible for the
efficient and systematic control of the creation,
receipt, maintenance, use and disposition of
records, including processes for capturing and
maintaining evidence of and information about
business activities and transactions in the form
of records
IT Keeping the systems running, available, and
backed up

52
RM vs. itThe way the world looks
53
RM vs. IT
54
RM vs. IT contd
55
RM vs. IT contd
56
RM vs. IT contd
57
Key concerns for both RM and IT

Providing efficient access to information
Versions
Silos
Containing costs
Providing effective response to audit or
litigation
Ensuring integrity of electronic records
Now and in the future

58
The bottom line

Both RM and IT manage information for the
organization
When RM and IT arent on the same page, bad
things happen
The increasingly electronic world means RM and IT
must collaborate effectively!

59
Recommendations for bridging the gap
60
General recommendations

Establish cross-functional teams to create
policies, address issues
IT
RM
Legal
Business (LOB managers, executive team)
Identify business and technical requirements
Iterate through key deliverables
Change management!

61
Recommendations for IT

Learn the basics of records management
Understand and apply lifecycle management
practices to electronic records and systems
Ensure that hold orders are applied to all
applicable systems, documents, data, backups
Ensure that information is destroyed at the end
of its lifecycle

62
Recommendations for IT contd

Work with RM to identify migration issues and
requirements for electronic records
Hold backup media only as long as required for
disaster recovery purposes
Identify tools for automating records processes
Classification and categorization
Look for systems that include required
recordkeeping functions as identified by RM

63
Recommendations for RM

Reach out to IT proactively
Add records requirements to ITs RFPs
Work with IT to set system configurations
Review classification scheme and retention
schedule with IT
In particular for IT-unique records
Be flexible
It cant all be done today
Beware of Chicken Little syndrome

64
Recommendations for RM contd

Learn about technologies and their impact on the
records program and practices
Imaging (CompTIA CDIA, AIIM)
Storage (SNIA)
Email
Scan the records technology horizons
Automatic classification categorization
Electronic records management
Digital rights management

65
Questions?
66
Session 4Accessing Your Electronic Records in
5, 50, and 500 Years
67
Session Agenda

The problem with digital information
Approaches to digital preservation
Strategies for long-term access

68
The problem with digital information
69
The problem with digital information

Digital documents last forever or five years,
whichever comes first.
--Jeff Rothenberg, RAND Corp.

70
The problem with digital information

Explosion of information
Documents and files are increasingly born
digital
Digital formats support more complex information
objects
Digital preservation does not just happen it
must be actively pursued
And IT cant do it alone

71
Issues in electronic archival

Media deterioration
Hardware compatibility
Software compatibility
Security and encryption
A word about standards

72
Media

There are no archival-class media for storing
digital information
Media can be damaged, scratched, stretched
Substrate separation the chemical layer that
stores the data separates from media
And if there were
it wouldnt matter!

73
Hardware compatibility

Technical obsolescence
8 floppy disks, laser video discs
Generational changes
Floppy disks, CDs
Non-standard formats
ZIP drives, LS-120
Rapid rate of change

74
Software compatibility

Between applications
Microsoft Word, Corel WordPerfect
Between platforms
Word, Word for Mac
Between versions
Word 1.0, Word 2007

75
Security and encryption

Passwords can be lost
Some applications dont play nicely with
encrypted or protected files
Some applications dont
recognize security features
-- and ignore them

76
A note about standards

Formal standards are agreed to by users, vendors,
industry experts, and managed by standards
organizations.
XML, PDF
Ad hoc standards are controlled by vendors or
smaller groups and are considered standards
because they are in widespread use
Microsoft Word
Standards protect the organization!

77
Approaches to Digital preservation
78
Digital preservation strategies

Analog storage
System archival
Emulation
Conversion
Migration
Each has its own strengths weaknesses

79
Analog storage

Analog storage suffers from a number of issues
Search and retrieval issues
Storage requirements and costs
Data loss, particularly
for rich media formats

80
System archival

Maintain copy of original hardware, software,
operating system, and information objects
Still run into issues with media and hardware
lifespan
Centralizes access to locations with older
systems
Increasing number of systems required to ensure
access to everything
Difficult to ensure everything is taken into
account

81
Emulation

Virtual recreation of original environment
Does not require any conversion
Requires periodic refreshing of the emulation
environment
Still have issues around media and, maybe,
hardware to read it
Lots of work is being done in this area

82
Conversion

Move from proprietary to standard
HTML to XML
Windows bitmap to JPEG or TIFF
Excel to ASCII text
Can be labor-intensive
Often results in some loss of data
Proprietary formatting
Rich objects, images, formulas, etc.

83
Migration

Digital media doesnt last forever
and neither does the hardware
Media must be refreshed while its still readable
Very labor intensive
Often results in loss of some information
Migration over generations often more reliable
than migration through generations

84
Migration contd
85
The Domesday Project

Domesday book written in 1086
In 1986, BBC created interactive
presentation using LaserVision LV-ROM
By 2002 the discs were unreadable
Through significant effort and the use of
migration and emulation, the Domesday
presentation remains available

86
Strategies for long-term access
87
Recommendations 5 years

Capture information using no compression or
lossless compression
Use standard file and media formats
Select high-quality media that will last 5-10
years
Capture relevant metadata

88
Recommendations 50 years

Capture information using no compression or
lossless compression
Capture information in standard formats or formal
descriptions
Select high-quality media and plan for migration
Capture relevant metadata
Do not use encryption or passwords on individual
documents

89
Recommendations 500 years

Capture information in standard formats or formal
descriptions
Select high-quality media and plan for migration
Capture and embed relevant metadata
Consider converting to analog
Do not use encryption or passwords on the
individual documents

90
Summary

Digital preservation requires work
Ultimately a question of tradeoffs
Cost to preserve
Cost of not preserving
Exactly what must be preserved
Pursue multiple preservation strategies
Standards can help preservation efforts

91
Questions?
92
Session 5Effective Email Management for the
Organization
93
Session Agenda

Email management drivers
Email management today
Email management technologies
Elements of an email policy

94
email management drivers
95
Email defining the issue

First email was sent in 1971
Today more email is sent every day than the USPS
delivers in a year
11 billion emails a day in the US alone
More than 57 billion a day world-wide
NOT including spam
60 or more of business-critical information is
stored within messaging systems

96
Why are we sending so much email?

Its easy
Its asynchronous
Its convenient
Its less formal
Its ubiquitous and
platform-neutral
Theres a written record of communication

97
Business issues

Email storage costs
Up to 200 GB email per month for 1,000-user
company
Costs to add and manage storage
Costs to back up to tape
Costs to restore
Productivity costs

98
Business issues contd

Email retrieval costs
It takes more than 11 hours to recover an email
more than 1 year old from an archive
Typically have to restore the entire tape to a
spare (!) server to find the desired message
29 of organizations would not be able to restore
an email message
over 6 months old

99
Legal issues

Electronic discovery for a Fortune 500 company
averages 750,000 per case
75 of demands for discovery are for email
Courts want discovery in native format
but may also require that it be provided in an
accessible format

100
Legal considerations for messages

Messages are discoverable whether they are
records or not
Message archives are discoverable, regardless of
the format or storage medium
The deleted messages box is discoverable
Personal copies are discoverable

101
When is an email a record?

When statutorily defined
When it documents a business transaction
When it memorializes a business decision
When the attachment
is a record
When it is the only written
record of something

102
Email management today
103
Email management defined

According to AIIM, The ECM Association, the
essence of email management is that
As the de facto standard for business
communication, removing emails from the server
and saving them to a repository isn't enough.
Email must be classified, stored, and destroyed
consistent with business standards-just as any
other document or record.

104
Approaches to managing email today

Policy approaches to retention
Do nothing
Let users manage their own email
Keep everything forever
Delete all messages older than X
Limit mailbox size to X
Declare and manage email as records

105
Approaches to managing email today

Technology approaches to retention
Outsource it!
Server-based rules
Client-based rules
Decentralized employees do it
Messages on the server
Messages in .PST/.NSF files

106
Email management is NOT

Saving all email messages forever
Saving all email messages in the messaging
application
Setting mailbox time limits
Setting mailbox size limits
Declaring email as a record
series
Or as simply correspondence
Doing nothing

107
General principles

Email management is part of time management
Email is a medium, not an action
Email should not be used for everything
Email should be kept as long as needed and no
longer

108
Who captures the message?

YOU have to capture an email
You receive from outside the organization
You send, either internally or to someone outside
the organization
Designate someone to
capture messages sent to groups/lists

109
Emails that are not captured

Transitory messages that are not timely
Personal messages unrelated to business
Me-too messages
Messages already captured by someone else

110
Email management technologies
111
Messaging system

Not built to store massive amounts of messages
And attachments
And manage as records
Difficult to search across
inboxes
Discovery, auditing

112
Print file

Common approach
Challenges
Loss of metadata
Attachments
Volume to print and to file
Authenticity (phishing)

113
Backup tapes

Backups store data, not files or messages
Designed for smoke rubble scenario
Multiple copies of data
Readability of older tapes
Format, media, hardware

114
Email management applications

Move messages out of the messaging application
Typically use a rules engine
May provide simple retention management
Single instance storage
Many different capabilities available

115
Email management technologies

Email archiving
Personal archive file management
Email encryption and digital signatures
Email compliance
Email discovery
Email security
Policy management

116
ECRM solutions

Most systems support email management
May run at server or client
Many support single-instance storage
May allow declaration, management of messages as
records
Varying support for attachment management,
metadata management

117
Elements of an Email Policy
118
Email policy principles

Email belongs to the organization, not the
individual
Email is not a records series unto itself
Email management program must comply with
appropriate regulatory requirements
Policy has to be followed and enforced!

119
Email policy elements

Acceptable/appropriate usage
Personal usage
Access to external messaging systems
Effective email usage
Ownership of email
Retention and disposition
Legal issues
Holds
Discovery and production

120
Elements of an email policy

Mobile and web-based email
Backups
Archival
Privacy
Security
Retention and disposition
Training
Audit and compliance

121
Conclusion

We have to manage messaging technologies better
Start with policies and procedures
Technology can help
Communicate, communicate, communicate
Enforce the program

122
Questions?
123
Session 6Records Management 2.0 Managing
Records in the Cloud
124
Agenda

Definitions 2.0
Web 2.0 In Action
Managing Records in the Cloud

125
Definitions 2.0
126
Buzzwords 2.0

Education 2.0
Energy 2.0
Health 2.0
Library 2.0
Travel 2.0
Retail 2.0

Hugh McLeod http//www.gapingvoid.com
127
Web 2.0

Web 2.0 is the business revolution in the
computer industry caused by the move to the
internet as platform, and an attempt to
understand the rules for success on that new
platform. Chief among those rules is this
Build applications that harness network effects
to get better the more people use them.
-- Tim OReilly, 12/10/2006

128
Office 2.0

First described by Ismael Ghalimi in 2005
Use of Web 2.0 technologies for Office 1.0 tasks
Scott Deitzen, Zimbra
Web-based Software-as-a-Service (Saas) Dion
Hinchcliffe
Working where you want, when you want, and being
able to conduct real business
blognation Canada

129
Enterprise 2.0

Enterprise 2.0 focuses on platforms companies can
buy or build to make visible the practices and
outputs of their knowledge workers.
-- Andrew McAfee, 5/2006
Enterprise 2.0 is the application of the Web 2.0
technology and mindset within an organization.
--Mike Riversdale, E20 New Zealand Style, 2/2008

130
Not in our organization.