automated compliance: how to create an ig program that manages itself

Automated Compliance: How to Create an IG Program

that Manages Itself

Jim Merrifield is the Director of Information Governance for FileTrail, Inc. He focuses on educating enterprise organizations on how to design and implement an

effective records management and information governance strategy. Prior to joining FileTrail, Jim was the Records Manager at Finn Dixon & Herling LLP. Jim holds

both industry leading designations, the certified Information Governance Professional (IGP) and certified Information Professional (CIP). Jim is co-developer of the

ARMA IGP Course, an AIIM education partner and President of the ARMA Connecticut Chapter.

Contact Jim: jmerrifield@filetrail.com @IGmode linkedin.com/in/jmerrifield www.FileTrail.com

Jim Merrifield

Upon completion of this webinar, participants will

be able to:

1. Mitigate risk associated with compliance and discovery

2. Automate the complete information management lifecycle

3. Utilize a comprehensive plan that drives adoption and adherence of compliance policies

Learning Objectives

What is Information Governance?

The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals – Gartner 2012

IG Key Statistics

» 31% report that poor electronic records-keeping is causing problems with regulators and auditors. 14% are incurring fines or bad publicity.

» 14% are already doing auto-classification of electronic records, 37% are keen to do it.

» Electronic records aren’t being deleted even when retention periods are set.

- AIIM Industry Watch 2013

IG Key Statistics

» For 29% the response to the information deluge is “buy more discs”.

» 73% include email in their retention policies, but most rely on manual methods to file them.

» 45% of organizations plan to increase their records management spend over the next two years.

- AIIM Industry Watch 2013

IG Integrates Multiple Perspectives

» According to IDC in 2011, SharePoint still had gaps in key Content Management areas including Web Content Management, Document Imaging and Records Management.

e gaps are being removed.

» Microsoft has continued building functionality through the 2013 release of SharePoint

Information Management Lifecycle

Figuring out what

information is important

Figuring out how long we

need to keep it for

Then getting rid of it when it’s

no longer needed.

ADEM Model

Assess

Develop

Establish

Monitor

Assessment of Information Risk &

Compliance

Information Risk & Compliance

Every Organization must consider its legal and regulatory environment along with its tolerance for risk when determining its governance framework

Information Risk & Compliance

» What information is needed to support business processes?

» What steps must be taken to be in compliance with governing laws and regulations?

» What information should be destroyed and when?

Information Risk & Compliance

Develop An IG Program

Analyze

Internal/External

Drivers

SWOT Analysis

Identify Key

Stakeholders Adopt a Vision

Develop An IG Program

Adopt a Vision

» What is your goal for the next 3-5 years?

» Define steps to take to meet your business goals

» And Don’t Give Up!!!

Identify Key Stakeholders

» IT, RIM, Legal, Compliance, Audit, Privacy, HR, etc.

» Obtain Executive Sponsorship

» Develop Roles/Responsibilities for your key stakeholders

CREATE OWNERSHIP WITH YOUR STAKEHOLDERS!!!

Analyze Internal/External Drivers

Internal Drivers » Corporate culture

» Current Business Plans

» Financial constraints

External Drivers » Identify technology trends

» Identify industry best practices

» Evaluate how you “stack up” with your competition

SWOT Analysis

Strengths – What do we do well when it comes to IG.

Weaknesses – What do we do poorly or even at all when it comes to IG.

Opportunities – What changes in technology may help enhance our ability

for good IG.

Threats – Are changes in technology threating our ability to manage our

information.

SWOT

Establish an IG PROGRAM

Policy and Procedure

Clearly define the scope of your policies and procedures to ensure all information is managed throughout the enterprise

IG

Legal Hold

Social Media

Business Units

BYOD

Email

Retention

Written Oral

Face-to-Face Online

Video

Communicate Your IG Program

» Consider who will be impacted by the new policies and procedures

» Knowing all parties that will be affected helps determine the means by which you communicate.

MONITOR & AUDIT YOUR PROGRAM

Metrics

» Amount of information created v. amount disposed

» Amount of information initially captured for holds v. amount actually produced to courts

» Records disposition metrics may include % of content disposed in any given month

» Compliance with end user training

Change Management

Change

Legal

Regulatory

Industry-specific

IG Program Benefits

» Reduction in existing e-storage space

» Eliminate need to purchase MORE e-storage space

» Reduction in off-site storage costs

» Reduction in e-Discovery costs

» Reduction in lost information and time spent locating information

» Eliminate time for users to perform governance tasks (declaration, hold management, disposition, etc.)

Automate Your IG Program

FileTrail’s Governance Solution

Capture Classify Manage Retain Hold Archive Dispose

Disposition Review Cycle

Retention Dashboard

Defensible Deposition Report

Defensible Disposition Trends

33

About FileTrail

450 Clients and 20% Annual Growth

North America: 80%

Europe: 20%

APAC & Africa

Information Intelligence Leader in Management, Asset Tracking and

process improvement

HQ in San Jose, CA East Coast:

Washington DC

Founded in 2000 Over 20 years of IG Experience

Jim Merrifield is the Director of Information Governance for FileTrail, Inc. He focuses on educating enterprise organizations on how to design and implement an

effective records management and information governance strategy. Prior to joining FileTrail, Jim was the Records Manager at Finn Dixon & Herling LLP. Jim holds

both industry leading designations, the certified Information Governance Professional (IGP) and certified Information Professional (CIP). Jim is co-developer of the

ARMA IGP Course, an AIIM education partner and President of the ARMA Connecticut Chapter.

Contact Jim: jmerrifield@filetrail.com @IGmode linkedin.com/in/jmerrifield www.FileTrail.com

Jim Merrifield