automated compliance: how to create an ig program that manages itself
TRANSCRIPT
Automated Compliance: How to Create an IG Program
that Manages Itself
Jim Merrifield is the Director of Information Governance for FileTrail, Inc. He focuses on educating enterprise organizations on how to design and implement an
effective records management and information governance strategy. Prior to joining FileTrail, Jim was the Records Manager at Finn Dixon & Herling LLP. Jim holds
both industry leading designations, the certified Information Governance Professional (IGP) and certified Information Professional (CIP). Jim is co-developer of the
ARMA IGP Course, an AIIM education partner and President of the ARMA Connecticut Chapter.
Contact Jim: [email protected] @IGmode linkedin.com/in/jmerrifield www.FileTrail.com
Jim Merrifield
Upon completion of this webinar, participants will
be able to:
1. Mitigate risk associated with compliance and discovery
2. Automate the complete information management lifecycle
3. Utilize a comprehensive plan that drives adoption and adherence of compliance policies
Learning Objectives
What is Information Governance?
The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals – Gartner 2012
IG Key Statistics
» 31% report that poor electronic records-keeping is causing problems with regulators and auditors. 14% are incurring fines or bad publicity.
» 14% are already doing auto-classification of electronic records, 37% are keen to do it.
» Electronic records aren’t being deleted even when retention periods are set.
- AIIM Industry Watch 2013
IG Key Statistics
» For 29% the response to the information deluge is “buy more discs”.
» 73% include email in their retention policies, but most rely on manual methods to file them.
» 45% of organizations plan to increase their records management spend over the next two years.
- AIIM Industry Watch 2013
IG Integrates Multiple Perspectives
» According to IDC in 2011, SharePoint still had gaps in key Content Management areas including Web Content Management, Document Imaging and Records Management.
e gaps are being removed.
» Microsoft has continued building functionality through the 2013 release of SharePoint
Information Management Lifecycle
Figuring out what
information is important
Figuring out how long we
need to keep it for
Then getting rid of it when it’s
no longer needed.
ADEM Model
Assess
Develop
Establish
Monitor
Assessment of Information Risk &
Compliance
Information Risk & Compliance
Every Organization must consider its legal and regulatory environment along with its tolerance for risk when determining its governance framework
Information Risk & Compliance
» What information is needed to support business processes?
» What steps must be taken to be in compliance with governing laws and regulations?
» What information should be destroyed and when?
Information Risk & Compliance
Develop An IG Program
Analyze
Internal/External
Drivers
SWOT Analysis
Identify Key
Stakeholders Adopt a Vision
Develop An IG Program
Adopt a Vision
» What is your goal for the next 3-5 years?
» Define steps to take to meet your business goals
» And Don’t Give Up!!!
Identify Key Stakeholders
» IT, RIM, Legal, Compliance, Audit, Privacy, HR, etc.
» Obtain Executive Sponsorship
» Develop Roles/Responsibilities for your key stakeholders
CREATE OWNERSHIP WITH YOUR STAKEHOLDERS!!!
Analyze Internal/External Drivers
Internal Drivers » Corporate culture
» Current Business Plans
» Financial constraints
External Drivers » Identify technology trends
» Identify industry best practices
» Evaluate how you “stack up” with your competition
SWOT Analysis
Strengths – What do we do well when it comes to IG.
Weaknesses – What do we do poorly or even at all when it comes to IG.
Opportunities – What changes in technology may help enhance our ability
for good IG.
Threats – Are changes in technology threating our ability to manage our
information.
SWOT
Establish an IG PROGRAM
Policy and Procedure
Clearly define the scope of your policies and procedures to ensure all information is managed throughout the enterprise
IG
Legal Hold
Social Media
Business Units
BYOD
Retention
Written Oral
Face-to-Face Online
Video
Communicate Your IG Program
» Consider who will be impacted by the new policies and procedures
» Knowing all parties that will be affected helps determine the means by which you communicate.
MONITOR & AUDIT YOUR PROGRAM
Metrics
» Amount of information created v. amount disposed
» Amount of information initially captured for holds v. amount actually produced to courts
» Records disposition metrics may include % of content disposed in any given month
» Compliance with end user training
Change Management
Change
Legal
Regulatory
Industry-specific
IG Program Benefits
» Reduction in existing e-storage space
» Eliminate need to purchase MORE e-storage space
» Reduction in off-site storage costs
» Reduction in e-Discovery costs
» Reduction in lost information and time spent locating information
» Eliminate time for users to perform governance tasks (declaration, hold management, disposition, etc.)
Automate Your IG Program
FileTrail’s Governance Solution
Capture Classify Manage Retain Hold Archive Dispose
Disposition Review Cycle
Retention Dashboard
Defensible Deposition Report
Defensible Disposition Trends
33
About FileTrail
450 Clients and 20% Annual Growth
North America: 80%
Europe: 20%
APAC & Africa
Information Intelligence Leader in Management, Asset Tracking and
process improvement
HQ in San Jose, CA East Coast:
Washington DC
Founded in 2000 Over 20 years of IG Experience
Jim Merrifield is the Director of Information Governance for FileTrail, Inc. He focuses on educating enterprise organizations on how to design and implement an
effective records management and information governance strategy. Prior to joining FileTrail, Jim was the Records Manager at Finn Dixon & Herling LLP. Jim holds
both industry leading designations, the certified Information Governance Professional (IGP) and certified Information Professional (CIP). Jim is co-developer of the
ARMA IGP Course, an AIIM education partner and President of the ARMA Connecticut Chapter.
Contact Jim: [email protected] @IGmode linkedin.com/in/jmerrifield www.FileTrail.com
Jim Merrifield