automating information governance - assuring...

AIIM Market IntelligenceDelivering the priorities and opinions of AIIM’s 80,000 community

Automating Information Governance - assuring compliance

aiim.org l 301.587.8202

Industry

Watch

Underwritten in part by:

Industry

Watch

©2014 AIIM - The Global Community of Information Professionals 1

Automating Inform

ation Governance

- assuring compliance

About the ResearchAs the non-profit association dedicated to nurturing, growing and supporting the information management community, AIIM is proud to provide this research at no charge. In this way, the entire community can leverage the education, thought leadership and direction provided by our work. We would like these research findings to be as widely distributed as possible. Feel free to use individual elements of this research in presentations and publications with the attribution – “© AIIM 2014, www.aiim.org”

Rather than redistribute a copy of this report to your colleagues or clients, we would prefer that you direct them to www.aiim.org/research for a download of their own. Permission is not given for other aggregators to host this report on their own website.

Our ability to deliver such high-quality research is partially made possible by our underwriting companies, without whom we would have to return to a paid subscription model. For that, we hope you will join us in thanking our underwriters, who are:

Process Used and Survey DemographicsWhile we appreciate the support of these sponsors, we also greatly value our objectivity and independence as a non-profit industry association. The results of the survey and the market commentary made in this report are independent of any bias from the vendor community.

The survey was taken using a web-based tool by 531 individual members of the AIIM community between Mar 15, and Apr 08, 2014. Invitations to take the survey were sent via e-mail to a selection of the 80,000 AIIM community members.

Survey demographics can be found in Appendix 2. Graphs throughout the report exclude responses from organizations with less than 10 employees, and suppliers of ECM products and services, taking the number of respondents to 487.

ASG Software Solutions1333 Third Avenue South Naples, FL USA 34102Tel: 800-932-5536 (USA Only) Email: [email protected]: www.asg.com

Concept Searching, Inc8300 Greensboro Drive, Suite 800, McLean, VA 22102Tel: +1-703-531-8567 Tel Europe: +44-(0)1438-213545Web: www.conceptsearching.com

CCube Solutions.13 Diamond Court Opal Drive, Fox Milne Milton Keynes MK15 0DUUK Tel: 01908 677752 Fax: 01908 679444Email: [email protected]: www.ccubesolutions.com

OpenText275 Frank Tompa Dr, Waterloo, ON N2L 0A1Tel: +1-800-499-6544Email: [email protected]: www.opentext.com/infogov

AvePointHarborside Financial Center, Plaza 10 3 Second Street, 9th Floor Jersey City, New Jersey 07311Tel: +1-800-661-6588Email: [email protected]: www.avepoint.com

IBM Corporation Corporate headquarters: 1 New Orchard Road Armonk, New York 10504-1722 Tel: +1-855-221-0702 Web: www.ibm.com/ILG

Industry

Watch


Automating Inform

ation Governance


About AIIMAIIM has been an advocate and supporter of information professionals for 70 years. The association mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community: practitioners, technology suppliers, integrators and consultants.

About the AuthorDoug Miles is head of the AIIM Market Intelligence Division. He has over 30 years’ experience of working with users and vendors across a broad spectrum of IT applications. He was an early pioneer of document management systems for business and engineering applications, and has produced many AIIM survey reports on issues and drivers for Capture, ECM, Records Management, SharePoint, Mobile, Cloud, Social Business and Big Data. Doug has also worked closely with other enterprise-level IT systems such as ERP, BI and CRM. Doug has an MSc in Communications Engineering and is a member of the IET in the UK.

© 2014AIIM - Find, Control, and Optimize Your Information1100 Wayne Avenue, Suite 1100, Silver Spring, MD 20910Phone: 301.587.8202www.aiim.org

Industry

Watch


Automating Inform

ation Governance


About the ResearchAbout the Research . . . . . . . . . . . . . . . . . . . . . . 1Process Used and Survey Demographics . . . . . . 1About AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2About the Author. . . . . . . . . . . . . . . . . . . . . . . . . . 2

IntroductionIntroduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Key Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Coping with Information Volumes. . . . . . . . . . . . . 4

Maturity of Policies and SystemsMaturity of Policies and Systems . . . . . . . . . . . 5Paper v. Electronic . . . . . . . . . . . . . . . . . . . . . . . . 5IG/RM Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 6RM Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Perception of IG . . . . . . . . . . . . . . . . . . . . . . . . . . 7IG Risks and Rewards . . . . . . . . . . . . . . . . . . . . . 7

Information Governance PoliciesInformation Governance Policies . . . . . . . . . . . 9Maturity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10IG Policy Scope . . . . . . . . . . . . . . . . . . . . . . . . . 10

Audit and ConformanceAudit and Conformance. . . . . . . . . . . . . . . . . . 11Training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Issues from Non-Compliance . . . . . . . . . . . . . . . 12Data Protection. . . . . . . . . . . . . . . . . . . . . . . . . . 12Retention Policies. . . . . . . . . . . . . . . . . . . . . . . . 13Savings on Storage . . . . . . . . . . . . . . . . . . . . . . 14

Automated ClassificationAutomated Classification . . . . . . . . . . . . . . . . 14Automated Agents . . . . . . . . . . . . . . . . . . . . . . . 15Automated Records Declaration. . . . . . . . . . . . . 16Content Types . . . . . . . . . . . . . . . . . . . . . . . . . . 16Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Accuracy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Experiences . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Email ArchivesEmail Archives . . . . . . . . . . . . . . . . . . . . . . . . . 18Legal Hold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Multiple Repositories and CloudMultiple Repositories and Cloud. . . . . . . . . . . 20Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Opinions and Spend IntentionsOpinions and Spend Intentions . . . . . . . . . . . 21Spend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Conclusion and RecommendationsConclusion and Recommendations . . . . . . . . 23Recommendations . . . . . . . . . . . . . . . . . . . . . . . 23References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Appendix 1 - Survey DemographicsAppendix 1 - Survey Demographics . . . . . . . 24Survey Background . . . . . . . . . . . . . . . . . . . . . . 24Organizational Size . . . . . . . . . . . . . . . . . . . . . . 24Industry Sector . . . . . . . . . . . . . . . . . . . . . . . . . . 25Job Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Appendix 2 - Selective CommentsAppendix 2 - Selective Comments . . . . . . . . . 26

Underwritten in part by:ASG Software Solutions . . . . . . . . . . . . . . . . . . . 27AvePoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27CCube solutions . . . . . . . . . . . . . . . . . . . . . . . . . 28Concept Searching, Inc. . . . . . . . . . . . . . . . . . . . 28IBM Corporation . . . . . . . . . . . . . . . . . . . . . . . . . 29OpenText . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29About AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Table of Contents

Industry

Watch


Automating Inform

ation Governance


IntroductionWhat’s in a name? When it first came into vogue a few years ago, “information governance” (IG) was often considered to be just an updated form of records management (RM), extended to take account of the US legal discovery rules. If all electronically stored information can be requested prior to a court case, not just content that has been specifically declared as a record, then work-in-progress, content on laptops and mobiles, back-ups, and, in particular, email archives, are all discoverable, and need to be “governed”.

However, in the past twelve months, the impact of data leaks and security breaches, most especially the Edward Snowdon activities, has brought the security and privacy elements of information governance strongly into play. Metadata has become an issue for front-page news, and heads-of-state discuss individuals’ rights to data privacy and information deletion. Meanwhile, massive data leaks of personal information have damaged corporate reputations and hardened already strong views in some jurisdictions.

We therefore need to work harder to protect live content and preserve content records, but the volume, velocity and variety of content generation makes it nearly impossible to manually maintain and enforce the policies we so earnestly set. Computers are more consistent than humans, but you still have to teach them - and trust them. We seem to be at an adoption tipping-point for automating real-time compliance processes, and for machine audit of existing content for metadata accuracy, content security, and de-duplication. Is this a silver bullet? What are the early adopter experiences?

In this report we take an in-depth look at information governance policies, privacy and records management issues, policy enforcement, and how well technology can set or correct metadata, detect security risks, and enforce deletion policies.

Key FindingsCoping with Information Volumesn On the whole, organizations are stabilizing the volume of paper records, but electronic records are

“increasing rapidly” in 68% of organizations surveyed. While 32% reported an actual decrease in their paper records, not one respondent could report a decrease in electronic records.

n Only 12% of respondents feel confident that they store only what they need to store. 42% are not confident about what is safe to delete.

n 43% feel that automated classification is the only way to keep up with rapidly increasing information volumes. 14% are already using it, but a further 35% have immediate plans for adoption.

n Of those already using auto-classification, only 10% have been disappointed with the results. In particular, classifying scanned documents has performed better than or as well as expected for 83% of users.

n Improved searchability, higher productivity and defensible compliance are given as the top three benefits from automated classification.

IG Policiesn The three biggest risks from failure of information governance are excess litigation costs, loss of

intellectual property and damage to reputation. 24% have had a compliance issue around litigation and discovery in the last 2 years.

n 40% of organizations have recently moved, or plan to move in the next year or so, from a traditional RM view to a much wider IG view. 33% are still working in classic RM mode, including 18% who are still taking a mostly paper-records view.

n The three biggest benefits from good information governance are reduction in storage costs, exploiting and sharing knowledge resources, and faster response to events and inquiries. Users are also becoming more aware of the need to support big data analytics.

n Getting senior level endorsement and involvement is the biggest issue in creating an IG policy. Then enforcement once the policy has been agreed.

Industry

Watch


Automating Inform

ation Governance


n Only 10% have an IG policy in place that is respected and enforced – 21% have a policy in place but it is mostly ignored. For 55% the IG policy is a work-in-progress.

n Of those who have information governance policies, only 19% regularly audit for compliance. 40% of organizations do not allocate any staff time for IG training, and only 4% specifically update senior management.

Email and Cloudn RM policies for email are still very variable. 18% keep everything, 16% delete everything, 22% have no

policy or strategy. 17% move emails to their ECM/RM system or a dedicated archive with RM retention functions, but only 5% use automation.

n Use of cloud or SaaS systems for RM is up from 5% to 7% in the past year, with those actively planning up from 11% to 14%. But those saying “unlikely” or “never” is up from 46% to 51%.

Spending Plansn On the whole, users are likely to increase spend on all aspects of IG in the next 12 months, in particular

IG training, email archive, search, RM systems and automated tools. Spend on back-file scanning of paper records is set to increase, but outsourced RM, both paper and electronic, is net-neutral.

Maturity of Policies and SystemsPaper v. ElectronicThe good news on paper records is that the number of organizations reporting a rapid increase has dropped from 15% to 10% since our survey a year ago1, and that smaller organizations have balanced out, with the same number reporting increasing volume to those reporting decreasing volume. The bad news is that bigger organizations seem to have suffered a setback with 48% reporting an increase compared to 31% reporting a decrease – a gap of 17% compared to a 3% gap last year. There is no obvious explanation for this.

Figure 1: Is the volume of your paper/electronic records? (N=483)

When it comes to electronic records, the picture is much clearer: nobody is reporting a decrease, and around 70% of all sizes are reporting “rapidly increasing” volumes.

Increasing rapidly,

10%

Increasing somewhat,

32%

Stable, 27%

Decreasing somewhat,

25%

Decreasing rapidly, 7%

Increasing rapidly,

68%


28%

Stable, 4%


0% Decreasing rapidly, 0%

We don’t have informa�on and

records management policies, 7% We have definite

plans to develop enterprise-wide informa�on and

records management policies, 14%

We have informa�on and

records management

policies but have nothing you could

describe as mature, 38%

We have established policies

in some areas/ departments but not others, 26%

We have robust, enterprise-wide

informa�on governance

policies, 15%

0% 10% 20% 30%

It is incorporated in our ECM/DM system

We have records management capability in ourECM/DM system but no plans to use it

We plan to add/ turn-on records managementin our ECM system in the next 12-18 months

We have separate systems for ac�ve contentmanagement and records management

Our DM system doesn’t support records management

We don’t have an ECM/DM system

We have looked at things this way

for quite some �me (3+ years),

18%

We have recently adjusted our view to align with this,

16%

We have plans to adjust

responsibili�es in the next 12-18 months, 24%

Records Managers

manage records, and IT take good care of the rest,

9%

Records Managers manage records,

but the rest is not so well managed,

15%

Records management is

mostly about paper files in our organiza�on, 18%

Paper Records Electronic Records

Industry

Watch


Automating Inform

ation Governance


IG/RM PoliciesBefore being too specific about all-encompassing information governance policies, it is useful to look at policies in general, and maturity levels of basic records management. Just 15% of respondents feel they have robust, enterprise wide IG policies, albeit rising to 22% for the largest organizations. The rest of the picture is somewhat patchy. 28% have departmental or geographical variations, 38% feel they are still some way from maturity, and 21% actually have no policies in place as yet - although two thirds of those have good intentions. It would seem that 12% of even the largest organizations have no agreed RM policies.

Figure 2: How mature are your information governance and records management policies? (N=483)

RM SystemsSupporting these policies, we see an equally wide range of system architectures. Only 23% have what we would call the classic EDRMS system, combining content, document and records management. 27% have RM capability in their ECM/DM system but don’t use it – although most (22%) say they are planning to turn it on in the next 12-18 months. A similar proportion, 25%, have separate systems for active content management and records management. Often this involves SharePoint as the DM system, with a more robust RM system underlying it. 26% have no RM capability.

Figure 3: How would you describe your mechanism for managing electronic records? (N=478)

Increasing rapidly,

10%


32%

Stable, 27%


25%


Increasing rapidly,

68%


28%

Stable, 4%








records management







policies, 15%

0% 10% 20% 30%









18%


16%



Records Managers


9%



15%




Increasing rapidly,

10%


32%

Stable, 27%


25%


Increasing rapidly,

68%


28%

Stable, 4%








records management







policies, 15%

0% 10% 20% 30%









18%


16%



Records Managers


9%



15%




Industry

Watch


Automating Inform

ation Governance


Perception of IGAs we noted in the introduction, information governance as a term has burst into popularity in the last few years – at least on the part of the vendors. Although this survey was self-elected against a title that included the word “information governance”, there is strong evidence that the term – and indeed the practice – has struck a chord with users. Figure 4 shows that the number of organizations changing their view from management of declared records to management of all electronically stored information has jumped from 18% to 34% in the last 2 years, with a further 24% planning to adjust their view in the next 12-18 months. There is evidence that smaller organizations are more likely to have made the move – perhaps as they are less likely to have had traditional RM roles.

Unfortunately, there are still some organizations that have yet to accept the reality of electronic records, and continue to live in the paper world – 18% in this survey

Figure 4: To what extent would you say the perception of information governance in your organization has progressed from management of declared records, to management of ALL

electronically stored information for privacy, security and e-discovery? (N=425)

40% of organizations have recently changed, or are about to change, from a declared records view of information management and control to an IG view across all of their stored information.

IG Risks and RewardsSo accepting that the majority of our respondents understand the wider implications of IG, we asked what they considered to be the three biggest risks associated with IG failures. Excess litigation costs or damages heads the list, followed by loss of valuable information and then loss of customer confidence – all of which would be considered major business disasters.

Understandably, loss of intellectual property is of the most concern to smaller businesses, and inability to respond to information requests is a particular concern of mid-sized organizations.

Increasing rapidly,

10%


32%

Stable, 27%


25%


Increasing rapidly,

68%


28%

Stable, 4%








records management







policies, 15%

0% 10% 20% 30%









18%


16%



Records Managers


9%



15%




Industry

Watch


Automating Inform

ation Governance


Figure 5: Which of the following do you consider to be the biggest risks to your company from a failure of information governance? (Max THREE) (N=482)

On the positive side, users see many benefits from good information governance, the most significant of which is to reduce storage and infrastructure costs – and this is a tangible cost-saving benefit. Next comes exploitation and sharing of knowledge, followed by faster response to events, accidents, press activities, etc. – and in the modern era of 24 hour news and social media comment, this can be vitally important to prevent reputational damage, and, indeed, to saving lives.

Figure 6: Which three of the following do you consider to be the biggest benefits to your company from good information governance? (max THREE) (N=478)

It is also worthy of note that support for big data initiatives has moved up from 6th last year to 5th place.

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Excess li�ga�on costs or damages resul�ng frompoor records keeping

Loss of intellectual property or companyconfiden�al informa�on

Loss of customer confidence or bad publicityfrom data loss

Inability to respond to requests (e.g., Freedom ofInforma�on)

Audit qualifica�ons due to inadequate records

Regulator ac�on from loss/exposure ofpersonally iden�fiable informa�on

Infringement of industry-specific complianceregula�ons

Poor outcome of customer/supplier disputesdue to gaps in communica�ons trail

Fines resul�ng from poor records keeping

Criminal prosecu�on for allowing personallysensi�ve data to be lost

0% 20% 40% 60%

Reduce storage and infrastructure costs

Exploit and share our knowledge resources

Faster response to events, accidents, pressac�vi�es, FOI enquiries, etc.

More personalized and accurate service tocustomers

Support for poten�al big data/analy�csini�a�ves

Be�er customer/supplier rela�onships

Pro-ac�vely support patents, li�ga�on,healthcare, tax collec�on, etc.

Be�er reputa�on/improved shareholdervalue

Faster and cheaper financial audits

0% 10% 20% 30% 40% 50%

Ge�ng senior management endorsement

Having the right people at the table

Ge�ng anybody to be interested

Enforcing it once it is completed

Alloca�ng sufficient �me from the day jobs

Extending coverage to all stored content

Transla�ng the policies into system rules

Nailing down classifica�on and taxonomy

Being over ambi�ous in scope and detail

Trying to cover too many scenarios

Iden�fying the legal requirements

0% 5% 10% 15% 20% 25% 30%

The RM/IM/Compliance department takesresponsibility

Each line of business or departmentmanages their own records

IT are mostly responsible

The IG Commi�ee set and supervisepolicies for all departments

The legal department takes the lead

There is no formal alloca�on ofresponsibili�es

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%











0% 20% 40% 60%










0% 10% 20% 30% 40% 50%












0% 5% 10% 15% 20% 25% 30%







Industry

Watch


Automating Inform

ation Governance


Information Governance PoliciesCreating a comprehensive information governance policy can be daunting, and the key to success is to obtain senior management endorsement. However, even with support from the top, other senior managers need to sign-up to take part. Our users also identified enforcement of the policy once in place as a big issue, which we will return to later.

The scope of extending coverage from records to include all stored content is considered to be an issue, especially for mid-sized businesses, but identifying the legal requirements does not come high on the list, despite changing (and confusing) laws on data protection. For smaller organizations, finding time and resources is obviously difficult, and this heads the list for them.

Figure 7: What have been the three biggest issues with creating an information governance policy? (N=387)

Most respondents have had to fight to gain involvement and support from senior management for creating an IG policy. Enforcing it once complete is a further issue for many.

ResponsibilityAs we have moved from the paper records era to electronic records, the involvement of IT has increased steadily. Moving on again to the IG era where all stored content needs to be managed for security, accessibility and lifecycle, the involvement of IT is paramount, even if the ultimate responsibility still lies with the Records Manager or increasingly the Compliance Officer. However, we can see from Figure 8 that in 28% of organizations records management responsibility resides within each line of business or department – a situation which is unlikely to be conducive to a coordinated, enterprise-wide information governance initiative. Only 10% have a formal IG committee to oversee activities, policies and systems. In 24% of organizations, responsibility has not been formally or specifically allocated.

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%











0% 20% 40% 60%










0% 10% 20% 30% 40% 50%












0% 5% 10% 15% 20% 25% 30%







Industry

Watch


Automating Inform

ation Governance


Figure 8: How would you describe allocation of responsibility for information governance and retention of records in your organization? (N=393)

MaturityDespite the publicity that data leaks and privacy breaches have generated over the last year, there is little evidence that organizations have taken much notice ― in particular their senior managers. Overall, 52% have undertaken or are undertaking IG projects, but sadly, for a third of those it has been a somewhat wasted exercise in that the policy is largely unreferenced and unaudited. Only 8% feel that the policy is in place and is working.

Figure 9: Which of the following do you think best describes the way that information governance policy is regarded in your organization? (N=391)

IG Policy ScopeBest practice for information governance is to ensure that all stored content is addressed by the policy (content at rest), as well as any content being accessed or transferred between servers, websites, user clients or mobile devices (content in motion). The issues addressed should include secure access, privacy protection, back-up, disaster recovery, retention, legal discovery and legal hold.

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%











0% 20% 40% 60%










0% 10% 20% 30% 40% 50%












0% 5% 10% 15% 20% 25% 30%







It’s in place, it’s important and it's

communicated and enforced, 8%

We have a policy but it’s largely un-

referenced and un-audited, 17%

We are working hard to achieve a corporate-wide

view, 27%It’s very variable across different

departments, 17%

We have li�le in the way of official

policy, just accepted pracce,

12%

Senior management show

li�le interest or investment, 9%

Nobody takes much interest, 10%

0% 10% 20% 30% 40% 50% 60% 70%

Informaon retenon

Access/confidenality

Data protecon and PII

Deleon and disposion processes

Legal holds and e-discovery

Informaon in moon – laptops, USBs, etc.

Content in archive/back up

Audit of compliance

Laws and regulaons in mulple jurisdicons

Mobile access and on-device storage

Devices outside of corp. control (BYOD & home)

Use of cloud-based content sharing

None of these/We have no policy

0% 10% 20% 30% 40% 50%

All staff, regularly

All staff, occasionally/ad hoc

New recruits only

RM staff only

Training/updates for seniormanagement

No, we don't allocate training me

Yes, on a regular basis,

19%

Yes, but sporadically,

18%

Yes, departmentally,

17%

Somemes, when

pressured to do so, 14%

Very rarely, 31%

Industry

Watch


Automating Inform

ation Governance


Although most organizations with IG policies cover a variety of these requirements, it is obvious from Figure 10 that there are many gaps for most.

Figure 10: Which of the following elements are included in your information governance policy? (Check all that apply) (N=388)

Audit and ConformanceAs we suggested earlier, an IG policy that is not referenced and supported is not going to help the business achieve compliance and remain compliant.

TrainingOne way to ensure that staff are made aware of the importance of information governance in particular and compliance in general is to train them as part of their post recruitment on-boarding. The only way to keep them aware is to train all staff as part of a regular program.

Unfortunately, 40% of organizations in our survey do not allocate any time to IG training, and only 12% regularly train all staff. A tiny 4% hold specific update sessions for senior management.

Figure 11: Do you allocate specific staff training-time to information governance? (Tick those that apply) (N=392)







departments, 17%



12%




0% 10% 20% 30% 40% 50% 60% 70%

Informaon retenon







Audit of compliance






0% 10% 20% 30% 40% 50%



New recruits only

RM staff only




19%


18%


17%

Somemes, when


Very rarely, 31%







departments, 17%



12%




0% 10% 20% 30% 40% 50% 60% 70%

Informaon retenon







Audit of compliance






0% 10% 20% 30% 40% 50%



New recruits only

RM staff only




19%


18%


17%

Somemes, when


Very rarely, 31%

Industry

Watch


Automating Inform

ation Governance


AuditWhen it comes to specific auditing of IG policy compliance, only 19% of those with policies run regular audits across the business. 17% carry out departmental checks. 45% ― nearly half – rarely audit or only do so under pressure. Not training staff and not auditing performance shows little intent that IG is a serious consideration for day-to-day operations.

Figure 12: Do you audit and measure compliance with policies across the business? (N=305 with IG policies)

Issues from Non-ComplianceIt seems that many organizations are more prepared to accept the consequences of non-compliance with information governance rules than to implement and mandate improved policies. 52% report that they have had issues of non-compliance over the last two years. 25% have failed internal audits as part of governance monitoring, but more seriously, 24% have had external litigation and discovery issues, rising to 31% of the largest organizations. 17% have had problems with their external auditors. Taking Figure 13 as a whole, this represents an enormous amount of disruption, cost and potential risk to the business.

Figure 13: In your organization, has non-compliance created a significant issue with any of the following in the last 2 years? (Tick all that apply) (N=381)

Data ProtectionData protection and privacy rules vary country-by-country and state-by-state, and some are on a roadmap of change (such as in the EU). Most organizations have a responsibility to protect the information they hold about their employees, and many hold customer or client data of greater or lesser sensitivity. 18% of our respondents were honest enough to admit that their organization would probably fail if audited against their applicable legislation, and 7% admitted that they have suffered privacy breaches or data loss. A further 26%







departments, 17%



12%




0% 10% 20% 30% 40% 50% 60% 70%

Informaon retenon







Audit of compliance






0% 10% 20% 30% 40% 50%



New recruits only

RM staff only




19%


18%


17%

Somemes, when


Very rarely, 31%

0% 10% 20% 30% 40% 50%

None of these

Internal audits (regulatory, financial, HR)

Li�ga�on and discovery

External audits (industry, government)

Freedom of Informa�on Requests (FOI)

Regulatory submissions

Customer audits/SLA reviews

Cer�fica�ons (ISO, etc.)

0% 10% 20% 30% 40%

We would probably struggle if audited againstthe relevant data protec�on legisla�on

We operate to the minimum requirements ofthe relevant data protec�on legisla�on

We have to meet stricter requirements thanmost due to the nature of our business

We could be a target for the� of personal data but senior management aren’t too concerned

We know we are a target for the� of personaldata but have had no incidences

We have suffered privacy breaches and/or data loss

Unable to comment

0% 10% 20% 30% 40% 50% 60%

We don’t have defined reten�on periods/policies

Most things are never

When IT decide to ra�onalize storagevolumes

Some�me a�er the reten�on date, but not sooner

Manual process or confirma�on at end ofreten�on period

Fully automated, at end ofreten�on period

Paper recordsEmailsElectronic records

0% 5% 10% 15% 20% 25%

We don’t have them

We have them but they are mostly notfollowed

Haven’t yet kicked-in for most of our records/content

Only making a small difference

They make a worthwhile difference

They are having a significant effect

deleted/destroyed

Industry

Watch


Automating Inform

ation Governance


felt unable to comment – perhaps not surprisingly, as these are potentially legal offenses. Another 22% feel that they are operating at the very minimum of requirements. Overall, Figure 14 paints a picture suggesting that half of organizations are running significant risks.

Figure 14: Which of the following would you say describe the attitude to privacy protection and data loss prevention in your organization? (Check those that apply) (N=380)

Retention PoliciesWhen it comes to compliance with data retention policies, there is both a legal risk to the business where undeleted records may be exposed at trial, and a financial penalty for excess storage costs. In Figure 15, we have separated out deletion of paper records, emails and other electronic records.

This is obviously an area of concern, as 84% do not delete emails and electronic records in a formal way (compared to 45% for paper records, which itself is still not good). It may be that they do not have defined retention periods, they are not actually be carrying out destruction when the retention period is up, or they may wait until other factors such as storage space come into play. For paper records (other than those managed by an electronic system), destruction is normally a manual process, but so, it would seem, is the deletion of electronic records and email for many. Only 20% have automated email deletion, and just 9% have automated systems in place to delete electronic records at the end of their retention period.

Figure 15: How rigorously would you say content deletion/destruction is carried out in your organization? (N=384)

0% 10% 20% 30% 40% 50%

None of these








0% 10% 20% 30% 40%







Unable to comment

0% 10% 20% 30% 40% 50% 60%








0% 5% 10% 15% 20% 25%







deleted/destroyed

0% 10% 20% 30% 40% 50%

None of these








0% 10% 20% 30% 40%







Unable to comment

0% 10% 20% 30% 40% 50% 60%








0% 5% 10% 15% 20% 25%







deleted/destroyed

Industry

Watch


Automating Inform

ation Governance


84% of organizations have ad hoc processes when it comes to deletion of emails or electronic records.

Savings on StorageGiven the lack of rigor in deletion policies within most organizations, it is hardly surprising that most are seeing little reduction in storage requirements as a result of data retention policies, although 21% feel they are seeing a worthwhile reduction and 18% a small difference. For many (23%), it will be many years before the effects kick-in – a powerful argument for the near 40% doing nothing to get started as soon as possible.

Figure 16: To what extent are your data retention policies keeping your storage requirements in check?) (N=391)

Automated Classification There are a number of mechanisms for automated classification. The record may be tagged at the point of declaration, or there may be a post-process, either during migration to another system or as a batch agent. Some may work on the existing metadata of a document or email; others will run analytics on the content to create new metadata. The process may be fully automatic, or the user may be prompted to confirm the suggested tagging or metadata revision.

0% 10% 20% 30% 40% 50%

None of these








0% 10% 20% 30% 40%







Unable to comment

0% 10% 20% 30% 40% 50% 60%








0% 5% 10% 15% 20% 25%







deleted/destroyed

Industry

Watch


Automating Inform

ation Governance


According to Figure 17, 45% of those responding to our survey perform some form of automated classification, including 18% at the point of ingestion and 28% as part of the workflow. 15% conduct post-process metadata cleaning.

Figure 17: Do you do any of the following? (Check all that apply) (N=341)

Automated AgentsAutomated or batch agents are quite popular with 45% using them in one form or other. Many of these applications flow down from a process of correcting misapplied or unapplied metadata, thereby, for example, correcting security settings, and enabling deletions against the retention rules, and of course, improving searchability. Tagging, detecting duplicate files and encrypting or redacting are the most popular applications. There are also a number of techniques in use to monitor system health and unusual user activity.

Figure 18: Do you use any automated agents to perform any of the following functions: (N=155, excl. 188 not using batch agents)

0% 10% 20% 30% 40% 50% 60%

None of these

Automacally classify/declare content at thepoint of ingeson to ECM/RM/email system

Automacally classify/declare content aspart of workflow/process

Prompt for records declaraon and suggest classificaon

Use OCR to auto-classify inbound scanned documents

Trawl legacy content for data cleansing or improvement

Process migrated content for metadatacorrecon or re-alignment

0% 5% 10% 15% 20% 25% 30%

Tag/add metadata based on rules

Detect duplicate files

Encrypng or redacng content

Monitor unusual user acvity

Flag for deleon based on applicaon ofretenon rules

Monitor performance and resilience ofECM/ERM system

Detect security risks and misallocated accessor confidenality

Pre-migraon data selecon or metadata mapping

Measure access frequency for hierarchical storage

Detect/paron/delete trivial or non-important content

We are doing it successfully across a number of content

types, 8%

We are doing it successfully across one or two content

types, 6%

We’re just ge�ng started, 25%

We are keen to automate as soon as

we can, 10%

It’s something we plan to do in the

future, 28%

We have no plans, 24%

0% 10% 20% 30% 40% 50%

Incoming scanned

Incoming electronic (PDF, Web, etc.)

Office documents

On exit from process workflow

Email

SharePoint

Output documents to customers

Website content

Internal social business systems

Instant messaging

0% 10% 20% 30% 40% 50% 60%

None of these







0% 5% 10% 15% 20% 25% 30%












types, 8%


types, 6%



we can, 10%


future, 28%


0% 10% 20% 30% 40% 50%

Incoming scanned


Office documents


Email

SharePoint


Website content


Instant messaging

Industry

Watch


Automating Inform

ation Governance


Automated Records DeclarationIf we narrow down the automated classification that leads to, or takes place at, records declaration time, then we can see that there is a huge interest in moving as quickly as possible in this direction. Only 14% are successfully auto-classifying across multiple content types plus 6% across one or two types, but 25% are just getting started and another 10% are keen to get going soon. In total, nearly half of the survey-takers are moving quickly in the direction of auto-classification.

Figure 19: How would you best describe your overall plans for automated declaration/ classification of records? (N=366)

Content TypesThe most popular application area is inbound documents – both scanned and electronic. This has the benefit of automating routing and distribution as part of the digital mailroom concept, as well as pre-allocating the trailer documents that are often just checked for compliance purposes and then archived. Despite the increasing volume of emails exchanged with customers, automating the response mechanism is only half-way up the table.

Figure 20: Are you using automated declaration/classification for the following content types? (N=112 users)

0% 10% 20% 30% 40% 50% 60%

None of these







0% 5% 10% 15% 20% 25% 30%












types, 8%


types, 6%



we can, 10%


future, 28%


0% 10% 20% 30% 40% 50%

Incoming scanned


Office documents


Email

SharePoint


Website content


Instant messaging

0% 10% 20% 30% 40% 50% 60%

None of these







0% 5% 10% 15% 20% 25% 30%












types, 8%


types, 6%



we can, 10%


future, 28%


0% 10% 20% 30% 40% 50%

Incoming scanned


Office documents


Email

SharePoint


Website content


Instant messaging

Industry

Watch


Automating Inform

ation Governance


BenefitsAs we will see later in the report, 43% of respondents agree that automated classification is the only way to keep up with the volume of content that needs to be processed or sorted. However, coping strategies are seldom funded, so we asked about specific benefits. Searchability, productivity and compliance come out as the strongest. There is no business value in content that can’t be found; people are being bogged down trying to tag content manually; and if they get it wrong, or avoid doing it altogether, then they will be in breach of compliance.

Figure 21: What would you expect to be/what have been the two biggest benefits from automated classification? (Max TWO) (N=355)

We also asked the non-users what is putting them off from using automated classification and declaration. By far the biggest reason is that nobody is pushing for it. They need a champion. Then, of course, there is the fact that they need to sort out their IG policies first or they will have no rules to put into the classification engine. Only a few non-users questioned how well the process might work from the technical standpoint.

AccuracyMeasuring the accuracy of automated classification requires the setting up of representative documents, or using a sampling technique with human verification. It would seem from Figure 22 that users are more likely to put this in place for scanned documents than for electronic ones. Either way, for both types of document, only 11% feel that the accuracy of the classification engine is worse than expected, with the accuracy on scanned documents using OCR being generally much better than expected.

Figure 22: How would you describe the accuracy of automated declaration/ classification that you are achieving for electronic/scanned documents? (N=125 users)

0% 10% 20% 30% 40% 50% 60%

Improved searchability

General staff produc�vity

Defensible compliance

Repository alignment

Storage volume reduc�on

Staff coopera�on

Big data readiness

Migra�on

Not sure yet

Much be�er than expected,

17%

About the sameas expected,

54%

Not as goodas expected,

11%

It’s hard to actuallymeasure this,

18%

27%

Much be�er than expected, Not as good

as expected,12%


56%


5%

0% 20% 40% 60%

Start small and build out with confidence

Se�ng up the rules is challenging and�me-consuming

Generally, it works and is well worththe investment

Needs constant monitoring toensure compliance

It takes a huge load off of opera�onal staff

When it gets it wrong it can be very wrong!

It has transformed the completeness andaccuracy of our records

We needed to increase the spread/number oftraining documents

0% 5% 10% 15% 20% 25%

Fixed dele�on periods enforced on mailserver

Automa�cally selected for archive intoECM/RM system

Manually selected for archive into ECM/RM system

Moved to a dedicated email archiving system

Reliant on email server to createarchives/back-ups

Reliant on archive se�ngs in email client(e.g., Outlook Archive)

We keep everything

It’s not mandated or policed in any way

Electronic Documents Scanned Documents

0% 10% 20% 30% 40% 50% 60%






Staff coopera�on

Big data readiness

Migra�on

Not sure yet


17%


54%


11%


18%

27%


as expected,12%


56%


5%

0% 20% 40% 60%









0% 5% 10% 15% 20% 25%







We keep everything



Industry

Watch


Automating Inform

ation Governance


When asked about the accuracy and consistency of human beings versus machines, there is a general consensus that humans are more accurate than machines, but much less consistent and generally too slow, although 26% consider machines can be both more accurate and more consistent. On the other hand, 44% feel that machine prompting for human decision works the best.

ExperiencesWe asked the users what they had learned from their automated classification projects. The general advice is to start with smaller, more achievable projects and build out from there. There seems to be no doubt that time will need to be invested in setting up the rules, and that even then, consistent monitoring is needed to ensure compliance is being met. On that basis, the consensus is that automated classification works and is a worthwhile investment.

Figure 23: What have been your experiences with automated classification? (Check any that apply) (N=120 users)

90% of those using automated classification are satisfied that the performance is sufficiently accurate, although attention needs to be given to the rules setup, and ongoing monitoring is important.

Email ArchivesIn a classic records management or information governance scenario, emails are simply another form of electronic document, a (small) proportion of which need to be tagged and declared as records into the records management system. Unfortunately, even a small proportion of a massive daily volume can overwhelm a user’s ability (or enthusiasm) for tagging. On top of that, there is the potential that excessive numbers of emails will clutter up the clutter up the RM system, or overwhelm it with duplicates. Automating the declaration of emails into records can be one way to overcome this, although while 14% of our respondents direct email records to ECM, only 3% use automation – and this is despite the fact that most inbound emails are already scrutinized by quite intelligent spam and virus filters.

For some organizations (13%), the answer has been to implement a dedicated archive to handle bulk emails, where they can be dealt with in a robust, and possibly automated way.

0% 10% 20% 30% 40% 50% 60%






Staff coopera�on

Big data readiness

Migra�on

Not sure yet


17%


54%


11%


18%

27%


as expected,12%


56%


5%

0% 20% 40% 60%









0% 5% 10% 15% 20% 25%







We keep everything



Industry

Watch


Automating Inform

ation Governance


Figure 24: How would you best describe your mechanism for archiving emails? (N=357)

The remaining email strategies in Figure 24 leave much to be desired. 17% keep everything, 16% delete everything after a fixed period, and 22% have no policy or strategy.

For those that do have a dedicated email archive, most could not consider it to be a records management repository. 30% still do mass deletion, with only 8% using any kind of metadata analysis or rules to justify their actions, such as recommended by the Capstone guidance for government agencies. Only 8% go further and analyze the body content of emails for classification purposes.

When it comes to RM functionalities such as retention management, 24% have basic retention and hold functions for legal discovery, plus 10% who have rules-based automated retentions. More encouragingly, 16% have integrated search, discovery and hold integration with other content systems using manage-in-place scenarios.

Figure 25: What level of RM functionality do you use on your email archive system? (N=49 users, excl. 15 Don't Know)

17% keep all emails, 16% delete after a fixed period, and 22% have no policy or strategy – a total of 55% who are not providing formal governance of emails.

0% 10% 20% 30% 40% 50% 60%






Staff coopera�on

Big data readiness

Migra�on

Not sure yet


17%


54%


11%


18%

27%


as expected,12%


56%


5%

0% 20% 40% 60%









0% 5% 10% 15% 20% 25%







We keep everything



0% 5% 10% 15% 20% 25% 30% 35%

Fixed dele�on based on elapsed �me

Fixed dele�on using rules and systemmetadata (e.g., as per Capstone)

Classifica�on using content analy�cs ofbody content

Basic reten�ons and holds

Event-triggered dele�on

Automated reten�ons and holds basedon rules

Search/discovery/hold integra�on withother content systems

0% 20% 40% 60%

Triggered by ECM/RM system(s)

Triggered by case management system

Timed prompts to the Legal department forreview and ac�on

Covered off in a legal discovery/ holdmanagement app

Down to individual users in Legal

Verbal requests to IT or RM on comple�onof li�ga�on

Ad hoc: no formal mechanism

0% 10% 20% 30% 40% 50% 60%

Store as much content as possible in a singleECM/DM/RM system

Migrate/declare records into to a singleRM system

Manage content in place across mul�plerepositories, not using CMIS

Manage content in place across mul�plerepositories, using CMIS-compa�ble connectors

We don't have a strategy as such

Yes – already do, 7%

Yes – ac�vely considering/

planning it, 14%

Yes – but only when security and reliability mature,

28%

No, probably not, 37%

No, definitely not, 14%

Industry

Watch


Automating Inform

ation Governance


Legal HoldAs we implied in the previous section, disconnected repositories for different content types such as email create their own problems when it comes to legal discovery processes and the application of holds to prevent discoverable content being deleted as part of the end-of-retention period process. 53% of our respondents are reliant on ad hoc manual processes for searching and applying legal hold. 9% are able to move content to a dedicated e-discovery or litigation system, and as mentioned previously, 16% are able to use manage-in-place across multiple repositories.

When it comes to releasing content from legal hold, the picture is even more casual, with 78% reliant on ad hoc manual processes, which are inevitably error prone, either resulting in content staying on permanent hold, or returning content to a normal retention plan when it should be re-categorized.

Figure 26: What mechanism do you use to release content from legal hold? (N=246, excl. 100 Don't Knows)

Multiple Repositories and CloudAs we have discussed, information governance needs to be applied across the business, across different content types and across different content repositories. If there is no connection between repositories, then IG will need to be applied to each one, and furthermore, when laws or regulatory rules change, each set of repository rules will need to be updated. In addition, e-discovery searches will need to be repeated across each repository, and hold processes applied in multiple places.

Figure 27: What is your strategy for dealing with information governance across multiple repositories? (N=308, excl. 37 Don't Knows)

0% 5% 10% 15% 20% 25% 30% 35%








0% 20% 40% 60%








0% 10% 20% 30% 40% 50% 60%








planning it, 14%


28%



0% 5% 10% 15% 20% 25% 30% 35%








0% 20% 40% 60%








0% 10% 20% 30% 40% 50% 60%








planning it, 14%


28%



Industry

Watch


Automating Inform

ation Governance


From Figure 27, we can see that in total 30% have a single ECM/RM system as a strategic objective, and 18% are planning around manage-in-place, with about a third adopting CMIS compatible connectors. For the largest organizations, as we can imagine, a single enterprise-wide RM system is more of a challenge, and only 19% feel they should go in this direction, although even in these businesses, 44% don’t actually have an agreed strategy.

CloudOn average, our respondents suggest that 25% of their stored content is made up of declared records, and from a storage point of view, there could be a cost benefit of moving this data to a cloud infrastructure. However, there are also issues of sensitivity, reliability and long-term storage which might predicate against putting records in the cloud. Users are somewhat divided on this. Compared to our survey last year1, those already using the cloud are up from 5% to 7%, and those with active plans are up from 11% to 14%, but the number generally in favor (as and when the security and reliability mature) is down from 54% to 49%.

Figure 28: Would you consider adopting a Cloud/SaaS system for your records? (N=308, excl. 37 Don't Knows)

It is noticeably the smallest organizations that are further ahead here – 29% either doing or planning, with mid-sized furthest behind – only 3% doing and 10% planning. For the largest organizations, “cloud” is more likely to mean their own private cloud, and the adoption rate is 8% doing and 18% planning.

Opinions and Spend IntentionsTo better understand the how IG is perceived, and the levels of confidence from those designated as data-stewards, we presented a number of statements, with the following conclusions:

n Only 14% feel confident that they are only storing content which is needed by the business.

n 42% do not feel confident that they can identify what content is safe to delete.

n 45% say that their strategy for managing increasing content volume is to buy more discs.

n 43% agree that automated classification is the only way to keep up with increasing volumes (only 17% disagree).

n 31% feel that their board-level managers are not sufficiently conscious of the consequences of a data loss.

n 51% feel that there organization is underspending on IG compared to the potential risk. Only 16% feel they have the balance right.

0% 5% 10% 15% 20% 25% 30% 35%








0% 20% 40% 60%








0% 10% 20% 30% 40% 50% 60%








planning it, 14%


28%



Industry

Watch


Automating Inform

ation Governance


Figure 29: How do you feel about the following statements? (N=347)

SpendDespite the view that most organizations are underspending, there is an across-the-board plan to spend more in the next 12 months in almost every product area. It is heartening to see IG training at the top of the list (and AIIM has a recently developed course to fulfill this need – see Appendix 4).

Records management and email management systems show a strong growth, as do search, e-discovery and automated classification systems. Increased recruitment of RM/IM staff and compliance staff is also indicated.

Figure 30: How do you think your organization's spending on the following products and applications in the next 12 months will compare with what was actually spent in the last 12 months?

(N=335, net more, excl. “Same”)

80% 60% 40% 20% 0% 20% 40% 60% 80%

We feel confident that we only store what weneed to store

We feel confident that we can iden�fy what issafe to delete

Our strategy for managing increasing contentvolume is to buy more discs

Automated classifica�on is the only way tokeep up with the volumes coming at us

Our board-level managers are very consciousof the consequences of data loss

Our spend on informa�on governance isappropriate to the risk

Strongly Disagree Disagree Neither agree nor disagree Agree Strongly agree

-5% 0% 5% 10% 15% 20% 25% 30%

Informa�on governance trainingEmail management/Email archive

Enterprise searchDedicated ERM system(s)

Back-file scanning of paper recordsERM modules or add-ons

e-Discovery applica�ons or modulesAutomated classifica�on tools

RM/IM staffCompliance staff

Social records managementSaaS/Cloud provision for RMOutsource electronic records

Outsource paper records

80% 60% 40% 20% 0% 20% 40% 60% 80%

We feel confident that we only store what weneed to store

We feel confident that we can iden�fy what issafe to delete

Our strategy for managing increasing contentvolume is to buy more discs

Automated classifica�on is the only way tokeep up with the volumes coming at us

Our board-level managers are very consciousof the consequences of data loss

Our spend on informa�on governance isappropriate to the risk

Strongly Disagree Disagree Neither agree nor disagree Agree Strongly agree

-5% 0% 5% 10% 15% 20% 25% 30%

Informa�on governance trainingEmail management/Email archive

Enterprise searchDedicated ERM system(s)

Back-file scanning of paper recordsERM modules or add-ons

e-Discovery applica�ons or modulesAutomated classifica�on tools

RM/IM staffCompliance staff

Social records managementSaaS/Cloud provision for RMOutsource electronic records

Outsource paper records

Industry

Watch


Automating Inform

ation Governance


Conclusion and RecommendationsMost organizations have come to the realization over the past few years that without policies and mechanisms for defensible deletion of content, they will be spending increasing amounts of money on storage, and also risk holding on to content that it would be safer to delete. Events of the past twelve months have added a new level of risk whereby the legal requirements to keep safe custody of sensitive data, and the need to maintain the trust of customers, has brought a huge realization that many more types of content and information need to be governed, and at all stages in the lifecycle from creation to deletion.

However, we have seen that despite initial good intent in creating information governance policies, many are somewhat limited in scope, and there is generally very poor follow through with training, audit and enforcement. This leaves many organizations at risk. Data custodians admit that they are keeping far too much content that has little value to the business, and yet they struggle to categorize what can be deleted.

Most recognize that it is too much to expect users to be diligent in following policies, especially given rapidly increasing volumes of content. There is, therefore, a very strong interest in automated tagging, metadata correction and records classification. Early adopters seem to be having success with the technology, and there is a general view that this is the only way to demonstrate compliance, reduce litigation risk and keep some check on the rapidly growing volumes of stored content. A strategy of rules-based metadata application and back-file correction provides a vehicle for security validation, compliance audit, retention management, and of course, improved search - and can do so at scale.

Recommendationsn Monitor legal, compliance and audit issues within your own business, and with peers and competitors,

in order to highlight the need to take information governance seriously at the highest levels in your organization.

n Create an information governance team including representatives from IT, Records Management, Compliance, Legal, and Line of Business.

n Draft an information governance policy. Focus initial efforts on areas where the content is the most sensitive (e.g., HR records, customer records, IP), but also where there is least governance at present (e.g., email, shared drives, cloud file shares, mobile).

n If you have an ECM or records management system that is no longer front-of-house for content and records management, revitalize it, switch on RM functions, and ensure it fulfills the need for both internal and external collaboration.

n As part of this re-engagement of ECM, consider running automated metadata correction, de-duplication, and retention policy enforcement in order to remove redundant, out-of-date and trivial content, and to improve search capabilities.

n Investigate day-forward automated classification, particularly for email, process archives and routine inbound content. Consider how to use automation to simplify user filing accuracy, and in effect, automate ongoing compliance.

References1 AIIM Industry Watch, “Information Governance: records, risks and retention in the litigation age”,

March 2013, http://www.aiim.org/Research-and-Publications/Research/Industry-Watch/InfoGov-2013

Industry

Watch


Automating Inform

ation Governance


Appendix 1 - Survey Demographics

Survey Background531 individual members of the AIIM community took the survey between Mar 15, and Apr 08, 2014, using a Web-based tool. Invitations to take the survey were sent via email to a selection of the 80,000 AIIM community members.

Organizational SizeSurvey respondents represent organizations of all sizes. Larger organizations over 5,000 employees represent 33%, with mid-sized organizations of 500 to 5,000 employees at 39%. Small-to-mid sized organizations with 10 to 500 employees constitute 28%. Respondents from organizations with less than 10 employees and suppliers of ECM products and services have been eliminated from the results, taking the total to 487 respondents.

Geography74% of the participants are based in North America, with 19% from Europe and 7% rest-of-world.

Government & Public Services -Local/State, 19%

Government & Public Agencies -

Na�onal/ Interna�onal, 7%

Finance, Banking, Insurance, 14%

Energy, Oil & Gas, Mining, 8%

Consultants, 6%

Manufacturing, Aerospace, Food,

Process, 6%

Educa�on, 6%

Telecoms, Water, U�li�es, 6%

Healthcare, 5%

Legal and Professional Services, 5%

Engineering & Construc�on, 4%

IT & High Tech —not ECM, 4%

Retail, Transport, Real Estate, 4%

Non-Profit, Charity, 3%

Document Services Provider,

2%

Life Science, Pharmaceu�cal,

1% Media, Entertainment, Publishing, 1%

Other, 1%

11-100 emps, 12%

101-500 emps, 16%

501-1,000 emps, 11%

1,001-5,000 emps, 29%

5,001-10,000 emps, 11%

over 10,000 emps, 22%

US, 57%

Canada, 17%

UK, Ireland, 12%

W. Europe, 6%

E. Europe, Russia, 1%

Middle East, Africa, S.Africa,

4%

Australia, NZ, 2%

Asia, Far East, 1%

Central/ S.America, 1%

IT staff, 12%

Head of IT, 3%

IT Consultant or Project Manager,

12%

Records or document

management staff, 33%

Head of records/ compliance/ informa�on

management, 22%

Line-of-business execu�ve,

department head or process

owner, 4%

Business Consultant, 5%

Legal/Corporate Council/Corporate

Compliance, 3%

President, CEO, Managing

Director, 2% Other, 3%






Consultants, 6%


Process, 6%

Educa�on, 6%


Healthcare, 5%







2%



Other, 1%

11-100 emps, 12%

101-500 emps, 16%

501-1,000 emps, 11%

1,001-5,000 emps, 29%

5,001-10,000 emps, 11%

over 10,000 emps, 22%

US, 57%

Canada, 17%

UK, Ireland, 12%

W. Europe, 6%



4%

Australia, NZ, 2%

Asia, Far East, 1%


IT staff, 12%

Head of IT, 3%


12%

Records or document



management, 22%



owner, 4%



Compliance, 3%



Industry

Watch


Automating Inform

ation Governance


Industry SectorLocal and National Government together make up 26%. Finance and Banking 14%, and Energy 8%.

Job Roles27% of respondents are from IT, 55% have a records management or information management role, and 17% are line-of-business managers.






Consultants, 6%


Process, 6%

Educa�on, 6%


Healthcare, 5%







2%



Other, 1%

11-100 emps, 12%

101-500 emps, 16%

501-1,000 emps, 11%

1,001-5,000 emps, 29%

5,001-10,000 emps, 11%

over 10,000 emps, 22%

US, 57%

Canada, 17%

UK, Ireland, 12%

W. Europe, 6%



4%

Australia, NZ, 2%

Asia, Far East, 1%


IT staff, 12%

Head of IT, 3%


12%

Records or document



management, 22%



owner, 4%



Compliance, 3%








Consultants, 6%


Process, 6%

Educa�on, 6%


Healthcare, 5%







2%



Other, 1%

11-100 emps, 12%

101-500 emps, 16%

501-1,000 emps, 11%

1,001-5,000 emps, 29%

5,001-10,000 emps, 11%

over 10,000 emps, 22%

US, 57%

Canada, 17%

UK, Ireland, 12%

W. Europe, 6%



4%

Australia, NZ, 2%

Asia, Far East, 1%


IT staff, 12%

Head of IT, 3%


12%

Records or document



management, 22%



owner, 4%



Compliance, 3%



Industry

Watch


Automating Inform

ation Governance


Appendix 2 - Selective Comments

Do you have any general comments to make about your collaboration projects? (Selective)

n There is a big struggle between RM and IT regarding automation of any kind in my organization, and the lack of a strong IG Framework only makes it worse.

n Policy without audit, custodial accountability and CONSEQUENCES is like speed limits with no radar... who cares?

n While some are starting to "get it," I think that most mid- and high-level managers still don't grasp the importance of good IG. They still see it as "filing" to be left to clerks.

n Automated classification is the way to go but it’s hard to raise the profile.

n Automated classification what/how is still a mystery to us.

n It's always hard to get executive levels to see the big picture.

n Have some experience of automated classification and the problem is the investment in resources to build and maintain the rule sets / classification schemes.

n As we move to adopting SP2010's records center and using a 3rd party records management tool, I am excited to see this process work from declaration to destruction and allow the staff to feel more comfortable and confident in these tools.

Industry

Watch


Automating Inform

ation Governance


ASG Software SolutionsASG Software Solutions connects sophistication and experience with agility and technological efficiency, through its vendor-agnostic cloud, content and systems solutions. ASG helps companies solve today’s most pressing business issues, including everything from reducing operating costs and enhancing workforce productivity to ensuring regulatory compliance. With customers like American Express, Coca-Cola, GE, HSBC, IBM, Lockheed Martin, Merrill Lynch, Procter & Gamble, Sony, Toyota, Verizon, and Wells Fargo, ASG can proudly say that more than 70 percent of global Fortune 500 companies trust it to optimize their existing IT investments. Founded in 1986, ASG Software Solutions is a global company headquartered in Naples, Florida, USA, with more than 1,200 employees. For more information, visit www.asg.com or find us on Facebook, LinkedIn, Twitter or YouTube.

ASG’s world class enterprise content management portfolio includes:

n ASG-ViewDirect®, the world’s most scalable, full-featured enterprise content retention, storage and archiving suite, which supports all platforms, databases, storage devices, data formats and volumes of enterprise content in distributed and mainframe environments.

n ASG-Cypress®, a modular document output and customer communication management suite that facilitates ingesting, composing, formatting, personalizing and distributing content to support physical and electronic communications.

n ASG-Total Content Integrator™, which provides a unified, federated, content aggregation and integration technology for transparent search, discovery and presentation of electronic documents, records and other content anywhere in the enterprise.

n ASG-Records Manager™, which facilitates the automatic capture, classification and disposition of electronic transactional records in high-volume environments according to varied information.

www.asg.com

AvePointAvePoint is the established leader in enterprise-class big data management, governance, and compliance software solutions for next-generation social collaboration platforms. Focusing on helping enterprises in their digitization journey to enable their information workers to collaborate with confidence, AvePoint is first to market with a unique solution that centralizes access and control of information assets residing in disparate collaboration and document management systems on-premises and in the cloud. AvePoint solutions and services aim to bring together business, IT, as well as compliance and risk officers to serve key business objectives such as big data, cloud integration, compliance, enterprise content management, and mobile data access monitoring.

Founded in 2001 and based out of Jersey City, NJ, AvePoint serves more than 13,000 organizations in five continents across all industry sectors, with focused practices in the energy and utilities; financial services; healthcare and pharmaceuticals; and public sector industries. AvePoint is a Depth Managed Microsoft Gold Certified Application Development Partner and Gold Certified Collaboration and Content Partner, as well as a US Government GSA provider via strategic partnerships. AvePoint is privately held and backed by Goldman Sachs and Summit Partners.

www.avepoint.com


Industry

Watch


Automating Inform

ation Governance


CCube solutionsCCube Solutions specializes in providing Electronic Document and Content Management & Workflow solutions, based on the CCube software suite. Systems scale from small departmental applications to large enterprise -wide solutions and include: the CCube Portal, Electronic Forms, Workflow, Content Searching, and CCube Electronic Document & Records Management System (EDRMS), offering specialised solutions, including:

www.ccubesolutions.com

Concept Searching, Inc.Concept Searching is the industry leader in advanced semantic metadata generation, auto-classification, and taxonomy management. Its award winning products employ the only statistical metadata generation and classification technologies that use compound term processing to generate intelligent metadata from unstructured and semi-structured data. Compound term processing, or identifying concepts in context, solves a variety of business challenges and enables enterprise-wide information governance. Using these concept identification capabilities, organizations can transform content into business assets to improve performance.

Concept Searching’s Smart Content Framework™ for information governance is a combination of best practices and underlying products that encompass the entire portfolio of unstructured information assets, providing the ability to develop and deploy a strategic and tactical information governance plan. The framework delivers intelligent metadata enabled solutions, which enable concept based searching; automatic declaration of documents of record; real-time identification, and protection of privacy and confidential data; intelligent migration; cost reductions in eDiscovery, litigation support, and FOIA; content management; granular identification of content for text analytics; and structure for enterprise social networking applications. The solutions are deployed in diverse industries by both Fortune 1000 and small companies that need to meet strict compliance, data privacy, and information governance regulations.

Concept Searching has a Microsoft Gold Application Development competency and is a Business-Critical SharePoint partner. The Concept Searching Microsoft platforms use a single code base, able to be deployed in SharePoint 2007, 2010, 2013, and Office 365, providing clients with the choice of on-premise, cloud based, or hybrid environments. conceptClassifier for Office 365 is currently the only native Office 365 product available that addresses information government challenges, in the cloud or in hybrid environments.

Concept Searching is headquartered in the US, with offices in the UK, Canada, and South Africa. For more information about Concept Searching’s solutions and technologies please visit www.conceptsearching.com.

www.conceptsearching.com


• Legal Compliance• Invoice Capture and Authorisation• Health Records Management• Local Authority Applications

• Law Enforcement Applications• Human Resource Management• Information Web Portals

The key to all solutions we provide is integration with the business to ensure that information is delivered on time and to the right place. We have provided integrated solutions over the last 15 years using the following underlying technologies:

• Document & Records Management• Workflow• Web Portal & Systems Integration

• Electronic Forms Solutions• Electronic Records Management• Collaboration Facilities

We work with companies and organisations across the public and private sectors. Our clients including Hospitals, local authorities, Law Enforcement Agencies and the private sector. The common theme running through all these customers is their need for a robust, legislation compliant information management system, which acts as a hub for vital information which can be accessed and archived at the touch of a button and deliver information to those who need it, when they need it. As a team of talented programmers, developers and other IT Specialists – our staff have a wealth of experience and market knowledge.

Industry

Watch


Automating Inform

ation Governance


About OpenTextOpenText is the leader in Enterprise Information Management (EIM), providing EIM software that helps companies of all sizes and industries to manage, secure, and leverage their unstructured business information, either in their data center or in the cloud. Over 50,000 companies already use OpenText solutions to unleash the power of their information.

OpenText Enterprise Content Management (ECM) solutions facilitate agile information governance strategies designed to reduce risk and mitigate the cost of growing volumes of content in the enterprise - freeing organizations to focus on using information to drive growth and innovation. ECM solutions from OpenText unite capture, document and records management, workflow, search and archiving as well as applications and add-ons such as email, eDiscovery, auto-classification, contract management, case management and engineering document management to accellerate time to information governance while mitigating the risk of growing volumes of content.

ECM is a fundemental practice of managing and extracting value from unstructured enterprise content. OpenText ECM solutions enable organizations to harness the value of their information and enable the strategic CIO to transform every line of business and better compete in the new information economy.

To learn more about OpenText please visit: www.opentext.com/infogov.

www.opentext.com

IBM CorporationIBM Enterprise Content Management solutions deliver content in context to fully harness its potential. These industry-specific solutions can capture, activate, share, analyze and govern unstructured data to lower costs and risk while improving efficiency. As the volume of content continues to rise, organizations struggle to use it effectively. IBM Enterprise Content Management provides a way to discover the content, recognize its value, and then act on it for better business insight and outcomes.

The risks associated with increasing data volume are particularly challenging for organizations that are unable to apply sound information lifecycle governance practices toward managing their data.

Providing our customers with the ability to govern their information is a key pillar in IBM’s Enterprise Content Management business. With IBM’s Information Lifecycle Governance (ILG) solutions, companies can improve their information economics by lowering information costs and risks while maximizing data value. Only IBM provides holistic information governance solutions for:

www.ibm.com/ILG


n Legacy Data Cleanup - Improve information economics through identification, classification and remediation of redundant, obsolete and trivial data.

n Defensible Disposal - Curb storage growth, lower IT and legal costs, and enhance information economics.

n eDiscovery - Strategically manage the eDiscovery process to reduce legal cost and risk.

n Records and Retention - Identify, classify and manage data disposal according to retention schedules to reduce volume, mitigate cost & risk and improve information economics.

n Value-based Archiving - Coordinate archiving and storage of data based on its business value to reduce storage space and cost.

IBM’s information lifecycle governance solutions help customers manage enterprise information according to its business value. By approaching information governance as an economic solution to data growth – i.e. information economics – companies can increase the value of information assets while driving down cost and risk. To learn more, visit: www.ibm.com/ILG

Industry

Watch


Automating Inform

ation Governance


AIIM (www.aiim.org) AIIM is the global community of information professionals. We provide the education, research and certification that information professionals need to manage and share information assets in an era of mobile, social, cloud and big data.

© 2014AIIM AIIM Europe1100 Wayne Avenue, Suite 1100 The IT Centre, Lowesmoor WharfSilver Spring, MD 20910 Worcester, WR1 2RR, UK+1 301.587.8202 +44 (0)1905 727600www.aiim.org www.aiim.eu

Information GovernanceLearn a systematic approach to improve access to information, reduce costs, and meet legal/regulatory requirements.

Course Benefits and ObjectivesThe volume, variety, and velocity of organizational information is changing the game for governance and compliance. Applying a paper paradigm of policies and processes no longer works -- and it certainly doesn’t scale. Governance functions must now be automated, and focus as much on defensible disposition as on retention; as much on data extraction as data archiving.

AIIM’s Information Governance course is founded on these best practices to provide you with a systematic approach for managing information assets and ensuring regulatory compliance. The information is applicable across all industries and is independent of any particular technology or vendor solution.

Your Learning OptionsThe Information Governance course is comprised of 10 modules that may be purchased individually or as a complete package leading to the AIIM Information Governance

Practitioner designation that is earned upon successful passing of the exam. Once purchased, the course module(s), supporting materials, and exam are accessible online and on demand from AIIM’s training portal for 6 months. Upon occasion, this course is also offered in a live, instructor-led virtual classroom format.

Our enrollment page at www.aiim.org/training will indicate when/if such a class has been scheduled.

This course is ideal for...IT, compliance officers, legal staff, records management personnel, archivists, consultants, and other information professionals who are planning to establish or improve your information governance program. You’ll acquire the necessary skills to:

n Design a pragmatic framework for managing information assets

n Improve how information is captured, shared, accessed, stored, and disposed of

n Reduce storage and legal costs

n Save time and money through greater interoperability and standardized components

n Ensure legal and regulatory compliance

Information GovernanceTraining Program