eDiscovery - Turning Risks into Rewards: Developing a Comprehensive Records and
Information Management Framework
Event: ARMA 2011 Annual Symposium Toronto, Ontario, Canada June 1, 2011
Presented by; Keith Atteck Supervisor, Information Management Vale
2
VALE - (NYSE: VALE) www.vale.com Vale was born in 1942 in Brasil
Vale Canada Limited, a wholly-owned subsidiary of Vale Vale's nickel business, formerly known as Inco, has a rich history
dating back more than 100 years in Canada.
What we do Worlds largest producer of Iron Ore and one of the worlds largest producers of
nickel Vale also produces copper, manganese, ferroalloys, bauxite, alumina,
aluminum, coal, cobalt, PGMs, fertilizers, steel, and energy Vale operates on six continents through its mining operations, mineral research
plants, and commercial offices Employ > 100,000 employees, including outsourced workers worldwide
3
Topic:
eDiscovery - Turning Risks into Rewards: Developing a Comprehensive Records and Information Management Framework
Implementing a comprehensive RIM Framework and why it is the best defense in Discovery
Mitigating risk while maintaining record-keeping compliance
Applying Canadian General Standards Board standards to keep records with integrity
4
Disclaimer
The views expressed in this presentation are those of the author.
5
Source: http://edrm.net/
IM is the source for discovery Poor IM = Hard Discovery Good IM = Easy Discovery
Goal
6
Risk: Information Management (IM)
Why must information be systematically managed and protected?
Now, where did I put
that document?
eRecords on Servers make the job more critical?
7
Risk: Information Management (IM)
Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT
8
Risk: IM Technology Evolution Paper Record, Blue Print Drawing
1. Print, Index, Folder, Cabinet, Box, Binder, Stick File, etc.
Electronic File – Name.doc, xls, ppt, pdf, dgn, dwg, etc.
2. Hard Drive – PC or Laptop, C:\ Folders
3. Network Shared Drive, S:\ I:\ Folders
4. E-mail, Personal Folders - Outlook
5. Floppy, CD, DVD, PDA, Flash Drives, iPad etc.
6. Web Sites - Intranet, FTP, Extranet, Portals – SharePoint
7. Tracking Databases – ERP, etc.
• Enterprise Content Management (ECM) & Imaging
• Wikis, Blogs, IM, Web 2.0, Cloud Computing, etc. Futu
re,
Cu
rren
t P
rese
nt
& P
ast
9
RIM: Solving Business Issues
Paper to electronic records paradigm shift Paper the record – electronic the convenience Paradigm Shift Electronic the record – Paper the convenience
Technology Systems Differentiation Systems of Record – Official Corporate Records Vs. Systems of Engagement – Sharing and Messaging Vs. Systems of Management – Dynamic Databases Etc.
All
may be deemed Records
& All
may be Relevant
In Discovery
10
Risk: IM is Global!
Think Globally and Act Locally
11
Risk: Evidence Canada Evidence Act
“31.1 Any person seeking to admit an electronic document as evidence has the burden of proving its authenticity by evidence capable of supporting a finding that the electronic document is that which it is purported to be.”
“31.2 (1) The best evidence rule in respect of an electronic document is satisfied
• (a) on proof of the integrity of the electronic documents system by or in which the electronic document was recorded or stored; or
• (b) if an evidentiary presumption established under section 31.4 applies.”
“31.5 For the purpose of determining under any rule of law whether an electronic document is admissible, evidence may be presented in respect of any standard, procedure, usage or practice concerning the manner in which electronic documents are to be recorded or stored, having regard to the type of business, enterprise or endeavour that used, recorded or stored the electronic document and the nature and purpose of the electronic document.”
Source: Department of Justice - http://laws.justice.gc.ca/eng/StatutesByTitle/C.html
Application of best evidence rule — electronic documents
Authentication of electronic documents
Standards may be considered
12
Best Practice: Evidence Canada CAN/CGSB 72.34-2005 - Electronic Records as Documentary Evidence
“5.2.1 Those who wish to present an electronic record as evidence in legal proceedings shall be able to prove
a) authenticity of the record;
b) integrity of the Records Management System that a record was recorded or stored in; and
c) that it is "a record made in the usual and ordinary course of business" or that it is otherwise exempt from the legal rule barring hearsay evidence.”
Source: CGSB - http://www.tpsgc-pwgsc.gc.ca/ongc/home/index-e.html
13
Best Practices: Standards ISO 15489:2001 – Information and Documentation – Records Management – Guidelines
ANSI/AIIM TR31-2004 – Legal Acceptance of Records Produced by Information Technology Systems
CAN/CGSB 72.34-2005 - Electronic Records as Documentary Evidence
BIP 0008-2004 – Code of Practice for Legal Admissibility and evidentiary weight of information stored electronically
MoReq2 Specification – Model Requirements for the Management of Electronic Records
PROS 99/007: Version 2: 2005 Management of Electronic Records - Victorian Electronic Records Strategy (VERS)
GARP – Generally Accepted Recordkeeping Principles (ARMA)
International
United States
Canada
United Kingdom
Europe
Australia
Other
14
Best Practice: ISO15489 ISO15489-1:2001 – Information and documentation – Records management
Applies to records, in all formats, created or received by any public or private organization in the conduct of its activities, or any individual with a duty to create and maintain records.
Supports: • Electronic Records Management (ERM) & Physical Records • ISO9001 – Quality Management Systems • ISO14001 – Environmental Management Systems • ISO/IEC 17025: 2005 General requirements for the competence of testing and
calibration laboratories Sets principles of Records & Information Management practice
• Organization institute comprehensive program • Characteristics, Authenticity, and Integrity of a record • Based on Functional Classification
Design and implementation of record systems • Integrity of the system • Compliance to legal and regulatory environment • Documenting records transactions
Source: ISO http://www.iso.org/iso/catalogue_detail?csnumber=31908
15
Best Practice: GARP
Information Governance with Generally Accepted Recordkeeping Principles (GARP)
8 Principles Principle of Accountability Principle of Integrity Principle of Protection Principle of Compliance Principle of Availability Principle of Retention Principle of Disposition Principle of Transparency
GARP Capability Maturity Model
Source: ARMA http://www.arma.org/garp/index.cfm
GARP Maturity Level
Colour Status
1 Sub-standard RED
2 In Development ORANGE
3 Essential AMBER
4 Proactive BLUE
5 Transformational GREEN
16
RIM: Vision Ecosystem of Information Working in one environment where all records are;
Created or Captured – once, Collaborated Globally – version controlled, and Managed – as records.
Being Confident that; You can find the original record – every time, You know who worked on it – who used it, and You know what it was used for – related to activity.
Know that: One never has to search any other system, One can leverage the collective wisdom and knowledge of the organization, and Everyone’s efforts will not be lost or misplaced.
17
RIM: Guiding Principles SINGLE authoritative source of information
All documents will be filed electronically Into one system as a normal course of business Everyone depends on the system
Manage only ONE COPY File once – use many times - in many ways All transacted records made from the document management system
FIRST point of contact principle The person who is first point of contact with documentation is
responsible for determining and ensuring that documentation is appropriately filed
18
RIM: Program Framework
Fundamentals of Records & Information Management Uses GARP, ISO15489, CGSB,
ARMA, AIIM Standards, etc. Technology agnostic Conforms to Laws, Regulations
All must be developed and in place to implement ECM RIM is the core – the foundation Everything else is an output of RIM Including eDiscovery
Classification Retention
Metadata
Security
Vital Records Electronic Messages
Legal Hold & Discovery Imaging
Technology Change Organization Change
Etc.
19
RIM: Program Framework
Record Decision Record Classification & Retention Business Rules
20
Enterprise Content Management (ECM)
RIM Framework Governs ECM Technology Deployments
21
RIM: Compliance Auditing
General - Benefits of Auditing Test the degree of integrity of systems and procedures Understanding degree and extent of compliance Identifying gaps in procedures and training
Local - Due Diligence Reviews Conduct regular reviews of all record classifications & metadata Identify change issues of employees and management Identifies changes in the business environment and gaps in training
Global - Quality Assurance Reviews Critical for demonstrating integrity of systems, tools and procedures Management knows if the systems, tools and procedures are working Important for Litigation support – Safe Harbour
22
Risk Vs. Rewards for Business Risk – The Blind
Lack of Governance - ad hoc IT is in charge?????? Don’t know what are records Don’t know the custodians Inability to audit Number of uncontrolled information
types and sources Volume of duplication Lack of information category structure Too much technology Can’t find anything easily Poor basis for business decisions No idea what is really happening ECM deployments tend to fail Etc.
Rewards – Clear Vision Good governance & transparency RIM Manager is in charge Can identify a record and a copy Can identify record authors, custodians and users Auditable - demonstrates due diligence Controlled record types and sources Avoids uncontrolled repositories Reduced volume – original records Global search categories – relevancy Integration of Knowledge Management Can find everything quickly and efficiently – better decisions Controlled technology evolution Reduced stress to the organization and its personnel ECM has a solid foundation and can succeed Etc.
ROI – Risk of Incarceration (reduced)
Which version do you want to present in
court?
23
RIM Professionals “RIM professionals can offer a safe harbor of sorts….
This requires that RIM professionals understand the key legal and IT issues and for them to collaborate effectively with staff in those departments to ensure the implementation and management of a solid, documented, and explainable records management program.
When a RIM program is in effect and adhered to as it is written – and the organization can show proof of compliance with the program – the organization’s attorneys are in a much better position to defend its ediscovery processes and the information it did – or didn’t produce.”
Resources: American Records Management Association (ARMA)
• http://www.arma.org/ • Chapters in Canada
Association of Imaging and Information Management (AIIM) • http://www.aiim.org/ • Chapters in Canada
Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT
24
Source: http://edrm.net/
IM is the source for discovery Poor IM = Hard Discovery Good IM = Easy Discovery
Goal
25
Questions ?????
Contact: Keith Atteck C.Tech. ERMm Supervisor, Information Management Vale Corporate Office Base Metals 2101 Hadwen Road Mississauga, Ontario, Canada, L5K 2L3 T: 1 (905) 403 3179 F: 1 (905) 403 1098 [email protected]
Turning Risks into Rewards: Building a Comprehensive Records and
Information Management Framework
Event: ARMA 2011 Annual Symposium Toronto, Ontario, Canada June 1, 2011
Presented by; Keith Atteck Supervisor, Information Management Vale