The New Information Governance World Galina Datskovsky, Ph.D., CRM Chair of the Board, ARMA International © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Agenda Records Management and Information Governance Responding with Governance RIM Professionals, Archivists and their role in the new organization How to bring up RIM professionals in organizations 2 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Traditional Records Management •Practice of maintaining an organization’s records from the point of creation to the point of disposal •This includes: –Gathering –Classifying –Storing –Securing –Applying policy –Archiving –Disposing 3 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Changing face of the Archive Archivists receive electronic content National Archives of the US Management Public Access Preservation 4 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Desired State - Governance Capture sufficient metadata and content when information is created to govern effectively Handle information as part of a systemized, repeatable and defensible process with reasonable protocols Establish clear policy, rules and privacy expectations for use, access and security of systems, including social networking sites For cloud environments, verify and limit data location 5 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What changed? Great reliance on electronic communication Surge of information Higher costs 6 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Backbone of Any Organization “When records are well-managed, agencies can use them to assess the impact of programs, to reduce redundant efforts, to save money, and to share knowledge within and across their organizations. In these ways, proper records management is the backbone of open Government.” The White House Memorandum re: Managing Government Records, November 28, 2011 7 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Litigation – a Reputation Problem U.S. District Judge James Selna, who is overseeing the consolidated cases against Toyota Motor Corp. related to millions of vehicle recalls in 2009 and 2010, primarily for issues of sudden unintended acceleration (SUA), has approved the discovery plan for the multidistrict litigation (MDL). Hundreds of lawsuits have been consolidated under Judge Selna’s court. 20 April 2010 — Toyota Motor Corp. agreed to pay a record $16.4 million fine that the National Highway Traffic Safety Administration (NHTSA) imposed on the company after finding that Toyota waited four months to report sudden acceleration defects in its vehicles. . 8 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Judicial Watch v Department of Commerce • • • • • 9 A U.S. District Court judge invited Judicial Watch to seek sanctions against the Department of Commerce for its initial mishandling of FOI Act requests for information on the late Commerce Secretary Ron Brown. The record in this case establishes beyond any reasonable dispute that the search was inadequate, unreasonable and unlawful under the FOIA. The DOC failed to search entire offices that were likely, if not certain, to hold responsive documents. Documents were destroyed, discarded, and given away, sometimes without being searched to determine if they were responsive, other times with full knowledge that they were responsive. The court ordered the production of agency records found to be improperly withheld, awarded attorney fees and litigation costs and issued a specific "written finding" of suspected arbitrary or capricious conduct. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Business Reality Today’s RIM Professional must: Understand Business needs Help Business move forward Understand the culture and nature of the business 10 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What is Necessary of Today’s Professional Understand multiple languages Language of IT Language of Compliance Language of Legal Language of the Business • Global needs • Local needs 11 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Understanding the business How do we do that? First, we must understand that the problems of businesses have changed. There’s a world of chaos that is organizational information. Unfortunately only approximately 7% 9% of enterprise content can be considered official records. If that’s all you manage and care about then you can only hope to be 7-9% relevant to your organization. What about the other 91% of information? It lives and grows exponentially in servers. It walks out the door on portable devices. It lives in the cloud. It’s being duplicated on hard drives and in SharePoint sites. And it must all be governed. Help your organization solve its pressing pain points. Show how you can help them become more efficient while minimizing risk. 12 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Return On Investment RIM Professional Must Understand the Desire of the Business for a Return on Investment, for example: Less Disk Space and Infrastructure Business efficiency Ability to do business internationally Regulatory Compliance Information Security and Protection 13 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Today’s Governance Professional Let’s talk concrete examples here. When it comes to retention and disposition, do you strive for perfection? If you do, the process may never really happen.. Striving for perfection costs us time – and may leave us paralyzed to act. As they say, the perfect is the enemy of the good. Instead, let’s discuss retention and disposition differently. Our focus should be on legally defensible retention and disposition. Take initiative, don’t Complain after the fact if you were not consulted. 14 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. How Does Today’s Professional Assess the Organization The Generally Accepted Recordkeeping Principles Help Guide the Professional and the Organization Accepted Internationally Help the Professional Align Various Business Functions 15 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What are The Principles A accountability T I P transparency integrity protection C A R D compliance availability retention disposition http://www.arma.org/garp 16 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ARMA Principles Principle of Accountability A senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for records and information management to appropriate individuals. The organization adopts policies and procedures to guide personnel and ensure that the program can be audited. •Principle of Transparency An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties. •Principle of Integrity An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability. 17 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ARMA Principles Principle of Protection An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection. Principle of Compliance An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies. Principle of Availability An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information. 18 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ARMA Principles Principle of Retention An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements. Principle of Disposition An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies. 19 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Maturity Model • Five levels • Less than 5 may be acceptable because of: - Organization risk tolerance - As measured against peers or competitors 20 The Principles Maturity Level Color Status 5 GREEN 4 BLUE 3 AMBER 2 ORANGE 1 RED © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Best Practices to be Followed by the RIM Professional Content Accessibility Effective and efficient access to enterprise information Fast response to FOIA, audit, investigations Control and Awareness Control over and insight into content sources across the organization Single policy authority • Ensure policy is applied consistently across information silos Proactive management of content via retention policies • Storage and productivity efficiencies via systematic removal of ROT (redundant, outdated, trivial content) Compliance, Oversight and Accountability Transparency to enterprise content and user actions on that content 21 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Where to Start? Perform an Assessment Multiple stakeholders complete assessment tool Analyze preliminary score • Valid starting metric • Benchmark against best practices and future progress Perform risk assessment Identify and prioritize high risk areas Perform detailed gap analysis Perform future state analysis Develop strategic road map 22 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Tools & Technology Infrastructure Governance Assessing Information Governance Streamline Policies And Procedures Setup Planning Assess Current Policies and Procedures Evaluate against Requirements Determine Future State Strategic Roadmap Update Infrastructure The Principles Regulatory Preparedness, Efficient Information Management, and Improved ROI 23 Enhance Current Tools – Install New Tools © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Risk/Reward Analysis Low Risk/Reward Area Compliance Risk Mitigation Low Risk/Reward Medium Risk/Reward Area High Risk /Reward Area High Risk/Reward Phase 1: Sub-Standard Phase 2: In Development Phase 3: Essential Phase 4: Proactive Phase 5: Transformational Maturity Low Maturity Level 24 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. High Maturity Level Today’s information governance professional Archivist or RIM Professional Technology savvy Understand the organizational landscape and mission Highly organized Understand retention principles Understand the difference between perfect and good enough Understand the meaning of reasonable effort Understand preservation as it relates to electronically stored information Understand how to apply physical records principles in the new world Understand the nature of global business needs Good communication skills 25 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why do Businesses Need RIM Professionals Competitive advantage Alignment of multiple functions: Legal, IT, Business Process Control of the greatest asset – Information Risk Mitigation Program Ownership 26 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Certification and Education Focus on skills discussed in the presentation as well as the traditional skills Teach Language of IT Teach Risk mitigation and legal principles Teach International Business requirements Teach ROI Use ARMA as a resource for sample curricula Use the Certificate and Certification courses offered 27 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Partner with Technology “Greater reliance on electronic communication and systems has radically increased the volume and diversity of information that agencies must manage. With proper planning, technology can make these records less burdensome to manage and easier to use and share. But if records management policies and practices are not updated for a digital age, the surge in information could overwhelm agency systems, leading to higher costs and lost records.” The White House Memorandum re: Managing Government Records, November 28, 2011 28 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Question & Answer Session 29 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.