Information Governance

advertisement
The New Information
Governance World
Galina Datskovsky, Ph.D., CRM
Chair of the Board, ARMA International
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Agenda
Records Management and Information Governance
Responding with Governance
RIM Professionals, Archivists and their role in the new
organization
How to bring up RIM professionals in organizations
2
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Traditional Records Management
•Practice
of maintaining an organization’s records from the point of
creation to the point of disposal
•This includes:
–Gathering
–Classifying
–Storing
–Securing
–Applying
policy
–Archiving
–Disposing
3
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Changing face of the Archive
Archivists receive electronic content
National Archives of the US
Management
Public Access
Preservation
4
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Desired State - Governance
Capture sufficient metadata and content when information is
created to govern effectively
Handle information as part of a systemized, repeatable and
defensible process with reasonable protocols
Establish clear policy, rules and privacy expectations for use,
access and security of systems, including social networking sites
For cloud environments, verify and limit data location
5
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
What changed?
Great reliance on
electronic
communication
Surge of information
Higher costs
6
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Backbone of Any Organization
“When records are well-managed, agencies can use
them to assess the impact of programs, to reduce
redundant efforts, to save money, and to share
knowledge within and across their organizations. In
these ways, proper records management is the
backbone of open Government.”
The White House Memorandum re: Managing Government Records, November 28, 2011
7
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Litigation – a Reputation Problem
U.S. District Judge James Selna, who is overseeing the consolidated
cases against Toyota Motor Corp. related to millions of vehicle recalls in
2009 and 2010, primarily for issues of sudden unintended acceleration
(SUA), has approved the discovery plan for the multidistrict litigation
(MDL). Hundreds of lawsuits have been consolidated under Judge Selna’s
court.
20 April 2010 — Toyota Motor Corp. agreed to pay a record $16.4 million
fine that the National Highway Traffic Safety Administration (NHTSA)
imposed on the company after finding that Toyota waited four months to
report sudden acceleration defects in its vehicles.
.
8
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Judicial Watch v Department of Commerce
•
•
•
•
•
9
A U.S. District Court judge invited Judicial Watch to seek sanctions against the Department of
Commerce for its initial mishandling of FOI Act requests for information on the late Commerce Secretary
Ron Brown.
The record in this case establishes beyond any reasonable dispute that the search was inadequate,
unreasonable and unlawful under the FOIA.
The DOC failed to search entire offices that were likely,
if not certain, to hold responsive documents.
Documents were destroyed, discarded, and given away,
sometimes without being searched to determine if they
were responsive, other times with full knowledge that
they were responsive.
The court ordered the production of agency records found
to be improperly withheld, awarded attorney fees and litigation
costs and issued a specific "written finding" of suspected
arbitrary or capricious conduct.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Business Reality
Today’s RIM Professional must:
Understand Business needs
Help Business move forward
Understand the culture and nature of the business
10
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
What is Necessary of Today’s Professional
Understand multiple languages
Language of IT
Language of Compliance
Language of Legal
Language of the Business
• Global needs
• Local needs
11
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Understanding the business
How do we do that? First, we must understand that the problems
of businesses have changed. There’s a world of chaos that is
organizational information. Unfortunately only approximately 7% 9% of enterprise content can be considered official records. If
that’s all you manage and care about then you can only hope to be
7-9% relevant to your organization.
What about the other 91% of information? It lives and grows
exponentially in servers. It walks out the door on portable devices.
It lives in the cloud. It’s being duplicated on hard drives and in
SharePoint sites. And it must all be governed. Help your
organization solve its pressing pain points. Show how you can
help them become more efficient while minimizing risk.
12
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Return On Investment
RIM Professional Must Understand the Desire of the Business for a
Return on Investment, for example:
Less Disk Space and Infrastructure
Business efficiency
Ability to do business internationally
Regulatory Compliance
Information Security and Protection
13
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Today’s Governance Professional
Let’s talk concrete examples here. When it comes to retention and
disposition, do you strive for perfection? If you do, the process
may never really happen.. Striving for perfection costs us time –
and may leave us paralyzed to act. As they say, the perfect is the
enemy of the good. Instead, let’s discuss retention and disposition
differently. Our focus should be on legally defensible retention and
disposition.
Take initiative, don’t Complain after the fact if you were not
consulted.
14
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How Does Today’s Professional Assess the
Organization
The Generally Accepted Recordkeeping Principles Help Guide the
Professional and the Organization
Accepted Internationally
Help the Professional Align Various Business Functions
15
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
What are The Principles
A
accountability
T
I
P
transparency
integrity
protection
C
A
R
D
compliance
availability
retention
disposition
http://www.arma.org/garp
16
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ARMA Principles
Principle of Accountability
A senior executive (or a person of comparable authority) shall oversee the information
governance program and delegate responsibility for records and information
management to appropriate individuals. The organization adopts policies and
procedures to guide personnel and ensure that the program can be audited.
•Principle of Transparency
An organization’s business processes and activities, including its information
governance program, shall be documented in an open and verifiable manner, and that
documentation shall be available to all personnel and appropriate interested parties.
•Principle of Integrity
An information governance program shall be constructed so the information generated
by or managed for the organization has a reasonable and suitable guarantee of
authenticity and reliability.
17
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ARMA Principles
Principle of Protection
An information governance program shall be constructed to ensure a reasonable
level of protection for records and information that are private, confidential,
privileged, secret, classified, or essential to business continuity or that otherwise
require protection.
Principle of Compliance
An information governance program shall be constructed to comply with applicable
laws and other binding authorities, as well as with the organization’s policies.
Principle of Availability
An organization shall maintain records and information in a manner that ensures
timely, efficient, and accurate retrieval of needed information.
18
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ARMA Principles
Principle of Retention
An organization shall maintain its records and information for an
appropriate time, taking into account its legal, regulatory, fiscal,
operational, and historical requirements.
Principle of Disposition
An organization shall provide secure and appropriate disposition for
records and information that are no longer required to be maintained by
applicable laws and the organization’s policies.
19
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Maturity Model
• Five levels
• Less than 5 may be acceptable because of:
- Organization risk tolerance
- As measured against peers or competitors
20
The Principles Maturity Level
Color Status
5
GREEN
4
BLUE
3
AMBER
2
ORANGE
1
RED
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Best Practices to be Followed by the RIM
Professional
Content Accessibility
Effective and efficient access to enterprise information
Fast response to FOIA, audit, investigations
Control and Awareness
Control over and insight into content sources across the organization
Single policy authority
• Ensure policy is applied consistently across information silos
Proactive management of content via retention policies
• Storage and productivity efficiencies via systematic removal of ROT
(redundant, outdated, trivial content)
Compliance, Oversight and Accountability
Transparency to enterprise content and user actions on that content
21
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Where to Start?
Perform an Assessment
Multiple stakeholders complete assessment tool
Analyze preliminary score
• Valid starting metric
• Benchmark against best practices and future progress
Perform risk assessment
Identify and prioritize high risk areas
Perform detailed gap analysis
Perform future state analysis
Develop strategic road map
22
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Tools &
Technology
Infrastructure
Governance
Assessing Information Governance
Streamline Policies
And Procedures
Setup
Planning
Assess
Current
Policies and
Procedures
Evaluate
against
Requirements
Determine
Future State
Strategic
Roadmap
Update
Infrastructure
The Principles
Regulatory Preparedness, Efficient Information Management, and Improved ROI
23
Enhance Current
Tools – Install
New Tools
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Risk/Reward Analysis
Low Risk/Reward Area
Compliance
Risk Mitigation
Low Risk/Reward
Medium Risk/Reward Area
High Risk /Reward Area
High Risk/Reward
Phase 1:
Sub-Standard
Phase 2:
In
Development
Phase 3:
Essential
Phase 4:
Proactive
Phase 5:
Transformational
Maturity
Low Maturity Level
24
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
High Maturity Level
Today’s information governance
professional
Archivist or RIM Professional
Technology savvy
Understand the organizational landscape and mission
Highly organized
Understand retention principles
Understand the difference between perfect and good enough
Understand the meaning of reasonable effort
Understand preservation as it relates to electronically stored information
Understand how to apply physical records principles in the new world
Understand the nature of global business needs
Good communication skills
25
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Why do Businesses Need RIM Professionals
Competitive advantage
Alignment of multiple functions: Legal, IT, Business
Process
Control of the greatest asset – Information
Risk Mitigation
Program Ownership
26
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Certification and Education
Focus on skills discussed in the presentation as well as the
traditional skills
Teach Language of IT
Teach Risk mitigation and legal principles
Teach International Business requirements
Teach ROI
Use ARMA as a resource for sample curricula
Use the Certificate and Certification courses offered
27
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Partner with Technology
“Greater reliance on electronic communication and
systems has radically increased the volume and
diversity of information that agencies must manage.
With proper planning, technology can make these
records less burdensome to manage and easier to
use and share. But if records management policies
and practices are not updated for a digital age, the
surge in information could overwhelm agency
systems, leading to higher costs and lost records.”
The White House Memorandum re: Managing Government Records, November 28, 2011
28
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Question & Answer Session
29
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Download