Digital information is doubling in size within your organization at a minimum of 24 months. Understanding what types of information you have, where it is stored and how to determine its importance to you organization the first step. Join our webinar on "5 Steps to Curbing Information Sprawl" to hear about the steps you can take to help minimize information sprawl across your organization.
Some of the focused information locations will be, but not limited to: Email, file shares, SharePoint and line of business systems and applications.
3. Step 1
A. What types of information, records and files are within
your organization?
B. Map where this information resides
C. Understand information's sensitivity and privacy
Know your
information
4. Discovering your (electronic) information
Record and Non Records
• How do you know, unless you know it exists?
• Both should have policies (but different)
Likely locations for information
• EDMS / CMS
• File Shares
• Email Servers
(plus PST on desktops)
• Business Systems
(commercial and home grown)
• Cloud Storage
• Desktops/Laptops
• Mobile Devices
• Backup/Archives
5. Map the information
How is the information created?
How long is the information kept?
Who can see the information?
Is the information in the correct place?
Is the information stored in more than one place?
Is the information related to other information?
6. Sensitivity and Privacy
Sensitive Data
• Corporate strategy
• Legal Information
• Insider trading
Private Data
• Customer data
• Employee data
7. Step 2
A. KISS (Keep it Simple Stupid)
B. Internal Resources vs. Contracting
C. Regulated and Non Regulated Policies
Create Rules
and Policies
8. Keep it Simple Stupid
• Fewer policies means easier maintenance
• Fewer policies are more likely to be remembered
Consider “Bigger Buckets”
• Easier rules are more likely to be followed
• Employees wont’ follow “language” they don’t understand
Keep it at “the 5th grade level”
• Keep is feasible
• Make sure it can be implemented
Make it practical
9. Internal vs External
• No harm in asking for a quote
• Compare to the true cost of an FTE (FullTime Employee)
Considering External
• Always up to date
• Publish new schedules at any time
Consider (Cloud) Service Based Solutions
• An experienced professional is on staff
• Regulatory, legal and business requirements are known
Internal resources may work when:
10. Regulatory & Non Regulatory Policies
Regulatory Policies
may include:
• HIPPA
• EPA
• FDA
• SEC
Non Regulatory:
• Tax
• Corporate needs
• Department of Labor
• State and Federal Laws
• Ask Legal about others
13. Classification Pros/Cons
Setup Accuracy User Experience Maintenance
Meta Data Map Data to Rules Perfect (GIGO) Data Entry unless
combined with
extraction
Only for new or change
in data
Content Training Duplicate Hits Only Exceptions Ongoing
Visual Training Duplicate Hits Only Exceptions Ongoing
Template Template Creation Very Good Only Exceptions Only for new or change
in data
14. Lifecycle Management & Disposition
• Assigns policies all phases (Active/In Active/Archive)
• Enforces these phases and the schedule for each
• Ensure all policies impacting a particular record is
considered
Lifecycle Management
• Assigns correct policy (Destroy/Archive/Transfer)
• Allows automation – IMPORTANT FOR ADOPTION
Disposition
16. Step 4
A. Leave data in place
B. Adopt policies to suit business processes
C. Keep users focused on their tasks
Leverage
Investments
17. In Place Information Management
• If users like the current system
• The data store meets security and privacy needs
• The taxonomy can support classification
When to consider leaving information in place?
• Users are unhappy with the current system
• Procedures are not being followed with current system
• It’s not possible to secure the information
• The data cannot be classified due to poor taxonomy
When to consider a migration?
18. Adopt Policies to Suit Current Systems
• Better to adopt IG to your current process when possible
• Current process are probably efficient
• Would you lose efficiency when changing the process?
Leave Good Business Processes Alone
• Users trained with their current systems
• Users won’t apply policies that impact productivity
• Users won’t delete obsolete data on their own
Keep users productive
19. Step 5
A. Record Creation
B. Policy Distribution
C. Holds
D. Classification/Lifecycle/Disposition
Automate
20. Electronic Business Data
With structured data records can be created automatically
Office Documents
Enforce save locations
Require Meta data
Email
Automatically based on folders
Automatically when users save attachments
Automate Record Creation
21. Policy Distribution
Make policies that are easy to understand (KISS)
Distribute the policies
• Email/Social Networks/Messaging
Don’t assume
Keep records of who/when policies were accepted
• Users won’t read policies unless they have to
22. Legal Holds
• Automate with Rules
• Apply to Current and Incoming Information
• Suspend the Lifecycle
Ensure Holds are Applied
• Automate
Remove Holds to Prevent Sprawl
23. Summary
1. Know and Map your Information
2. Classify and Apply Policies
3. Use Technology (Destruction)
4. Leverage Current Investments
5. Automate when Possible
There’s a lot of text and information on these slides. Some I may go through quick, but we’ll make it available after the call as well as the recording.