Registration is now open for KMWorld 2019. Register now to join us Nov 4 - 7 in Washington, D.C.

Charting the Way
The Information Governance Imperative

This article is part of the Best Practices White Paper Records Management & Regulatory Compliance [November/December 2008]

We are witnessing an ominous information governance challenge. We see explosive growth in the creation and collection of documents and other rich content. We also see organizations being inundated by demands for compliance with industry regulations and laws (locally and abroad). Urgency is growing to gain control of this dynamic.

Transparent Access to All Content
Organizations want to provide users with simple and easy access to corporate content. In most enterprises, content resides in multiple repositories deployed across departments. This prevents organizations from having 360-degree views of corporate information.

The business value of rapidly accessing corporate content is well documented. Organizations are now realizing its importance for electronic discovery; and discovery goes beyond litigation—for example, financial services organizations need to rapidly assess their mortgage subprime exposure to determine the best course of action and avoid embarrassing announcements of new subprime losses quarter after quarter.

Providing transparent access to content must be done with information governance controls weaved into the fabric of the content infrastructure and not built as an island on the side:

Control record lifecycle. Many regulations and laws mandate retention records for specific periods of time. These requirements have led to the development of records management (RM) and archiving applications and the emergence of standards such as DoD 5015.2, MoReq2 and ISO 15489.

Effective and efficient electronic discovery. The Zubulake-UBS Warburg case and the US FRCP 2006 amendments that followed established new guidelines for discovery and production of electronically stored information (ESI). Discovery for risk assessment is also emerging as a need.

Privacy protection. Private and public entities have a duty to protect the privacy of individuals they deal with: medical privacy (example: patient medical history), citizen privacy (example: race) and financial privacy (example: credit card numbers).

Realities and Challenges
Organizations are cognizant of their compliance obligations, especially with some highly publicized fines reaching hundreds of millions of dollars. They also understand that non-compliance can lead to revenue loss, reputational damage and jail time for C-level executives (example: Enron).

In the past, the market has looked at various compliance requirements as distinct disciplines. Organizations are realizing that they must look at these issues through the holistic prism of information governance. Many have set up internal committees to determine the best strategies for implementing these solutions. These committees often include senior IT, compliance and legal managers and operate under the watchful eyes of C-level executives.

1. Update and expand the scope of the corporate RM program.
Update antiquated RM programs, and eliminate/reduce inconsistent, duplicated and sometimes obsolete record-type entries in the retention schedules. Some organizations are expanding the scope of these programs to cover other compliance requirements (discovery, privacy, etc.)

2. Implement RM solutions that cover all content within the enterprise.
Large corporations have massive amounts of content (hundreds and sometimes thousands of terabytes, example Fortune 100):

  • Content is scattered in repositories located in different jurisdictions and multiple architectures (mainframes, open systems and Windows). Except for non-strategic repositories (which could/should be migrated), most content must remain in-place with a central information governance component (federation) controlling it.
  • Many forms and formats of content: example mainframe-generated AFP reports cannot be managed in traditional document-centric ECM solutions; and
  • Information governance policies must be deployed and applied in a federated manner.
Many vendors promote "RM-enabled" ECM products as THE solution for compliance requirements. Some of these offerings have serious limitations:
  • Content repositories are unproven at enterprise levels;
  • Lack of scalable federated RM capabilities;
  • No direct support for mainframe-based repositories;
  • Lack of scalable metadata repository (possibly 100TB+); and
  • By design, RM-based solutions deal with content formally declared as corporate records only. Discovery and privacy protection cover all content.

Information Governance Solution Framework
Many corporations have embraced the view (through hindsight or failed pilots) that information governance is NOT a product but rather a solution framework that requires new thinking. Some have embarked on projects to build their own solutions along the following lines:

  • Information governance module with a compliance management dashboard to deploy, manage and apply compliance policies;
  • Central metadata repository containing a rich set of indexes that serve compliance functions (retention, discovery, etc.); and
  • SOA-based integration layer to provide access and immutability services to federated content.

With the exception of a few resource-rich corporations, the market needs a commercialized solution offering that provides blueprints and many of the components described above to significantly reduce the cost and accelerate the implementation of information governance solutions.

RSD GLASS
RSD GLASS© is an information governance solution framework offered commercially by RSD, a vendor with 30+ years of experience in providing archiving solutions that manage high volumes of content (including mainframes) at some of the largest global corporations. It provides organizations with a well-charted path and a significant head start in their efforts to implement information governance solutions.

RSD GLASS includes the following:

Integrated information governance module: provides internal transparency by allowing various compliance policies to be managed and applied to content in a federated model. It also features a unique central information governance metadata repository (for structured and content indexes); and

SOA-based content integration layer: provides users (and applications) with simple and rapid access to content in all corporate repositories.

The solution framework covers a wide range of products in the RSD product family, including the enterprise-level-scalable and award-winning content archives EOS and RSD Folders.


Founded in 1973 in Geneva, with affiliates in New York and London, RSD helps companies meet the growing challenge of information governance by providing market-leading products for business information delivery, content and records management, and document archiving and retrieval.

To learn more about RSD, visit www.rsd.com.


 


Search KMWorld

Connect