From Records Management to Knowledge Management...

Coupling Modularity and Compliance as Drivers for Improved Efficiency and Cost Savings

New compliance drivers have prodded many firms into committing extensive resources to align their business processes with recommended transparency measures pertaining to financial, structural and procedural activities. Now that these activities have started to become integrated, in part or in full, by a large number of firms, a "second phase" of transparency-related issues has moved to the forefront. Firms should now evaluate the potential byproducts of their compliance-inspired initiatives—particularly in terms of whether they decrease long-term costs and increase overall efficiency, such as in the area of knowledge management—and adapt processes, tools and infrastructure to optimize performance within a compliant business context.

Capitalizing on the Byproducts of Compliance Drivers

One of the most beneficial byproducts of getting compliant with new transparency regulations is firms being forced to "get their house in order" in terms of improving processes, making operational activities more efficient and interconnected and creating an overall better organization. These improvements should position companies to be more cost-effective, competitive and responsive to customer and shareholder needs. However, an area in which the push for better performance is compromised is the ability to accurately evaluate how any implemented information storage and retrieval system works in terms of meeting actual knowledge management needs, which leads firms to address how and why certain information should be stored and used in the first place. All forms of retained data, whether they are paper-based documents, e-mails and attachments, presentations or video conferences, are all parts of the larger, integrated content management arena and need to be addressed in that context. Because many firms were not sure about the exact scale and eventual effects of new regulations, the tendency still existed to overcompensate and focus their compliance solution primarily on storage, on making sure that every piece of information was retained regardless of its actual importance or how much it would cost. But this approach begs the question: even if you are able to store everything, does that equate to actually being able to manage it?

Overshooting Need Fulfillment for Compliance Management

Aside from the huge expenditures required by storage upgrades, the "just storing everything" instinct increases the chance that information repositories become liability vaults: in other words, information is retained that doesn't, by law, need to be kept, which increases risk, and overall competitiveness diminishes in terms of search accuracy, retrieval efficiency and cost-effectiveness. This problem is compounded by the fact that compliance needs are not always readily apparent or static. Unfortunately, some firms became so intimidated by the imposing scope of compliance initiatives, and the perceived range of compliance tools needed to actually support these measures, that they just decided to take the "safe" route and sign off on costly reorganization of their IT infrastructure. Specifically, where overcompensation of this sort can really cause problems is with records management (RMA). Even if a firm does have some type of RMA tools embedded in a huge storage solution, are the RM-related capabilities performing on a scale that is necessary and consistent with established processes, or has the "overcompensation" mentality become the de facto standard for RMA, too? Related questions arise: How comprehensive does the RMA capability actually need to be? What is the required breadth and scale of RMA functionality? What RMA-related tasks can staff reasonably be expected to perform, and how long will it take them to be trained to perform at this expected level? How easy and cost-effective is it to deploy and integrate this RMA solution? Is the RMA solution opening up the company for unnecessary liability?

Given the impulse to overcompensate, some firms buy rigid and complex RMA systems that comply with the US Department of Defense's (DoD) 50125.2 standard for records management to ensure the high level of RMA security that a firm thinks is needed. But, many firms soon realize that their needs don't actually require this level of sophistication. For instance, staff who must actually use this type of solution need to be trained extensively on how to create and manage a file plan, a process which, again, can exceed a firm's realistic budgetary, manpower and accountability capabilities. Under a DoD-compliant RMA solution, every e-mail is a record, which can require additional attention in terms of maintenance, storage and accountability. Many firms simply want to file a full project folder as one record, which makes a DoD-compliant solution completely inappropriate for them.

Certainly, some firms actually do need the most comprehensive components of RMA functionality, but even in these cases, they may not need them right away. Firms may want the flexibility to address their RMA needs on an incremental level that they can control and feel confident about as it's slowly integrated into business processes and employees get acclimated to it. Bottom line: RMA can be one of the most complex business activities, and because it is embedded into key organizational processes, a complete RMA system cannot be integrated overnight. Integration is gradual, both in terms of matching technical capabilities to actual levels of need and in being able to effectively deploy and train people. Taking these issues into consideration, firms need to be forthcoming in their ability to recognize, answer and address the following questions:

• What type of RMA capability is actually needed?

• What data is involved (paper, e-mail, electronic)?

• Is DoD-compliant RMA necessary?

• Can an RMA system realistically beimplemented?

• Will users accept and use a new RMA system?

• Is there an RMA mindset?

• What is the real budget? and

• What is the implementation timeline?

Addressing RMA in a Compliance- influenced Business Climate

To answer these questions, it's important to identify the organizational types concerned with these issues. Motives for embracing compliance initiatives may vary, but all these organizational types must honestly appraise actual RMA needs and the level at which the needs must be addressed. The types are:

• Those still evaluating their necessary levels of RMA capabilities so they can continue solidifying processes and building up IT infrastructure to meet expectations;

• Those that installed processes and infrastructure to meet SOX requirements but have, in time, decided to reassess their approach's effectiveness; and

• Those not required to conform to compliance initiatives in particular but who are still committed, for efficiency and/or competitiveness, to adhering to its basic tenets; these firms have the "luxury" of taking incremental approaches to addressing the scale and scope of RMA they need.

  Given the level of need these firms have, three basic approaches to RMA exist, from the basic to complex:

• Personal RMA—individual responsibility for personal storage of key records;

• Departmental RMA—medium to large scale retention of all records; and

• Corporate or Enterprise RMA (DoD, PRO/TNA or ISO compliant)—the most extensive and rigorous RMA construct.

Making the Case for Modularity

Based on the predominance of firms overshooting or overcomplicating their approach to RMA (in the short or long term), a scaleable, incremental approach to RMA is preferable in nearly all instances because it anticipates the "organic" adjustments firms must routinely make as needs fluctuate. Firms and compliance regulations are so dynamic that change must be accommodated, so the structure of a selected RMA solution must take this reality into account. To help firms address variable RMA need levels, vendors such as ZyLAB offer a variety of modular, intuitive, and integrateable tools that enhance search and retrieval efficiency (fuzzy search, text mining, and so on) along with specialized tools for dedicated functions like redaction. All or some of these components can be bundled into whatever configuration matches a firm's needs.

Defining an RMA solution through this level of modularity means that users can control and operate RMA functions in the appropriate context, at the right scale. Empowering RMA in-house professionals is especially important now that firms are relying more on their own people to handle RMA tasks than on external personnel. Users can be trained to make proper decisions on what to keep and what to destroy, which optimizes the retention of records deemed relevant by internal, compliant processes. Simply put, a modular approach enables workers to benefit from scalability, integrateability and "learnability."

These basic levels of control and flexibility are not always available in high-end, super-storage solutions that many firms purchase due to their "overcompensation" mindset. Firms can effectively perform all of their content management tasks without purchasing monolithic, feature-heavy solutions that can adversely affect overall affordability and usability. Scaleable, flexible and open solutions offered by vendors such as ZyLAB enable firms to handle their records at whatever level of complexity is actually needed, whether those records are digitized paper, e-mail or other types of electronic documents.

Key Considerations for Evaluating Modular RMA Systems

For over 20 years, ZyLAB has worked alongside organizations with immense data repositories to develop the best information management solutions. This experience has shown that, although some RMA-related issues may ebb and flow, core concerns remain constant and need to be addressed:

• Just because e-mail is, according to a recent IDC report, the "elephant in the corner," doesn't mean managing it should be intimidating or viewed as exceptional within a larger RMA context. In fact, efficient and measured e-mail solutions that are consistent with internal processes and allow for automated filing and selective disposal of e-mails help optimize available storage, make business processes run smoother, and lessen overall organizational liability.

• The paperless office does not exist and won't anytime soon. Paper still exists in mass quantities, which demonstrates that organizations still realize the multiple benefits offered by paper documents. ZyLAB has long specialized in retaining the benefits of paper while relieving the burden of paper (storage, transportation, accessibility and so on), as well as also allowing digitized paper to be searched in tandem with other archived data types, like e-mail.

• Open technology and open formats, like XML and TIFF, enable better data security and availability throughout document lifecycles, regardless of original file types. Organizations need assurance that their information is always accessible without having to worry about upgrading or continually revamping their systems.

• Expectations for efficiency and cost-effectiveness are as high as they are for system performance. Efficiency-focused organizations demand software that is easy to use, install, deploy, support and maintain. Solution deployment should take days, not weeks or months.

• Meeting compliance requirements is a cost factor, so RMA solutions must be flexible and integrateable, supported by fast and usable searching, retrieving and organizing capabilities. Being able to optimize records information makes organizations more competitive and cost effective, particularly in terms of secondary costs like legal fees and staffing.

• A key to effective and affordable solutions is being able to buy only what is needed. Vendors must respect an organization's understanding of its RMA requirements and how to address them, particularly in terms of scale (i.e. lower upfront costs, quicker deployment and ROI and better positioning for incremental future growth).

• Integration with existing systems is preferable to comprehensive overhauls. Replacing significant parts of existing systems is costly and time-consuming. New RMA components should also seamlessly integrate into specialized tooling (such as case management tools for legal professionals).

---

ZyLAB is an innovative developer of affordable content management and compliance solutions for paper-intensive organizations. ZyIMAGE, ZyLAB's flagship solution, helps small and medium-sized businesses (SMBs) and government organizations digitally file and manage millions of pages of paper, electronic documents and e-mail. High-quality search and retrieval features (which support over 200 languages) give users the ability to easily organize, investigate and distribute information. With more than 7,000 installations worldwide and more than 300,000 users, ZyLAB has a wide breadth of experience and knowledge across a variety of different industries and business applications. For more information visit:www.zylab.com.