The Age of the Enterprise Compliance Repository
Information governance is transforming from a narrow focus on retention policies for end-state documents to a broad framework for how content of all formats is handled throughout the content lifecycle. As the hard lines between content and data blur, we’ve blown past enterprise content management and rolled right into the big leagues of enterprise compliance management.
Human resource files are often still stored in one system while customer transactions are in data systems, and contracts are generated by another application entirely. Despite strides in document digitization and process automation, companies still struggle to validate whether content is truly up to snuff with governance standards. Enforcing information governance can be like grasping at straws: the rise of mobile, on-demand processes has exponentially increased the volume and variety of content and applications that need to be tracked, analyzed and audited—and it’s not slowing down any time soon.
Compliance is no longer a function relegated just to an archiving issue. It is a well-coordinated dance between enterprise content management, workflow management, records management, email systems, data search, analytics engines, and the multitudes of new and legacy content repositories companies rely on to facilitate bottom-line business processes. Many organizations are creating central governance repositories that allow them to enforce their global governance rules and personalize those policies at the enterprise, entity, group, document, and device level.
Evolving the Compliance Elephant into a Lamb
Let’s admit it, though: that’s way easier said than done. Regulatory standards are still largely handled on a department-by-department basis. Whether change comes from IT leaders, records managers, or line-of-business managers, shifting to a mindset of enterprise governance is a struggle for organizations large and small. In our work with organizations undergoing this shift, I’ve seen the most successful companies share two main traits: building consensus and prioritizing content by risk.
I can’t emphasize enough how important it is to gather input from IT, individual business units, and legal teams before discussing specific technical requirements. When this happens, the conversation quickly moves from, “We need a system for this specific business process,” to focusing on how to build a central governance policy that’s robust and flexible enough to accommodate multiple data systems and business units.
It’s important to distinguish between compliance components and the documents, data, and paper archives. That makes it easier to identify high-risk content as soon as possible. Subdividing and figuring out the largest risk in the enterprise and solving for that, then solving for the next risk, and so on, helps break down this huge elephant of organizational content and systems into a lamb that’s much easier to wrangle.
The point isn’t to reach a singular point of consolidated technology. Completely converging every single instance of enterprise content into one repository is a zero-sum game that won’t be won anytime soon—the number of applications in which content is created is just growing too quickly. Rather, think about how to centralize the most important governance rules for storage and retention. With this approach, it’s much easier to get a complete report on all the content that is subject to a particular regulatory policy. Otherwise, one would have to log into many different systems, run a search, export it to Excel, and then start aggregating all the reports.
How Europe’s Largest Defense Company Built
One Global Information Management System for 70,000 Contractors
The best example of a large corporation steering all of its different rivers of governance into a central platform is Europe’s largest defense contractor. The company has over 70,000 contractors in 80 subsidiaries worldwide reporting to a global holding company. Talk about complex! Like most companies, they were applying one set of regulatory rules in system A, different rules in system B, and another set in system C—in each subsidiary. This approach was functional, for sure, but they were missing that crucial 1,000-foot view of their company’s true compliance.
Once the company created one core governance repository that was rolled out to all its subsidiaries, it gained complete regulatory control over content and business activities across all of its subgroups. Within the repository, they created an information governance framework composed of several sub-repositories that allow end users to select and apply their group’s specific regulatory parameters to content in specific systems they use. With this higher-level approach, global policies can be baked into the company’s complex business processes, and any change to their global standards are automatically apply to all subsidiaries in real time. Executive leadership has visibility into activities at both the group and company-wide level. Yet, each group can see, select, and submit only their document types, language, and retention policies within the application.
Building Consensus, Building Policy, Building Better Business
When conversations move beyond simply centralizing document storage and expand into discussing how to centralize the mechanisms by which information governance policies are enforced, real change can happen quickly across the enterprise. Getting a singular, accurate snapshot of all content affected by a particular compliance issue may seem impossible when you’re working with complex business processes, but breaking down a massive governance project into digestible pieces makes a centralized compliance control possible for any organization. Building a consensus around content architecture, using integrations to connect systems, and dividing and prioritizing content that poses the highest risk goes a long way to regain confidence in documents, content, and processes across the enterprise.
Everteam connects people, processes, and content to automate and streamline business workflows, which would otherwise be time-consuming, error-ridden, and non-compliant.