Understanding the ERM Challenge

Corporate executives are painfully aware of the need for "compliance," thanks to regulations such as Sarbanes-Oxley, HIPAA, industry-specific mandates and a raft of financial scandals. Legislation now spells out what was only implicit before: all electronic information, including email and even instant messaging, has to be logged, saved, indexed for search and retrieval, and securely retained for a specific number of years. Numerous mandates also stiffen civil and criminal penalties for non-compliance and hold the CEOs accountable.

Perhaps an even bigger worry is the ever-present threat of litigation: the ability to find and produce all related documents for discovery on demand could mean the difference between winning and losing millions of dollars. Often these records are emails, such as interoffice memos and customer correspondence, which are staggeringly expensive to produce, can easily contain incriminating evidence and, if unlawfully destroyed, expose the organization to severe consequences. Most executives now understand the serious nature of records management.

However, executives may not realize the breadth of its impact across the enterprise or the diversity of requirements that it imposes. They may mistakenly assume their disaster recovery systems, email archives or document management repositories—systems designed for other purposes entirely—are meeting their enterprise records management needs. Or they may not realize that the DoD 5015.2-compliant records management application they implemented in the legal department is overkill for most of the records they need to manage, leading to user resistance and a failed corporate objective.

Enterprise records management (ERM) must be both comprehensive and flexible. That means it provides a common infrastructure supporting the wide diversity of enterprisewide record types—from formal electronic records to informal memos, emails and discussion threads, to traditional paper and microfilm. And it does so without imposing a single set of management elements and procedures for all record types and user groups. Instead, each group can implement elements and procedures appropriate to the business need.

The ERM Challenge

Enterprise records management protects the public by preserving evidence of transactions and business conduct, and it protects the company by lowering the cost of producing the records when required, reducing the risks of non-compliance, and managing the massive stores of information that continue to build daily. A comprehensive, policy-based program of record retention, supported by technology that properly classifies and archives all records, can eliminate the cost of ad hoc discovery or investigation while keeping investigators and litigators from combing through user files themselves. Adding disposition policies ensures that documents that have met all of their legal and corporate obligations can be destroyed.

Clearly, a one-size-fits-all approach cannot work. The rules defining what constitutes a record, whether that classification is overt (formal) or implicit (informal), and how those records must be organized and named in the record repository, vary widely depending on the type of record and the business requirement. Technology that simplifies life for a dedicated records administrator may add burdensome complexity to ordinary office workers and managers.

With these diverse requirements in mind, let's look at what a practical ERM approach really needs to deliver.

Automatic Policy-Based Retention
Retention is the essential requirement governing most records management needs in the enterprise. It preserves documents, without the possibility of revision or deletion, for a specified period of time, and destroys or otherwise disposes of them at the end of the retention period. Policy-based means the decision to retain a document is not left to the author, but established by policy to apply to an entire class of documents, such as all documents in a specified set of folders. In this way, retention management is invisible to most users; the policy is applied automatically when a document is stored, without prompting for additional metadata. Also required is the ability to override policy-based retention with "holds" imposed when a document must be preserved for an investigation or legal action.

Formal Records Management
A subset of the organization's records may require management as formal records, the centerpiece of which is the file plan—a permanent, system-wide classification schema for records, defining record naming, organization and descriptive metadata, specified and managed by a records administrator. A document is overtly declared as a record by storing it in a location managed by the file plan, and classified using metadata specified by the file plan. Retention is defined by the classification. The DoD 5015.2 standard, used to certify records management applications implementing these procedures, is widely used as the "gold standard" for records management, but is, for the most part, needed only for formal records.

Unified Management Infrastructure
When organizations apply records management in place, and leverage an existing enterprise content management infrastructure, they don't have to supply dedicated repositories for managing individual content types—documents, emails, text messages, websites and more—and other repositories for managing them as records. Not having to copy or move content from a unified repository to an electronic records repository means organizations don't have to support redundant infrastructure for storage, access control, metadata management, user interface and a host of other features.

Modular Business-Driven Implementation
A practical approach to enterprise records management complements unified end-to-end infrastructure with modular deployment. So, for example, groups that need only retention policy management can implement that, while other groups can implement formal records management as needed—up to full DoD 5015-compliant procedures. (Many early adopters of enterprise records management considered DoD 5015 compliance the benchmark for software functionality, largely because there is no standard for simple retention management, which is the largest component of an enterprise's business need.)

Practical ERM Software

With the above in mind, let's explore a practical approach to enterprise records management.

Comprehensive
First, ERM needs to provide a common framework for managing records based on all types of content. This includes electronic content—such as revisable documents, scanned images, email and text messaging, host reports and statements, websites, even online collaboration—and physical records, such as paper files and microfilm. Management must also be comprehensive, from basic retention management to full DoD 5015.2-certified records management.

This requires looking at enterprise records management as an IT infrastructure issue, not simply another application loosely tied to the stack. Unfortunately, records management today often involves a collection of point solutions, which means replicating the policies and rules, metadata, access control and other management features in each records repository, and keeping them all in line on an ongoing basis.

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Understanding the ERM Challenge

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

TRANSFORMING ENTERPRISE KNOWLEDGE: THE JOURNEY TO SAFE, SECURE, AND TRUSTWORTHY AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars