February 1, 2007
Article

Email: Unsticking the Glue

"ISO is all about pleasing your customers. A lot of people think it's just about procedures and working instructions, but at the end of the day, the reason you have those procedures is to assure customer satisfaction. For instance, you define an escalation procedure if there is a complaint, and your customer knows that complaint is being taken into account and being handled.

"Part of that whole process is to have a number of controlled documents. Some of those documents are normal correspondence with your customers. Some are more formal agreements you have with your customers, like quotes.

"The process control that's related to each type of document is the key. For instance, if you send out a statement-of-work, it's important that the statement is validated and possible to deliver before someone promises it to the customer. You also want to control agreements with YOUR suppliers, to be sure they are supplying what you ordered so you can fulfill your obligations.

"So the whole ISO 9000 certification is about a number of archives. Those archives have a retention policy, because you don't want to archive everything, but you DO want to retain some things, to show customers that your policies or pricing structure might have changed.

"In the process of setting up these systems, we found that we had lots of data stored all over the place, including confidential employee information that had been emailed for one reason or another... HR information such as social security and bank account numbers, performance reviews etc., that were kept by people on their local hard disks. You don't want to do that; you DON'T want multiple copies of confidential information floating around on 10, or hundreds or thousands of PCs.

"The answer is to create a central repository for important documents, and email is part of that. You don't want to have files floating around outside of the central repository. You want to control those files so that you can prove that, once you've deleted a file, you've deleted every copy of it.

"Before someone comes aboard at our company, we train them on the procedure. It's like if you go to work in a chemical plant; first they give you the safety training. We train people how to handle documents; if you have this type of document, you have to file it here. If you have that type, you have to file it there. And—very importantly—when you send an email, you have to decide where in the central repository it should be stored.

"That's what I like about this new regulation: if you can prove that everybody archives their data in central locations, you're safe. And it's good policy anyway.

"The next problem is enforcing it. We keep email locally for a period of three or four months. During that period, we conduct audits. We compare what's in employees' short-term local storage with the central repository; if 99% of an employee's information has been stored where it should have been, we can safely assume that employee is doing the right thing. "One person conducts these audits, and I admit, that's a cost burden. But in our case, all email sent out is converted to XML files. Those files are then all searchable, so we can easily do sample checks.

"It costs some money at the beginning. But if you DON'T do this, and you have a problem with a customer, or the customer is not happy with the service or—worst case—if there is a human resource issue, the costs of recovering information are going to be astronomical compared to investing beforehand."

I interrupt him to ask whether there is some positive reinforcement—is it all stick, or is there some carrot, too? "Sure... they know if an email is in the proper folder, they can find it easier. And if the salespeople save emails in the right place, the technical people can see how useful that is.

"If someone loses their hard disk, or if someone leaves the company, we know that in high probability their information is in the central archive. We also know that if we get a question about a certain employee, we know all the information is in one location.

"If a rogue employee uses the company email to do something bad, and the authorities want all the emails that person sent or received, we can say that all company-relevant email is stored centrally, and all irrelevant email is destroyed, because there's no need for us to keep it, according to our stated policy.

"Some people refer to email archives as a ‘K vault'—a knowledge vault. We call it an ‘L vault'—a liability vault. You want to archive only what you're required to keep. Everything else can be used against you, and there's no reason to keep it.

"By the way, there's a big difference between backup for disaster recovery, and backup of archives. You don't want to use your disaster recovery tapes as archives; you want to recycle them as much as possible. If you have your information stored properly in a central repository, you probably won't need a backup tape anyway.

"Because we were able to get rid of all irrelevant data, and put the good stuff in the central repository, we can do better knowledge management. We have proper filing plans, so our records management is taken care of. We also saved tremendous hard disk space, so the IT guys love it. It took us a year, and it still takes resources to enforce it. But more and more organizations are treating email as if it were a piece of paper; archive it as a record if you must, or throw it away.

"I've heard of judges who said: ‘You threw your email away after three months, so you must be guilty.' The FRCP rules protect you from that. Naturally, you must have a reasonable destruction plan; you can't destroy things just before a lawsuit, for instance. Time—and court tests—will tell us what a ‘reasonable policy' really means, but in the meantime, you're pretty safe with an easily enforceable filing plan and disposition policy. Having a central archive has allowed us to do that."

As I write this, the new FRCP rules are about a month old. There will no doubt be tweaks and amendments to the amendments. There is a conference of judges, attorneys general, people from the National Archive and business leaders, called the Sedona Conference, that is, as we speak, recommending even more guidelines for the publishing and disposition of electronic information of all types. The rules surrounding the discovery and disclosure of electronic documents will certainly continue to be clarified and updated. For the time being, though, a company that shows good faith in treating its records with care and respect for the rules will do just fine.

Correction In the January issue of the KMWorld White Paper, "Best Practices in Business Process Management," we included the wrong photograph of Michael Beckley, Appian co-founder and vice president of product strategy. We regret the error.

Special Advertising Section

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Email: Unsticking the Glue

Special Report: Safeguarding Your Business in the Era of Gen AI

Elevating Customer Experience With Automation and AI

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars