active risk management through ediscovery and … confidential—internal use only 1 active risk...

1EMC CONFIDENTIAL—INTERNAL USE ONLY

Active Risk Management through eDiscovery and Information Governance


Consulting/Implementation Best Practices

RSA Archer eGRC Management Platform

EMC eGRC Strategy

Business Continuity

Management

Information Governance

eGRC Business Solutions

Security Management


Exponential growth in regulations combined with content growth…

How can organizations interpret/comply with new regulations, audit and report their efforts and stay profitable at the same time?

MoReq CRFB - France

FDA 21 CFR Part II

Sarbanes-Oxley Act

USA Patriot Act

Federal Rules of Civil Procedure

State Regulations

SEC 17a-3, 17a-4

NASD Rules 3010/3110

Gramm, Leach , Bliley Act

SEC Regulation S-P

Privacy Laws and Regulations

ISO 15489-2

21 CFR Part 11

DoD 5015.2

eSign Act

HIPAA

Freedom Of Information Act

FERC Part 125


Are you still using your email system as a filing cabinet?

Source: Osterman 2010

Users considering themselves “pack rats”

when using email for <120 minutes a day

Users considering themselves “pack rats”

when using email for >120 minutes a day

Business Reality


0% 5% 10% 15% 20% 25% 30% 35%

Managing emails as records

Dealing with the content chaos in our file-share

Implementing a dedicated ERM system

Agreeing on a corp. classification scheme/fileplan

E-Discovery

Setting agreed corporate retention policies

Long term archive

Enterprise search

Back-conversion of existing paper records

Implementing records management in SharePoint

Managing high-volume application-created records

Integration of multiple repositories

Implementing Manage-in-Place

Managing social media content

Moving to a SaaS or Cloud model

Outsourcing email management

Outsourcing electronic records management

Top Enterprise Records Management Projects“What would you say are the TWO most important ERM issues or current projects for you right now?”

AIIM Survey, N = 550


Business Reality

Source: IDC 2009

Organizations are committed or will consider

SharePoint for their business

Respondents needed to either customize or buy third-party products to allow SharePoint

to meet their needs

Source: AIIM Market Intelligence Report on SharePoint 2010


What Policies are we Using to Govern SharePoint?

AIIM Industry Watch: “SharePoint Strategies and Experiences,” July 2010


Reduce the volume of documents produced =

Reduce the overall cost and risk of eDiscovery

$1.5MAVERAGE COSTPER INCIDENT

$34MAVERAGE ANNUAL

LEGAL COSTS

89%OF COMPANIES

FACE LITIGATION

$24M+COST TO REVIEW

1 TB OF INFO


A NewOpportunity

Contracts

proposals

orders

Is Information an Asset or a Liability?

Models`

specs

Your LatestInnovation

email

Your NextLawsuit

memos

RECORDSresearch


• Skyrocketing costs of collecting information

• Too much dependence on 3rd party solution providers

• Inability to consistently apply and enforce policy on electronically stored information

• High risk and sanctions

• Ubiquitous nature of litigations and internal investigations/audit

• Gap between Legal and IT

Business Challenge: eDiscovery


Business Challenge: Records and Retention Management

• The process of manually searching through vast sums of content, identifying them as records, and processing them does not scale

• Organizations do not have the resources to keep up with the huge volumes of content


Business Challenge: Uncontrolled Content Growth

• “Ungoverned” information growing in Microsoft SharePoint, Microsoft Exchange, Lotus Notes and File Shares

• How much is there?

• What is its business value?

• What is it costing us?

• What do we take on the journey to the cloud?

• What is private and confidential ?


What is Information Governance?


Making Information Governance Actionable


Simplify eDiscovery

Repeatable and streamlined

Early Case Assessment

Enhanced responsiveness that reduces costs

…. Shifts from reactive to proactive


EMC SourceOne eDiscovery -Kazeon

Respond cost-effectively to eDiscovery requests

Implement a repeatable business process that minimizes eDiscovery and compliance costs

Roll out an accurate and defensible eDiscovery process with complete audit and chain of custody


Manual eDiscovery cannot keep up with litigation

Poor accuracy and timeliness in meeting requests

Impossible to gather information from globally-distributed sites

EMC SourceOne eDiscovery – Kazeon

Business Drivers


Results Established automated, repeatable eDiscovery processes

Cut down time-to-response

Thwarted risks and costs of fines

Reduced cost, increased control through in-house eDiscovery

“With EMC’s end-to-end solution, we can conduct early case assessments and internal investigations quickly, accurately and efficiently.”

Trey Cook, IT ManagerSecurity & eDiscovery

Shaw Group

EMC SourceOne eDiscovery – Kazeon


Manage Risk

Enable litigation readiness

Meet regulatory obligations

Comply with corporate policies

…Ensures consistent retention management


Time- and event-based retention and disposition

Retention tied to workflows and business processes

Manage physical, electronic and federated records

Provides certified records management

EMC Documentum Records Management


Use case:Electronic and physical records management of local government documents

Created a central repository for physical and electronic records

Implemented an automated classification and records filing system based on metadata

Provided bulk import of physical box and folder records

EMC Documentum Records Management


Cut Costs

Effectively manage key applications (SharePoint, email, file systems)

Reduce storage costs up to 50%

Improve application performance up to 60% or more

Eliminate personal archives

…. Preserves seamless user experience


EMC SourceOne for

Reduce storage requirements by as much as 50% and improve backup operations

Improve performance & scalability by up to 60% and more

Accelerate upgrades and migrations

Consistently apply and enforce retention and disposition policies

Centralize administration; preserve user experience

MSFT SharePoint File Systems Email Management


Target & classify

Compress content

Index content

Single instance

SharePoint

Messages and PSTs

Windows File Servers

Organize by retention policy

Store in centrally administered

archive

Managing Inactive Content with EMC SourceOne


Matter identification with secure matter management

Comprehensive collection and preservation

Defensible processing, analysis, and review

Flexible export

EMC SourceOne Discovery Manager


Council wanted unified approach to information management

Storage cost out of control

Unmanageable SAN storage

File server issues included PST proliferation

Compliance considerations and FOIA requirements for file retention

EMC SourceOne Email ManagementEMC SourceOne for File Systems

Business Drivers


Eliminated the need for mailbox quotas and PSTs

Reduced document retrieval time from two weeks to a matter of minutes

Released 50% storage capacity for mail system and file system

End user retrieval of data, freeing up valuable IT resources

“EMC has enabled us to take a unified approach to our storage. By archiving our email and office documents into a centralized repository, we can easily manage and search for documents to meet FOIA compliance.”

Carl MoretonEnterprise System Project Analyst

Northampton Borough Council

EMC SourceOne Email ManagementEMC SourceOne for File Systems

Results


A unique GRC solution that focuses on the legal, regulatory, and audit compliance processes

Minimize risk by providing interdepartmental communications, information and reports

Roll out an accurate and defensible eDiscovery process with complete audit and chain of custody

“Legal GRC”EMC SourceOne eDiscovery + RSA Archer


Holistic and Modular Information Governance

Content is managed as a record, given retention classes and ownership privileges

3

Content “in the wild” is identified for risk/business value and targeted for archiving and/or disposition

1

Email, files and SharePoint content is indexed, compressed and moved to EMC SourceOne on archive/enhanced storage layer

2

Litigation occurs. Content is identified, culled, reviewed and placed on legal hold in anticipation of court proceedings

4

By combining data from financial and Info Gov sources RSA Archer informs key executives , about the estimated risk associated with litigation in terms of volume of matters, budget and exposure (fines & judgments)

5


Das

hboa

rd


Act

ive

Case

s by

Pha

se


Colle

ctio

nA

ccur

acy


Cust

odia

ns b

y B

U


Liti

gati

on B

udge

ts


Summary

• eGRC requires a holistic approach spanning multiple technologies and consulting

• Information governance is a foundational element of eGRC that results in organizations gaining visibility, simplifying eDiscovery, managing risk and reducing costs

• Organizations can take a modular approach to eGRC in general and Information Governance in particular with EMC SourceOne


Next Step and Resources

• Round Table Discussion on Privacy - Back in General Session room

• eDiscovery for Dummies

• Privacy Survey

• eGRC White Paper

• Ovum Research


THANK YOU

active risk management through ediscovery and … confidential—internal use only 1 active risk...

Documents