choosing technology solutions for legal & regulatory requirements

Porter-Roth Associates 1

Choosing Technology Solutions

for Legal & Regulatory

Requirements


Bud Porter-RothPorter-Roth Associates

[email protected]

http://www.rfphandbook.com


Mike, do we need imaging or document

management for the HR records project? Should

we think about workflow?

What about records

management?

I think they’re all the same aren’t they? I’ll just call a few vendors and put a spec together. Lunch is back on!!!!

Also, can you find out about enterprise content management? I think it may be replacing document imaging for records management.

Oh No! There goes

lunch!!

What about records

management?


Warm-up Exercise

You are going to buy a car, what are the considerations (why you need it) and requirements (what do you need)?Write 3 considerations that are essential to

you and your needs. (why)Write 3 functional requirements that are

essential for your car. (what)Do you need to know mechanically how

a car operates to write requirements?


Initial Observations

This technology area, EDMS or ECM, or RM, is getting even more complex with New lawsNew companiesNew merged companiesNew business applications coming down the pike

that will require RM capabilities In addition to the above, many companies are

complex entities with many different applications spread across many different business units


Which Technologies do What?

Document imagingElectronic document management (EDM)Workflow technologiesEnterprise report management (ERM)Enterprise content management (ECM)Intranet (or Internet) content

managementKnowledge management (KM)Records management (RM)


Picking a Technology for Your Needs

ECM?

ECM?

EDMS?

EDMS?

RM?RM?


Document Imaging

Capture Index Distribute Store and Retrieve

Document Imaging = Techniques for capturing, recording, processing, storing, transferring and using images of paper documents electronically

Imaging Technologies…


Basic System Components

Storage

Input

View / Edit

Output


Typical Imaging Need


Classic Benefits from Imaging

Gets rid of the paper (WHFO)Gives storage space backFewer lost documentsParallel use of documentsDisaster recovery??What else


Basic Problem with Imaging Systems

They do not typically meet/incorporate the classic RM rules such as classification, enforced retention, audit trail, some access control, no distinction between records and non-records.

While better than a simple backup system they do not meet requirements for such things as e-mail, IM, etc.


Workflow Technologies

Distribute Route Track Manage

Workflow = Techniques for transferring and using images of paper documents or electronic documents/data electronically

Workflow Technologies…


Workflow Technologies

High ValueBusiness Process

Low ValueBusiness Process

RepetitiveProcesses

UniqueProcesses

Production Collaborative

Administrative / Ad Hoc


Typical Workflow

Receive Resume

Requestinterview with

candidate

Return resume,request "no thank

you" letter

Hiring managerreviews resume

Purge after sixmonths

Send resume tohiring manager

for review

File resume forfuture job

requirements.Write reject ltr.

Match resume tocurrent job listing

and criteria

Resumequalifies?

NO

Yes

Resumequalifies?

EndProcess

Go to B

BNO

Yes

EndProcess

Wkflow route resumeto appropriate

department personnel

Setup interviewtimes with

appropriatedepartmentpersonnel

Interviewcandidate Go to C


Classic Workflow Benefits

Computer control of a work processAuto routing of designated documentsAuto tracking of individual designated

documentsPrioritize work according to rules and

to re-prioritize on-the-flyCollect and report tracking data


Basic Issue with Workflow Systems

“Workflow” as a technology is not a store and retrieval system

Workflow is an electronic routing system used for specific work, not necessarily documents….

Workflow, as a technology, offers very little in terms of RM and compliance

But, coupled with RM systems can be useful in kicking off events such as destruction schedules


Electronic Document Management

Automated Capture/Save Index/ Version Control Distribute/ Check-in/Check-out Store Retrieve

Electronic Document Management = Techniques for capturing, indexing, processing, storing, transferring and using electronic documents

Electronic Document Technologies…



View / Edit

Output

User 1User 1

User 2User 2


Classic Benefits of Document Management

Centralized file controlCheck in/outVersion control

Remote retrievalParallel processingBut no real RM capability


Basic Issue with EDM

EDM is one part of the equation In the early days of EDM (Saros? PC Docs? &

Documentum) they were sometimes thought of as RM systems but suffered many of the same problems as imaging systems

Today, EDM systems incorporate RM features by adding 3rd party software or buying 3rd party software and reengineering

Still not “good” with e-mail, IM, DAM, etc


Enterprise Content Management

Automated Capture/Save Index/ Version Control Authoring Distribute/ Check-in/Check-out Store Retrieve

Enterprise Content Management = Techniques for capturing, indexing, processing, storing, transferring and using electronic documents

Enterprise Content Technologies…


But, what is ECM?

Document managementCorporate content managementIntranet content managementInternet content managementAll of the above??? “But wait, it you

buy now….”



View / EditOutput

User 1User 1

User 2User 2

Network

Intranet

Internet

Network

Intranet

Internet

Input

Store


ECM Benefits

Centralizes/consolidates contentAllows for better managementProvides library servicesContent creation and managementPublish directly


Enterprise Report Management (ERM)

Capture Index Distribute Store and Retrieve

ERM = Techniques for capturing, recording, processing, storing, transferring and using data (also COLD, computer output to laser disk)

ERM Technologies…


Enterprise Report Management (ERM)

John Smith1234 Main St.Anytown, USA

456 Any St. Anytown, USA Acct: 123456

Date Transaction Amt. Bal.

01-03-94 Root Canal $2,500 $2,500

03-04-94 Cleaning $ 100 $2,600

03-31-94 Payment ($2,600) $ 0

12349 23478 234872 2312349 23478 234872 2312349 23478 234872 2312349 23478 234872 2312349 23478 234872 2312349 23478 234872 2312349 23478 234872 2312349 23478 234872 2312349 23478 234872 23

Dental Insurance


ERM Benefits

Paperless reportsData accessible reports (can copy and

edit the data)Data rich report environment


Records Management

Automated Capture/Save Index/ Version Control Distribute/ Check-in/Check-out Store Retrieve

The planning, controlling, directing, organizing, activities of records creation, records maintenance, and records disposition whether the record is paper, data, or an electronic document

Electronic Document Technologies…


RM Components


RM Benefits

Control and tracking of designated records

Retention periods definedRecords purged on scheduleEnsures legal and regulatory

complianceMinimizes legal risk


Knowledge Management

Is this a technology or a business application using many and varied technologies – technologies change depending on the use and application and the individual interpretation of what KM is


Document Input Subsystems

Specialize front-end systems to handle just the input of paper into the system

Have become inter-mixed with other technologies such as forms capture and processing, OCR, ICR

Kofax, Input Accel (Captiva)


Related Technologies

Optical Character Recognition (OCR)ICR (intelligent character recognition)Forms RecognitionMark Sense RecognitionForms processing


Outsourcing and ASP Models

Newest model in EDMS is to give the paper to an ASP and let them deal with it

Can give them the paper (and be done with it???)

They can do it on-site – outsourced management of your resources

Jury is still out on this - many pros and cons


Optical and Magnetic Storage

Optical storage – coming or going Magnetic storage – cheap, fast, but legal? Optical seems to be a shrinking market and

technology, will DVD unify the technology and finally become an accepted archival media?

Does this storage issue affect basic records management?

Yes it does, but how?


The Need for RM!!

File SystemsFile Systems

e-Mail Serverse-Mail Servers

Local DrivesLocal Drives

WebWebServersServers

ImagingImagingRepositoriesRepositories

PaperPaperFilesFiles

Document Document RepositoriesRepositories

MicrofilmMicrofilm

BusinessBusinessSystemsSystems

Video LibrariesVideo Libraries

PhotographsPhotographs


The Need for RM

Need to accurately store and retrieve business documents to run a business

Need to comply with a variety of regulations

Need to mitigate potential litigation Need to mitigate cost of litigation when

it happensOthers?


Technology Justifications & Decision Factors

What are we buying?A document management systemA records management systemA CYA system for any record type and legal situation

When do these areas converge and when do they not?

What about paper? What systems currently manage paper and who ties this together?

Who is in charge of the records? IT, IM, RM? What perspective does each group bring?


Where did I go Wrong?

Findings of a 1995 Department of Defense Software Study

The Standish Group Study


Some Recommendations

Decide on what is being purchasedImaging for local paper storageRM for the enterprise

Don’t jump into an RFP immediately! Do a ballpark analysis of what problem you

are solving Use the analysis to get buy-in for the project Establish goals, objectives, critical success

factors


How are We Buying It?

Develop a potential list of vendors and….Invite them in for presentationsInvite them in for demonstrationsInvite yourself to their company for toursAsk them to informal help guide you with directionsAttend user meetings, conferences, Visit other companies with the same “problem”

Verify, through education, that your assumptions are correct

Do a benchmark survey of peer companies



Now think RFP or RFI if still not sure As part of the purchase cycle

Ask short listed vendors to present to youAsk for a full-day demonstration with a target

database that you supplyAsk of a “live test demonstration” in which you run

the software for 30 days in a controlled test mode Ask how the vendor will remain current with

emerging technology Ask what is the emerging technology and how

they will help you avoid the sinkholes



This is a huge (potentially) step, take your time and

“measure twice, cut once”


Conclusion & Questions

Questions?Questions?

Finally!


Automation Technology’s Continuing Evolution: A Compass


Bud Porter-RothPorter-Roth Associates

[email protected]

http://www.rfphandbook.com


Why have Records Management from a Business Perspective?

Cost Savings Improved Access to Valuable

Information Consistency of Records Identification Consistency of Records Destruction Legal Compliance Protection During Litigation,

Government Investigation, or Audit


Why do We Need RM?

Records destroyed without authorization Records retained too long Historical records are not preserved Deleted records are not consistently destroyed Records are abandoned in obsolete software and

are rendered inaccessible Disorganized records Lack of naming conventions


Why do We Need RM?

Lack of version control Duplicate storage of records Electronic records are stored in a variety of

locations and drives File sharing is difficult Users only have access to records in their

custody


What are we looking at?

Sarbanes-OxleyPatriot ActSEC 17aGramm-Leach Bliley Act (GLBA) HIPPAWhat about 5015.2? And others….


Sarbanes-Oxley

“ . . . whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies or makes a false entry in any record, document or tangible object with intent to impede, obstruct or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11 or in relation to, or contemplation of any such matter of case, shall be fined under this title, imprisoned not more than 20 years, or both.”

Paper records Electronic records E-mail Instant messaging Pretty much anything that qualifies as a business record….


Patriot Act

Search – Allow Gov’t to issue warrant for searches and can be “secret”

Records – allows Gov’t to obtain special warrant to obtain records

Wiretaps – allows for wiretapsComputers – allow Gov’t to track activityEvidence – allows Gov’t to get the goodsBanks – Verify identity and track

accounts


SEC 17a

SEC rule that requires certain conditions for SEC regulated company when considering using digital imaging for records management


NASD 2210 & 3010 & 3110

A separate file of all advertisements and sales literature, including the name(s) of the person(s) who prepared them and/or approved their use, shall be maintained for a period of three years from the date of each use.

Supervision, Review, and Record Retention of Correspondence with the public

Each member shall review the activities of each office, which shall include the periodic examination of customer accounts to detect and prevent irregularities or abuses and at least an annual inspection of each office of supervisory jurisdiction.


Gramm-Leach Bliley Act (GLBA)

Financial privacy Broad range of rules applying to

financial institutions and companies that collect financial data


HIPPA

Patient privacy User authentication and role-based

authorizationDisclosures requiring revocable

authorization and loggingRequests for copies of PHIRequests to amend PHI


Federal Rules of Civil Procedure

Rules 26 and 34 of the Federal Rules of Civil Procedure (which regulate the production of evidence in litigation) are the critical rules governing the discovery of electronic information. These rules make electronic information available for broad discovery but provide some significant protections for the party whose electronic information is sought

Rule 26 states that all parties in litigation must disclose "a copy of, or description by category and location of, all documents, data compilations, and tangible things in possession, custody, or control of the party that are relevant to disputed facts alleged with particularity in the pleadings

Rule 34 states, any party may serve on any other party a request (1) to produce . . . designated documents (including writings, drawings, graphs, charts, photographs, phono-records, and other data compilations from which information can be obtained, translated, if necessary, by the respondent through detection devices into reasonably usable form


ISO 15489

International standard for RMISO 15489 was developed to

standardize international best practices in records management

ISO 15489 is a guideline


DOD 5015.2

Does not mandate record keeping rules but is a set of requirements that an electronic record keeping system must comply with


What does this Mean?

More regulatory complianceEquals more costs to companySome companies going private –

increase is about 22% over normalSome teeth to the bite….Not all companies are prepared or will

be Compliance will be like insurance…


Conclusion

Questions?

choosing technology solutions for legal & regulatory requirements

Documents

technology solutions

imaging systemsthey

workflow systemsworkflow

functional requirements

terms of rm

hr records project

classic rm rules

electronic routing system