5/19/2016

1

ERM: the Basics of Managing Electronically Stored Information

Georgia Records Association Annual Conference – Callaway GardensJune 15, 2016

Marry-Ellyn Strauser, CRMDirector, Records & Information Management

Federal Reserve Bank of Atlanta

1

Today’s Journey

Strategy & Approach

Research & Planning

Fortify the Foundation

2

FoundationLevel-setting as you start the journey

3

5/19/2016

2

The Digital World

Data

Information

Records

4

What We’re Talking about Today

1% 5%

25%

69%

Business Information

Litigation Hold ≈ 1% Records ≈ 5% Business Value ≈ 25% Digital Debris ≈ 69%

Source: Forbes online, “Defensible Disposal: You Can't Keep All Your Data Forever” July 17, 2012

5

Today’s Business Records

Born digital Applications Word Processing documents Spreadsheets Presentations Email Social Media

Born physical. . . so let’s scan them! Let’s do a cost analysis first & consider

the following:Retention periodBusiness use & activityHistoric/research value

6

5/19/2016

3

Where Do They Live? Applications/databases

Data warehouses

Cloud

ECM – electronic content management systems

EDM – electronic document management systems

Email

ERM – electronic records management systems

External media

Google docs

Internet sites

Intranet sites

Personal drives

Shared drives

SharePoint

Social media

Websites

7

Question: What is a record?

Answer: It depends on your perspective.

8

A User’s View

<Blank Stare>HR documents Accounting documents Not my documents Dept. specific work product

“We don’t have any records”

9

5/19/2016

4

An IT View

Records are an efficient way to store and access data. Since each record may contain multiple data types, a single record may include many different types of information. For example, a personnel record may contain an ID number, name, birthdate, and photo, which are all different data types. Individual fields within the personnel record can be easily accessed or compared with other records using a database query. Additionally, records can be easily created, modified, and deleted without affecting other data in the database.

Source: TechTerms.com10

An IT View

Records are an efficient way to store and access data. Since each record may contain multiple data types, a single record may include many different types of information. For example, a personnel record may contain an ID number, name, birthdate, and photo, which are all different data types. Individual fields within the personnel record can be easily accessed or compared with other records using a database query. Additionally, records can be easily created, modified, and deleted without affecting other data in the database.

Source: TechTerms

11

A RIM View

“. . . information that has business, operational, legal, fiscal, or historical value to the organization and that memorializes or evidences the organization, business activities, events, operations, transactions, decisions, procedures, policies, final work products, or legal obligations.”

12

5/19/2016

5

A RIM View

“. . . information that has business, operational, legal, fiscal, or historical value to the organization and that memorializes or evidences the organization, business activities, events, operations, transactions, decisions, procedures, policies, final work products, or legal obligations.”

13

Archivist’s View of Archival Records

Materials created or received by a person, family, or organization, public or private, in the conduct of their affairs that are preserved because of the enduring value contained in the information they contain or as evidence of the functions and responsibilities of their creator.

Source: SAA14

Varieties of E-Records

Structured records

Unstructured records

Records repository

System of Record

Official Record

15

5/19/2016

6

E-Records

Structured records

Electronic records that combine data from fixed fields within a database management systems

HR Systems – PeopleSoft

CRM Systems - SalesForce

16

E-Records

Unstructured records

Electronic records where the content itself is not organized within database management systems

Email

MS Office documents

17

E-Records

Records repository Place where the records reside

My Docs

Shared drives

SharePoint

Databases

E-Systems

External media

18

5/19/2016

7

E-Records

System of Record Privacy Act - system of records contains

information that is retrieved by an individual's name or other unique identifier.

PII – “information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc."

Source: GSA19

E-Records

Official Record

1. record created by, received by, sanctioned by, or proceeding from an individual acting within their designated capacity; 2. complete, final, and authorized copy of a record, especially the copy bearing an original signature or seal.

Source: SAA20

Research & PlanningDefining what you must have, would like to have, and what you can you live without

21

5/19/2016

8

Considerations

RIM functionality

Risk

Cost

Repository’s Lifecycle Status

22

RIM Functionality

RIM Capability Required/Optional

Identify/search/retrieve records Required

Apply metadata to records Optional

Destroy/delete records accordingto retention periods and retain destruction documentation

Required

Export/transfer records Optional

Exclude “Holds” from disposition

a.Place records on legal orbusiness hold and/or

b.Exclude records on hold fromdisposition (i.e. destruction)

Optional

Required

23

Records Risk

What’s your organization’s tolerance for risk?

What factors should you consider?What would happen if you couldn’t

produce the record?What would happen if you were

hacked?How sensitive is the information?How prevalent is the information?Small group of internal staffOrganization wide 24

5/19/2016

9

Records Risk

Exposure to risk dollars

e-Discovery cost per GB repository size = Exposure

$17,500/GB 200 GB = $3.5 million

25

Cost

Hard dollars Consulting fees

Software

Equipment

User training (3rd party provider)

Soft dollars Internal IT

User training (internal provider)

Project duration26

Lifecycle Status

New

Active – major upgrade/update within x months/years

Active – steady state

Active – decommissioning within x months/years

Decommissioned

27

5/19/2016

10

Repository Profile 1

Item Findings Results

Records Risk Rating

1. Used organization wide2. $150K risk exposure3. No PII or other sensitive

information

Moderate

Costs to add RIM Functionality

Software Upgrade – manual process

$37,000

Lifecycle status Repository is planned for continued use for the next 3 to 5 years

Active –steady state

Recommendation Business decision unique to your organization

28

Repository Profile 2

Item Findings Results

Records Risk Rating

1. Used organization wide2. $1.5 million risk exposure3. HR records

High

Costs to add RIM Functionality

Software Upgrade – manual process

$37,000

Lifecycle status Repository is planned for continued use for the next 3 to 5 years

Active –steady state

Recommendation Business decision unique to your organization

29

Changing the Paradigm

RIM is a journey

RIM professional is a jack-of-all trades and a master of one

Reframe RIM to align with your organization’s

Values

Goals

Objectives

Risk tolerance 30

5/19/2016

11

Your Roadmap

Where do you want your program to be Long-termMid-term – the next 3 to 5 years Short-term – Years 1 and 2

31

Selling RIM

Craft your message for your audienceYour goal is to make your audience

think, feel, and actEngage themMake your message relatableRemember risk is relativeSell benefits

32

Strategies

Raise awareness with basic concepts Records Business information Digital debris Risk exposure

Add value through small victories What are your organization’s pain points? Teach them something new about the tools they

already have Clean-up, organize, manage with tools that fit the

repository

Go for the gold Update policies & procedures Update practices – get that seat at the table

33

5/19/2016

12

A Simple ApproachRIM is a journey. Build on small victories.

34

Built-in Tools

Clean-up with Windows Explorer Properties Sort Document preview Search

Organize & Manage with standardization Naming Conventions Folder Structures

35

Naming Conventions

UVA

36

5/19/2016

13

Traditional Folder Structure – 3 Folders Deep

Level 1

Level 2

Level 3

37

Modified Folder Structure – 2 Folders Deep

Level 1

Level 2

38

Naming Folder Structure – 1 Folder Deep

39

5/19/2016

14

Questions?

40