modernizing the records and retention program to express business value and enable defensible...

Modernizing the Records and Retention Program to Express

Business Value and Enable Defensible Disposal

FOR INTERNAL USE ONLY

2

Agenda

• Information Growth and The Challenges to The Business• Modernizing The RIM Program with IBM’s Solution To Reduce

Organizational Risk and Cost, and Enable Defensible Disposal• Only IBM Has the Technology, Strategy and Expertise to

Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal

• Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk

The Growth of Information is Overwhelming IT’s Ability to Dispose of Information Consistently and Defensibly

High Risks & Mitigation Burden

Governance processes have not matured to reflect volume, specifically how to: Define and execute legal holds and data collection (A-G) Apply retention schedules to all information (H-J) Align storage and manage information based on specific legal

obligations and business value [I] Provision, decommission and dispose of data [L,M,N]

This leads to excess data and cost as well as operational challenges that in turn contribute to risk:Difficulty disposing of unnecessary data Complexity in applying legal holds Inefficiencies in data management and governance

16 governance processes impacted by high data volume such as managing a global taxonomy, creating departmental inventories, applying holds to systems, etc.

Storage: Direct Procurement Costs in Millions

3

RIM And Business Processes Under Pressure, And The Risks Exposed

4

The Form of the Retention Schedule is Not Aligned with Disposition Practices

5

Thousands of legal matters a year

Thousands employees subject to hold, but relying on IT to preserve data

Notices sent to employees directly; records and IT not informed

High legal (review) cost a function total information volume

Covers regulated information and may not encompass business value – only 20% of all information

Web site for employees and IT, reliance on employees to manage records

No linkage to the system with the actual information

Insufficient or un-auditable location for electronic records

800% or more data growth in 5 years – but budget needs to come down

Unaware that legal risks and responsibilities have been shifted to it

No physical link between legal obligations (holds), regulatory requirements (records, privacy), business value and servers or information

Legal holds defined by employees involvedLegal holds defined by employees involved

Information

Department

Systems

Matter

Hold

Laws & Regs

Retention Schedule

DUTY DUTYVALUE

ASSET

IT has most of the data organized by asset code -- but no visibility to legal duties or business value

IT has most of the data organized by asset code -- but no visibility to legal duties or business value

Schedules documented by record class

Schedules documented by record class

Tracking laws on a spreadsheetTracking laws on a spreadsheet

5

6

Agenda





IBM’s ILG Solution helps Records, Legal, the Business Modernize Their Processes, Create Systematic Linkages and Enable Defensible Disposal

From Process Transparency and Unified Governance…..

To Instrumentation and Execution

7

Records & Retention Management

• Manage global taxonomy and retention schedules for all information

• Coordinate retention program across business units, records liaisons and legal more efficiently

• Manage records in disparate systems, in place, in a centralized manner

• Syndicate and enforce retention schedules on structured and unstructured records and information

8

Capabilities to Define & Sustain Executable Retention Schedules for Information & Achieve Consistent, Systematic Retention, Disposal

9

ITOptimize Information VolumeDispose and retire unnecessary dataOptimize storage

Lower total information cost

BUSINESS

State Information Value

Guidance on information utility

Participate in volume reduction

Align around value

RECORDS

Modernize Retention Process

Extend program to electronic information

Disposition readiness and execution

Lower legal risk, cost

LEGAL

Modernize eDiscovery Process

Enterprise legal holds

Assess evidence in place

Lower legal risk, cost

9

Overview of Establishing an Executable Policy That Enables Disposal

1. Create an Execution-Ready Schedule

2. Complete Information Inventory

3. Syndicate Policy toData Source

A.How information is organized – Establish a global classification scheme and how long to keep records

B.How information is stored and secured – Apply laws that dictate the duration and protection required for each class

C.How local exceptions are managed – managing different jurisdiction exceptions

Retention Schedule that includes non-records and reflects business value

RESULT

COMPONETS

STEPS

GET RETENTION SCHEDULE EXECUTION READY

ADD BUSINESS VALUE TO SCHEDULE

LINK POLICY TO DATA FOR AUTOMATED DISPOSAL

OBJECTIVE

A.How to get business value of information – Leverage org. structure and name liasons

B.What is actually kept and how long it is needed – Complete business value information inventory

What we keep What we actually call it Where we put it How long we need it

Retention schedule that is tracked and maintained with version and audit history

Policy linked to data source for defensible disposal

A.How retention schedule is linked to data – Logical view of how policy by class is linked to data source

B.Retention mapped to data source – View of policy to data source with legal holds layered in

Enables Legal to Conduct Legal Holds for Information

Enables IT to Manage Data Source by Obligation and Value

10

Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]

Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]

Manage Global Taxonomy & SchedulesEfficiently

Classify Information:Use a single, consistent taxonomy globally across records, business and IT

Define Policies for Records:Define record classes and master retention schedules. Allow online change requests with automatic routing to policy owners.

Track Changes and Defend Decisions:Track changes and version history to defend decisions.



2. Complete Information

Inventory

3. Syndicate policy to data source



11

Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]. Access, transport and use limitations are understood by employees with custody of the information [J].

Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]. Access, transport and use limitations are understood by employees with custody of the information [J].

Ensure Schedules Tie to Law

Catalog laws:Catalog the laws that dictate both retention and privacy requirements along with policies for security in a shared law library.

Apply laws to information to enable precise retention and privacy actions;Associate specific laws and regulations to specific classes and jurisdictions to retain less data more defensibly.




Inventory




12

Outcome: Company is able to comply and demonstrate compliance with actual records obligations. Company manages single taxonomy and nomenclature across all records [H].

Outcome: Company is able to comply and demonstrate compliance with actual records obligations. Company manages single taxonomy and nomenclature across all records [H].

Manage Jurisdictional Exceptions to the Corporate Standards

Manage jurisdictional exceptions to the corporate policies:

Use the existing corporate taxonomy and records classification scheme.

Apply the country code and the specific retention requirements.

Apply retention and privacy laws by jurisdiction.




Inventory




13

Establish Organizational Facts and Keep Information Current

Capture organizational facts and track changes:Load organization feed from HR source systems to capture organizational facts. Build organizational history through periodic updates in support of change management.

Assign responsibility:Assign liaisons to the record organization who will inventory departmental procedures. Delegate assignments through business unit leaders and managers.

Assign specific application inventory to organizations:Apply system inventory to organization to facilitate information inventory gathering.

Outcome: Foundational elements are established to support creation and maintenance of departmental information inventories [H,K,L].

Outcome: Foundational elements are established to support creation and maintenance of departmental information inventories [H,K,L].


Inventory






14

Outcome: The organization has a reliable “data map” by organization [I], which Legal can leverage to place data on hold [B]. Records and IT can determine where information and the container don’t support the same level of security [P].

Outcome: The organization has a reliable “data map” by organization [I], which Legal can leverage to place data on hold [B]. Records and IT can determine where information and the container don’t support the same level of security [P].

Conduct Information Inventories, Define Business Value & Link to Location of Information to Enable IT Execution, Improve Holds

Conduct streamlined inventories: Identify information organizations have, where they keep it, what they call it, the importance and duration of value to the business.

Manage compliance risk:Track privacy obligations for information and the container to identify privacy risks.


Inventory






15

Syndicate Retention Schedules Across Repositories in Lock Step with Legal and IT

Outcome: Retention schedules can be consistently and systematically applied across the enterprise [G, L, M, N, O].

Automate retention schedule distribution:Syndicate retention schedules to records repositories, information archives (structured and unstructured), and other ECM repositories for in place execution.





Inventory



16

Manage and Dispose of Records in a Secure Repository

Outcome: Retention schedules can be consistently and systematically applied across the enterprise. IT can dispose e of information with confidence [G, L, M, N, O].

Declare records automatically:Ingest content automatically and manually from multiple sources – email, file shares, SAP, etc. into a secure records repository.





Inventory



Dispose of records, reliably, defensibly:Dispose of records in accordance with the DOD 5015 industry standard.

17

18

Agenda





Outcome: Legal can extend holds to information [B], and provide IT with precise instructions about what to preserve [G]. IT knows what they have to keep and what they can dispose [M].

Outcome: Legal can extend holds to information [B], and provide IT with precise instructions about what to preserve [G]. IT knows what they have to keep and what they can dispose [M].

Only IBM Enable Legal to Identify Potentially Relevant Information by Record Class and System for Precise Holds and Collections

Legal can conduct precisely scoping activities to prevent under and over preservation

Selecting record classes and data sources automatically adds record liaisons and the system steward(s) to list of custodians with potentially relevant information.

Enables IT to Manage Data Source by Value

Enables Legal to Conduct Legal Holds

19

Outcome: IT can manage information based on record obligation, the business needs and legal[M, N].

Outcome: IT can manage information based on record obligation, the business needs and legal[M, N].

Only IBMEnable IT to See Obligations by System and Across the Portfolio to EnableDefensible Disposal

Data-source specific retention, management procedures and applicable legal hold overrides are automatically created for IT, tying obligations and value to assets.

Enables IT to Manage Data Source by Value

Enables Legal to Conduct Legal Holds

20

Only IBM Provides Strategy, Technology and Expertise to Execute an ILG Program and Defensibly Dispose Information

21

22

Agenda





Value-Based Archiving & Defensible Disposal

Archive to shrink storage, align cost to value Dispose rather than store unnecessary data

Extend and automate retention management Include electronic data that has business value in addition to

records for regulatory requirements Automate retention schedules across all information to enable

reliable, systematic disposal.

Automate the legal holds and ediscovery process

Structure and automate legal holds process to lower risk, increase precision, enable disposal

Analyze in place to reduce unnecessary collection, processing and review

Information Lifecycle Governance Program Executive charter for enterprise initiative Processes, capabilities and accountability to achieve cost and risk

reduction benefits through

Process improvements, expertise and technology:

Estimated Risk or Mitigation Burden Reduction

Run rate reduction and growth avoidance Run rate

Storage Direct Procurement Costs

IBM ILG Strategy Lowers Costs and Risks, Addresses Root Cause for Systemic Improvement

23

Next Steps: We Can Help You Validate The Potential Savings and How to Achieve Them

Learn More & Join the ConversationCompliance, Governance and Oversight Council

Online and in person eventsRegional and International summitsPublished materials

Join the CGOC!•Forum of over 1600 corporate legal, IT, records and information management professionals. CGOC conducts primary research, has dedicated working groups on challenging topics, and hosts meetings throughout the U.S. and Europe where practice leaders convene to discuss discovery, retention, privacy and governance. •Mission: To provide executives the opportunity to benchmark and exchange case studies; its practice groups focus on discreet areas in preservation, retention, and information governance to deliver work products that help our members best approach the challenges in maintaining best-in-class programs.

26

Additional Sessions

• Improving Information Economics with Information Lifecycle Governance• Information Governance Programs - launching a high-impact

defensible disposal program in your enterprise• Modernizing eDiscovery and Hold Process - Reduce risks,

increase transparency• Modernizing Retention Program - Express Information Value• Value-Based Archiving and Defensible Disposal - Dispose

rather than store unnecessary data

modernizing the records and retention program to express business value and enable defensible...

Documents