modernizing the records and retention program to express business value and enable defensible...
TRANSCRIPT
Modernizing the Records and Retention Program to Express
Business Value and Enable Defensible Disposal
FOR INTERNAL USE ONLY
2
Agenda
• Information Growth and The Challenges to The Business• Modernizing The RIM Program with IBM’s Solution To Reduce
Organizational Risk and Cost, and Enable Defensible Disposal• Only IBM Has the Technology, Strategy and Expertise to
Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal
• Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk
The Growth of Information is Overwhelming IT’s Ability to Dispose of Information Consistently and Defensibly
High Risks & Mitigation Burden
Governance processes have not matured to reflect volume, specifically how to: Define and execute legal holds and data collection (A-G) Apply retention schedules to all information (H-J) Align storage and manage information based on specific legal
obligations and business value [I] Provision, decommission and dispose of data [L,M,N]
This leads to excess data and cost as well as operational challenges that in turn contribute to risk:Difficulty disposing of unnecessary data Complexity in applying legal holds Inefficiencies in data management and governance
16 governance processes impacted by high data volume such as managing a global taxonomy, creating departmental inventories, applying holds to systems, etc.
Storage: Direct Procurement Costs in Millions
3
RIM And Business Processes Under Pressure, And The Risks Exposed
4
The Form of the Retention Schedule is Not Aligned with Disposition Practices
5
Thousands of legal matters a year
Thousands employees subject to hold, but relying on IT to preserve data
Notices sent to employees directly; records and IT not informed
High legal (review) cost a function total information volume
Covers regulated information and may not encompass business value – only 20% of all information
Web site for employees and IT, reliance on employees to manage records
No linkage to the system with the actual information
Insufficient or un-auditable location for electronic records
800% or more data growth in 5 years – but budget needs to come down
Unaware that legal risks and responsibilities have been shifted to it
No physical link between legal obligations (holds), regulatory requirements (records, privacy), business value and servers or information
Legal holds defined by employees involvedLegal holds defined by employees involved
Information
Department
Systems
Matter
Hold
Laws & Regs
Retention Schedule
DUTY DUTYVALUE
ASSET
IT has most of the data organized by asset code -- but no visibility to legal duties or business value
IT has most of the data organized by asset code -- but no visibility to legal duties or business value
Schedules documented by record class
Schedules documented by record class
Tracking laws on a spreadsheetTracking laws on a spreadsheet
5
6
Agenda
• Information Growth and The Challenges to The Business• Modernizing The RIM Program with IBM’s Solution To Reduce
Organizational Risk and Cost, and Enable Defensible Disposal• Only IBM Has the Technology, Strategy and Expertise to
Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal
• Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk
IBM’s ILG Solution helps Records, Legal, the Business Modernize Their Processes, Create Systematic Linkages and Enable Defensible Disposal
From Process Transparency and Unified Governance…..
To Instrumentation and Execution
7
Records & Retention Management
• Manage global taxonomy and retention schedules for all information
• Coordinate retention program across business units, records liaisons and legal more efficiently
• Manage records in disparate systems, in place, in a centralized manner
• Syndicate and enforce retention schedules on structured and unstructured records and information
8
Capabilities to Define & Sustain Executable Retention Schedules for Information & Achieve Consistent, Systematic Retention, Disposal
9
ITOptimize Information VolumeDispose and retire unnecessary dataOptimize storage
Lower total information cost
BUSINESS
State Information Value
Guidance on information utility
Participate in volume reduction
Align around value
RECORDS
Modernize Retention Process
Extend program to electronic information
Disposition readiness and execution
Lower legal risk, cost
LEGAL
Modernize eDiscovery Process
Enterprise legal holds
Assess evidence in place
Lower legal risk, cost
9
Overview of Establishing an Executable Policy That Enables Disposal
1. Create an Execution-Ready Schedule
2. Complete Information Inventory
3. Syndicate Policy toData Source
A.How information is organized – Establish a global classification scheme and how long to keep records
B.How information is stored and secured – Apply laws that dictate the duration and protection required for each class
C.How local exceptions are managed – managing different jurisdiction exceptions
Retention Schedule that includes non-records and reflects business value
RESULT
COMPONETS
STEPS
GET RETENTION SCHEDULE EXECUTION READY
ADD BUSINESS VALUE TO SCHEDULE
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
OBJECTIVE
A.How to get business value of information – Leverage org. structure and name liasons
B.What is actually kept and how long it is needed – Complete business value information inventory
What we keep What we actually call it Where we put it How long we need it
Retention schedule that is tracked and maintained with version and audit history
Policy linked to data source for defensible disposal
A.How retention schedule is linked to data – Logical view of how policy by class is linked to data source
B.Retention mapped to data source – View of policy to data source with legal holds layered in
Enables Legal to Conduct Legal Holds for Information
Enables IT to Manage Data Source by Obligation and Value
10
Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]
Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]
Manage Global Taxonomy & SchedulesEfficiently
Classify Information:Use a single, consistent taxonomy globally across records, business and IT
Define Policies for Records:Define record classes and master retention schedules. Allow online change requests with automatic routing to policy owners.
Track Changes and Defend Decisions:Track changes and version history to defend decisions.
1. Create an Execution-Ready Schedule
GET RETENTION SCHEDULE EXECUTION READY
2. Complete Information
Inventory
3. Syndicate policy to data source
ADD BUSINESS VALUE TO SCHEDULE
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
11
Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]. Access, transport and use limitations are understood by employees with custody of the information [J].
Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]. Access, transport and use limitations are understood by employees with custody of the information [J].
Ensure Schedules Tie to Law
Catalog laws:Catalog the laws that dictate both retention and privacy requirements along with policies for security in a shared law library.
Apply laws to information to enable precise retention and privacy actions;Associate specific laws and regulations to specific classes and jurisdictions to retain less data more defensibly.
1. Create an Execution-Ready Schedule
GET RETENTION SCHEDULE EXECUTION READY
2. Complete Information
Inventory
3. Syndicate policy to data source
ADD BUSINESS VALUE TO SCHEDULE
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
12
Outcome: Company is able to comply and demonstrate compliance with actual records obligations. Company manages single taxonomy and nomenclature across all records [H].
Outcome: Company is able to comply and demonstrate compliance with actual records obligations. Company manages single taxonomy and nomenclature across all records [H].
Manage Jurisdictional Exceptions to the Corporate Standards
Manage jurisdictional exceptions to the corporate policies:
Use the existing corporate taxonomy and records classification scheme.
Apply the country code and the specific retention requirements.
Apply retention and privacy laws by jurisdiction.
1. Create an Execution-Ready Schedule
GET RETENTION SCHEDULE EXECUTION READY
2. Complete Information
Inventory
3. Syndicate policy to data source
ADD BUSINESS VALUE TO SCHEDULE
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
13
Establish Organizational Facts and Keep Information Current
Capture organizational facts and track changes:Load organization feed from HR source systems to capture organizational facts. Build organizational history through periodic updates in support of change management.
Assign responsibility:Assign liaisons to the record organization who will inventory departmental procedures. Delegate assignments through business unit leaders and managers.
Assign specific application inventory to organizations:Apply system inventory to organization to facilitate information inventory gathering.
Outcome: Foundational elements are established to support creation and maintenance of departmental information inventories [H,K,L].
Outcome: Foundational elements are established to support creation and maintenance of departmental information inventories [H,K,L].
2. Complete Information
Inventory
ADD BUSINESS VALUE TO SCHEDULE
1. Create an Execution-Ready Schedule
GET RETENTION SCHEDULE EXECUTION READY
3. Syndicate policy to data source
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
14
Outcome: The organization has a reliable “data map” by organization [I], which Legal can leverage to place data on hold [B]. Records and IT can determine where information and the container don’t support the same level of security [P].
Outcome: The organization has a reliable “data map” by organization [I], which Legal can leverage to place data on hold [B]. Records and IT can determine where information and the container don’t support the same level of security [P].
Conduct Information Inventories, Define Business Value & Link to Location of Information to Enable IT Execution, Improve Holds
Conduct streamlined inventories: Identify information organizations have, where they keep it, what they call it, the importance and duration of value to the business.
Manage compliance risk:Track privacy obligations for information and the container to identify privacy risks.
2. Complete Information
Inventory
ADD BUSINESS VALUE TO SCHEDULE
1. Create an Execution-Ready Schedule
GET RETENTION SCHEDULE EXECUTION READY
3. Syndicate policy to data source
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
15
Syndicate Retention Schedules Across Repositories in Lock Step with Legal and IT
Outcome: Retention schedules can be consistently and systematically applied across the enterprise [G, L, M, N, O].
Automate retention schedule distribution:Syndicate retention schedules to records repositories, information archives (structured and unstructured), and other ECM repositories for in place execution.
3. Syndicate policy to data source
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
1. Create an Execution-Ready Schedule
2. Complete Information
Inventory
GET RETENTION SCHEDULE EXECUTION READY
ADD BUSINESS VALUE TO SCHEDULE
16
Manage and Dispose of Records in a Secure Repository
Outcome: Retention schedules can be consistently and systematically applied across the enterprise. IT can dispose e of information with confidence [G, L, M, N, O].
Declare records automatically:Ingest content automatically and manually from multiple sources – email, file shares, SAP, etc. into a secure records repository.
3. Syndicate policy to data source
LINK POLICY TO DATA FOR AUTOMATED DISPOSAL
1. Create an Execution-Ready Schedule
2. Complete Information
Inventory
GET RETENTION SCHEDULE EXECUTION READY
ADD BUSINESS VALUE TO SCHEDULE
Dispose of records, reliably, defensibly:Dispose of records in accordance with the DOD 5015 industry standard.
17
18
Agenda
• Information Growth and The Challenges to The Business• Modernizing The RIM Program with IBM’s Solution To Reduce
Organizational Risk and Cost, and Enable Defensible Disposal• Only IBM Has the Technology, Strategy and Expertise to
Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal
• Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk
Outcome: Legal can extend holds to information [B], and provide IT with precise instructions about what to preserve [G]. IT knows what they have to keep and what they can dispose [M].
Outcome: Legal can extend holds to information [B], and provide IT with precise instructions about what to preserve [G]. IT knows what they have to keep and what they can dispose [M].
Only IBM Enable Legal to Identify Potentially Relevant Information by Record Class and System for Precise Holds and Collections
Legal can conduct precisely scoping activities to prevent under and over preservation
Selecting record classes and data sources automatically adds record liaisons and the system steward(s) to list of custodians with potentially relevant information.
Enables IT to Manage Data Source by Value
Enables Legal to Conduct Legal Holds
19
Outcome: IT can manage information based on record obligation, the business needs and legal[M, N].
Outcome: IT can manage information based on record obligation, the business needs and legal[M, N].
Only IBMEnable IT to See Obligations by System and Across the Portfolio to EnableDefensible Disposal
Data-source specific retention, management procedures and applicable legal hold overrides are automatically created for IT, tying obligations and value to assets.
Enables IT to Manage Data Source by Value
Enables Legal to Conduct Legal Holds
20
Only IBM Provides Strategy, Technology and Expertise to Execute an ILG Program and Defensibly Dispose Information
21
22
Agenda
• Information Growth and The Challenges to The Business• Modernizing The RIM Program with IBM’s Solution To Reduce
Organizational Risk and Cost, and Enable Defensible Disposal• Only IBM Has the Technology, Strategy and Expertise to
Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal
• Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk
Value-Based Archiving & Defensible Disposal
Archive to shrink storage, align cost to value Dispose rather than store unnecessary data
Extend and automate retention management Include electronic data that has business value in addition to
records for regulatory requirements Automate retention schedules across all information to enable
reliable, systematic disposal.
Automate the legal holds and ediscovery process
Structure and automate legal holds process to lower risk, increase precision, enable disposal
Analyze in place to reduce unnecessary collection, processing and review
Information Lifecycle Governance Program Executive charter for enterprise initiative Processes, capabilities and accountability to achieve cost and risk
reduction benefits through
Process improvements, expertise and technology:
Estimated Risk or Mitigation Burden Reduction
Run rate reduction and growth avoidance Run rate
Storage Direct Procurement Costs
IBM ILG Strategy Lowers Costs and Risks, Addresses Root Cause for Systemic Improvement
23
Next Steps: We Can Help You Validate The Potential Savings and How to Achieve Them
Learn More & Join the ConversationCompliance, Governance and Oversight Council
Online and in person eventsRegional and International summitsPublished materials
Join the CGOC!•Forum of over 1600 corporate legal, IT, records and information management professionals. CGOC conducts primary research, has dedicated working groups on challenging topics, and hosts meetings throughout the U.S. and Europe where practice leaders convene to discuss discovery, retention, privacy and governance. •Mission: To provide executives the opportunity to benchmark and exchange case studies; its practice groups focus on discreet areas in preservation, retention, and information governance to deliver work products that help our members best approach the challenges in maintaining best-in-class programs.
26
Additional Sessions
• Improving Information Economics with Information Lifecycle Governance• Information Governance Programs - launching a high-impact
defensible disposal program in your enterprise• Modernizing eDiscovery and Hold Process - Reduce risks,
increase transparency• Modernizing Retention Program - Express Information Value• Value-Based Archiving and Defensible Disposal - Dispose
rather than store unnecessary data