I’d like to dig a little deeper into Step 1 of the File Shares Remediation Process: Define Remediation Policies and Rules.
You will remember in my previous post I suggested a methodology organizations can follow in File Shares (Shared Drive) Remediation projects. There is nothing earth shattering about this methodology… what I proposed was a series of logical and commonsense steps.
And yet, it is amazing how many customers struggle with figuring out what to do, where to start, and what tools to use.
The starting point is to establish a common understanding with the organization that their Information Assets fall into a minimum of four general classes: Business Records, Business Content, ROT and ESI. Then, it is important to establish the policies and rules about the characteristics of Information Assets that fall into each of these classes and the Actions to take on these assets.
The following table should help you in your asset definition and action planning:
When does an Information Asset become a Business Record?
- Defined by location
- Defined by business process
- Defined by version number
- Identified manually by user
- Identify pre-approval requirements
- Declare it as a Record in an RM system and classify it against Corporate Records Retention Schedule
- Migrate it to Records Management system repository and manage lifecycle there (with immutability)
- Ditto but copy to RM system and manage lifecycle of copy there
- Leave it in-place and manage its lifecycle within the Records Management System (no immutability)
Usually this is defined by what is left AFTER Business Records, ROT and ESI have been identified
Some organizations may define sub-classes of Business Content
- Identify pre-approval requirements
- Leave it in-place
- Migrate it to new repository: SharePoint, cloud-based EFSS, etc.
- Monitor its status… in the future it may become a Business Record or ROT
Redundant: duplicated information located in multiple places
Obsolete: information “no longer in general use” or “discarded” or “replaced” or “outdated”
Trivial: information of very little value… all stuff not meeting the d definition of records, corporate knowledge, business insight, or any other value category
Based on AIIM definitions
- Identify pre-approval requirements Delete it
- Move to Quarantine space and delete later
Information Assets in any of the above classes but are found to be responsive to active or upcoming litigation (typical eDiscovery process)
- Identify pre-approval requirements
- Identify, Collect, Preserve (EDRM.net)
- Place on hold
Important Note: Dealing with ESI is not necessarily part of the File Shares Remediation process. HOWEVER, dealing with ESI is a step that MUST precede any actual remediation execution work.
In my next post, I will explore Step 2 of the File Shares Remediation methodology… the definition of the remediation execution process. In closing, I would like to re-iterate that File Shares Remediation and the File Analytics tool used, will most likely be integral to organizations efforts to achieve GDPR Compliance (due by May 2018).
Follow the full File Analytics series, including What are you waiting for? Govern Your Information Assets! and 4 Steps for File Share Remediation.
