I’d like to dig a little deeper into Step 1 of the File Shares Remediation Process: Define Remediation Policies and Rules.
You will remember in my previous post I suggested a methodology organizations can follow in File Shares (Shared Drive) Remediation projects. There is nothing earth shattering about this methodology… what I proposed was a series of logical and commonsense steps.
And yet, it is amazing how many customers struggle with figuring out what to do, where to start, and what tools to use.
The starting point is to establish a common understanding with the organization that their Information Assets fall into a minimum of four general classes: Business Records, Business Content, ROT and ESI. Then, it is important to establish the policies and rules about the characteristics of Information Assets that fall into each of these classes and the Actions to take on these assets.
The following table should help you in your asset definition and action planning:
|Information Asset Class||Definition||Actions|
|Business Records||When does an Information Asset become a Business Record?
|Business Content||Usually this is defined by what is left AFTER Business Records, ROT and ESI have been identified
Some organizations may define sub-classes of Business Content
|ROT||Redundant: duplicated information located in multiple places
Obsolete: information “no longer in general use” or “discarded” or “replaced” or “outdated”
Trivial: information of very little value… all stuff not meeting the d definition of records, corporate knowledge, business insight, or any other value category
Based on AIIM definitions
|ESI||Information Assets in any of the above classes but are found to be responsive to active or upcoming litigation (typical eDiscovery process)||
Important Note: Dealing with ESI is not necessarily part of the File Shares Remediation process. HOWEVER, dealing with ESI is a step that MUST precede any actual remediation execution work.
In my next post, I will explore Step 2 of the File Shares Remediation methodology… the definition of the remediation execution process. In closing, I would like to re-iterate that File Shares Remediation and the File Analytics tool used, will most likely be integral to organizations efforts to achieve GDPR Compliance (due by May 2018).
Follow the full File Analytics series, including What are you waiting for? Govern Your Information Assets! and 4 Steps for File Share Remediation.