File Share Remediation Process - Step 2

Shared Drive Remediation: Step 2 Define Remediation Execution Process

I want to dig a little deeper into what is involved in Step 2 of the Shared Drive Remediation process… the Definition of the Remediation Execution Process.

File Remediation Process

Once the remediation policies have been defined (rules about what defines various classes of Information Assets and what actions to take on them), the next step is to define in detail the actual remediation process from an execution point of view:

Activity Description Notes
Survey and Inventory File Shares Identify and generate an inventory of the File Shares within the organization The foundation of the Map
Estimate Data Volumes Assess the volume of content located within the various File Shares Guesstimate?
Identify business nature of content Identify the business nature of the content within each File Share
Define final state each File Shares Determine the desired final state of each of the File Shares (or groups of them):

  • Move off-line
  • Decommission
  • Continue to use for legacy content
  • Limit use to new content only
Take into account the overall Digital transformation and IT strategy of the organization
Define batch-based remediation process Define a batch-based remediation execution process:

  • Define discrete batches
  • Define batch groups
  • Define exception handling procedure
Provision File Analytics solution needed for remediation work Provision File Analytics solution to be used for File Shares remediation work

Assess infrastructure requirements for the solution and provision the infrastructure:

  • Servers
  • Database
  • Audit trail
  • Dashboards
Prioritize processing of batches Prioritize the processing of batches and batch groups:

  • Budget considerations
  • Risk considerations (Risk Matrix)
  • Legal considerations
  • Value considerations
  • Timeline and deadline considerations
  • Compelling events considerations
Example: Abandoned File Shares for Completed Projects or File Shares of Departed Employees.
Define exception handling Define what constitutes an exception to the processing rules and how these exceptions are handled:

  • Apply policy/rule that is the safe choice
  • Move to separate track for handling by a human
Example, missing metadata element that is deemed to be mandatory for classifying a record
Define monitoring and reporting Define monitoring and reporting framework:

  • Who to report to? Dashboard?
  • What information include in report?
  • Who to send notifications to and what are the thresholds?
Define a RACI model Define a RACI model for remediation work to be performed. RACI = Responsible, Accountable, Consulted, Informed
Obtain internal approvals Obtain the necessary internal approvals for the policies as well as the start of remediation work:

  • BOD (in some cases)
  • Legal
  • Business
  • IT
  • Risk

As stated previously, dealing with ESI is not necessarily part of the File Shares Remediation process. HOWEVER, it is a step that MUST precede any actual execution of remediation work.

Coming up next I will explore the definition of ROT content and the issues involved in it.

Check out the full series to get caught up and subscribe to our newsletter to keep up to date on all our content.