With our webinar: Beyond Retention Rules: Managing Information Policies and Lifecycles, we wanted you to understand that managing retention rules was just the beginning of managing your information. Full lifecycle information policies can ensure that all your information, regardless of whether it’s deemed a “record” or not can be securely and efficiently managed from creation through to disposition. Here’s a summary of Ken Lownie, VP of Everteam North America’s talk.
Going Beyond Retention Rules
Everteam recently conducted a survey that examined how organizations are approaching policy management. One of the questions asked was if the organization had a complete set of retention rules. Of the responses, only 25% had a complete, well-defined set of rules. The rest ranged from having a partial set to nothing at all.
For many, retention rules are the first step to building an information catalog, and we can see there’s a long way to go before we can say organizations have this covered. But just because you are still working on retention rules, doesn’t mean you shouldn’t be thinking about the bigger picture.
3 Generations of Records Management
Let’s talk a walk back through time – Ken promised it was for a good reason – and look at how records management has changed over time.
- First Wave: The Box Generation: We all remember this one – paper records. Files are tagged based on type, collected and routed, moved and managed manually. The key takeaway? It’s all about the centralization of physical files.
- Second Wave: Ingestion-Based Solution: Physical files are scanned and captured, identified, tagged based on type, collected electronically and routed, moved and managed using workflows. The key takeaway? It’s still about the centralization of files – although this time they are electronic.
- Third Wave: This is where we are today, shifting away from capture and archive to federation – managing information in-place. Data assets are classified and left where they reside. When new assets are added, they are automatically classified. The Third Wave of Records Management is about more than a set of retention rules; it’s about managing all your information, where ever it lives.
How a Federated Solution Works
This part is tricky to explain without the interactive diagram Ken showed (so be sure to watch the replay below), but let’s try.
It starts with Connect and Cleanse
You have all these source systems containing lots of information, often versions of the same information. A centralized solution connects to all these disparate repositories and creates a centralized index all of the information. Full-text, metadata, location, file properties and so on is captured and managed through this index. With it, you can now search for information using any number of query parameters. You can analyze the information, identify redundant and obsolete assets.
Then You Classify and Govern
From there you can classify your information and associate retention rules with each class. But where do you store the retention rules and other information policies? That’s where the Information Catalog comes into play.
The Information Catalog provides a place to define your taxonomy/information classes, define retention rules, data lifecycles, and information policies. You can also define related entities. You can start with defining only retention rules, but you miss out on the opportunity to better manage all your information.
To make this all work requires a workflow system that automates much of the work to do. It can move an asset to a long-term archive (the third part of this solution, although not an absolute requirement). The workflow will automatically execute the disposition process, including kicking off a review and approval of disposition activity. It will notify users and administrators of events or changes to policies and more.
What Lies Beyond Retention Rules
You could use a spreadsheet to manage your retention rules, and for some, it may work fine. In the same Policy Management study, 20% said they use a spreadsheet. However, a larger percentage use a combination of tactics to store policies, and that makes management very difficult.
For those that store more than retention rules, spreadsheets are even more cumbersome:
- It’s difficult to coordinate the collection and revision process among multiple contributors
- Spreadsheets can’t handle multi-jurisdictions
- It’s difficult for users and systems to consume information.
Introducing the Information Catalog
An Information Catalog lets you manage more than retention rules. It helps you manage all your governance policies. Why is this rule in place, what’s the citation, who is responsible for the data types, how long is it in effect and so on?
Also, the Information Catalog supports dynamic policies with context and citation. For example, for the first two years of this information asset’s lifecycle do one thing, then move the asset to a different location. Dates and events that happen outside the system can trigger workflow processes to kick in.
Here’s the full list of capabilities for an Information Catalog:
- Retention Rules
- Full Lifecycle definition
- Trigger Events
- Related Citations (Regulations)
- Related Departments/Responsible Owner
- Security/Confidentiality Classification
- Other Cross-References and Groupings
And here is the full list of requirements for a “Third Wave” Information Catalog:
We all know it’s important to manage our organization’s information effectively. But manual processes and spreadsheets aren’t enough considering the amount of information we store and the number of legal and compliance regulations we must comply with.
An Information Catalog is the place to store all your information policies, but you will need to connect it with the systems and tools to ensure those policies are enforced.
Lots more information to be heard in the webinar replay. You can watch it here.