12 Things You Can Do NOW to Use BPM to Drive Digital Transformation

Jun 6, 2016 5:15:39 PM by Bob Larrivee

Process improvement and workflow are not new; in fact they have been around since the late 1980s.  Yes, they have evolved and continue to do so but as was true of ECM, Business Process Management -- once seen as a nice to have -- is now considered a critical part of business operations.

Process improvement and automation using BPM as the framework is an essential part of the Digital Transformation of businesses. The more paper is eliminated from processes and digitally born information is created, the greater the dependence upon and need for efficient, effective, and secure digital workflows. When assessing process improvement and automation opportunities, include the identification of and ways various information sets are integrated with the process and remember to look at the end-to-end process rather than just the departmental workflow. What gets changed in the department could have negative impact on other departments feeding this process or that this process feeds.

Our new survey (executive summary downloads free -- Process Improvement and Automation 2016) is available!

business process and automation  

12 Key Process Improvement and Automation Recommendations:

  1. Begin with existing process maps if they exist and if they do not; create at minimum, high level maps to document the steps in the process.
  2. Identify areas of opportunity for process improvement. Look for bottlenecks in the process and ways these bottlenecks can be eliminated. Perhaps use of parallel processing would be the approach.
  3. Improve the existing process before introducing automation or extending the automation capabilities you have in place. Automating an inherently bad process will not resolve the underlying issues.
  4. Uncover the real business problem you are trying to solve. When you are told that the issue is slow processing times or too many exceptions, look deeper into the root cause. Ask the question of why there are too many exceptions.
  5. Assess how paper can be eliminated from the process. If the reason for paper is one of acquiring signatures, explore how esignature can be incorporated to enhance the process and eliminate the paper.
  6. Take time to design the process. The best question to ask is why things are done the way they are and then explore how it could be different.
  7. Take inventory of your current BPM capabilities, using this as the foundation of reference when developing a set of requirements. In this way you can maximize your current investment and only purchase those technologies that are missing.
  8. Document the business requirements first. “I need capture capabilities of 500 pages-per-minute,” is not a business requirement. The business requirement is, “to process 10,000 applications per day, in 50 locations around the globe.”
  9. Build your functional requirement based on the business requirements. Map the current process of capturing applications from each location, including volumes and all activities to bring this information into your systems.
  10. Develop technical requirements based on the functional requirements and map these against your current technology sets. In other words, do a gap analysis to determine what is missing then seek to purchase the missing elements.
  11. Consider how cloud and mobile device use, along with mobile apps, can help address your current needs and support remote workers and stakeholder of your processes. At the same time, assess how these would be synchronized across the enterprise and the line-of-business applications. Remember that BPM can serve as the integrating mechanism.
  12. Establish a continuous improvement program that will periodically review and refine those changes you make now. BPM is not a one-stop project; it should be a cross-functional team sport that is ongoing across the enterprise.

-----

Some related resources on Business Process Management best practices worth checking out:

Download the FREE Process Improvement and Automation 2016 Executive Summary.

Check out this article on the survey -- AIIM research: more than half of businesses now view Process Management as imperative or significant

FREE white paper -- Business Process Management:  User Perceptions and Expectations

FREE webinar on June 15 with me -- No Longer a Luxury, BPM Is Imperative to Business Operations:  5 Steps to Learn How It Can Work for You.

Sign Me Up  

Read More

Topics: process automation, business process management, business process, bpm, digital transformation,

Why is Getting Rid of Paper Critical to Digital Transformation?

Jun 1, 2016 9:52:18 AM by Bob Larrivee

Process improvement and workflow are not new; in fact they have been around since the late 1980s.  Yes, they have evolved and continue to do so but as was true of ECM, Business Process Management -- once seen as a nice to have -- is now considered a critical part of business operations.

This continued evidence that business organizations have begun to seriously embrace the idea that their operations can survive without paper, and in fact function more effectively when paper is eliminated from their business critical processes. Getting rid of paper is a critical first step dealing with a broader question -- What is the role of content in Digital Transformation?  What we are seeing is Digital Transformation taking hold, not only between the Fortune 500, but also across all business types and sizes.  

New AIIM Process Improvement and Automation survey results released

A few key data points from our new survey (executive summary downloads free -- Process Improvement and Automation 2016):

  1. The majority of respondents see BPM as the combination of a systematic approach to improving business processes (97%) and workflow or BPM technology (79%). 66% see these technologies as "change management."
  2. Forty-eight percent of respondents say they are vaguely familiar or have no clear understanding of BPM. 18% say it is well understood and embraced in their organizations. [Note:  For newbies, you might want to check out our "What is Business Process Management?" page.]
  3. Nearly a third of respondents say there is no one directly responsible for ownership of their processes. 58% say they have process owners.
  4. Fifty-five percent of respondents say BPM is significant (38%) or imperative (17%) for their business. For 14% these technologies have little to no importance.

business process and automation

 

There is a growing realization that information once born digital, should remain digital and can in fact bring about greater value to the organization when managed and processed quickly and efficiently. There is also a growing realization that designing, automating, and refining operational processes enables business organizations to explore new types of innovation and instill creativity in relation to business process options, rather simply trying to enhance and support their current ways-of-working. Where once the limitation was based on media type or restricted to confinement within the corporate walls, businesses today can extend their processes and interactions beyond the corporate walls – securely.

Process improvement and automation are an essential part of the Digital Transformation of businesses. The more paper is eliminated from processes and digitally born information is created, the greater the dependence upon and need for efficient, effective, and secure digital workflows. When assessing process improvement and automation opportunities, include the identification of and ways various information sets are integrated with the process and remember to look at the end-to-end process rather than just the departmental workflow. What gets changed in the department could have negative impact on other departments feeding this process or that this process feeds.

-----

Some related resources on Business Process Management best practices worth checking out:

Download the FREE Process Improvement and Automation 2016 Executive Summary.

Check out this article on the survey -- AIIM research: more than half of businesses now view Process Management as imperative or significant

FREE white paper -- Business Process Management:  User Perceptions and Expectations

FREE webinar on June 15 with me -- No Longer a Luxury, BPM Is Imperative to Business Operations:  5 Steps to Learn How It Can Work for You.

Sign Me Up  

Read More

Topics: process automation, business process management, business process, bpm, digital transformation,

What Part of Being Blockbustered Don't You Understand?  Digital Transformation In Action

May 23, 2016 4:39:45 PM by John Mancini

Nobody wants to be Blockbustered.

It has become almost standard fare in the most presentations involving Digital Disruption to bring up the Blockbuster and Netflix example. So I thought it might be worthwhile to review quickly what happened to Blockbuster and then think a bit about other radically disruptive scenarios in a few other Industries.

The story starts in 1985. David Cook sold software in the oil and gas industry. There was a sharp downturn in that industry and he decided to open the first Blockbuster store in Dallas. Blockbuster grew rapidly and by 1994, they were sold for $8.4 billion to Viacom.

Check out this new AIIM white paper, by the way, Reimagining ECM in the Modern Enterprise, tied to a number of the themes in this post:

Download Now

A few years later, a fellow by the name of Reed Hastings was annoyed at being hit with $40 in late fees from Blockbuster for a rental of Apollo 13, and decided -- at a point when Blockbuster appeared invincible -- to do something about it. Netflix was born.

 

[I will add as a personal side note that in 1999 my middle son William, at the peak of the Blockbuster era, sold me a $15 Blockbuster card for $15. I didn't realize it until a few weeks later but there was only $1.72 on the card. He eventually wound up in software sales, likely indicating that long-term career choices are hinted at early in a child's development. But all of that's another story. ]

By 2004, Blockbuster had hit its peak with 9,000 stores globally and 5 billion dollars in revenues. At the same time, they separated from Viacom and launched their own DVD-by-subscription service -- about seven years after Netflix launched. By 2013, what was left of Blockbuster - now owned by Dish - was gone and the doors were shut.

Digital Disruption in Action.

Let's take a look at a few more examples.

This first chart shows the Google search history for Myspace. It doesn’t take a rocket scientist so see the point at which the “Facebook effect” kicked in. The speed with which this one happened is sometimes hard to believe.

Who could have forecasted in 2007 when the iPhone was introduced that it would ultimately lead to the demise of the leading handset provider in the world - in the space of just a few years:

The tidal wave of digital photography and Kodak's inability to adjust to that tidal wave is well-chronicled. Certainly the lights should have gone on in 2002 when the sales of digital cameras surpassed the sales of film cameras.

 Another cell phone example, and another victim of the disruption created by the iPhone.

The speed with which the business model for print publishing collapsed is still stunning. Less than a decade almost all of the value gone. The amazing thing about this story is that the value here -- largely driven by classified advertising -- wasn’t “acquired” by another disruptive player.  Rather a disruptive player created the conditions under which billions in value was simply distributed in tiny chunks to millions of end users. Craigslist.

And lastly, who can forget the example of printed books. The respective curves tell the story. We see the results all around us in the form of closed Borders and Barnes and Noble stores.

And lest we think that the content management space has been immune from ignoring the forces of disruption, here are two personal examples. I can remember back in 2007 sitting in meetings of established ECM players, and asking what they thought the impact of MOSS (Microsoft Office SharePoint Services) would be, and hearing the…”Interesting, but they don’t do what we do” response.  And a few years later, I recall hearing the same thing from some established vendors after hearing a Board briefing by Box.

All of this poses a couple of questions for any business.

Where is your disruption coming from? Odds are it is coming from someone that right now you think is irrelevant to you.

What are you going to do about it?

Have you tied your content strategy to your transformation strategy?

-----

Get on the advance list for the Information Professionals white paper HERE.

Here's the keynote deck in case you missed it. Socialize it and share it if you are so inclined. Also a fun compilation of AIIM16 Tweets HERE.

 

Read More

Topics: cip, information professionals, digital transformation,, digital disruption

Four Safeguards You Can Take to Protect Your Information - Part 3 of 3

May 19, 2016 9:21:49 AM by Mark Brousseau

4 Safeguards to Protect Your Information

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. 

This is the third post in the series; the first one is HERE, and the second one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…Risks you face from antiquated capture systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

New technology can help mitigate the above risks. I'm not here to sell you a system, I'm here to sell you an approach to a system. I'm telling you that if you're sitting on years old document scanning system, you're probably at risk and it's time for you to look for a system. Get out your legal pad. Get out your pen and get ready to write down the four things I'm about to tell you to look for in a new document scanning system.

Safeguard Number One – Impersonation.

The first safeguard is “impersonation.” No, no. Don't start belting out Elvis tunes. What you want is a system that writes data to a different user account than the one used by the scanner operator -- no more having the fox mind the chicken coop. You want to eliminate access to the network files and you want to ensure that operators can only access images through the capture platform. This keeps them from looking at things they shouldn't be looking at and doing anything with the images and data that they shouldn't be doing.

Safeguard Number Two – Protect your images and data.

The second safeguard is to look for systems that protect imaging data.  You want to look for strong encryption algorithms. Don't believe those that say, "Oh, you don't want to encrypt things, it'll slow your systems down." That is ten year old thinking. You need strong encryption algorithms that automatically protect all data stored on all hard drives and PCs and it won't impact your system performance.

In this kind of environment, your users can access data via an authentication device.  It might be a password, it might be a key. This enables the system to retrieve the information and decrypt it. Of course, your IT and your security folks can help you select and manage exactly what kind of full disk encryption technology is used. The key thing is you want to make sure that you have a scanning solution that supports full disk encryption.

You want to look for a document imaging system that uses Internet Protocol Security (IPSec) tunnels to encrypt data and images that are in motion. This is basically a framework of open standards that the propeller heads have come up with to help ensure private, secure communications over IP networks. It uses cryptographic security services. This hardened security will keep information in motion safe, and supports network level data integrity. It also supports data confidentiality and authenticates data. It makes sure that folks can't intercept your information.

Here again, your IT and your security staff can work with your vendor to configure IPSec based on your organization's requirements and needs. The key thing is you want to make sure that you have a document scanning solution that supports IPSec. You don't want to write sensitive information to a hard drive of a host PC. That makes no sense. If your solution is doing this, you need to look for a new system that will only write it into memory and not to a host PC that somebody can gain access to.

Safeguard Number Three – Secure your audit logging processes.

The third safeguard is audit logging. Audit logging is a really good way to monitor the health and operation of a document scanning system. Yet, it's really overlooked when it comes to security. When you look for a document scanning solution, look for one that supports detailed audit. You want to track every activity that occurs within the software and the hardware. This includes things like changes to admin passwords, and anything that might have been faxed or emailed or downloaded.

If your auditors haven't told you this already, log files are also critical for regulatory compliance. It's something that auditors expect and obviously something for which they are looking.  You want to make sure that batch log files are written directly to a network and not to a local drive. Finally, when it comes to audit logging, make sure that any sensitive information is sanitized in the log file. Today's document scanning solutions can sanitize information so that nothing is left out in the open.

Safeguard Number Four – Strong security management.

The fourth safeguard in a document scanning solution is strong security management. You should be able to do this yourself. You should be able to do it yourself with the security control panel. Dashboards should provide easy control of configuration. This makes it easy for your administrators to review security settings to help change them based on the needs of the business. It saves them a lot of time for network administrators as well as for IT professionals. It's easy to change the configurations.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

Defining the Information Professional of the Future

May 18, 2016 9:41:04 AM by John Mancini

I've been working on capturing some of my thoughts post-AIIM16 about Information Professionals, and will be publishing these in a series of blog posts that will culminate in release of a new white paper on May 31.  

The first installment was called -- From Jurassic Park to Digital Transformation -- a Tale of Information Professionals.  Part Two was called -- A Short History of Where Information Professionals Came From.  Part Three was Disruptive Technologies Create Need for Information Professionals.

Reserve your advance copy of our new  Future of Information Professionals white paper -- due out May 31.

Defining the Information Professional of the Future

I concluded my previous post with this thought:

In the mainstream, the focus is still on on-premise applications built on and for the PC. The core skills that are valued in the mainstream are focused on building and developing systems. At the edge, the focus shifts to the cloud, mobile technologies become the Lego building blocks of systems, and the skill sets that are valued within our IT staffs shift from building and developing to configuring and connecting.

More to come in the next post.

-----

So continuing....

So let’s return to our PEOPLE -- PROCESS -- TECHNOLOGY triad and think about how the world has changed -- and will continue to change.

On the PROCESS side, a revolutionary thing has happened. Process owners can now implement their OWN solutions. This creates incredible pressure to take monolithic business processes and turn them into applications. On top of this, the world is rapidly shifting to one in which most interactions will be on mobile devices. This means all processes must be reformulated from a mobile perspective.



This has interesting implications when we think about the world of TECHNOLOGY. As mentioned earlier, configuring, connecting, and mobile skills are now critical and in short supply. We need to rethink the entire notion of security. Security that was once defined purely in terms of what was inside and outside the firewall now needs to be reconstructed around individual information assets. And organizations are experiencing a massive Legacy drain on their ability to innovate.

Perhaps the most extreme change has been on the PEOPLE side of the equation. We have moved into a world in which usability is EVERYTHING. Even individual users can implement their own enterprise-like solutions, and if we try to get in their way they will do it anyway. There has been an enormous blurring of the lines between what is the home and what is the office. There is no way to put this genie back in the bottle, and organizations must understand that Millennials operate in a fundamentally different fashion than the email generation.

The implications of this relative to how we manage information are profound. The kinds of questions that are being asked in our organizations vary greatly depending on whether you view the world from a PROCESS perspective, a TECHNOLOGY perspective, or a PEOPLE perspective. And in an era in which enterprise-like capabilities are increasingly available without IT intervention, the short-term pressure for each of these people to actually communicate and cooperate with each other is decreasing.

Each of these players in the information management story has a different role to play in the organization, and in some ways they are all versions of information professionals. However their needs and requirements are vastly different.



End users need education on responsible computing practices and need to understand how their organization wishes to place boundaries on their use of information. Now that process automation solutions are available to a much wider range of companies than ever before through SaaS solutions, line of business executives must be educated to better understand what is possible. And technology specialists must keep up with a wide range of content and information management solutions, understand the relative strengths and weaknesses of each, and try to forecast the survivability of individual companies into the future.

But this still leaves the fundamental question of the role of the Information Professional in all of this.

Someone needs to own the big picture.

Someone needs to provide adult supervision to the process people, technology people, and end users that interact with content and information management systems.

Someone needs to help the organization think through what it means to manage information as a critical business asset.

Someone needs to act as the translator of the unique language of each of the people who interact with our information systems, whether they are from a PEOPLE perspective a PROCESS perspective or a TECHNOLOGY perspective.

We believe that that person is an Information Professional, and the CIP (Certified Information Professional) is his/her badge.

Get on the advance list for the white paper HERE.

-----

Here's the keynote deck in case you missed it. Socialize it and share it if you are so inclined. Also a fun compilation of AIIM16 Tweets HERE.

 

Read More

Topics: cip, certified information professional, information professional, information professionals

4 Risks from Antiquated Document Capture Systems - Part 2 of 3

May 17, 2016 8:58:26 AM by Mark Brousseau

4 Risks from Antiquated Document Capture Systems

I’m doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes. This is the second post; the first one is HERE.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

Where we left off in our first post…

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys. A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.

-----

Risk One from antiquated capture systems – Not encrypting the data while it's in motion.

The first risk that organizations face when it comes to antiquated systems is they don't have any protection for the images or data as they travel through their capture workflows.

Think about your operations for a second. You don't just scan something and let it sit there. Your image is likely involved in a workflow and that workflow probably is increasingly touching people who are on different floors, in different buildings and maybe in different countries. Yet, most old document imaging systems aren't encrypting this data or these images. While they're travelling across the enterprise or the extended enterprise, they're left literally out in the open for the bad guys to intercept them.

What's more, in most scanning environments, operators must have network or file system rights to the location where images are written. Think about this for a moment.  Images and data aren't being encrypted, and anyone who operates the system is going to have access to them unencrypted.  This obviously opens the door for an operator to read information that they shouldn't be reading. If you're processing medical records, if you're processing financial documents, or if you're processing something on behalf of a sensitive government entity, you've now laid that information open to internal staff.  

Finally, images also can be written to the scanner's local hard drive prior to writing the data to a network file repository. Think about this for a second. Most folks assumed that once an image is captured on a scanner, it goes immediately to an archival. This isn't the case at all. With antiquated systems, they're written to a hard drive and then moved to a network file repository.  Here again, the information is out in the open for a bad guy to be able to look at or to intercept.

Risk Two from antiquated scanning systems – Unsecured log files.

The second risk organizations face is unsecured log files. A key tool in recognizing security breaches is a log file. We all have them. It's a standard feature in every operating system, application, server platform, scanning software, it's everywhere. It shows you what's going on with the health and operation of your system. By monitoring log files, you can identify potential wrongdoing. It helps you and prevent security breaches.

This creates a problem. Antiquated document scanning systems write log files to a local hard drive of the scanner's host PC.  What this does is it puts them beyond the control of the system administrator.  Essentially, this means you've got the fox minding the chicken coop. It is difficult for the administrator to watch that log file and see what's going on. As has been well chronicled at AIIM studies, we know that there's more and more data being captured and put into those log files. That's information you don't want sitting out in the open. This is tantalizing stuff for somebody who's up to no good.

Risk Three from antiquated scanning systems – Poor visibility into operator activities.

The third risk from antiquated document scanning systems is poor visibility into operator activities. Old scanning systems make it difficult to track and audit the activities of their staff and this opens the door for unauthorized access or even distribution of sensitive data in an undetected environment. If you can't track it, you can't fix it and you can't catch it.  17% of organizations admit that their staff already bypasses security restrictions placed on them. That's not to say those folks are up to no good, it's just to show that staff will do the most expedient thing.

Now, think about introducing a bad guy into the kind of environment where it's okay that one in five staff goes around security steps. When you have an environment where it's difficult to track and audit, you have an environment where you're leaving yourself open to risk.

Risk Four from antiquated scanning systems – Poor security management.

The fourth risk that organizations face with antiquated security systems is poor security management. Older systems require manual processes for network administrators to review and to change security settings. In most cases, this stuff is set up when somebody originally came to install the system and is left alone until something goes wrong. That's what is wrong with this scenario. It's a hassle for the administrator to change the settings and this leads to less frequent security configuration reviews and this puts you at risk. Manual processes do not provide a comprehensive view on a network and they don't make it easy for you to adjust to change in business requirements to ensure that you're not at risk.

In our next post, Mark will take a look at the safeguards you can take to protect yourself against these 4 risks.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

Increasing Security and Compliance Concerns for Document Capture – Part 1 of 3

May 13, 2016 10:09:04 AM by Mark Brousseau

Think Your Scanned Images are Safe?  Think Again

I’ll be doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml.  The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes.

About our guest poster:  Mark Brousseau is a noted marketer, analyst, speaker and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full service marketing PR and business development firm specializing in the payments and document automation arenas.

Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.

Free white paper from ibml

-----

As we begin 2016, the biggest threat to your business probably isn't the proverbial competitor down the street. It's someone who wants to take advantage of your corporate information. We know that a growing number of businesses and government entities have already become cyber war victims.

  1. It wasn't that long ago that there were front page headlines when tens of millions of Target and Home Depot customers had their information stolen from those retailers.
  2. Just last March, health insurance company Anthem admitted that it was attacked. The personal information of as many as 80 million Americans information was vulnerable as a result of that attack. 80 million -- that's one quarter of the entire U.S. population.
  3. Last Fall, the U.S. government's Office of Personnel Management admitted that their employee database was hacked. The bad guys got personnel data on millions of federal employees, including their fingerprints and their job applications. Think about what must be on those job applications.
  4. Even the people who are protecting us are not immune. Just recently, Juniper Networks -- these are the guys who make firewalls and network security equipment -- admitted that they were hacked.

2015 was the compliance and security wake up call for businesses and 2016 needs to be the year you get your act together. You can't afford any more data leaks, lost patient records or corporate espionage. You can’t afford the cost, the penalties, the fines and the reputational risk that comes with these violations and data loss and the impacts of data leaks are significant.

Two-thirds of companies say the potential impact of a data leak would be high. 13% of companies say the potential impact of a data leak would be disastrous. That's not so hard to believe when you consider what that stake from a reputational and financial standpoint. In fact, a lot of folks focus on the financial piece of this. According to studies, the average cost of a single data leak is $7.2 million. When you think about what Target went through with their breach, $7.2 million seems like table stakes.

These costs are only going to go up. Increased regulations, standards, and rules are raising the stakes. They're raising the potential cost and penalties that you could suffer if your data is lost or you have a compliance violation.  Two-thirds of organizations see that ensuring the privacy of customer data is essential. Well, that's good news. Two-thirds of organizations also see that compliance with industry and government regulations is also essential. This is a big driver behind a lot of data capture system purchases.

In fact, 30% of organizations say that compliance and security considerations is the most significant business driver of document and record management projects. That's staggering; most assume it's cost efficiency and productivity.

PCI (payment card industry) compliance is going to take more and more of the headlines as corporate America continues to push harder and harder away from paper based checks and toward electronic transactions. We're going to find that while many organizations knew how to safeguard check information, they really don't understand how to do the same in an electronic world, where it's easier for folks to intercept that information. That’s just the tip of the iceberg. There are 13,982 other regulations that are impacting businesses, all of them with their own cost and their own risk. Every day, there are people in Washington DC dreaming up more regulations about how to manage your data.

You've undoubtedly put in permissions and access controls, and you've implemented antivirus and malware tools. You've probably regulated the passwords your staff uses so they can't use their birth dates or 123456 anymore. You've implemented perimeter security so that folks can't walk in and out your front and back doors and literally take your information with them.

Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems and it is in the unlikeliest of places -- your document scanning and data capture systems.  Your information on-ramp is leaving you vulnerable to the bad guys.

A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations.  In our next post, Mark will discuss the four risks of antiquated scanning systems:

  1. Not encrypting the data while it's in motion.
  2. Unsecured log files.
  3. Poor visibility into operator activities.
  4. Poor security management.

-----

About ibml (sponsor of the original webinar)

ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements.  Combining intelligent scanners, software and services, ibml solutions  automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at sales@ibml.com.

Check out 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations from ibml.

Read More

Topics: compliance, imaging, scanning, capture, security, information security

Calling all Information Professionals – What #InfoGov Advice Would YOU give to this company?

May 12, 2016 12:47:31 PM by John Mancini

Calling all #InfoGov experts – What Advice Would YOU give?

I was thinking about one of the data points in our current State of the Industry Report (Free Executive Summary HERE) – the one that points to a rise in focus at large companies on risk and compliance as a primary business driver for IM.

The number of large organizations citing compliance and risk as the largest driver for IM has risen sharply in the past year from 38% to 59%. 44% of mid-sized organizations also cite this as the biggest driver whereas smaller organizations consider cost savings and productivity improvements to be more significant drivers.

To be honest, this data point bugged me a bit – it seemed at variance with some of my thoughts about Information Governance – i.e., that they key to moving Information Governance out of its narrow RM niche was to focus more on value rather than risk.

But I got a call from a significant company on the Fortune 1000 list (that will remain nameless for now) who posed a business problem that perhaps reinforces the above data point – but perhaps in a different way than I would normally consider the question. 

Here are the points he/she raised.  Kind of like a Harvard business case:

  1. We have our knowledge worker content currently in 3 places:  1) Google Docs; 2) an EFFS product; and 3) file shares.  We are not a SharePoint shop.
  2. We are not in an industry space like financial services or pharma where there are a lot of  industry-specific compliance or regulatory requirements.
  3. We want wherever possible to leave our existing information in place, and apply a “lite” governance layer (his/her words) above our 3 primary repositories that would allow us to understand what people are doing, apply retention and disposition where appropriate, be able to audit/verify these processes, and be able to apply holds should the occasion arise.
  4. Usability and simplicity – at both the administrative and individual knowledge worker level – is our top priority.
  5. In a nutshell, we want to be able to demonstrate that there is a level of adult supervision and accountability to how we manage our knowledge worker information. Does this need to be perfect, no.  Does it need to be a verifiable process, yes.
  6. We want to start with three departments, but then scale up.  Ultimately, the potential scale is quite large -- 10+ terabytes.
  7. We are not interested in a lot of workflow functionality at this point. Perhaps down the road, but for now this project is being driven by the legal folks. 
  8. The fundamental question we would like to address and at reasonable cost is a very basic one and one that you, John, have raised in your presentations:
Where should we tell our knowledge workers put their “stuff” so that it is…1) Secure, shareable, and searchable so the ORGANIZATION can accomplish its goals; and 2) Works the way they work and is useful to THEM in getting THEIR job done.

I have my own ideas about this, but I thought I would open it up to the community and perhaps everyone could share in the results. 

The Advice Clinic is Open.

What recommendations would you give, and why?

-----

You might also be interested in this white paper on EFFS technologies:

Download Now

 

Read More

Topics: information governance, electronic records management, records management, efss

The AIIM Community Gives Back - Twice

May 12, 2016 9:30:56 AM by Georgina Clelland

We introduced something new to The AIIM Conference in 2016, an element of social responsibility. As the VP of Events here at AIIM, it was incredibly important to me that we give something to a charity local to our host city of New Orleans that our attendees had created.

Read More

Topics: aiim, aiim16

The E3 Method of eDiscovery at the A+E Network

May 10, 2016 9:11:51 AM by John Mancini

Kevin Craine: Hubie Dorsainvil, Director of Litigation Support and Records Management at A+E Television Networks, and Gretchen Nadasky, Manager at Optimity Advisors, discussed the "E3 Method of Collaboration" at #AIIM16.  Tell us a bit about "E3."

Gretchen Nadasky: The E3 Method for collaboration came out of my experience for the records management project at A&E Network. Together, we were charged with developing a brand-new records management program at the company. It was something that was new to both executives and employees.

 

Since it was going to be an enterprise-wide program, we really had to get collaboration from all twenty-eight departments, as well as buy-in from all of the executives, all the way up to the CEO and the Board. We developed this way of building out a network explaining what records management is, through specific methods by developing messages so people would understand why records management was important to them. Through that experience, the E3 Method was born -- Engagement, Expectation, Enthusiasm.

Really anyone who has an idea, can benefit from the E3 Method. You can use the E3 Method whether you are trying to plan a vacation with your family, trying to do an enterprise-wide project that needs support of employees and executives, or trying to start a new process within a division of your company. It really can be used for anything as a way of getting things done.

The key point is that people have ideas, but they don't know how to initiate them and get support for ideas. Especially in the world of collaboration and networking, where everyone is expected to work together, the E3 methods can be used to make a road map. 

Companies like A&E are struggling with the incredible explosion in content that is being developed. It's great that we have all these new technologies, and that a lot of things are being transformed in a digital way. However, I don't think we are at the point yet, where people have their arms around how to manage all of that content, preserve it, and curate it, and audit it, and make sure they are not paying to store things that aren't useful, or helpful. 

Kevin Craine: Hubie, what are the particular litigation and records management challenges that you face at A&E Television?

Hubert Dorsainvil: My role at the company is to get the word on records management out into the actual company, so that everyone can start using those actual principles.  At the A&E Television Network we have a tremendous amount of data that we are trying to go through. We are trying to reduce the scope of actual discovery and not expose ourselves to litigation risk.

Part of the challenge is trying to control the volume of data that we have, that we can reduce the scope, and reduce our discovery costs in the process. As far as records management is concerned, we are new to this records management game, and we are trying to get everyone on board, so that they understand that records management is the responsibility of every single individual in the company. It's a daily function that should be practiced every single day. We are really trying to teach individuals how to use records management principles to conduct everyday business.

As a media company, we are in the forefront of all of this new technology in regards to digital media, and social media, and things of that nature. Everything is moving so fast. Technology is constantly changing. The amount of data that is out there is constantly growing. We are struggling trying to keep up with all this stuff. 

[Note: The above content was excerpted from an AIIM On Air podcast, hosted by Kevin Craine. Responsibility for the editing rests with me.  Check out the original podcast (and subscribe!) and also all the other additional podcast content -- much more to come!]

------

I'll be doing a member-only VIP debrief of AIIM16 on this presentation -- and 20 others! -- with Kevin on May 19.

Save Your Seat!

Some of my own post-AIIM16 musings can be found in these posts -- check them out.

 

Read More

Topics: aiim16

About AIIM

AIIM provides market research, expert advice, and skills development to an empowered community of leaders committed to information-driven innovation.

Subscribe to Email Updates

Process Improvement and Automation 2016