The AIIM Blog - Overcoming Information Chaos

8 Things to Consider When Aligning with Today’s Growing Corporate, Legal and Regulatory Standards

Written by John Mancini | Mar 28, 2010 10:53:51 PM

Enterprises today are faced with explosive growth in the volume and complexity of information, as new forms of content and communication become a part of every organization. Adding to the challenge, the legal and regulatory environment for most enterprises has become more rigorous, imposing significant obligations on all types of content and information channels. Entities need to find methods to address these disparate needs if they are to effectively manage risk and derive the true value of information within their environments.

1. Understand the Information You Have

The basis of any effective information management strategy is using methods to understand content. Establishing what a given piece of information means is a predicate to managing almost any obligation. Entities have to establish that a given document is a contract to apply appropriate retention and understand the parties and content in an email to appropriately preserve and discover.

Understanding information is also imperative for organizations to evaluate risk at a given point in time. And while many organizations have well developed quantitative risk management programs, few are focused on qualitative risks—especially those that arise in unstructured content.

2. Leverage a Meaning Based Computing Platform

Historically, enterprises have relied heavily on manual methods to understand, organize, and manage information. When content volumes and complexity were more limited, while difficult, this method was at least minimally sufficient. Today and in the future, a model that relies so heavily on manual methods to understand the growing volume and complexity of information will likely fail.

Computing power and advancements in software analytics now provide solutions that can automatically form an understanding of information; a model often referred to as Meaning Based Computing (MBC). MBC has evolved over the last decade, and mainstream enterprises are now using it to address some of the most critical information risk areas.

3. Make Your Information Governance Multi-Channel

The information used by organizations to conduct normal operations often arises and moves through more than one channel. Many business transactions may occur on the phone, over email, or through a web channel. In fact, some individual transactions may incorporate elements of all three. Enterprises must be prepared to address the multi-channel nature of information, especially as future technologies will continue to evolve in this area, and even more technologically savvy generations become a larger share of the population.

4. Apply Automated, Policy-Driven Control

Over the past decade, most organizations have developed policy manuals and outlined documented controls for information. Taking those written controls and actually applying them to relevant information is often lacking. Leveraging an MBC or similar platform, enterprises can now incorporate actions through policy in the technology itself. For example, once a solution establishes that a given piece of information is a corporate record, a policy can be invoked to assign a retention period and place appropriate controls. Policy-driven controls can also apply several different rules if information is subject to more then one set of obligations. Finally, policies can help proactively identify information that may violate regulatory, statutory, or corporate rules and alert compliance officers, lawyers, or other responsible parties to mitigate potential risk.

5. Use Forensically Sound Indexing & Search

Accessing the breadth and volume of information by organizations is critical. At no time is this more important than when doing so in the context of a regulatory inquiry or litigation. Many search engines available today miss relevant information because of their performance-enhancing shortcuts that are designed to improve the response time and relevancy of information access requests from employees. When these shortcut techniques are applied over even a modest number of files, the result is an arbitrary and incomplete set of documents.

In legal cases, enterprises are under a duty to provide all relevant information, not just a subset of information that was easy for a search engine to find. The inability to assess all the relevant data and quickly develop an informed initial case strategy creates additional risks and prevents enterprises from accurately assessing their position in a given matter.

6. Manage Content in Place

In order to avoid disrupting productivity, a system must provide flexibility for users to manage content in place without the need to move the information into a centrally managed repository. Any model that assumes large volumes of potentially valuable information must be centralized for control will likely fail or create such inefficiency as to render the solution a costly burden. Solutions that can manage content in place, and/or provide ready access to those responsible for normal business operation, greatly improve the efficiency of managing information assets and significantly reduce storage costs.

7. Account for Many Languages & Many Jurisdictions

Businesses and governments today operate in a highly interconnected global marketplace. Even mid-sized companies will conduct business in dozens of different jurisdictions. This requires that information governance strategies be language independent and allow organizations to access and understand potentially relevant information regardless of origin.

The ability to adhere to different and sometimes conflicting information governance obligations across jurisdictions is also important. Enterprises will need methods to apply the right controls at various points and not assume one set of rules or policies will suffice globally.

8. Proactively Address Scalability Needs

Enterprises today produce ever-increasing volumes of information in varying forms and formats. Compound annual growth rates for most organizations are estimated at 60 percent, with large enterprises now regularly managing over a petabyte of information. Given these information growth rates, organizations must look at solutions and models that can scale accordingly. Information governance strategies should look at scale as both a function primarily of processing and secondarily storage. Often enterprises consider storage as the primary requirement of information growth, but in reality, the need to understand, act, and process information will continue to take on greater importance.