I was thinking about one of the data points in our current State of the Industry Report (Free Executive Summary HERE) – the one that points to a rise in focus at large companies on risk and compliance as a primary business driver for IM.
The number of large organizations citing compliance and risk as the largest driver for IM has risen sharply in the past year from 38% to 59%. 44% of mid-sized organizations also cite this as the biggest driver whereas smaller organizations consider cost savings and productivity improvements to be more significant drivers.
To be honest, this data point bugged me a bit – it seemed at variance with some of my thoughts about Information Governance – i.e., that they key to moving Information Governance out of its narrow RM niche was to focus more on value rather than risk.
But I got a call from a significant company on the Fortune 1000 list (that will remain nameless for now) who posed a business problem that perhaps reinforces the above data point – but perhaps in a different way than I would normally consider the question.
Here are the points he/she raised. Kind of like a Harvard business case:
. We have our knowledge worker content currently in 3 places: 1) Google Docs; 2) an EFFS product; and 3) file shares.
. We are not a SharePoint shop. We are not in an industry space like financial services or pharma where there are a lot of industry-specific compliance or regulatory requirements.
.We want wherever possible to leave our existing information in place, and apply a “lite” governance layer (his/her words) above our 3 primary repositories that would allow us to understand what people are doing, apply retention and disposition where appropriate, be able to audit/verify these processes, and be able to apply holds should the occasion arise.
. Usability and simplicity – at both the administrative and individual knowledge worker level – is our top priority.
. In a nutshell, we want to be able to demonstrate that there is a level of adult supervision and accountability to how we manage our knowledge worker information. Does this need to be perfect, no. Does it need to be a verifiable process, yes.
. We want to start with three departments, but then scale up. Ultimately, the potential scale is quite large — 10+ terabytes.
. We are not interested in a lot of workflow functionality at this point. Perhaps down the road, but for now this project is being driven by the legal folks.
The fundamental question we would like to address and at reasonable cost is a very basic one and one that you, John, have raised in your presentations:
Where should we tell our knowledge workers put their “stuff” so that it is…1) Secure, shareable, and searchable so the ORGANIZATION can accomplish its goals; and 2) Works the way they work and is useful to THEM in getting THEIR job done. I have my own ideas about this, but I thought I would open it up to the community and perhaps everyone could share in the results.
The Advice Clinic is Open.
What recommendations would you give, and why?
While I got the subtle that they are not a SharePoint shop, likely indicating they don’t particularly want to BE a SharePoint shop, I would still tend to lean in that direction with particular emphasis on O365 as being able to provide the central search across the 3 repositories as well as the “light” layer of governance they mentioned without necessarily require the content to be migrated INTO SharePoint.
Let them continue to put their content where they are used to putting it. However, see if it can be better organized. I’d also look at one of the governance as a service type vendors to provide the adult supervision (contact me offline if you want specifics). The specific EFSS provider may have an impact on which IG provider can play.
As for why … minimize disruption and put IG in the background. I’m seeing far too many occasions where a 16LB sledge hammer is being used on a finishing nail (yes, John, you can use that).
—————————— PHIGs IMC Inc.
Hi I have a situation very similar to the above – client is using Google Docs, Dropbox and fileshares (and Yammer for messaging). They want to apply retention and disposition policies to these and have them be searchable (seems similar to the governance-lite model being discussed in this thread).
What are the governance-as-a-service options you are mentioning in your response?
There will always be exceptions, but users should be given as much freedom as possible to store where they consider most sensible.
While the business may not be subject to specific industry compliance, they will have compliance requirements for business/customer relationships, staff employment, stakeholders, internal services (like IT, planning) and building/premises.
So organisation of the information comes to mind, make it easier to find information for daya to day use and any legal requirements. Discovery is helped by segmentation, even if the metadata or search tool is weak.
This leads to guidance on what to keep and where to keep it, then how long to keep it. The last bit, for the tools described may be an issue as any retention/disposition process may require specilaist help.
It would be good to believe the business will grow and some thought should be given to the idea of how do we manage if business doubled.
One of the challeges all businesses are facing is IT services fragmentation where niche service, like Google docs, are fit for purpose, but may not suit effiecient and accurate customer engagement (for example).
John, I defer to others to address the WHERE question. However, with respect to HOW to make information “searchable so the ORGANIZATION can accomplish its goals,” I invite folks to check out this draft best practices document:
http://xml.fido.gov/stratml/references/AIIM-BP-StratML . pdf If there is any interest in finalizing and publishing that document as an AIIM best practice, I’ll be glad to collaborate with anyone who’d like to do so.
I’d also love to hear from any of AIIM’s vendor members who might be interested in building support for AIIM’s StratML standard into their products and services, thereby helping to answer to the WHERE question.
ANSI/AIIM 25 (or ISO 18829) is an assessment standard that would be the appropriate place to start. This national and now international standard was developed by the AIIM Standards program (C27.3 Trustworthiness) and is available to all AIIM members. I would strongly recommend this be downloaded and reviewed as all the steps, along with areas that should be included in any examination to determine how users are utilizing the organizational content, along with where it is, how many copies, how it is managed, how it is secured, etc. There are many recommended steps within ANSI 25 that have been documented through many industry experts incorporated not only actual experience but also knowledge of how these technologies work, and where they aren’t a good fit or just not needed. I hope this helps.
Information Professionals — What Advice Would YOU Give?
Please, would you help me to find ISO 18829 on AIIM website?