embrace information governance - the time is now! - arma houston 2014 keynote address

EMBRACE INFORMATION GOVERNANCE - THE TIME IS

NOW!Jim Merrifield, IGP, CIP

FileTrail, Inc.@Jimerrifield

Learning Objectives

Manage information risk and ensure compliance with business requirements

Develop an IG strategic plan and framework that works

Gain control of information and optimize its value

Reduce cost by disposing of information when it’s no longer needed

Embrace

TO TAKE OR RECEIVE GLADLY OR EAGERLY; ACCEPT WILLINGLY: To embrace an idea

TO AVAIL ONESELF OF: To embrace an opportunity

Embrace What?

Information Governance is…

The specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient us of information in enabling an organization to achieve its goals.

Information Governance is…

A strategic framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable to create, organize, secure, maintain, use, and dispose of information in ways that align with and contribute to the organization’s goals.

Information Governance is…

Information Governance is…

Why Now?

Over 60% of respondents indicated that eligible ESI is not regularly deleted

Only 5% of respondents reported automated disposition processes for all their collaboration tools (e.g. project sites, SharePoint), while 62% had no automation or did not know

Less than 10% of respondents considered management of “new media and locations” (e.g. cloud services, mobility, social channels) at their organization mature

Only 8% of respondents report that records management metrics at their organization are mature

Only 12% indicated that records management planning is integrated with application decommissioning

Why Now?

In December, 40M Credit Cards were hacked

Invested $100M into chip-enabled card technology, implemented in 2015

Has $100M insurance coverage but potential loss may exceed $1B

Investors need to keep close eye on data breach investigation before investing

Why Now?

71% have no idea of the content in their stored data

58% are keeping information indefinitely

79% spend too much time and effort manually searching and disposing of information

58% still rely on employees to decide how to apply corporate policy

ADEM Model

Assessment of Information Risk &

Compliance

Information Risk & Compliance

Information Risk & Compliance

What information is needed to support business processes?

What steps must be taken to be in compliance with governing laws and regulations?

What information should be destroyed and when?

Information Risk & Compliance

Conduct Legal Research

Identify Internal IG Requirements

Create a Risk Profile

Perform Risk Assessment

Develop Mitigation Plan

Develop Metrics to Measure Results

Execute & Audit Progress

Conduct Legal Research

Software Citation Subscription

Online

Library

In-house Counsel

Identify Internal IG Requirements

Highly Regulated or Not?

Knowledge Management

Corporate Culture

Other Business Factors

Create Risk Profile

Simple is Best

Short and Sweet

Annual or Semi Annual

Create Top-10 Greatest Risks

Perform Risk Assessment

Develop Mitigation Plan

Develop Metrics & Measure Results

Reduce e-discovery costs by 25% over the previous fiscal year

Provide information risk training to 100% of Senior Management

Reduce the number of hack intrusion events by 75% over the previous fiscal year

Execute & Audit Progress

Regular Team Meetings

Key Status Reports

Review of Metrics and Process

Communication using collaboration software tools

Develop Your IG Program

Develop an IG Program

Identify Key Stakeholders

Adopt a Vision

Analyze Internal/External Drivers

SWOT Analysis

Identify Key Stakeholders

IT, RIM, Legal, Compliance, Audit, Privacy, HR, etc.

Obtain Executive Sponsorship

Development Roles/Responsibilities for your Key Stakeholders

Adopt a Vision

What is your goal for the next 3-5 years?

Define steps to take to meet your business goals

And Don’t Give Up!

Analyze Internal Drivers

Corporate Culture

Current Business Plans

Financial constraints

Analyze External Drivers

Technology Trends

Industry Best Practices

How you “Stack Up” with your competition

SWOT Analysis

Establish Your IG Program

Policy & Procedure

Clearly define the scope of your policies and procedures to ensure all information is managed throughout the enterprise

Communicate Your IG Program

Consider who will be impacted by the new policies and procedures

Knowing all parties that will be affected helps determine the means by which you communicate

Customize your message for IT, Legal, Business, etc.

Outline Goals of the Program

Training

Classroom Instruction

Online Learning

Series of Training Videos

Be Consistent

Add to New Hire Program

Monitor & Audit Your IG Program

MetricsAmount of information created v. amount disposed

Amount of information initially captured for holds v. amount actually produced to courts

Records disposition metrics may include % of content disposed in any given month

Compliance with end user training

Change Management

What Were Trying To Achieve?

Reduce Risk

Ensure Compliance

Maintain Security

Retain Properly

Dispose Consistently

Soft Skills

Analytical

Leadership

Planning/Forecasting

Communication

Get Social

What Was Your Dream Job?

Look, if you had one shot, one opportunityTo seize everything you ever wanted, one

momentWould you capture it or just let it slip?

- Eminem - One Shot

Jim Merrifield, IGP, CIP

Phone: (646) 584-7687Email: JMerrifield@filetrail.comTwitter: @jimerrifield @FileTrailWeb: www.FileTrail.comBlog: www.infogovmode.com