planning information governance and litigation readiness
DESCRIPTION
Presentation on Information Governance, Litigation Readiness, E-Discovery, and Records Management. Given at the AIIM-Wisconsin / Milwaukee Bar Association 6th Annual Electronic Discovery Conference on November 1, 2013.TRANSCRIPT
Information Governance: Planning for the Next 3 Years
Richard Medina, Doculabs AIIM-Wisconsin / Milwaukee Bar Association 6th Annual Electronic Discovery Conference
November 1, 2013
Agenda
1. Introduction and Background to the Issues
2. Program Framework, Roadmap, and Recommendations
3. Example Problem: Defensible Disposition
4. Next Steps
© Doculabs, Inc. 2013
Resources
• There are lots of resources on the issues I discuss.
• http://www.aiim.org/community/blogs/expert/Resources-for-Information-Governance-Planning-for-the-Next-3-Years
3
© Doculabs, Inc. 2013
Resources: Introduction and Background to the Issues
1. Introduction and Background to the Issues – Planning the Next 3 Years (2011 to 2014) – Planning the Next 3 Years (2014 to 2017)
• How to Get from 1998-Style Records Management to Information Governance for 2018
• How to Calculate ROI for E-Discovery (with Calculator) • A Reference Model for Systems of Engagement and Systems of Record • A Content Technology Roadmap • How to Succeed at Mobile Content Management • 6 Key Considerations to Going Mobile • Two AIIM Webinars and a Survey on Mobile Content Management
© Doculabs, Inc. 2013
Resources: Program Framework, Roadmap, and Recommendations
2. Program Framework, Roadmap, and Recommendations A. Overall Program Strategy
• How to Develop and Implement your Discovery Readiness Program • Which part of E-Discovery Should You Fix First? • How Should Large Companies Manage the Lifecycle of their Dynamic
Content? • How to Succeed at Email Management if You’re a Midsized Organization
B. Governance and Operations
• Are You Hiring a Records Manager? • E-Discovery Roles and Responsibilities in a Successful Litigation Readiness
Program • Records Management Roles and Responsibilities in a Successful RM Program • The ECM Governance Model
C. Information Organization
• You Gotta Know the Territory: How to Segment your ESI • A Manageable Taxonomy of Taxonomy Management Tools
© Doculabs, Inc. 2013
Resources: Program Framework, Roadmap, and Recommendations
2. Program Framework, Roadmap, and Recommendations C. Process Design and Implementation
• E-D Process Flow Diagrams for your Current and Target Future State • 3 Best Practices for Developing Records Management Policies and
Procedures • The Difference between Records Management Policies, Procedures, and
Guidelines • The Processes for Managing your RM Rules • Here’s the First Draft of your Social Media Policy
D. Architecture and Technology • How Different is Legal Document Management? • How to Start your Company ECM Program with Legal Document
Management • Immediately Stop Using Tape for Archiving
E. Communications and Training • (nothing yet)
© Doculabs, Inc. 2013
Resources: Example Problem: Defensible Disposition
3. Example Problem: Defensible Disposition • A 4-Step Methodology for Defensible Disposition • Developing your Assessment Plan for Defensible Disposition • Defensible Disposition in a Nutshell: My AIIM Talk
Agenda
1. Introduction and Background to the Issues
A. Preliminaries
B. Planning the Next 3 Years (2011 to 2014)
C. Planning the Next 3 Years (2014 to 2017))
Agenda
1. Introduction and Background to the Issues
A. Preliminaries
B. Planning the Next 3 Years (2011 to 2014)
C. Planning the Next 3 Years (2014 to 2017))
© Doculabs, Inc. 2013
Planning the Next 3 Years (2011 to 2014) 12
• No “Chicken Little” FUD slides
– E-discovery risks are well known (though we can address if folks would find it useful)
– We’ll focus on how to address the problem
• Three key distinctions about how to be “proactive”:
1. Execution vs. Design: doing day-to-day “run-time” activities according to some plan… versus the plan itself
2. Post-trigger vs. Pre-trigger: what you do after a discovery event has started vs. the what you do before the lawsuit hits
3. Driving Blind vs. using Early Case Assessment (ECA): applies only to post-trigger processes, and pertains to whether you can develop a strategy for the litigation as soon as possible after the trigger event
© Doculabs, Inc. 2013
Three Hard Problems (2011 – 2014)
1. What should you do during discovery?
– Solution: EDRM
2. What should you do before discovery?
– Solution: Tiering or “zones”
3. Who should do what?
– Solution: Cross-functional and Balanced Roles
These approaches work, but you need a program to carry them out effectively.
13
© Doculabs, Inc. 2013
Servers· Data
Desktops - Laptops PDA’s
Servers· Data
Desktops - Laptops
Servers· Data
Off-site Storage
(RM Retention Schedule)
Why It’s a ProblemTotal volume of Discoverable Data
Records Management and Identification
Ac
tiv
e D
ata
Ba
ck
up
Da
ta
(Dis
as
ter
Re
co
ve
ry)
Arc
hiv
e D
ata
eDiscovery Tools:Responsive Data / Info
· Privileged – Record & log
· Not Privileged - Produce
Non-responsive Data/info
Internal
Preserve CollectionProcessing, Hosting
(Analysis) and Review
Context
Indexing,
Culling,
De-dupe,
Embedded
file filters
Document,
Review
Investigate,
Analysis
Review
Flag-Tag,
Annotate,
De-dupe,
Export,
Report
Production and
Presentation
Discovery Response
Outsourced Service Tools:
External
The Discovery Funnel
2011 Problem #1: What Should You Do During Discovery? 14
© Doculabs, Inc. 2013
2011 Solution: Plan and Manage with the EDRM
15
© Doculabs, Inc. 2013
Ris
k
Manageability
Electronically Stored Information
(ESI)
Likely Discoverable Information
Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
No
n-b
usi
nes
s In
form
atio
n (
NB
I)
Too Narrow
Ris
k
Manageability
Electronically Stored Information
(ESI)
Likely Discoverable Information
Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
No
n-b
usi
nes
s In
form
atio
n (
NB
I)
Too Wide
2011 Problem #2: What Should You Do Before Discovery?
16
© Doculabs, Inc. 2013
Consider this Simple Set of Information Governance Rules
© Doculabs, Inc. 2013
Consider this Simple Set of Information Governance Rules
© Doculabs, Inc. 2013
© Doculabs, Inc. 2013
But Even Simple Rules Need Clarification
1. What’s a Legal Hold?
2. What are Records versus Non-Records?
3. What are Non-Records – which are still important for business purposes?
4. What about Non-Records that are not business-related?
5. Where do documents under Legal Hold fit? Are they Records, Non-Records, or what?
© Doculabs, Inc. 2013
• Think about your ESI (electronically stored information) in terms of its Risk, Value, and Manageability.
• For simplicity, let’s just use Risk and Manageability.
Ris
k
Manageability
Likely Discoverable Information Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
What is the Scope of RM?
© Doculabs, Inc. 2013
• For simplicity, let’s just use Risk and Manageability.
Ris
k
Manageability
Electronically Stored
Information (ESI)
What is the Scope of RM?
© Doculabs, Inc. 2013
• One major source of risk for ESI is its “Likely Discoverability”.
• While all ESI is perhaps “discoverable”, we can prioritize the more likely and harmful ESI.
Ris
k
Manageability
Electronically Stored
Information (ESI)
Likely Discoverable Information
What is the Scope of RM?
© Doculabs, Inc. 2013
• Your RM program probably declares only a subset of your LDI and ESI as records – these are your most valuable, risky, and manageable electronic documents.
Ris
k
Manageability
Electronically Stored
Information (ESI)
Likely Discoverable Information Declared Records
What is the Scope of RM?
© Doculabs, Inc. 2013
1. But most of your content and documents are non-records -- and range from very low to very high risk and value.
2. Most of the ESI on your shared drives, hard drives, and in email is OBRI.
3. Some is NBRI.
4. It’s a mess.
Ris
k
Manageability
Physical Documents and Electronically
Stored Information (ESI)
Likely Discoverable Information Declared Records
No
n-b
usi
nes
s-re
late
d
Info
rmat
ion
(N
BR
I)
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
What is the Scope of RM?
© Doculabs, Inc. 2013
Ris
k
Manageability
Electronically Stored Information
(ESI)
Likely Discoverable Information
Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
No
n-b
usi
nes
s In
form
atio
n (
NB
I)
Too Narrow
Ris
k
Manageability
Electronically Stored Information
(ESI)
Likely Discoverable Information
Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
No
n-b
usi
nes
s In
form
atio
n (
NB
I)
Too Wide
What is the Scope of RM?
© Doculabs, Inc. 2013
• A much more effective approach is to divide your ESI into three “Tiers”.
• Tier 1 denotes your declared records, specified by a Records Retention Schedule.
• Tier 2 denotes the OBRI that is important to retain for business reasons.
• Tier 3 denotes the OBRI that is not important to retain for business reason; it also denotes NBRI, which – by definition -- is not important to retain for business reasons.
Ris
k
Manageability
Electronically Stored Information
(ESI)
Likely Discoverable Information
Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
No
n-b
usi
nes
s In
form
atio
n (
NB
I)
Tier 1 Tier 2
Tier 3
2011 Solution: Use a Tiered Approach
© Doculabs, Inc. 2013
• Tiered Approach
– Different types of physical documents and ESI are handled differently 1. Keep as records
2. Keep as non-records, but move to rigorous ECM/RIM system
3. Keep on (better managed) shared drives
4. Don't worry about them; they aren't worth it – keep or dispose according to general rules
Ris
k
Manageability
Electronically Stored Information
(ESI)
Likely Discoverable Information
Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
No
n-b
usi
nes
s In
form
atio
n (
NB
I)
Tier 1 Tier 2
Tier 3
1
2
3
4
“Treat them Differently”
© Doculabs, Inc. 2013
Now This Tree Makes Sense
© Doculabs, Inc. 2013
Step 1 Determine what information would be relevant to dispute
Step 2 Identify each data source that potentially contains relevant information
If data source likely to contain relevant information
Step 3 Determine degree of accessibility of data sources that are likely to
contain relevant information (see figure 2)
If there is low degree of accessibility
Step 4 Do substantially similar copies of relevant information exist in more
readily accessible data source?
Step 5 Is cost or burden of preservation excessive as compared to the
relevance or value of the information?
If data source not reasonably
likely to contain relevant
information
If there is high degree of
accessibility
No
No Yes
Yes
Preservation Required
Preservation Not Required
Figure 1: Decision Tree for Determining ESI Preservation Obligations (Sedona Working Group)
2011 Problem #3: Who Should Do What? 30
© Doculabs, Inc. 2013
31
Who decides the “degree of accessibility” – IT or Legal?
“Reasonably likely” Means exactly what?
“Burden of preservation”, “excessive as compared to relevance”, “value of information” – Far too nebulous for the common person to figure out!
Step 1Determine what information would be relevant to dispute
Step 2Identify each data source that potentially contains relevant information
If data source likely to contain relevant information
Step 3Determine degree of accessibility of data sources that are likely to
contain relevant information (see figure 2)
If there is low degree of accessibility
Step 4Do substantially similar copies of relevant information exist in more
readily accessible data source?
Step 5Is cost or burden of preservation excessive as compared to the
relevance or value of the information?
If data source not reasonably
likely to contain relevant
information
If there is high degree of
accessibility
No
NoYes
Yes
Preservation Required
Preservation Not Required
2011 Problem #3: Who Should Do What?
© Doculabs, Inc. 2013
2011 Solution: Cross-Functional and Balanced Roles
• Legal: – Responsible for the overall program, policies, practices, and monitoring (program
responsibilities)
– Responsible for the coordination and execution of the E-D process (discovery event responsibilities).
• IT: – Responsible for working with Legal to establish realistic IM practices for the program,
ensuring that current systems can align with program requirements (program responsibilities).
– Responsible for executing specific technical tasks within the E-D process (discovery event responsibilities).
• Business: – Record Retention Leaders or site coordinators are responsible for working with Legal and IT
reps to communicate program requirements and expectations to users (program responsibilities).
– Record Retention Leaders are responsible for monitoring particular custodians’ activities during E-D (discovery event responsibilities).
– Individual users are responsible for adhering to program requirements (program responsibilities), and individual custodians are responsible for carrying out required tasks during E-D (discovery event responsibilities).
32
© Doculabs, Inc. 2013
You Need a Program Framework to Plan and Manage your Roadmap 33
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
Overall Program Strategy
Governance and Operations
Information Organization
Process Design and Implementation
Architecture and Technology
Communications and Training
Category
· RM vision, strategy, and roadmap
· ECM vision, strategy, and roadmap
· A litigation readiness vision, strategy, and roadmap that addresses the RM and ECM strategies and addresses gaps
· Principles for resources
· Governance structure (roles, responsibilities)
· Operational structure (roles, responsibilities)
· “Rules” – policies, procedures, and guidelines – for records management and e-Discovery
· Content taxonomy
· Records retention plan
· ESI-Repository Map
· Discovery process
· Record/information lifecycle management process
· Architecture strategy
· ECM tools and capabilities
· Records management tools and capabilities
· Email management tools and capabilities
· E-Discovery tools and capabilities
· Communication plan/program
· Training plan/program
Key Components
The overall vision and strategy for litigation readiness. This strategy should address existing visions and strategies for enterprise content management (ECM) and for records management (RM), and should address any gaps that may exist. This strategy should also establish general principles for the level of resources the organization will apply to the program at a high level.
The governance structure and operational structure(s) for implementing the litigation readiness strategy. Includes roles, responsibilities, program governance metrics, policies, procedures, and guidelines.
The manner in which information is organized. This includes a content taxonomy or organizational hierarchy, a record plan and retention schedule, and a content map of the organization’s electronically stored information (ESI) and content repositories.
The overall processes used to support litigation readiness. These include the e-Discovery process itself, as well as the overall records/information lifecycle management process.
The tools and technologies that are used or leveraged for litigation readiness, and the architecture for how they fit together. This can include specialist tools for e-Discovery as well as technologies and capabilities for ECM, records management, and email management.
The mechanisms used to educate the user community and improve compliance and adoption of the procedures and solutions that support litigation readiness.
Definition
© Doculabs, Inc. 2013
Program Maturity Model and Benchmark
34
Agenda
1. Introduction and Background to the Issues
A. Preliminaries
B. Planning the Next 3 Years (2011 to 2014)
C. Planning the Next 3 Years (2014 to 2017)
i. What’s New (AIIM Survey Data on What’s Happening)
ii. What’s New (A Map of What’s Happening)
© Doculabs, Inc. 2013
Expansion and Consolidation of ECM Systems (1<n<4)
How many different ECM/DM/RM suppliers/systems does your organization currently use?
0% 5% 10% 15% 20% 25% 30%
1 system
2 systems
3 systems
4 systems
5 systems
6 systems
7-10 systems
More than 10 systems
N=477
Source: ©AIIM 2013 / ©Accellion 2013
“ECM at the Crossroads” survey
© Doculabs, Inc. 2013
Mobile Information is ... Important
How important is mobile information access to your organization?
0% 10% 20% 30% 40% 50%
Essential
Somewhat important
Important in some groups but not thewhole organization
Not at all important
70%: Essential or somewhat important
N=283
Source: ©AIIM 2013 / ©Accellion 2013
© Doculabs, Inc. 2013
There are Lots of Official Ways to Access Content
Source: ©AIIM 2013 / ©Accellion 2013
Which of the following ways of accessing content on mobile devices are officially sanctioned in your organization?
0% 10% 20% 30% 40% 50% 60%
Sync to desktops
Emailing attachments
Consumer cloud content services, eg: Dropbox,Skydrive, i-Cloud, Google Drive, YouSendIt
Content capture services, eg: Evernote, OneNote
Enterprise content services, eg: Box, Huddle,Yammer, SharePoint 365
ECM access clients, eg. SharePlus, Accellion, orvendor supplied apps.
Secure mobile data services
None of these
We don't have any official policies
N=281, normalized for Don’t know
49%: Email
34%: Sync
© Doculabs, Inc. 2013
There are Lots of Unofficial Ways to Access Content
To your knowledge, to what extent are the following unofficial ways of accessing content on mobile devices in use in your organization?
0% 20% 40% 60% 80% 100%
Sync to desktops
Emailing attachments to self
Consumer cloud content services, eg: Dropbox,Skydrive, i-Cloud, Google Drive, YouSendIt
Content capture services, eg: Evernote,OneNote
Enterprise content services, eg: Box, Huddle,Yammer, SharePoint 365
ECM access clients/apps, eg. SharePlus
Heavily used In use Not usedN=279, excl Don’t know
85%: Email Used Inappropriately
Source: ©AIIM 2013 / ©Accellion 2013
© Doculabs, Inc. 2013
A Chicken Little Slide
How concerned are you about current practice in your organization for sharing content to mobile devices?
Extremely concerned,
26%
Somewhat concerned,
43%
A little concerned,
19%
Not at all concerned,
12%
N=282
2/3: Extremely or Somewhat Concerned
Source: ©AIIM 2013 / ©Accellion 2013
© Doculabs, Inc. 2013
What’s Happening with the Content Technologies? We need a Map. 41
The content technologies have 3 dimensions – and in the last 5 years the third one has exploded.
1. Content Management
• Addresses the input, control, and output of electronic information.
• It ranges on a scale from simple to complex.
2. Process Management
• Addresses the rules, orchestration, automation, and control of processes.
• It ranges on a scale from simple to complex.
3. Participation Management
• Addresses the amount and complexity of human engagement – of human interaction, collaboration, collective deliberation, analysis, and creation.
• It measures both the breadth and depth of such participation.
© Doculabs, Inc. 2013
42 The 3 Dimensions of the Content Technologies With a Focus on Participation Management
© Doculabs, Inc. 2013
Level 1: Low Enterprise Participation
43
© Doculabs, Inc. 2013
44 Level 2: Moderate Enterprise Participation
© Doculabs, Inc. 2013
45 Level 3: High Enterprise, Low Extra-Enterprise Participation
© Doculabs, Inc. 2013
46 Level 4: Moderate Extra-Enterprise Participation
Agenda
1. Introduction and Background to the Problem
2. Program Framework, Roadmap, and Recommendations
3. Example Problem: Defensible Disposition
4. Next Steps
Agenda
1. Program Framework, Roadmap, and Recommendations
A. Overall Program Strategy
B. Governance and Operations
C. Information Organization
D. Process Design and Implementation
E. Architecture and Technology
F. Communications and Training
© Doculabs, Inc. 2013
You Need a Program Framework to Plan and Manage your Roadmap 49
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
Overall Program Strategy
Governance and Operations
Information Organization
Process Design and Implementation
Architecture and Technology
Communications and Training
Category
· RM vision, strategy, and roadmap
· ECM vision, strategy, and roadmap
· A litigation readiness vision, strategy, and roadmap that addresses the RM and ECM strategies and addresses gaps
· Principles for resources
· Governance structure (roles, responsibilities)
· Operational structure (roles, responsibilities)
· “Rules” – policies, procedures, and guidelines – for records management and e-Discovery
· Content taxonomy
· Records retention plan
· ESI-Repository Map
· Discovery process
· Record/information lifecycle management process
· Architecture strategy
· ECM tools and capabilities
· Records management tools and capabilities
· Email management tools and capabilities
· E-Discovery tools and capabilities
· Communication plan/program
· Training plan/program
Key Components
The overall vision and strategy for litigation readiness. This strategy should address existing visions and strategies for enterprise content management (ECM) and for records management (RM), and should address any gaps that may exist. This strategy should also establish general principles for the level of resources the organization will apply to the program at a high level.
The governance structure and operational structure(s) for implementing the litigation readiness strategy. Includes roles, responsibilities, program governance metrics, policies, procedures, and guidelines.
The manner in which information is organized. This includes a content taxonomy or organizational hierarchy, a record plan and retention schedule, and a content map of the organization’s electronically stored information (ESI) and content repositories.
The overall processes used to support litigation readiness. These include the e-Discovery process itself, as well as the overall records/information lifecycle management process.
The tools and technologies that are used or leveraged for litigation readiness, and the architecture for how they fit together. This can include specialist tools for e-Discovery as well as technologies and capabilities for ECM, records management, and email management.
The mechanisms used to educate the user community and improve compliance and adoption of the procedures and solutions that support litigation readiness.
Definition
© Doculabs, Inc. 2013
Criteria
• Current state, future state, and program roadmap
• Litigation readiness
• Records management (RM) and enterprise content management (ECM) components
• Resource management
• Financial analysis and Business Case for selected approach
Best in class
• Developed and implemented strategy and roadmap
• The strategy and roadmap address ECM, RM, e-discovery and email management (EMM) at the enterprise level
Typical challenges
• No company-wide RM strategy or program in development
• No cohesive strategy for automated end-to-end litigation readiness, RM, and ECM solutions
Overall Program Strategy
50
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
© Doculabs, Inc. 2013
2011 Solution: Plan and Manage with the EDRM
51
© Doculabs, Inc. 2013
Understanding Cost Justification for E-Discovery 52
© Doculabs, Inc. 2013
Governance and Operations 53
Criteria
• Governance and operational structure (roles and responsibilities)
• Program governance metrics and monitoring
Best in class
• Governance and operational structure is implemented and operational
Typical challenges
• No defined governance structure for centralized accountability of records management
• Most records management and litigation readiness roles and responsibilities are not defined or in place (beyond site or department leaders or coordinators)
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
© Doculabs, Inc. 2013
Cross-Functional and Balanced Roles in Governance & Operations
• Legal: – Responsible for the overall program, policies, practices, and monitoring (program
responsibilities)
– Responsible for the coordination and execution of the E-D process (discovery event responsibilities).
• IT: – Responsible for working with Legal to establish realistic IM practices for the program,
ensuring that current systems can align with program requirements (program responsibilities).
– Responsible for executing specific technical tasks within the E-D process (discovery event responsibilities).
• Business: – Record Retention Leaders or site coordinators are responsible for working with Legal and IT
reps to communicate program requirements and expectations to users (program responsibilities).
– Record Retention Leaders are responsible for monitoring particular custodians’ activities during E-D (discovery event responsibilities).
– Individual users are responsible for adhering to program requirements (program responsibilities), and individual custodians are responsible for carrying out required tasks during E-D (discovery event responsibilities).
54
© Doculabs, Inc. 2013
Example Program Structure 55
ST
EE
RIN
G
CO
MM
ITT
EE
CO
RE
PR
OG
RA
M A
RE
AP
AR
TIC
IPA
TIN
G G
RO
UP
S
Records and Information Management Group
Executive Steering Committee
Program Manager
R&D, Regulatory, and Medical Affairs
Legal IT
Program StaffD
ED
ICA
TE
D
PR
OG
RA
M
RE
SO
UR
CE
S
DIS
TR
IBU
TE
D/V
IRT
UA
L R
ES
OU
RC
ES
(DE
PA
RT
ME
NT
MA
NA
GE
ME
NT
, R
EC
OR
DS
C
OO
RD
INA
TO
RS
, E
MP
LO
YE
ES
)
DIS
TR
IBU
TE
D/V
IRT
UA
L
RE
SO
UR
CE
S
(RE
CO
RD
S A
DV
ISO
RS
)
DIS
TR
IBU
TE
D/
VIR
TU
AL
R
ES
OU
RC
ES
Global Legal
U.S. Legal
Legal
Infrastructure and
Architecture
Application Owners
IT Teams
Medical AffairsRegulatory
Affairs
R&D, Regulatory, and Medical Affairs
R&D
Drug Safety Evaluation
Global Pharma Sciences
Allergan Medical
© Doculabs, Inc. 2013
Information Organization
56
Criteria
• Taxonomy development and maintenance
• Records retention plan development and maintenance
• ESI-repository map development and maintenance
Best in class
• Developed and implemented taxonomy and retention plan, with methodology for further development and maintenance
• Developed and maintained ESI-repository map
Typical challenges
• Likely inconsistencies in content organization between and within departments
• No existing complete or partial ESI-repository map; considerable gaps in documented understanding of where all electronically stored information (ESI) resides
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
© Doculabs, Inc. 2013
• Tiered Approach
– Different types of physical documents and ESI are handled differently 1. Keep as records
2. Keep as non-records, but move to rigorous ECM/RIM system
3. Keep on (better managed) shared drives
4. Don't worry about them; they aren't worth it – keep or dispose according to general rules
Ris
k
Manageability
Electronically Stored Information
(ESI)
Likely Discoverable Information
Declared Records
Oth
er B
usi
nes
s-re
late
d
Info
rmat
ion
(O
BR
I)
No
n-b
usi
nes
s In
form
atio
n (
NB
I)
Tier 1 Tier 2
Tier 3
1
2
3
4
How an ESI Inventory Helps
© Doculabs, Inc. 2013
Process Design and Implementation
58
Criteria
• Discovery process
• Records/information lifecycle management (ILM) process
• Records and litigation policies, procedures, guidelines
Best in class
• Discovery processes are evaluated, designed, implemented, monitored, and maintained
• ILM processes are evaluated, designed, implemented, monitored, and maintained
• “Rules” – policies, procedures, guidelines – are implemented and practiced
Typical challenges
• Limited electronic records (or data) archiving or destruction; processes for retention, destruction, etc., are largely left up to departments or sites
• Many personal email archive folders, stored in disparate locations (e.g. hard drives, personal drives, network drives); likely to increase without email policy change
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
© Doculabs, Inc. 2013
Process Design and Implementation
59
© Doculabs, Inc. 2013
Architecture and Technology
60
Criteria
• Architecture strategy
• ECM, RM, EMM, and e-discovery tools and capabilities
Best in class
• Developed and implemented architecture strategy for core ECM, e-discovery, RM, and EMM (where required)
• Technology portfolio is implemented, adequate, consolidated, and maintained
Typical challenges
• Little relevant technology in place that is effectively used to improve e-discovery effectiveness and efficiency
• The most common repositories for electronic content are likely email, hard drives, personal drives, and shared drives (which can create records management challenges)
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
© Doculabs, Inc. 2013
Example E-D Requirements Specification for Solution Selection 61
© Doculabs, Inc. 2013
Communications and Training 62
Criteria
• Communication plan/program
• Training plan/program
Best in class
• Developed and implemented communications and training strategy
• Organization is adequately prepared to implement litigation readiness program
Typical challenges
• No clear plan for communication and training on litigation readiness, records management, and ECM
• Many users probably unaware of the litigation readiness and records management policies and guidelines; performing what they think is the “right thing to do”
E-Discovery Program Categories
Process Design and Implementation
Governance and Operations
Architecture and Technology
Overall Program Strategy Information Organization
Communications and Training
Agenda
1. Introduction and Background to the Problem
2. Program Framework, Roadmap, and Recommendations
3. Example Problem: Defensible Disposition
4. Next Steps
© Doculabs, Inc. 2013
Why Over-Retention is the Problem
• Corporations keep non-required electronic content forever because: – Classifying content (to determine what to keep and what to purge) is
manual and expensive
– Content worth preserving is mixed with content that should be purged
– Legal -- and others -- are afraid of wrongfully deleting materials (spoliation)
– Additional storage is inexpensive, which makes it easy for corporations to buy more storage and defer addressing the problem
© Doculabs, Inc. 2013
Break the Big Problem into 2 Smaller Problems
• Addressing day-forward information lifecycle management (ILM) is much easier to address than historical content
– Even though addressing it messes with employees’ day-to-day business activities
• Day-forward: Initiate ILM practices on a “day-forward” basis first, so any new content created or saved is assigned a disposition period
• Guidance: Provide employees with explicit guidance for the acceptable use of available tools for dynamic content and their associated retention periods
– Transient, WIP (3 years), Long Term (per Retention Schedule)
• Historical: For historical content, analyze the feasibility of content analytics and autoclassification
– Recognize that cleaning up TBs of content can take years. So conduct the analysis in 2014, begin the cleanup effort in earnest by 2015, and eliminate a large portion of dated content by 2017
© Doculabs, Inc. 2013
Guidance Example for Day-forward
System/Repository Recommended Retention Period
Personal Network Drives (“P” drives)
• Provide each user with personal drive space of a limited size for their storage, for as long as the user is employed
Shared Network Drives
(“G” drives)
• Make them read only (which means no network storage for collaboration; content will have to go into an ECM system)
• Exceptions include application or systems that need to use network storage
ECM System 1. Default for non records: retained for 3 years
2. Default for non records that have long-term value: retained for 7 years
3. Official records: retained per the retention schedule
Social Community Sites • No documents stored in communities (only links to documents in the ECM system)
• Consider retention periods for non-document content (e.g. 3 years)
© Doculabs, Inc. 2013
The Defensible Disposition Methodology in a Nutshell
• You must satisfy 4 demands:
1. Regulatory retention requirements
2. Hold retention requirements
3. Business retention requirements
4. Cost impact of anything you do
• What you do has impact:
1. What you do
2. Effects of what you do
• You can do 2 things:
1. Sort
2. Dispose
• Your mission stated two ways:
1. Your mission is to satisfy your retention demands (1-3) while minimizing bad cost impact to yourself (4)
2. Your mission is to maximize good cost impact (4) while satisfying your retention requirements (1-3)
© Doculabs, Inc. 2013
It’s Based on Reasonableness
• To determine what “satisfy your retention demands” really means for you, use the Principle of Reasonableness and act In Good Faith
• Courts do not ask, expect or necessarily reward organizations for perfection. Courts do expect, however, that whatever information management tactics an organization undertakes are appropriate to how that particular entity is situated (size, financial resources, regulatory and litigation profile, etc.). (Jim McGann and Julie Colgan, “Implement a defensible deletion strategy to manage risk and control costs”, Inside Counsel)
© Doculabs, Inc. 2013
Your Defensible Disposition Methodology Has 4 Parts
1. Defensible Disposition Policy
– It’s your design specification, your business rules for DD, your decision tree
– Specifies very clearly the objectives that your methodology will fulfill. It states clearly what you mean by your retention requirements and what you mean by reasonable costs when you are trying to fulfill your retention requirements.
2. Assessment (Sorting) Plan
– What information and systems you’re assessing
– Your processing rules (decision plan)
– It will be flexible
3. Technology Plan
– For Sorting and Disposing
– You must use technology – it’s not an option
4. Disposition Plan
– Evaluate your assessment results using your DD Policy
– Dispose (which ranges from keeping forever to deleting right now with many options in between)
– Refine your DD Policy (1) and continue as needed
Agenda
1. Introduction and Background to the Problem
2. Program Framework, Roadmap, and Recommendations
3. Example Problem: Defensible Disposition
4. Next Steps
© Doculabs, Inc. 2013
Resources
• There are lots of resources on the issues I discuss.
• http://www.aiim.org/community/blogs/expert/Resources-for-Information-Governance-Planning-for-the-Next-3-Years
71
© Doculabs, Inc. 2013
Resources: Introduction and Background to the Issues
1. Introduction and Background to the Issues – Planning the Next 3 Years (2011 to 2014) – Planning the Next 3 Years (2014 to 2017)
• How to Get from 1998-Style Records Management to Information Governance for 2018
• How to Calculate ROI for E-Discovery (with Calculator) • A Reference Model for Systems of Engagement and Systems of Record • A Content Technology Roadmap • How to Succeed at Mobile Content Management • 6 Key Considerations to Going Mobile • Two AIIM Webinars and a Survey on Mobile Content Management
© Doculabs, Inc. 2013
Resources: Program Framework, Roadmap, and Recommendations
2. Program Framework, Roadmap, and Recommendations A. Overall Program Strategy
• How to Develop and Implement your Discovery Readiness Program • Which part of E-Discovery Should You Fix First? • How Should Large Companies Manage the Lifecycle of their Dynamic Content? • How to Succeed at Email Management if You’re a Midsized Organization
B. Governance and Operations
• Are You Hiring a Records Manager? • E-Discovery Roles and Responsibilities in a Successful Litigation Readiness Program • Records Management Roles and Responsibilities in a Successful RM Program • The ECM Governance Model
C. Information Organization
• You Gotta Know the Territory: How to Segment your ESI • A Manageable Taxonomy of Taxonomy Management Tools
© Doculabs, Inc. 2013
Resources: Program Framework, Roadmap, and Recommendations
2. Program Framework, Roadmap, and Recommendations C. Process Design and Implementation
• E-D Process Flow Diagrams for your Current and Target Future State • 3 Best Practices for Developing Records Management Policies and Procedures • The Difference between Records Management Policies, Procedures, and Guidelines • The Processes for Managing your RM Rules • Here’s the First Draft of your Social Media Policy
D. Architecture and Technology • How Different is Legal Document Management? • How to Start your Company ECM Program with Legal Document Management • Immediately Stop Using Tape for Archiving
E. Communications and Training • (nothing yet)
© Doculabs, Inc. 2013
3. Example Problem: Defensible Disposition • A 4-Step Methodology for Defensible Disposition • Developing your Assessment Plan for Defensible Disposition • Defensible Disposition in a Nutshell: My AIIM Talk