Automating Information Governance and Compliance
Information governance and regulatory compliance are pressing challenges for every organization. No matter what market you are in or how large your enterprise is, data privacy and information governance is a C-suite concern. Public sector agencies, commercial enterprises and nonprofits all face similar expectations and obstacles when it comes to being compliant in an ever-changing information governance landscape.
Maintaining a comprehensive information governance program is important because organizations must be able to preserve and present information when relevant for litigation and audits. Noncompliance or an inability to produce the requested materials in a timely manner puts a burden on the legal department and could result in hefty fines, legal sanctions and costly discovery fees.
These information governance challenges, and others, are due to the fact that meeting discovery requests frequently requires a significant effort to search for relevant data across the enterprise and produce it to the opposing party. Often, there is simply too much information to sift through, compounded by material that falls into the category of what is commonly referred to as ROT (redundant, obsolete and trivial data). This scenario can hinder your legal process, while a robust, unified information governance program can help make it more efficient and cost effective.
Also, data breaches and cyber-theft are at an all-time high, with new and evolving technologies being used to instigate as well as prevent attacks. As a result, organizations are being compelled to take both defensive and offensive measures to protect the privacy and integrity of their information assets. The trend from both a regulatory as well as an operational point of view is toward more stringent, more comprehensive and more transparent, unified information governance policies and procedures.
Taking Charge of Information Governance
How can you take charge?
One way is to automate your information governance practices and procedures. The act of streamlining information governance helps organizations form more comprehensive strategies. Before any automation can be applied, every organization must conduct a comprehensive assessment of information assets across the enterprise and grapple with retention and disposition policies and practice. Best practices focus on applying frameworks and rules that encompass records classification, a set of retention rules, and a procedure to lock down records so that they cannot be deleted unless in accordance with retention rules. Also important is implementing a process to help ensure that systems can export records and all of their metadata in a format that can be imported to successor applications.
Build an Information Governance Framework
Another best practice for advancing your current information management program to an enterprise-wide, integrated and mature set of procedures is by conducting what Canon terms a business process assessment. This is an objective in-depth analysis of the current state of an organization’s records management program including: strengths and weaknesses and what must be done to build upon positives and address the negatives. The ingestion and egress of information is mapped; repositories are identified (including “rogue” repositories that are created by employees without notifying the IT department); current taxonomies are identified including how they were implemented; concerns expressed by employees about how they access information are gathered; bad recordkeeping habits are documented; and how the current overall program may negatively impact the organization’s ability to meet regulatory requirements is clarified.
While leveraging the business process assessment for guiding future direction, the next step is to craft the information governance framework that will support program planning, monitoring and enforcing compliance. This in turn drives the company’s ability to define, approve and communicate the information management program (policy, retention schedule and procedures) while implementing it with new standards, architecture and analytics reporting functions.
This is a time-intensive and expensive undertaking, consisting of five phases: the business process assessment, the resulting report that will be referenced for all initiatives, planning for change, implementation and analytics. Within the table, each phase is summarized at a high level to provide an orientation of how to get started.
Applying Automation to Information Governance
Enhance Electronic Discovery Processes
Automating records management and disposition for eDiscovery is a policy that many legal organizations have adopted, and the trend is toward further automation. Within firms and in-house legal departments that initiate auto-mated eDiscovery, data is automatically copied, processed, filtered and loaded into review systems with limited human interaction. The scope of data collection is quantified, and systems automatically build and track a full chain of custody. Default templates help to reduce inconsistencies that can present a risk in court.
Automate Data Monitoring for Security and Privacy
Advanced network security monitoring tools offer new hope for catching data security threats that fly under the radar. This is important to reduce financial risk to the organization. For example, the eDJ Group estimates the cost to search through files using a basic search engine runs about $30 per gigabyte. If your business has 1TB of information to sort through, the estimated costs could start at $30,000 just for search. Taking that one step further, a report by the Rand Institute for Justice on eDiscovery found that 73% of the cost associated with eDiscovery is for document review and analysis.
Leverage Analytics to Identify Duplicate Information
Data is duplicative by nature, but the way your operation stores and manages data is likely to be exposing it to unnecessary and costly redundancy. According to the Legal Intelligencer, most organizations handling eDiscovery today could very well have a cumulative data set that is anywhere from five to 10 times bigger than necessary. As a result, organizations are looking for ways to shed light on this “dark content” by first understanding where it exists, then eliminating the duplicate and out-of-date information and then putting proper information governance policies in place to manage the retention and disposition of the data. A new breed of analytic algorithms and automation helps identify potential redundancies in common document management archives like Microsoft SharePoint, line of business systems and enterprise content repositories like IBM Content Manager on Demand, and even within popular online content repository systems like Box, Dropbox and others.
Implement Business Process Automation to Support Information Governance
AIIM recently conducted a survey of 152 AIIM member companies for an Industry Watch report called Digitalizing Core Business Processes and found that 75% of organizations view process automation as “important” or “very important” to their organization. However, most (67%) report having less than half of their processes automated. As a result, a more expansive definition of information governance is emerging that has broader implications and benefits. According to the study, when asked which core business processes are the most likely candidates for process automation, a number of key areas of information governance and records management surfaced as high priorities:
- Record and document management (49%)
- Reviews and approvals (39%)
- Customer correspondence and help desk (36%)
- Sales proposals and contracts (35%)
- Case management (31%)
- Supplier contracts and procurement (25%)
Next Steps
What steps should you take to automate and improve your information governance and compliance efforts? Consider these four essential steps:
Modernize Your Information Infrastructure
Rationalizing and modernizing your information infrastructure is an important first step that includes assessing the current state, developing a set of goals and business requirements to leverage automation, and implementing changes to connect and consolidate repositories, extend information and process accessibility, and increase operational effectiveness. (The information governance framework spotlighted earlier offers one tactical and strategic approach to achieving these goals.)
Digitize Core Compliance and Governance Processes
The next step is to identify processes that will be best suited to automation. Look to reduce or eliminate paper-based and manual activities that slow the process and expose the organization to additional risk. Then apply business rules and technology to automate the identification and classification of information, access controls, and keyword and full-text search.
Utilize Data Capture Functionality
When it comes to information governance, it is important that organizations look further than simply a scan-and-store approach. For many, “digitization” tends to imply scanning a piece of paper and filing away an image file instead. However, you could be entirely paper-less but still miss the broader opportunity to leverage information in a way that is increasingly more beneficial to the performance of your organization. Work to utilize in-bound data capture for more than just indexing data for the image. This is at the heart of business intelligence and more expansive information governance.
Consider Data Remediation
Data remediation is at the heart of any sound information governance program. Employees are using shared and personal hard drives, cloud services and other devices for data storage. This makes it extremely difficult to manage the massive amount of information being created and stored. Under these conditions, there is no elimination of ROT, no consistency in storage syntax and naming conventions, and no data cleansing. Service providers such as Canon can provide the analytics to identify what you have, classify that information and cleanse it to eliminate the ROT.
Information governance and compliance are pressing concerns for C-suite leaders in all industries. With evolving compliance demands, quickly changing technologies, and ever-more-pressing threats in cybersecurity, it’s easy to lose sleep at night. One way to rest better is to automate information governance and compliance. The technologies and approaches work to solidify your information governance strategy, while ensuring that policies and procedures are performed and adhered to automatically, every day.