They’re seductive in their simplicity, breaking down complex issues into bite-sized actionable chunks. This is exactly why I often preach against treating an information governance initiative like a checklist of tasks that need to be done. Because frankly, it’s never quite that simple.
In my opinion, the checklist mentality takes away from the holistic perspective that companies should adopt. If you treat your path towards information governance as a checklist, you’ll likely end up with a bunch of “silos” providing multiple copies, disjointed retention, and an inconsistent search across each system – the opposite of true information governance. Need to address email retention? Buy an archive. Next up is eDiscovery? Buy a suite of different legal tools. File system due for an overhaul? Buy an ECM and then supplement it with a different manage-in-place product. Pretty soon you’ll have one massive game of whack-a-mole for your IT, records, and legal administrators.
But at risk of being a hypocrite, here’s a checklist I can get behind. Not so much a checklist for implementing IG, but rather one to help companies understand where to start. After all, surveying the existing landscape is the first step to building something upon it. Following this checklist actually helps eliminate the problems caused by the siloed approach to data management, and serves as a starting point to figuring the best way for your particular business to go about IG.
This should be helpful for just about any information professional, but I see an especially big benefit for those in Records Management. Increasingly – and especially on the electronic side – RIM professionals are responsible for more than just classic records. A fragmented view of the process often causes companies to implement a point solution for these “traditional” records, and then separate point solutions for retention management, and then more separate solutions for files and email. Following these steps will set up an RIM program to have one solution that can distinguish between records and non-records… rather than multiple systems separating the data.
Most of all, this checklist provides a starting point so that RIM professionals can know which system to implement that will fit their ideal IG process, rather than buying a limited solution(s) and then configuring the desired process to that solutions capabilities. It’s sad that it’s almost status quo for companies to spend time and money planning for an information governance process, and then they’re forced to configure to the limited functionalities of their eventual systems. Stop the madness!
Use this checklist as a guideline, and get going! Enjoy the fruits of proper planning, and the benefits that can come from having a higher-level perspective of the enterprise information landscape.
Visually map out separate unstructured data information governance systems
- How many separate systems do you have for unstructured information?
- Count ECMs, email archives, eDiscovery point solutions, etc.
Identify overlap in systems that may store copies (duplicates) of the same information
- Is it necessary to have the data copies in more than one system?
- Are the copies managed equally for their appropriate lifespans?
Identify any unstructured data types that do not have a designated system for management
- Do you formally archive instant messages? Scanned images? Faxes? Etc.
- Are there any data types that are slipping “through the cracks?”
Now map the unstructured data systems (from checkbox #1) according to their role in the EDRM
- Are all of the EDRM steps covered or accounted for in some way?
- If there are gaps between EDRM steps, how are they bridged during the eDiscovery process?
Identify and list potential points of failure in the preservation and legal hold process
- Does a legal hold applied to a piece of data automatically freeze its lifecycle?
- Does a legal hold require custodian confirmation or action to take effect?
Evaluate your unstructured data search speeds, and know how long it takes for an “average” search
- Can the legal team easily search across all systems for data during early case assessment?
- If so, how long does a simple keyword search take for one million documents? More?
- Does search constitute a significant portion of time during the eDiscovery workflow?
Identify the country (if multinational) or state (if US-only) that your business operates in which has the strictest or most complex standards for data
- Consider privacy laws, data encryption laws, industry-specific standards, etc.
- Which unstructured data types or categories are these rules most applicable to?
List which of your data systems operate partially or fully in the cloud (versus only on-premise)
- Does your access to these systems differ than systems that are entirely on-premise? Are you able to access the exact same data?
- Be aware how issues such as privacy law can differ based on where data is stored.
Pinpoint how data lifecycles are determined and executed. Is data deleted once it isn’t needed?
- If data retention policies are not based on a specific period pre-determined by relevant industry law, how are they determined?
- Do records procedures set useful lifespans for ALL data, not just traditional records?
- Is data deleted consistently? Policies that are consistent are the most defensible.
Compile a “key contacts” list of role players in the information governance process
- Who is the head Records Manager? IT manager? Compliance Chief or CCO?
- Building working relationships across these departments benefits the information governance process as a whole, and ensures common goals are worked towards synergistically
All in all, a checklist can be a good start to understanding the information governance environment as it currently exists in order to identify potential places for improvement. But bear in mind; checklists are only a tool, as are most Information Governance products on the market. And the value of a tool, ultimately, is determined by the knowledge and skill of the user… so educate yourself before you go about stocking your InfoGov toolbox.