The thesis if this presentation is that good information management is the key to effective eDiscovery and early case assessment, and that poor information management leads to ineffective and costly discovery efforts. The presentation covers; implementing a comprehensive RIM Framework and why it is the best defense in Discovery, Mitigating risk while maintaining record-keeping compliance, Applying Canadian General Standards Board standards to keep records with integrity.
The CMO Survey - Highlights and Insights Report - Spring 2024
2010 IQPC - Turning Risks into Rewards Developing a Comprehensive Records and Information Management Framework
1. Turning Risks into Rewards:
Developing a Comprehensive Records and
Information Management Framework
Event:
IQPC 2nd Annual eDiscovery Canada
Toronto, Ontario, Canada
March 28-30, 2010
Presented by;
Keith Atteck
Supervisor, Information Management
Vale
2.
VALE - (NYSE: VALE)
www.vale.com
Vale was born in 1942 in Brasil
Vale Canada Limited, a wholly-owned subsidiary of Vale
Vale's nickel business, formerly known as Inco, has a rich history
dating back more than 100 years in Canada.
What we do
Worlds largest producer of Iron Ore and one of the worlds largest producers of
Nickel
Vale also produces copper, manganese, ferroalloys, bauxite, alumina,
aluminum, coal, cobalt, PGMs, fertilizers, steel, and energy
Vale operates on six continents through its mining operations, mineral research
plants, and commercial offices
Employ > 100,000 employees, including outsourced workers worldwide
2
3. Topic:
Turning Risks into Rewards: Developing a
Comprehensive Records and Information
Management Framework
Implementing a comprehensive RIM Framework and why it
is the best defense in Discovery
Mitigating risk while maintaining record-keeping
compliance
Applying Canadian General Standards Board standards to
keep records with integrity
3
5. IM is the source for discovery
Poor IM = Hard Discovery
Good IM = Easy Discovery
Source: http://edrm.net/
5
Goal
6. Risk: Information Management (IM)
Now, where
did I put
that
document?
Why must
information be
systematically
managed and
protected?
eRecords on
Servers make
the job more
critical?
6
7. Risk: Information Management (IM)
Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares
NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT
7
8. Risk: IM Technology Evolution
1.
Print, Index, Folder, Cabinet, Box, Binder, Stick File, etc.
Electronic File – Name.doc, xls, ppt, pdf, dgn, dwg, etc.
2.
Hard Drive – PC or Laptop, C: Folders
3.
Network Shared Drive, S: I: Folders
E-mail, Personal Folders - Outlook
5.
Present & Past
Paper Record, Blue Print Drawing
4.
Future, Current
Floppy, CD, DVD, PDA, Flash Drives, iPad etc.
6.
Web Sites - Intranet, FTP, Extranet, Portals – SharePoint
7.
Tracking Databases – ERP, etc.
•
Enterprise Content Management (ECM) - Imaging
•
Wikis, Blogs, IM, Web 2.0, Cloud Computing, etc.
8
9. RIM: Solving Business Issues
Paper to electronic records paradigm shift
Paper the record – electronic the convenience
Paradigm Shift
Electronic the record – Paper the convenience
Technology Systems Differentiation
Systems of Record – Official Corporate Records
Vs.
Systems of Engagement – Sharing and Messaging
Vs.
Systems of Management – Dynamic Databases
Etc.
9
All
may be
deemed
Records
&
All
may be
Relevant
In
Discovery
10. Risk: IM is Global!
Think Globally and Act Locally
10
11. Risk: Evidence
Canada Evidence Act
“31.1 Any person seeking to admit an electronic document as evidence has the
Authentication
of electronic
documents
burden of proving its authenticity by evidence capable of supporting a finding that
the electronic document is that which it is purported to be.”
“31.2 (1) The best evidence rule in respect of an electronic document is satisfied
Application of
best evidence
rule —
electronic
documents
• (a) on proof of the integrity of the electronic documents system by or in
which the electronic document was recorded or stored; or
• (b) if an evidentiary presumption established under section 31.4 applies.”
Standards may
be considered
“31.5 For the purpose of determining under any rule of law whether an electronic
document is admissible, evidence may be presented in respect of any standard,
procedure, usage or practice concerning the manner in which electronic documents
are to be recorded or stored, having regard to the type of business, enterprise or
endeavour that used, recorded or stored the electronic document and the nature and
purpose of the electronic document.”
Source: Department of Justice - http://laws.justice.gc.ca/eng/StatutesByTitle/C.html
11
12. Best Practice: Evidence
Canada
CAN/CGSB 72.34-2005 - Electronic Records as Documentary
Evidence
“5.2.1 Those who wish to present an electronic record as evidence in
legal proceedings shall be able to prove
a) authenticity of the record;
b) integrity of the Records Management System that a record was
recorded or stored in; and
c) that it is "a record made in the usual and ordinary course of
business" or that it is otherwise exempt from the legal rule barring
hearsay evidence.”
Source: CGSB - http://www.tpsgc-pwgsc.gc.ca/ongc/home/index-e.html
12
13. Best Practices: Standards
International
ISO 15489:2001 – Information and Documentation – Records Management –
Guidelines
United States ANSI/AIIM TR31-2004 – Legal Acceptance of Records Produced by Information
Technology Systems
Canada
CAN/CGSB 72.34-2005 - Electronic Records as Documentary Evidence
United
Kingdom
BIP 0008-2004 – Code of Practice for Legal Admissibility and evidentiary weight
of information stored electronically
Europe
MoReq2 Specification – Model Requirements for the Management of Electronic
Records
Australia
PROS 99/007: Version 2: 2005 Management of Electronic Records - Victorian
Electronic Records Strategy (VERS)
Other
GARP – Generally Accepted Recordkeeping Principles (ARMA)
13
14. Best Practice: ISO15489
ISO15489-1:2001 – Information and documentation – Records management
Applies to records, in all formats, created or received by any public or private
organization in the conduct of its activities, or any individual with a duty to create
and maintain records.
Supports:
• Electronic Records Management (ERM) & Physical Records
• ISO9001
– Quality Management Systems
• ISO14001
– Environmental Management Systems
Sets principles of Records & Information Management practice
• Organization institute comprehensive program
• Characteristics, Authenticity, and Integrity of a record
• Based on Functional Classification
Design and implementation of record systems
• Integrity of the system
• Compliance to legal and regulatory environment
• Documenting records transactions
Source: ISO http://www.iso.org/iso/catalogue_detail?csnumber=31908
14
15. Best Practice: GARP
Information Governance with
Generally Accepted
Recordkeeping Principles
(GARP)
8 Principles
GARP Capability Maturity Model
GARP Maturity
Level
1
Sub-standard
2
In Development
3
Essential
4
Proactive
5
Transformational
Principle of Accountability
Principle of Integrity
Principle of Protection
Principle of Compliance
Principle of Availability
Principle of Retention
Principle of Disposition
Principle of Transparency
Source: ARMA http://www.arma.org/garp/index.cfm
15
Colour Status
RED
ORANGE
AMBER
BLUE
GREEN
16. RIM: Vision
Ecosystem of Information
Working in one environment where all records are;
Created or Captured – once,
Collaborated Globally – version controlled, and
Managed – as records.
Being Confident that;
You can find the original record – every time,
You know who worked on it – who used it, and
You know what it was used for – related to activity.
Know that:
One never has to search any other system,
One can leverage the collective wisdom and knowledge of the organization, and
Everyone’s efforts will not be lost or misplaced.
16
17. RIM: Guiding Principles
SINGLE authoritative source of information
All documents will be filed electronically
Into one system as a normal course of business
Everyone depends on the system
Manage only ONE COPY
File once – use many times - in many ways
All transacted records made from the document management system
FIRST point of contact principle
The person who is first point of contact with documentation is
responsible for determining and ensuring that documentation is
appropriately filed
17
18. RIM: Program Framework
Classification
Retention
Metadata
Security
Vital Records
Electronic Messages
Imaging
Legal Hold & Discovery
Technology Change
Organization Change
Fundamentals of Records &
Information Management
Uses GARP, ISO15489, CGSB,
ARMA, AIIM Standards, etc.
Technology agnostic
Conforms to Laws, Regulations
All must be developed and in
place to implement ECM
RIM is the core – the foundation
Everything else is an output of RIM
Including eDiscovery
Etc.
18
21. RIM: Compliance Auditing
General - Benefits of Auditing
Test the degree of integrity of systems and procedures
Understanding degree and extent of compliance
Identifying gaps in procedures and training
Local - Due Diligence Reviews
Conduct regular reviews of all record classifications & metadata
Identify change issues of employees and management
Identifies changes in the business environment and gaps in training
Global - Quality Assurance Reviews
Critical for demonstrating integrity of systems, tools and procedures
Management knows if the systems, tools and procedures are working
Important for Litigation support – Safe Harbour
21
22. Risk Vs. Rewards for Business
Risk – The Blind
Lack of Governance - ad hoc
IT is in charge??????
Don’t know what are records
Don’t know the custodians
Inability to audit
Number of uncontrolled information
types and sources
Volume of duplication
Lack of information category structure
Too much technology
Can’t find anything easily
Poor basis for business decisions
No idea what is really happening
ECM deployments tend to fail
Etc.
Which version
do you want
to present in
court?
Rewards – Clear Vision
Good governance & transparency
RIM Manager is in charge
Can identify a record and a copy
Can identify record authors, custodians and users
Auditable - demonstrates due diligence
Controlled record types and sources
Avoids uncontrolled repositories
Reduced volume – original records
Global search categories – relevancy
Integration of Knowledge Management
Can find everything quickly and efficiently – better decisions
Controlled technology evolution
Reduced stress to the organization and its personnel
ECM has a solid foundation and can succeed
Etc.
ROI – Risk of Incarceration (reduced)
23
23. RIM Professionals
“RIM professionals can offer a safe harbor of sorts….
This requires that RIM professionals understand the key legal and IT
issues and for them to collaborate effectively with staff in those
departments to ensure the implementation and management of a solid,
documented, and explainable records management program.
When a RIM program is in effect and adhered to as it is written – and the
organization can show proof of compliance with the program – the
organization’s attorneys are in a much better position to defend its
ediscovery processes and the information it did – or didn’t produce.”
Resources:
American Records Management Association (ARMA)
• http://www.arma.org/
• Chapters in Canada
Association of Imaging and Information Management (AIIM)
• http://www.aiim.org/
• Chapters in Canada
Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares
NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT
26
24. IM is the source for discovery
Poor IM = Hard Discovery
Good IM = Easy Discovery
Source: http://edrm.net/
27
Goal
26. Turning Risks into Rewards:
Building a Comprehensive Records and
Information Management Framework
Event:
IQPC 2nd Annual eDiscovery Canada
Toronto, Ontario, Canada
March 28-30, 2010
Presented by;
Keith Atteck
Supervisor, Information Management
Vale