The document discusses the need for effective electronic document (eDocument) retention programs in organizations. It notes that changes to legal discovery rules have prompted companies to rethink their information management strategies. Key drivers for eDocument retention programs include regulatory compliance, industry standards, and mitigating business risks. The challenges include a lack of clear ownership, the perception that storage is cheap so everything can be kept, and that retention is not a high priority initiative. Effective programs require structuring information as assets, creating a records management framework with policies on retention, legal holds, and destruction. Questions are welcomed.
3. A Gartner Perspective
“ The December 2006 amendments to the Federal Rules of Civil
Procedure (FRCP) in the U.S. regarding the discovery of ESI and
passing of subsequent similar statutes in other countries, has
really spurred market interest in e-discovery. This is prompting
many companies to rethink their overall information management
strategies, from the policy level to the implementation level.”
The three core market catalysts are:
Transparency of business performance as aligned to governance, risk &
compliance regulations and subsequent organizational reporting.
Mitigating IT risk through the use of real-time and continuous controls
monitoring for transactions, segregation of duties, application configuration
and master data.
Preventing business failure through fraud detection, improved user-level
and application-level security and corruption.
Gartner Research VP Tom Eid, Press Release 16 December 2009
3
5. Considering a Retention
Program?
The COSO framework involves
several key concepts:
Internal control is a process. It is
a means to an end, not an end in
itself.
Internal control is affected by
people. It’s not merely
policy, manuals, and forms, but
people at every level of an
organization.
Internal control can be expected
to provide only reasonable
assurance, not absolute
assurance, to an entity’s
management and board.
Internal control is geared to the
achievement of objectives in one
or more separate but overlapping
categories.
5
8. Primary Challenges
Lack of clear Ownership
“Why not just keep
everything? Storage is
cheap!”
Not a “sexy” initiative!
8
9. Today’s Typical eDocument Landscape
Legal
MMS
SaaS
Sharepoint
HRMS
Network
Shared Sales
Drives
SAP
Internet
Email
Loosely related Policies
Multitude of Systems
Uncommon Taxonomy
PRIVILEGED 9
10. Unlocking the Value
IT Investment
Structured Info Value & Risk
Unstructured
Unstructured
Structured
10
11. Do You?
Know What Your
eDocuments your
Organization Has?
Know where and how to
get them?
Know the cost of
keeping them?
DRAFT - PRIVILEGED 11
12. Creating the Structure
Information Assets
Loosely related
Policies
Multitude of Systems
Uncommon Taxonomy
Corporate Records and Information
Management Framework
Information Policies
DRAFT - PRIVILEGED 12
13. Information as an Asset
Risks
Value
Information Assets Management Effort and
Approaches
Corporate Records and Information
Management Framework
Information Policies
13
14. Systematizing Information
Complex – DMS
EMC
Opentext
IBM Information Assets
Simple – Collaboration
Sharepoint
Lotus Notes
Corporate Records and Information
Management Framework
Information Policies
14
15. Corporate Records and IM
Framework
Governance
Organizational Priority &
Visibility
Information Assets Culture
Employees empowered and
involved
Infrastructure
Corporate Records and Information Linkages between GC, CIO,
Management Framework CRO
Information Policies
15
16. Key Information Policies
Retention
Defines What, Who, How
Long
Destruction Information Assets
Defines How
Legal Hold
Defines the means to
interrupt and prevent Corporate Records and Information
destruction Management Framework
Information Policies
16