From the MER Conference 2012
Speakers: Galina Datskovsky, Ph.D. Robert Williams Marcia Zweerink, Ph.D.
"If you don't know where you're going, you'll wind up somewhere else."
Yogi Berra
Historically, the core paradigm of records management was materials management. Today, the core paradigm is information governance (IG) and risk mitigation. Successful IG identifies ERM hazards, and guides organizations on the safest ERM journey.
But how do we plot the safest IG course when the nature of the risk keeps changing? How do we know we won't 'wind up somewhere else' as we struggle to address a kaleidoscope of evolving ERM hazards, including:
- Exponential growth: The volume of new records grows every year and already far exceeds manual records management capability. And the pile of existing unmanaged records is almost beyond comprehension. For many organizations, the sheer size of the pile has become a significant risk -- and a very challenging problem.
- Ever-changing technology: The rapid evolution of software, hardware, mobile devices, social networking, and cloud computing is changing the very nature of records. The trend is further fragmenting control of the records -- and increasing the challenge of implementing records life cycle controls.
- Ever-increasing regulation and litigation: Not only do evolving regulations add to the explicit requirements for managing records, but the courts are also increasing expectations that organizations show 'good faith' in managing electronically stored information (ESI). How do you know you have the management evidence to demonstrate 'good faith'?
- C-Level scrutiny: Executives at the highest levels are more aware than ever that information governance is key to the reputation, efficiency and compliance of the organization. They want IG, but may not fully understand what that means. Do they really understand what success looks like?
If Yogi's car had a GPS, he might have had an easier time, provided he used it correctly. Now, you do have a RIM-focused GPS for your IG journey - GARP® and the associated assessment tool - to assist you in understanding where you are, and monitoring your progress toward your destination.
You also have the needed "wheels" - Assured Records Management (ARM) - to help plan which route to take, drive progress toward your destination, and document the 'tracks' you took to get there.
M12S10 - Navigating Change: ARM your GPS (The Principles) into Drive Successful Information Governance
1. Cohasset Associates, Inc.
NOTES
Session 10
Navigating Change: ARM your GPS
(GARP®) to Drive Successful
Information Governance
Tuesday, May 08, 2012 9:00 am
B
Like a GPS, ARMA’s GARP® Principles
provide a standard measurement of
where you are.
Cohasset’s Assured Records
Management (ARM) helps you plot
g ( ) p y p
your course and provides the wheels to
move you forward.
"If you don't know where you're going,
you'll wind up somewhere else."
Yogi Berra
2
B
Goals
Explore how GARP and ARM can be used to
navigate change and drive successful
Information Governance
Ensure the all important management evidence
that proves Good Faith Effort on your journey
3
B
10.1
2012 Managing Electronic Records Conference
2. Cohasset Associates, Inc.
NOTES
Our Road Trip
A quick look at GARP and ARM
Our Mileposts
Why do we need to navigate change?
How can ARM help us drive?
p
How do we use the GARP GPS?
What does successful course look like?
How do we start this Journey?
Throughout, we will consider YOUR leadership opportunities
4
G
What is GARP®?
Generally Accepted Recordkeeping Principles
In order to achieve recognition at the
regulator, business and associate level, ARMA
International h d
i l has developed Generally Accepted
l d ll d
Recordkeeping Principles (GARP) so as to allow
organizations to adhere to and measure
objective records and information governance
standards
MER May 18, 2010 5
G
GARP® http://www.arma.org/garp
Principles
GARP®
Accountability
Maturity Color
Transparency Level Status
Integrity 5 GREEN
Protection 4 BLUE
Compliance
3 AMBER
Availability
2 ORANGE
Retention
Disposition 1 RED
6
G
10.2
2012 Managing Electronic Records Conference
3. Cohasset Associates, Inc.
NOTES
What is Assured Records
7
Management?
Assured Records Management (ARM) is an
evolving methodology designed to help
organizations establish and sustain Information
Governance that results in
Applying appropriate performance standards
Aligning with business priorities and culture
To ‘Get it right where it matters most’ and provide
credible evidence of good faith.
7
M
The ARM Approach
Using models
and techniques Aligned with Business Priorities
that simplify Business drivers, culture, and strategy
concepts and Risk-based continuous improvement
promote buy-in
t b i in Clear information governance processes
Good Faith ARM Performance Standards
Effort Organizational commitment
And the evidence
to prove it Lifecycle control of records and systems
8
M
Milestone 1
9
M
10.3
2012 Managing Electronic Records Conference
4. Cohasset Associates, Inc.
NOTES
Today, the Core Paradigm is CHANGE
Historically, the core paradigm of records
management was materials management.
We relied on a very structured set of standards and
best practices
Today, the core paradigm is information
governance (IG) and risk mitigation.
Governance is a process that accommodates change
Successful IG identifies ERM hazards, and guides
organizations on the safest ERM journey
10
B
Why Information Governance?
Because the RM landscape is rapidly evolving
Users
Business
IT
Case Law
1. Sheer volume
2. Changing technology
3. Legal landscape
4. Business changes, C-Scrutiny
M
Change Number 1
IG Includes EVERYTHING
Hold for litigation orHold
Legal regulatory matters CONTENT PROFILE
300
Retain Official Records
as evidence of 250
business activities 200
150
100
Dispose of records
when no longer
50
0
?
needed
Official Records: Retain as evidence for the full retention period
Ancillary Records: Dispose at any time, and as soon as possible
Legal Hold: Suspend deletion as required by Legal
12
M
10.4
2012 Managing Electronic Records Conference
5. Cohasset Associates, Inc.
NOTES
Changes in Technology
Cloud computing Who is responsible for
Social media the information asset?
Mobile devices What is the Official
Security and privacy Record?
Data proliferation and How do we collect and
growth preserve information?
Securing information
assets based on their
class
Management and
disposition of information
13
G
Legal Landscape
Evolution of the ‘Trusted Environment’
Record was managed User stewardship
independent of the user IT stewardship
P f i l t d hi
Professional stewardship N
New t h l i
technologies
Established policies and New legal perspectives
procedures New testability practices
Derived from checks and Importance of good faith
balances in Finance and reasonableness
14
B
C-Level Scrutiny
Remember when we used to complain that
senior management didn’t pay any attention?
Well, those days are over
The C Suite responds to Information
C-Suite
Governance
Beware the rude gaze of
management
15
G, M
10.5
2012 Managing Electronic Records Conference
6. Cohasset Associates, Inc.
NOTES
What Does the C-suite expect?
“Understand our business”
“Do something to help us succeed”
Cost, efficiency, reputation, risk
“Be specific”
Be specific
Does the C-suite understand ERM?
Not so much
Remember, the higher you
go, the shorter the attention
span
16
Milestone 2
17
G
What is Information Governance?
Governance covers all information in all formats
Gartner defines Information Governance (IG) as the specification
of decision rights and an accountability framework to ensure
appropriate behavior in the valuation, creation, storage, use,
archiving, and deletion of information
Remember: the purpose of governance is to help you
meet your business goals!
What Does Success Look Like?
How do you know if you’ve achieved it?
18
M
10.6
2012 Managing Electronic Records Conference
7. Cohasset Associates, Inc.
NOTES
The Essential Elements of
Governance
Formal grants of authority
Who gets to decide?
“Laws” - Rules of the Road
Rules make everyone safer
Continuous improvement and oversight
Specific goals and metrics
What corrective actions are needed?
Processes for change
How do you change rules or grant of authority?
19
M
Governance Challenges
Resistance – we don’t do this for anything else!
Organizational alignment
Culture
Governance models, processes, and roles
,p ,
Gaining buy-in and support
Management, IT, user
Training, communication, and awareness
Governance support resources
Commitment to continuous improvement
20
M
Align Governance with Business Culture
Rule-followers Wandering Cats
Process workers Knowledge workers
Conservative technology Must use the ‘latest thing’
Command and control Consensus
21
M, G
10.7
2012 Managing Electronic Records Conference
8. Cohasset Associates, Inc.
NOTES
What Does Success Look Like?
YOU CAN’T DO EVERYTHING!
No organization puts an equal emphasis on everything
at once
Governance knowing what you are trying to achieve and
mapping a reasonable path to get there while balancing:
Benefit
Cost
Risk
Timing
Feasibility
…..
22
M
Consider the C-Level’s ‘Baby’
LOW HIGH
Regulation
Litigation
Privacy
Cost Control
Intellectual Property
Outsourcing
23
M, G
Milestone 3
24
M
10.8
2012 Managing Electronic Records Conference
9. Cohasset Associates, Inc.
NOTES
Plotting the Course:
Commit to an Ongoing Process
Risk/ Value
Assessment and
WDSLL! Improvement Goals
PLAN
Management Execute
Review and ACT DO Improvement
Action Plan
CHECK
Measure and
Report Results
25
G, M
Using Your GPS
26
G
GARP® Assessment
The GARP® Assessment is an evaluation of more than
100 attributes of information governance an
organization can deploy to determine how it measures
up against the GARP® Principles.
The Assessment is organized by each GARP® Principle
to help determine the organization’s individual principle
scores, leading to an overall GARP® Assessment Score.
27
G
10.9
2012 Managing Electronic Records Conference
10. Cohasset Associates, Inc.
NOTES
GARP® Assessment
Measurable Outcomes
Quantify Program Needs
Prove Qualitative ROI
Benchmark Progress
Results
Provides benchmarks
Directs to resources
Historical comparisons
Experience to Date…
G, M
Milestone 4
29
G
30
G
10.10
2012 Managing Electronic Records Conference
11. Cohasset Associates, Inc.
NOTES
What Does Success Look Like?
Improving Governance processes?
If so – How? Roles? Awareness? Accountability?
Cleaning up unneeded data?
If so- What data? Where? How much? When?
Improving management of Official Records?
If so- Which records? How well do they need to be
managed?
31
M
Target the Right Level
of Information Life Cycle Control
Lifecycle control requirements vary
Ancillary Records : higher volume, but generally less control
Official Records: some require very tight lifecycle controls
Higher Volume
Ancillary Records
Official Records
Routine Collaboration Regulated Records
Greater Lifecycle Control
32
M, G
ARM Maturity Levels Simplify
Concepts for Business Folks
GARP® Maturity ARM Maturity Description
Absolutely nailed down by
5 GREEN 4 Assured
technology
4 BLUE Pretty good; some
3 Reasonable
3 AMBER technology control
Some manual/ process
2 ORANGE 2 Manual
control
1 RED 1 Ad hoc Absent (or individual)
33
M, G
10.11
2012 Managing Electronic Records Conference
12. Cohasset Associates, Inc.
NOTES
ARM Standards
ARM Records Life Cycle Elements
Maturity Create Retain Store Access Readability Dispose
Digital
g
SEC IRS Digital
Assured Image FDA DOD
WORM Copy
Copies
Time/ IRS Film
Reasonable UPA SEC UPA Anderson
Speed Copy
IRS Paper
Manual INS
Copy
Ad Hoc
34
B
Align With Your Business Priorities
Consider
Sources
Standards
Regulations
Best Practices
Elements of life cycle
Maturity level for your organization
Reflected in your policies and procedures
These are YOUR operating standards
35
B
Management Evidence
Policies - WHAT
Procedures – HOW
Inspections/Audits – WHO/WHEN/WHERE
Continuous process improvement
Management
Evidence
Good faith
Reasonability
36
10.12
2012 Managing Electronic Records Conference
13. Cohasset Associates, Inc.
NOTES
Milestone 5
37
G
Get Started and KEEP GOING
Identify stakeholders
Align with culture Keep It Simple!
Establish governance process
Identify business priorities / strategy
Identify
Id if near term and long term goals
dl l
BE SPECIFIC
Low hanging fruit makes a
BE MEASURABLE
refreshing salad!
DO WHAT MATTERS
Define ROI/ specific benefits, gain buy-in and funding
Measure and report
Then do it again!
38
G, M
Start Simply to Target Areas
for Improvement
1 = Ad hoc
2 = Manual
3 = Reasonable
Business
Types of Records 4 = Assured
Value / Risk
Current Desired
Gap
Control Control
Product Testing Records 1 4 3 H
Finance Records 3 4 1 H
Accounting Records 3 4 1 H
Manufacturing Records 1 4 3 H
Design Idea Records 1 3 2 H
Software Development Records 1 3 2 M
Employee Records 2 3 1 M
Toddler Focus Group Records 3 3 0 M
Real Estate Records 2 2 0 L
39
M, G
10.13
2012 Managing Electronic Records Conference
14. Cohasset Associates, Inc.
NOTES
Drill Down to Identify Actions
40
G
Leadership is a Team Sport
You don’t have to figure this out yourself
Take advantage of ARMA and GARP
Consult with experienced practitioners
(e.g., Cohasset and ARM)
Take d
T k advantage of MER networking to talk to your
f ki lk
colleagues
Ask what has worked and what doesn’t
Gather good ideas
Exchange business cards
Assemble your internal team Keep your friends close and
Who else wins your enemies closer.
Who’s buy in do you need Michael Corleone
41
M, G
“One’s destination is never a place, but a
p
new way of seeing things.”
Henry Miller
42
B
10.14
2012 Managing Electronic Records Conference