I was in Brighton, UK last week and saw a couple of signs that brought to mind some oft-forgotten precepts of effective marketing.
« May 2009 | Main | July 2009 »
I was in Brighton, UK last week and saw a couple of signs that brought to mind some oft-forgotten precepts of effective marketing.
Posted at 01:04 PM | Permalink | Comments (2) | TrackBack (0)
Technorati Tags: bing, ecm, google, IT, marketing, microsoft, search overload syndrome
|
Today’s guest “8 things” blogger is Barclay T. Blair is the Director and Practice Lead of FCS Information Governance, a specialized consulting practice that helps clients manage information better. Barclay is a consultant to Fortune 500 companies, software and hardware vendors, and government institutions, and is an author, speaker, and internationally recognized authority on a broad range of policy, compliance, and management issues related to information governance and information technology. He can be reached at or . This article is adapted from the eBook, “Making the Case for Information Governance,” available for download at http://www.fcsig.com/ebook.
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But hey -- related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered. Got an idea you want to pitch for an "8 Things" column? Pitch me at .
8 Reasons Why Information Governance (IG) Makes Sense
The Economist Intelligence Unit, in a recent study on information governance, found that the single biggest worldwide challenge to successful adoption of information governance is the difficulty of identifying its benefits and costs. In other words, the difficulty of making the case for information governance. Learning to articulate the case for information governance can be difference between success and failure with information management. Here are 8 reasons why information governance makes sense.
1. We Can’t Keep Everything Forever
IG makes sense because it enables organizations to get rid of unnecessary information in a defensible manner. Organizations need a sensible way to dispose of information in order to reduce the cost and complexity of IT environment. Having unnecessary information around only makes it more difficult and expensive to harness information that has value.
2. We Can’t Throw Everything Away
IG makes sense because organizations can’t keep everything forever, nor can they throw everything away. We need information – the right information, in the right place, at the right time. Only IG provides the framework to make good decisions about what information to keep.
3. E-Discovery
IG makes sense because it reduces the cost and pain of discovery. Proactively managing information reduces the volume of information exposed to e-discovery and simplifies the task of finding and producing responsive information.
4. Your Employees are Screaming for It – Just Listen
IG makes sense because it helps knowledge workers separate “signal” from “noise” in their information flows. By helping organizations focus on the most valuable information, IG improves information delivery and improves productivity.
5. It Ain’t Gonna Get Any Easier
IG makes sense because it is a proven way for organizations to respond to new laws and technologies that create new requirements and challenges. The problem of IG will not get easier over time, so organizations should get started now.
6. The Courts Will Come Looking for IG
IG makes sense because courts and regulators will closely examine your IG program. Falling short can lead to fines, sanctions, loss of cases, and other outcomes that have negative business and financial consequences.
7. Manage Risk: IG Is a Big One
Organizations need to do a better job of identifying and managing risk. The risk of information management failures is a critical risk that IG helps to mitigate.
8. Email: Reason Enough
IG makes sense because it helps organizations take control of email. Solving email should be a top priority for every organization.
-------------
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But hey -- related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered. Got an idea you want to pitch for an "8 Things" column? Pitch me at .
Posted at 05:30 AM in Compliance and records management | Permalink | Comments (1) | TrackBack (0)
Technorati Tags: aiim, compliance, content management, ecm, erm, governance, information, records management
|
Lynn Fraas is a Director at Crown Partners, an international hybrid Software and Professional Services firm specializing in information management. Lynn is also active in the industry and is currently the Vice Chair/Chair Elect of the AIIM Board of Directors.
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But hey -- related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered. Got an idea you want to pitch for an "8 Things" column? Pitch me at .
8 Ways to Increase User Adoption
A consistent topic in ECM circles is low user adoption. We think of ECM as “mature” technology, however, most companies still struggle with broad user adoption. In implementing ECM technology we fundamentally change the way an individual or group does their job. Consequently, the business process and culture change associated with the technology is much more significant that the implementation of the technology itself. Below are 8 things you can do to increase user adoption of ECM Applications:
1. Get top-level support.
This seems to be a “no brainer” but one that is consistently overlooked. ECM implementations often require significant changes to the underlying business process. A strong sponsor at the executive level can work to remove any organizational roadblocks the team may (or should I say will) encounter as you roll-out applications across the organization.
2. Start small.
We have all heard the phrase “take one bite of the elephant at a time”. Trust me; it is harder to do than it sounds. To start on the ECM journey, take a relatively straightforward business process and work with that first. Select a group that has at least one or two individuals who are champions for the new system. Get the first project over the finish line and in the winner’s circle before you embark on project #2. Measure the results, celebrate the success and make sure the rest of the organization hears about the success. This will create a level of excitement that will drive other groups to “want” the new technology.
3. Be fanatical about internal PR and communication.
User adoption is driven by system acceptance. Become a PR and communication expert as they form the cornerstone of gaining organizational acceptance of the system. You must evangelize and spread your messages to executives, managers, information workers and outside vendors and suppliers. Build a PR/communication plan early in the project and incorporate different mediums to get the word out. A simple grid with audience (executives, managers, workers etc) on one axis and form of communication on the other axis will suffice. The key is identifying major stakeholders and messages then planning the communication campaign to ensure all messages are delivered multiple times.
4. Use “personas” to understand how the new system will impact users.
Create a persona for your key stakeholder roles and ensure your system addresses their needs. The typical organization has multiple roles that will interact with any given business process and therefore the system. Each role has its own unique requirements (at least from their perspective). Understand who will interact with the system and what they need to be successful. Make sure you have them covered with the solution – ultimately it is all about making their life easier. Understand the WIFFIM (What’s In It For ME) for each persona.
5. Focus on the business process.
The business process that ECM technology will support should be the focus – not the underlying technology. The business user wants to get their job done in the most straightforward manner. To the extent technology provides tangible benefits to the user – adoption will follow. If you implement technology for technology sake – you will probably struggle to get users to actually use the system.
6. Get users and business owners involved.
People love to be heard. Leverage that core human trait and get the users/business owners involved at the very beginning of the project. Other than the typical steering committee thy these avenues for involvement:
7. Leverage collaboration tools.
In the world of Web 2.0 it is very easy to create a dialogue with the broad user community. Check into leveraging an existing corporate intranet or wiki to engage the organization in the discussion around the new system. If you don’t have a corporate standard there are many ways to generate conversation with free web based tools such as Twitter, Yammer, Facebook and MySpace
8. Training is more than just a class.
If I had a dime for every time I heard the words “companies did not plan for training” I would be on a sunny beach. You hear that training is often overlooked and that is a key piece of the user adoption puzzle. I also believe that in many cases training is conducted but it is ineffective. To be effective, training must be more than one how- to class. Here are some additional ways to ensure people make the jump to using the new system:
The broad adoption of technology is difficult but not unattainable. I leave you with a great clip that my colleague Atle Skjekkeland posted on the Information Zen site – a great clip to show users: http://www.informationzen.org/video/2043787:Video:160
--------
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But hey -- related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered. Got an idea you want to pitch for an "8 Things" column? Pitch me at .
Posted at 05:30 AM | Permalink | Comments (4) | TrackBack (0)
Technorati Tags: collaboration, crown partners, document management, documentum, ecm, emc, hyperion, marketing, sharepoint, training, user adoption
|
8 Things You Need to Know about Content Classification and ECM
1. Classification is key to realizing value from your content.
Why is classification important? Anytime you want to do something more than blindly storing your unstructured content, you need to classify and organize it to help those tasks along. Better organized, classified information is more effectively searched, archived, managed as records or incorporated into business processes. There's a reason libraries classify and organize all those books.
2. Timing is everything.
We've been talking about it in the ECM community for some time, but automating the classification of information is now a necessary element of your ECM architecture. Why do I think automated classification's time has come? Well, that takes us to #3.
3. Volume and variety of information is driving adoption of automated classification.
John's blog is called "Digital Landfill" for a reason. There are ever increasing volumes of unstructured information created every day in our organizations. Email growth continues worldwide. And the variety of communication and collaboration methods continues to expand. SMS and instant messaging are in the mainstream. Blogs and wikis are entering it. Twitter is the hot communication tool du jour. And the innovations continue, case in point, Google's recent announcement of its product.
4. Our employees simply can't keep up.
With more and more information being generated, the number of employees is certainly not growing at the same rate. The human being as a source of all classification decisions simply can't scale. We need to automate the process of organizing this information if we're going to maximize the value we get from it, and manage its lifecycle cost-effectively.
5. Our employees are inconsistent.
Relying on our employees for these content-centric decisions is fraught with problems: they are inconsistent in their participation in these tasks; each employee uses different logic to make a decision; their logic is difficult to audit.
6. You can trust the folks with Ph.D.'s.
There are a variety of options for automating your content classification, ranging from simple rules to highly sophisticated, training based approaches. It’s easy for the layperson to understand the simpler rule-based methods. It’s not easy to understand the more advanced methods. But you should trust them because, guess what, those smarty-pants Ph.D.'s have automated classification methods that are proven to be more accurate and effective.
7. Automated classification will save you money.
Organizations typically take two approaches to classification. Let’s take the email archiving problem as an example. One typical approach acknowledges that users shouldn't be trusted to determine what emails should be saved -- so they save everything. Rather than solve the problem, they avoid the classification problem altogether. Now they're simply saving everything, regardless of its value. Though disk is cheap, it’s not free. Classification, for these organizations, will help you select only that information that merits being saved and save storage cots.
8. Automated classification will save you time.
The flip side to the email archiving argument above is that some organizations do trust their employees and ask them to select emails for archival and management. As we've established above, these organizations are likely to get inconsistent participation and as such low quality results. Why won't your employees participate? Because they understand the value of their own time. And dreary (though well intentioned) manual classification tasks are not well aligned to why they are being handsomely compensated. It’s a poor use of their time, they know it, and are acting on that implicit ROI analysis.
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered.
If you are interested in this topic, you may also find AIIM's Information Organization Access (IOA)/Search course useful.
Posted at 06:30 AM | Permalink | Comments (1) | TrackBack (0)
Technorati Tags: classification, compliance, content management, document management, E20, Google, IBM, IOA, records management, Search, taxonomy, Wave
|
Today's guest "8 things" blogger is Jean-Luc Chatelain, an HP Fellow and the Information Optimization CTO for HP Software and Solutions. Chatelain joined HP at the time of acquisition of Persist Technologies, where he was Founder and CTO, a world leader in grid storage & archiving solutions which technology is the basis of the HP Integrated Archiving Platform IAP.
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered.
8 Things You Need to Know to Manage the Explosion of Information
Information Explosion is making way for a new strategy to align business policies with people and technology. The following steps are my take on ways in which organizations can be successful in creating and implementing information management practices in this challenging environment.
1. Obtain Senior executive sponsorship and cross-organizational involvement.
This is the cornerstone for sustainable success of an information management strategy. A new strategy will involve investments and organizational changes. Without active and visible senior executive support and commitment, any strategy or plan will be set for failure from the beginning.
Since most organizations consist of federated yet independent business functions or silos, it is important to involve all major constituencies at all stages - from definition through to implementation and ongoing monitoring of the business success metrics.
2. Paper is still cool: organizations need to leverage best practices from the physical world.
Information management is not new. We have been managing information in one form or another since the birth of civilization. What is new is the electronic aspect of it. In nearly every organization, there are people who have been managing paper records for years. They understand how to index, classify, distribute and retain information – they are usually known as records managers, archivists and librarians. Organizations need to leverage their domain knowledge and experience to the fullest.
It is crucial to understand that you cannot simply adopt the old policies and processes and make them electronic – you will need to adapt them. For example, policies and processes for handling paper memos will not work for emails that have a different order of magnitude and contain a plethora of irrelevant content. There is a lot of "white noise" in emails that doesn't exist in the paper world -- rarely did someone type a memo to say, "let’s grab a coffee."
3. Define the policies that will govern your enterprise information.
This is the most critical phase of executing a successful strategy. Policies need to be flexible to allow the organization to be agile and respond to changing markets, customer needs, business partner ecosystems and similar business changes. Policies need to be owned and executed by the business, and supported by technology. When defining policies, remember that not all information is created equal; one needs to identify the information assets that deliver business value to the organization – information that has business, decision, risk or organizational impact. An example of such information includes legal documents, product catalogs, balanced scorecards and key performance metrics.
4. Define the processes you will use to manage the information.
Business processes define how the policies are implemented and executed across the organization. While this step seems obvious, it is often overlooked. Process flows must mirror business flows, and they must be molded to meet the users’ needs, not the other way around. There are many examples of failed information projects where the technology attempted to force users to work in an ineffective, rigid workflow. A key metric for defining the success of processes is that they must improve business productivity.
5. Stay in constant communication and use a shared vocabulary.
As with any major change program, dialogue is most important. Be cautious to not overlook that certain terms mean different things to different people. It is very important to clearly define and document what is meant at all times.
6. Educate, educate and educate again.
Employee training is often underestimated and it is critical to user acceptance. Without training, policies will be ignored, processes will be short cut or, even worse, bypassed.
In one such example, a policy was communicated by email that states "No MP3 player content is to be stored on desktop or laptop computers." IT then runs a script every night to delete any MP3 files it finds. However, users want to listen to music while they work so each morning they re-download their MP3 files. What they don’t know is that the reason the policy was brought in was to reduce corporate liability and risk from potentially pirated copies.
Best practices for training include a planned strategy from the beginning of the project. Human resources must be consulted at this stage in order to receive the necessary support and funding. In addition, training must be repeatable in order to resonate, as well as support changes in regulations and compliance.
7. Recognize that technology is a mean not the end.
Technologies should help implement policies and execute processes faster and more accurately. As information expands, it must scale to meet new needs. It must be agile enough to respond to ever-changing business and information needs. Different sourcing models should be investigated to achieve the optimal total cost of ownership for the organization. Remember that if some technologies are selected incorrectly, they can doom the implementation of any information management strategy all together.
Today, IT manages business value, which is designed, built and delivered in the form of technology-enabled services. This increases the importance of an information management strategy since data will be consumed in a variety of new and different ways. The once tight coupling between applications and data is being broken, and centralized "ownership" of data becomes more difficult. This makes the consistency and quality of the data even more critical, putting more pressure on one’s information management strategy to also include data quality and stewardship programs to help achieve a single version of the truth.
8. Don’t forget to prove the business value.
Finally, maintain momentum and executive support by showing and communicating ongoing demonstrable business value. It is critical to measure and prove the team’s accomplishments in financial and business terms. Examples of financial and business metrics include: quantifiable impact on revenue, increased customer retention, reduced service calls and decreased inventory levels.
Posted at 06:50 AM | Permalink | Comments (0) | TrackBack (0)
Technorati Tags: ecm, email, enterprise, HP, information management, records management, risk
|
Our guest opinion-maker today is Dan Antion, Vice President of Information Services for American Nuclear Insurers. Dan is responsible for information technology at ANI and works with a small team addressing ECM. (The opinions in this piece are Dan's, not ANI's.) Dan has presented at the AIIM Expo during each of the past four years, three times talking about SharePoint and once talking about working with a small budget. He has completed AIIM's ECM Master course. His blog can be found at http://www.SharePointStories.com. He can be reached via e-mail at and can also be found on LinkedIn and Twitter.
This post is now part of an e-book! To get a free copy (no charge and no reg required!) go to 8 reasons you need a strategy to manage information. Here is also the direct link...www.aiim.org/8things.
Small businesses interested in getting educated about content and document management should also take a look at the "AIIM Essentials" short courses.
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered. Got an idea you want to pitch for an "8 Things" column? Pitch me at .
8 Things Small Businesses Need to Know about Document Management
1. You are not too small for Document Management (DM).
Size doesn’t matter, the junk drawer in your kitchen is just as big a headache as the pile of boxes in your garage. Not addressing document management means you are likely to fail at some point to find the right information for the job. It also means you might be paying to keep information you no longer need. If you’re big enough to get sued, you’re big enough to be forced into e-discovery. If you plan to stay in business you are going to have new employees at some point. DM addresses all these issues.
2. DM offers value beyond the obvious.
Even small businesses can save money by reducing the cost of document storage. Beyond saving money, effective document management can improve the timeliness of your responses to your customers. DM can also improve the quality of those responses. Both of these benefits can help distinguish you from your competition. DM also improves knowledge transfer to new workers, aids in cross-training and reduces the cost of researching problems. These things make your operation more effective allowing you to absorb more business volume into your existing staff.
3. DM is not a technology project.
Technical solutions may make the task of managing documents easier but technology doesn’t drive the bus and it doesn’t own the road. DM requires that a company consider what documents you have, who need access, in what form and through what channel will they want that access to flow. You also have to address how long documents should be kept. Those answers should come from the owners and users of information and the people familiar with the regulations affecting your company. These answers then help form the requirements of the technology solutions.
4. Management support is required.
In order to overcome “... but we have always done
5. DM includes costs that are not obvious.
You may end up saving money, improving response time and accuracy but DM isn’t free. You may have to invest in technology to support DM, you should plan to invest in training. You may decide to backfill some content that is currently in a difficult to manage form – this may involve scanning or conversion. Once you bring documents under a management regimen, you are going to have things to maintain, things to back up and things to migrate from one generation to the next.
6. DM technology doesn’t have to be expensive.
There are free and Open Source document management platforms available. Microsoft SharePoint (our choice) is not free but it’s not prohibitively expensive and offers many benefits beyond DM. You can put DM in the Cloud if you’re comfortable with the service provider. You could probably even implement DM practices within traditional file sharing technologies but I wouldn’t want to try.
7. Education is important and available.
More than anything, when you implement DM, you are changing behavior. You are going to be asking people to spend extra time and put forth extra effort, primarily for the benefit of others. Consider the time involved with proper classification of documents and the addition of metadata. If I wrote a document, I might argue that I don’t need either of those. But, if I want my coworkers to be able to find my document, both are essential. People have to be trained to understand the benefit of these actions and they have to be trained in how to perform those tasks in order to achieve the benefits.
Education is available from many sources and much of it is free. There are tons of forums on LinkedIn, there are Blogs on AIIM’s web site and the web sites of companies involved in this industry, there are digital magazines and e-Newsletters specializing on every nuance of document management. Depending on the scope of your project, you may also want to consider fee-based education. I can honestly say that attending AIIM’s ECM Master Course was the best decision I’ve made many in years. DM can require a long-term effort and having someone on your team that knows where to go and what to do is critical.
8. All vendors are not created equal.
If you need outside help, give careful consideration to the vendor you connect with. You must make sure the people you are working with understand the technology you will be using and the goals you have for the implementation. They should be familiar with DM projects and they should be able to point to past success and qualifications in the field of DM. Again, you may need a vendor that isn’t associated with the technology but understands DM or Content Management and help get your company moving in the right direction.
-----------
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered.
Posted at 06:30 AM | Permalink | Comments (5) | TrackBack (0)
Technorati Tags: aiim, document management, ecm, marketing, sharepoint, small business, training
|
George Parapadakis () is an ECM Advocate at IBM, advising customers and partners on how to maximize the value from their ECM and BPM investments. He has also been monitoring the use of ECM technologies in the Risk & Compliance field. After 20 years in the Document/Content management and Process/Workflow industry, he's still a believer!... George has been an AIIM member since 1995 and you can follow him on twitter as or his InformationZen blog. All opinions expressed here are explicitly George's and not necessarily those of his employer.
This post is part of an ongoing guest blog series around the overall theme of "8 things." The idea is to tap into the collective experience of members/readers on topics that they are passionate about. (But related to information, documents, content, or records!). Click HERE for a full list of topics that we've covered.
8 Things You Need to Know about Information Risk
Information is a critical asset of every organization. “Information Risk” can be defined as any possible event that prevents critical information from being used as the business intended it to. The most critical information risks are:
1. We didn’t keep it (Non-capture) – The risk of critical information not being captured into the system.
If the email gets deleted, the attachment is gone for good. Users, driven by delivery pressures and performance controls, often bypass or ignore good house-keeping practices needed for compliance policies and business continuity. Using process-controlled, automated declaration and classification procedures for capturing both paper and electronic records, this risk can be significantly mitigated.
2. It was on the disk that crashed (Loss) – The risk of captured information being accidentally removed from the system.
In order to avoid the risk of information being accidentally lost from the system, organizations must invest time in selecting the right storage, availability and disaster recovery architectures. In a controlled environment, the system also needs to provide specific “hold” or “freeze” mechanisms which prevent normal information disposition schedules from inadvertently removing critical information, for example, when litigation is in progress.
3. That is not my signature (Malice) – The risk of information being deliberately removed, corrupted or damaged.
This is defined in legal context as “spoliation of evidence” which is the “destruction or significant alteration of evidence, or the failure to preserve property for another’s use as evidence in pending or reasonably foreseeable litigation.” Records are a key part of any successful legal or regulatory defense, but organizations must be able to locate and produce their records with the assurance that they have not been altered. In order to minimize the risk of spoliation, information needs to be captured in a controlled environment where access or deletion of records is only possible through the defined and security controlled disposal processes. All access to records must be monitored though a detailed audit log.
4. March.xls – but which year? (Attribution) - The risk of losing the context and metadata describing the information.
For information to be relevant and useful to the business, the organization needs to ensure that not only documents and content be retained and managed securely, but the context or information used to describe them (metadata, relationships and processes) also need to be carefully managed too. This is especially true in large enterprises where content may be captured through many different systems and sit in different repositories, but is openly available across the organization through an Enterprise Content Management system.
5. Where did you get this? It’s confidential! (Unauthorized Access) – The risk of information being accessed by unauthorized persons.
Information needs to be available to the right people only, for the right use and at the right time. Lax security can not only compromise confidential or sensitive commercial information but also personal details. Complex organizations require sophisticated security policies to stop access to information by any unauthorized person, as well as mechanisms to prevent authorized persons taking the information outside the authorized domain (information leakage)
6. The system is down (Unavailability) – The risk of disaster or technical failures, preventing access to the information.
There is very little value for information that is carefully preserved for posterity, but is not available when you need it to make a decision. IT systems in general are a key operational risk for the organization, posing a threat to business continuity. But whereas loss of electronic process and transaction handling could be temporarily replaced with manual processes, critical information that is locked away in a system that is unavailable, cannot be manually retrieved. Information availability should be managed within the context of an overall business continuity planning.
7. But where is it? (Findability) – The risk of information being lost inside the digital landfill due to lack of sufficient classification.
In most business environments today, information is generated, received or contained in a multitude of electronic mediums, formats, storage devices, etc. This explosive growth is an additional source of information risk. Being able to locate the correct information within the required timescales, be it a telephone enquiry from a customer, or a weeklong regulatory audit, is critical. Organizations can employ techniques such as automated content capture, classification and federation, to ensure that all relevant information is discoverable within short timescales.
8. Does anyone have SuperWriter 2.0? (Inaccessibility) – The risk of information becoming inaccessible due to its medium or format.
Format refresh is a particular issue with electronically stored information. We can read a scroll of papyrus that was written 3000 years ago. But we can’t read a 5¼” disk with WordPerfect files from 10 years ago. Information that is locked into obsolete mediums or proprietary formats and systems, is worthless to an organization. So long-term preservation, media refresh and format refresh, need to be considered proactively. Information strategies that include the use of format standards (e.g. TIFF or PDF/A) and audited content refresh cycles, will ensure that information remains accessible for the whole period that it is being kept for.
---------
Today, more than ever, access to electronic information is vital to an organization’s operation. Carefully assessing your organization against the Information risks discussed above, is the first stage in identifying where your organization is most vulnerable and in defining a roadmap for implementing governance controls and monitoring to protect your information assets.
Posted at 06:30 AM | Permalink | Comments (0) | TrackBack (0)
Technorati Tags: compliance, content management, ecm, ediscovery, information management, records management, risk
|
Here are the titles we've published to date in my "8 things" series.
Participation is open to anyone -- you just need to know something specific about some aspect of document, content, and records management. Have some fun with it! Contact me at .
For details on how the whole guest columnist thing works, go to the "Twitter and business" post (#2).
Some other titles in my "8 things" series --
Posted at 02:40 PM | Permalink | Comments (0) | TrackBack (0)
Technorati Tags: aiim, bpm, compliance, content management, document management, ecm, ediscovery, records management, scanning, sharepoint
|
Daniel Chalef is CEO of KnowledgeTree Inc., a leading commercial open source document management software vendor. KnowledgeTree’s free open source document management community edition has been downloaded over 650,000 times. The company's commercial offering includes product support and features that assist companies in achieving regulatory compliance. Follow Daniel on twitter at or on the KnowledgeTree blog http://www.knowledgetree.com/blog/.
This is part of a broader guest columnist series I have been running on ECM topics. Check out the other titles. For details on how the whole guest columnist thing works, go to the "Twitter and business" post.
Some other titles in my "8 things" series --
8 Things You Need to Know About Using Enterprise Content Management (ECM) for Regulatory Compliance
1. Regulations are complex and can’t be ignored.
One of the challenges of being regulated is understanding exactly which regulations apply to your business. You may face “horizontal” reporting regulations, such as those contained in Sarbanes-Oxley that apply to all publicly-held companies. Or, you may be subject to vertical market specific regulations such as HIPAA in health care or the FDA’s 21 CFR 11 rules. Or, you may face a raft of regulations from different governments and agencies. One thing is for sure, you can’t pretend these regulations don’t exist or hope they go away. Non-compliance may present a very real legal and financial risk to your organization.
2. While enterprise content management (ECM) systems can help, they are only one part of the compliance solution.
Any good ECM application can help you track and control document revisions, but keep in mind, they are only as effective as your underlying business processes. Don’t implement ECM software with the expectation that it will magically solve your compliance problems; you have some hard work to do around standardizing and codifying your processes for document management.
3. ECM system vendors can’t certify their products for regulatory compliance.
A product itself is not compliant, rather it is the entire operating environment that must be compliant. This takes into account the unique contributions and actions of people, processes and technology present at your location. Again, your ECM software is only one piece of the compliance solution that will also include scrutiny of your business processes, training programs, standard operating procedures, etc.
4. Proper records management policies, retention schedules and document classes will keep the system from getting bogged down.
Even in a regulated industry, not every document in your ECM repository is subject to regulation and compliance. There are plenty of document types that would not be examined in an audit and that could be excluded from compliance-oriented processes. Examining types of documents and structuring classes, hierarchies and policies accordingly at the outset will save you a lot of extra work and system burden down the road. Adhering to stated retention schedules for archiving documents will also keep the system running smoothly.
5. Understand the requirements behind electronic signatures.
Many people confuse electronic signatures with encrypted signatures. Although documents can be cryptographically signed for security purposes, this is not required in most compliance scenarios, whereas electronic signatures are. An electronic signature assigns a clear identity to someone who has altered a document along with a timestamp and recorded reason for the alteration. This can occur in the form of authentication at the time the document is changed so that the action can be clearly recorded in an audit trail.
6. Audit trails must be…auditable.
Your ECM must provide not only the ability to create an audit trail but an easy way to access it! If you are ever the subject of an audit, you may need to produce reports on hundreds or thousands of document transactions. Make sure you can easily access and produce the document history and that it clearly shows the information needed during an audit.
7. Consistency and automation are your friends.
One of the very purposes of regulation is to ensure consistent and repeatable activities that conform to a set of standards. And there’s no better way to achieve consistency than through automation. Your ECM system can aid you via workflow automation, especially around review and approval processes. Automated workflow reduces the risk for error by ensuring each step of the process occurs in order and receives the appropriate oversight. Tie back to point 2 – once you’ve identified and standardized your business processes, you can carve them in stone with automated workflow.
8. Don’t think higher cost means better compliance.
Because of the way compliance is determined, a more expensive solution isn’t necessarily going to be better than a less expensive one. It’s all about functionality and how the system supports your individual circumstances. Especially for smaller businesses, a large expensive system is not an option and may in fact be more of a hindrance to compliance than a solution that is more affordable, and more easily implemented. Don’t be afraid to look at open source products in addition to proprietary systems. You may find you can achieve compliance with far less cost and headache than you thought.
This is part of a broader guest columnist series I have been running on ECM topics. Check out the other titles. For details on how the whole guest columnist thing works, go to the "Twitter and business" post.
Some other titles in my "8 things" series --
Posted at 11:18 PM | Permalink | Comments (1) | TrackBack (0)
Technorati Tags: compliance, ecm, information management, records management, risk
|
This issue’s guest columnist is of Access Sciences. Doug has a broad Information Technology background that covers 25 years in Global Fortune 300 upstream Energy companies, with previous experience in systems analysis and design, systems development, technical infrastructure and customer service center. He has focused the last 7 years on enterprise content and records management technologies, including development of best practices, assessment and evaluation of various software packages and Web 2.0/Enterprise 2.0 Technologies.
If you are interested in this topic, you might also be interested in AIIM's SharePoint microsite. We also run a series of short SharePoint related training programs in our "Essentials" program. If you are interested in suggesting a topic for my "8 things" series, contact me at .
8 Things You Need to Know about SharePoint Governance
It’s shouldn’t be a big surprise that Microsoft Office SharePoint Server 2007 (MOSS) is incredibly popular and powerful as a basic content repository. Microsoft claimed $1 billion in revenue from sales of the software in 2007. A recent survey by AIIM (State of the Market: Microsoft SharePoint) indicates that SharePoint is indeed rapidly becoming pervasive within the enterprise. Of those responding to the survey, 83% said they either currently use or likely will be using Microsoft SharePoint.
There are also many reports of SharePoint deployment projects being derailed or having less than desired results. Some of these are related to a lack of features necessary for an organization such as more robust records management or a more controlled repository, but many are because of the lack of SharePoint governance.
A SharePoint Governance model has the following components put in place to guide the development and use of a solution based on SharePoint:
Here are eight things you need to know about SharePoint governance:
1. There is no easy button.
Unlike the popular office supply company’s commercial where you push the button and get the comforting message, “That was easy,” you can’t push the easy button and SharePoint governance suddenly appears. While there are tools and templates available (from both Microsoft and others) to help guide the process, it will take resources – people and time – to create a governance model for SharePoint in your organization.
2. One size does not fit all.
A SharePoint governance model for a Fortune 25 organization is different than one for a small business. A governance model must be adapted for the size of the organization. There are no “cookie cutter approaches” for developing the governance model. You can certainly repurpose a governance model intended for a different size organization into your own, but it again takes people and time.
3. It’s not rocket science.
On the other hand, creating a governance model for SharePoint is not an impossible task or one that will take months of effort and armies of consultants. You simply need to treat it like any other project - dedicate adequate resources to it and then decide what needs to be governed in your organization and how you want to govern it.
4. You can do it now, or you can do it later – but you will do it.
SharePoint governance is like the old TV commercial where the greasy mechanic says you can pay me now or you can pay me later, inferring that you will pay me eventually. The SharePoint governance model can be created while you have a new, pristine SharePoint farm or site collection or you can do it after you have hundreds of sites and document libraries with no clear indication of what content exists in the various sites or why. It will take require more resources to do it later.
5. Some options don’t have an “undo” button.
Creating a SharePoint governance model will ensure the organization has thought through the various options and capabilities available in SharePoint and made intelligent choices based on their goals for the software. An organization has only one shot at several installation and configuration options unless a total reinstall is performed.
6. Less silos instead of more.
Many organizations implement SharePoint for basic content services and to gain better control of the content on their shared drives. The same AIIM survey referenced earlier indicated that 60% of the respondents use SharePoint for file sharing. Without SharePoint governance, there are no clear standards on the creation and use of sites and document libraries. Organizations can find themselves with more information silos after SharePoint instead of less that they planned for.
7. It’s not just about the technology.
Implementing new technology is certainly hard work, but the harder work is in changing the way people work. A governance model will help from the change management and usability standpoint of implementing SharePoint.
8. You can have governance or you can have chaos.
Chaos in SharePoint looks like what many have called content sprawl – sites, sub-sites and document libraries with junk and no clear ownership. It may also resemble the same content types with slightly different names or with different metadata. A governance model with some basic information architecture can help ensure consistency across the entire SharePoint site and guide how sites are commissioned, used and decommissioned when no longer required.
Resist the urge of the IT department to just install it like any other Microsoft application – insert the CD and install with the default settings. You need a governance model to:
Some other titles in my "8 things" series --
Posted at 07:19 AM | Permalink | Comments (4) | TrackBack (0)
Technorati Tags: access sciences, aiim, content management, document management, ecm, sharepoint
|
Recent Comments