Cloud-based content management is becoming increasingly popular and includes options for using SharePoint, SharePoint as a service, Office 365, and cloud content management systems such as SpringCM, Alfresco, Box, Dropbox, and Google. Content, which may be considered a business record, may also be created and consumed in social networking applications like Yammer, Jive, Chatter, and others. What are the best practices and options for maintaining regulatory compliance given that many of these systems and applications have no provision for records management?
This session lays out the issues for records management for cloud content management systems and then provides the best practices and options for using these systems. Is SharePoint Records Manager your only option?
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Best Practices and Options for Records Management in the Cloud, Office 365, and SharePoint.
1. Best Practices and Options for
Records Management in the Cloud
Kodak Global Directions 2012
Las Vegas, NV
September 25, 2012
Bud Porter-Roth
Porter-Roth Associates
4. Governance, Risk, and Compliance (GRC)
+ Records and Information Management (RIM)
Governance - is the set of policies, procedures, and
processes that you establish in your enterprise to guide,
direct, and control how it uses technologies to accomplish
business goals
Risk - is how management identifies, analyzes, and, where
necessary, responds appropriately to risks that might
adversely affect realization of the organization's business
objectives
Compliance - is the process of adhering to the established
policies, procedures, and processes for governance
RIM – is defined as the systematic control of records
throughout their life cycle (paper and electronic)
4
5. But...
GRC does not work if you do not or cannot control and
manage your content and information...
You cannot comply with SOX if you don’t maintain,
manage, and audit your content…
You cannot assign a seven year retention period to a
document if there is no system to assign and manage the
retention schedule...
Today’s volumes and complexity of information make it
almost impossible to manage information manually
5
6. Why GRC/RIM?
Home
Work On-Premise
Electronic & Paper Documents
Work
File Sync Cloud-based
(n+1 services)
Work
Electronic Documents
Porter-Roth Associates 6
7. Introduction or How Many Paper/Document
Systems do You Have?
Paper management systems
Shared Drives
Document Imaging
Electronic Document Management (ECM)
Records Management
Workflow/BPM
Website Content Management (WCM)
Database Management Systems (DBMS)
Cloud Content Management (CCM) Systems
Cloud-based functional application systems (ERP, CRM)
Porter-Roth Associates 7
9. CCM Offerings
1. Store and Retrieve – very basic and functions like an FTP site
2. Content Collaboration – offers basic storage & retrieval - also
includes document management capabilities that allow multiple
people to collaborate on content
3. Platform – offers a complete environment including storage and
retrieval, content management, and office productivity applications
such as word processing, spreadsheet, presentations, calendaring,
workflow, etc.
4. Functional Applications – offers functional applications such as
project management, CRM, ERP, HR in addition to simple storage
and retrieval of documents
5. Social Networking – offers the ability for social communities to be
formed in addition to simple storage and retrieval of documents
Porter-Roth Associates 9
10. Simple Storage and Retrieval
Allows for simple file storage and retrieval. Allows
you to “share” documents by email invitation or
shared password. No document/records
management/compliance/legal capability.
Amazon Cloud Drive
SkyDox
Dropbox
SkyDrive
iCloud
Porter-Roth Associates 10
15. Complex Collaboration
Includes DM/RM, office applications, workflow,
email, calendaring, workspaces, forums (wiki,
blog), and other features. RM/legal capability is
available depending on the product.
SharePoint (on-premise or provided as SaaS)
Office 365 (includes SharePoint)
Alfresco
SpringCM
Google Docs & Google Drive
Porter-Roth Associates 15
16. CCM and Legacy Systems
Latest advances offer CCM and a legacy ECM system
OpenText and Tempo
EMC and Syncplicity
SharePoint and Office 365
FileNet and IBM Docs?? (still new & not sure of direction)
CCM systems may integrate to established legacy systems
via an API to allow documents to be transferred to the legacy
system for archiving and records management
Interesting – Box API allows 2-way sync of files between Box
and a ECM application including SharePoint
Alfresco can sync files with SharePoint – i.e., Alfresco
frontend collaboration and SharePoint backend.
SpringCM can be both a frontend (cloud collaboration) and
backend on-premise system
16
17. Cloud-based Functional Applications
(not document/file based but store documents)
Offers functional applications such as project management,
CRM, ERP, HR, social networking (business and personal)
in addition to simple creation and storage and retrieval of
documents. No document/records management/
compliance/legal capability.
EPMLive - Enterprise Project Management (EPM)
Basecamp (PM)
Workday (HR)
NetSuite (ERP)
Salesforce/Chatter/Chatterbox (CRM/social networking)
Evernote (note taking)
Porter-Roth Associates 17
18. Business & Social Networking w/ DM
Social networking apps – can also be used for file storage
and sharing. Also used for corporate docs and presence.
No document/records management/compliance/legal
capability.
Jive – Social software
Yammer – Social Software (now part of SharePoint)
Facebook
LinkedIn
Twitter
Google Plus+
18
19. Key Benefits of Cloud Computing
On-demand Self-Service - User can order and provision
services directly – user is empowered to acquire and maintain
the application
Basic site can be setup and operating within 30 minutes of
provisioning
User/owner can set libraries, folders, security, permissions,
versions, workflows, and other aspects of site operation
directly – no IT required
User can invite other users from within the company to share
documents
User can invite other users from outside of the company to
share documents
Porter-Roth Associates 19
20. Risks
On-demand Self-Service - User can order and provision services
directly – user is empowered to acquire and maintain the
application
Company can easily lose control of information without GRC
Lack of (for most) records management
Inability to manage legal/audit/business holds on any scale
Compliance may (will) be challenging for regulated industries
Document/files may be spread among many devices and
platforms such as file share, SharePoint, Box, and OpenText for
example
Security (physical and data)
Cloud sprawl will happen without GRC
Porter-Roth Associates 20
21. Best Practices for Getting Started
Begin planning with a GRC/RIM team (IT, Legal, CIO, LOB)
Audit and map all your content (and potential) site repositories
Records retention/taxonomy/file plan must come before the
system – very hard to retrofit a taxonomy afterward
Establish a Pilot/Learning System
Establish requirements using information from your pilot system
Plan for security – use pilot to establish deltas
Plan for migration – do you plan to migrate large data sets from
shared drives, eRooms, Lotus, legacy systems?
Plan for user training – especially in the RIM/GRC area
Plan to automate GRC
Plan to automate RIM
Porter-Roth Associates 21
22. Conclusion
Governance is team effort
IT owns the systems that manage the content but…
Users own the content
Processes/procedures (that we create) tell us what to do with
the content
Technology enables the processes/procedures
In today’s modern business, it may not be feasible for individuals
to “manually” participate in the information governance process
and the process has to be under computer control to be
successfully
22