It Takes Two To Tango The Synergy of RIM & ECM Gordon E.J. Hoke, CRM http://gejhoke.googlepages.com SM Mile High Denver ARMA 17 March, 2009

The Presenter Gordon E.J. Hoke Content Management since 1989 Software vendor Journalist Consultant/Analyst Records Management since 2002 Certified Records Manager Records Risk Management Consultant Author/Analyst

Gordon E.J. Hoke

Content Management since 1989

Software vendor

Journalist

Consultant/Analyst

Records Management since 2002

Certified Records Manager

Records Risk Management Consultant

Author/Analyst

We’re all in this together… Clarifications any time Substantive questions at the end

Clarifications any time

Substantive questions at the end

The Challenge: Get the best of both worlds Records Mgrs. miss the profound advantages of ECM Business processes Storage and device options Cost effectiveness Security, flexibility, universality Content Mgrs. miss the profound advantages or RIM Systematic, media agnostic approach Risk reduction Governance Controls

Records Mgrs. miss the profound advantages of ECM

Business processes

Storage and device options

Cost effectiveness

Security, flexibility, universality

Content Mgrs. miss the profound advantages or RIM

Systematic, media agnostic approach

Risk reduction

Governance

Controls

Seeking Progress “ Those who cannot remember the past are doomed to repeat it.” -- George Santayana

“ Those who cannot remember the past are doomed to repeat it.”

-- George Santayana

History of Records & Information Management (RIM) Moses, c. 1500 BCE – First Disaster Recovery Callimachus, c. 380 BCE – First Index J. B. Dancer, 1839 CE – Early micrographics ISO & Sedona Principles, 2005 – Digital records standards

Moses, c. 1500 BCE

– First Disaster Recovery

Callimachus, c. 380 BCE

– First Index

J. B. Dancer, 1839 CE

– Early micrographics

ISO & Sedona Principles, 2005

– Digital records standards

Records and Information Management – RIM Records: “ . . . information created, received, and maintained as evidence by an organization or person, in pursuance of legal obligations or in the transaction of business” – ISO 15489-1 Information and Documentation – Records Management Individual organizations must determine the definition of what a record is and, often more importantly, what it is not. Records and Records Life Cycle Creation Production Storage/disposal Use/Modification Conversion

Where do Records Exist? Records exist in many media Paper email Structured applications Instant messages Desktop files (Word, Excel, etc.) Shared directories on servers Departmental information silos Collaboration sites Web pages/blogs Smartphones Facsimile Backup tapes Voice mail Microfiche and film – USB drives – Multi-function devices – RAID drives – MP3 Players – Social networks – IP telephony – Text messages – Desktop files – Dept. information silos – Web 2.0/ Tweets The significant growth of unstructured electronic records presents significant demands on storage and production.

Records exist in many media

Paper

email

Structured applications

Instant messages

Desktop files (Word, Excel, etc.)

Shared directories on servers

Departmental information silos

Collaboration sites

Web pages/blogs

Smartphones

Facsimile

Backup tapes

Voice mail

Microfiche and film

ARMA International Originally, The Association of Records Managers and Administrators Primary goal: Support practitioners Its affiliate, The Institute for Certified Records Managers: Establishes competencies Administers a daunting set of tests Grants the gold standard credential, CRM Requires and regulates continuing education

Originally, The Association of Records Managers and Administrators

Primary goal: Support practitioners

Its affiliate, The Institute for Certified Records Managers:

Establishes competencies

Administers a daunting set of tests

Grants the gold standard credential, CRM

Requires and regulates continuing education

Records and Information Management Traditional RIM focused on paper and microforms. Library functions: Acquisition Circulation Storage Disposal

Traditional RIM focused on paper and microforms.

Library functions:

Acquisition

Circulation

Storage

Disposal

Pushing the Barriers of Content Management 1843 – Fax machine patented (Alexander Bain) 1870s – Cowboys use “Book of Brands” 1961 – First use of email 1987 – First commercial document imaging software 1990 – Imaging merged with COLD and workflow 1990s – Evolution of recognition technologies, e-forms 2000s – Proliferation of Internet apps and email 2000s – Shift of info media from atoms to electrons 2000s – Perception of RIM as “the new buzz word”

1843 – Fax machine patented (Alexander Bain)

1870s – Cowboys use “Book of Brands”

1961 – First use of email

1987 – First commercial document imaging software

1990 – Imaging merged with COLD and workflow

1990s – Evolution of recognition technologies, e-forms

2000s – Proliferation of Internet apps and email

2000s – Shift of info media from atoms to electrons

2000s – Perception of RIM as “the new buzz word”

AIIM 1947: formed as the National Micrographics Assn. Late ’80s: became the Association for Information and Image Management Late ’90s: simply AIIM International Yesterday: AIIM, the Enterprise Content Management Association Today: AIIM, The community that provides education, research, and best practices to help organizations find, control, and optimize their information Tomorrow: AIIM, the Next Evolution Assn.

1947: formed as the National Micrographics Assn.

Late ’80s: became the Association for Information and Image Management

Late ’90s: simply AIIM International

Yesterday: AIIM, the Enterprise Content Management Association

Today: AIIM, The community that provides education, research, and best practices to help organizations find, control, and optimize their information

Tomorrow: AIIM, the Next Evolution Assn.

The Association Liberation Movement AIIM + ARMA = Shed no tears.

AIIM + ARMA =

Lack of RIM is Risky Risks of: Non-compliance with federal and state statutes Employee / operational records misuse Adverse inferences from ineffective e-Discovery Inability to mount legal defense Adverse publicity Loss of competitive advantage

Risks of:

Non-compliance with federal and state statutes

Employee / operational records misuse

Adverse inferences from ineffective e-Discovery

Inability to mount legal defense

Adverse publicity

Loss of competitive advantage

RIM Is Front Page News WSJ, 8 Oct. 2007, Qualcomm, while suing Broadcom, finds that it failed to share 300,000 missed emails during Discovery. The jury gets the case with “adverse inference”. The GC and 17 outside attorneys resign. TJ Maxx loses hundreds of thousands of credit card numbers The U.S. Veterans Administration loses the personal information of more than a million former military personnel

WSJ, 8 Oct. 2007, Qualcomm, while suing Broadcom, finds that it failed to share 300,000 missed emails during Discovery. The jury gets the case with “adverse inference”. The GC and 17 outside attorneys resign.

TJ Maxx loses hundreds of thousands of credit card numbers

The U.S. Veterans Administration loses the personal information of more than a million former military personnel

RIM Is Front Page News (cont.) Federal Computer Week , Jan 15, 2009 Court Moves to Preserve White House e-mail Messages * By Ben Bain * Citing “emergency conditions,” a federal court today ordered the Bush administration to take further steps to preserve millions of e-mail messages sent during a crucial time in the administration and are the subject of ongoing litigation.... The messages that are alleged to be missing are from the period that includes the invasion of Iraq, key developments in the Valerie Plame leak investigation and the government's response to Hurricane Katrina....

Federal Computer Week , Jan 15, 2009

Court Moves to Preserve White House e-mail Messages * By Ben Bain

* Citing “emergency conditions,” a federal court today ordered the Bush administration to take further steps to preserve millions of e-mail messages sent during a crucial time in the administration and are the subject of ongoing litigation....

The messages that are alleged to be missing are from the period that includes the invasion of Iraq, key developments in the Valerie Plame leak investigation and the government's response to Hurricane Katrina....

RIM Is Front Page News (cont.) ABC News , Jan 29, 2009 Credit Card Security Breach Could be Largest EVER Experts are calling it the biggest security breach ever and millions of consumers could be at risk because their credit and debit card numbers could be compromised by hackers who've gotten access to the computers of a huge company. Heartland Payment Systems investigated and realized hackers broke into their system late in 2008. The company processes payments for 175,000 retailers and restaurants and it's believed information from as many as 150,000 of those may have been compromised.

ABC News , Jan 29, 2009

Credit Card Security Breach Could be Largest EVER

Experts are calling it the biggest security breach ever and millions of consumers could be at risk because their credit and debit card numbers could be compromised by hackers who've gotten access to the computers of a huge company.

Heartland Payment Systems investigated and realized hackers broke into their system late in 2008. The company processes payments for 175,000 retailers and restaurants and it's believed information from as many as 150,000 of those may have been compromised.

RIM Is Front Page News (cont.) CNN , Jan 27, 2009 Thrift Store MP3 Player Contains Secret Military Files Chris Ogle of New Zealand was in Oklahoma about a year ago when he bought a used MP3 player from a thrift store for $9. A few weeks ago, he plugged it into his computer to download a song, and he instead discovered confidential U.S. military files. The files included the home addresses, Social Security numbers and cell phone numbers of U.S. soldiers. The player also included what appeared to be mission briefings and lists of equipment deployed to hot spots in Afghanistan and Iraq.

CNN , Jan 27, 2009

Thrift Store MP3 Player Contains Secret Military Files

Chris Ogle of New Zealand was in Oklahoma about a year ago when he bought a used MP3 player from a thrift store for $9. A few weeks ago, he plugged it into his computer to download a song, and he instead discovered confidential U.S. military files.

The files included the home addresses, Social Security numbers and cell phone numbers of U.S. soldiers. The player also included what appeared to be mission briefings and lists of equipment deployed to hot spots in Afghanistan and Iraq.

For failing to preserve internal e-mail communications, five major financial services firms paid $1.65 million each Wall Street & Technology, February 2003

Bank of America Securities paid $10 million on record-keeping & access requirements violation claims Chicago Sun-Times, March 2004

Morgan Stanley recently suffered an adverse $1.45 billion court judgment…MS had acted in “bad faith” in failing to turn over relevant e-mails. COMPUTERWORLD , July 2005

Lowering Risk Does comprehensive storage help?

Does comprehensive

storage help?

Lowering Risk Or does it hinder?

Or does it hinder?

“ How can I keep my CEO of jail?”

RIM Serves Business Operations The goal: Right information in the Right place in the Right format at the Right time

The goal:

Right information in the

Right place in the

Right format at the

Right time

Paper-based RIM Stereotype: Marion the Librarian “ Did you bring your Library Card?”

Stereotype: Marion the Librarian

“ Did you bring your Library Card?”

RIM ascends... From the basement to the Boardroom From Facilities Dept. to Law Dept. Even a Chief Records Officer ...While ECM improves

From the basement to the Boardroom

From Facilities Dept. to Law Dept.

Even a Chief Records Officer

...While ECM improves

Myths We Have Known Apollo’s Chariot Unicorns The Easter Bunny The Paperless Office

Apollo’s Chariot

Unicorns

The Easter Bunny

The Paperless Office

Understand the Complementary Differences

The Real Differences Scope Perspective Goals Language Media orientation Governance Controls

Scope

Perspective

Goals

Language

Media orientation

Governance

Controls

The Scopes are Incomparable How useful are tools without an operator? How effective is an operator without tools?

How useful are tools without an operator?

How effective is an operator without tools?

Differences between RIM and ECM Scope ECM is a constellation of technologies RIM is a discipline of practices Content Management makes the tools; Records Management makes the rules.

Scope

ECM is a constellation of technologies

RIM is a discipline of practices

Differences between RIM and ECM (continued) 2. Perspective is based on experience

Differences between RIM and ECM (continued) 2. Perspective When viewing a storeroom of paper: ECM focuses on scanner clicks and terabytes of storage RIM focuses on record series and retention schedules

2. Perspective

When viewing a storeroom of paper:

ECM focuses on scanner clicks

and terabytes of storage

RIM focuses on record series

and retention schedules

Differences between RIM and ECM (continued) 3. Primary Goals ECM: Operational efficiency and cost-effectiveness RIM: Reduced risk and cost avoidance

3. Primary Goals

ECM: Operational efficiency and cost-effectiveness

RIM: Reduced risk and cost avoidance

Differences between RIM and ECM (continued) 4. Language Words may have different definitions in ECM and RIM: Archive Backup Capture Disposition ERM Fiscal value…

4. Language

Words may have different definitions in ECM and RIM:

Archive

Backup

Capture

Disposition

ERM

Fiscal value…

Language (continued) “ Enough of the Tower of Babel...let’s get on the same page.”

“ Enough of the Tower of Babel...let’s get on the same page.”

Differences between RIM and ECM (continued) 5. Media Orientation What is your medium of choice? How long will it last? If it won’t last for the lifecycle of the record, what is your media migration plan? RIM is media-agnostic... ECM is media-gnostic.

What is your medium of choice?

How long will it last?

If it won’t last for the lifecycle of the record, what is your media migration plan?

RIM is media-agnostic...

ECM is media-gnostic.

Differences between RIM and ECM (continued) • Records exist in many media (reprise) – Paper – e-Mail – Structured applications – Instant messages – Desktop files – Shared directories on servers – Departmental information silos – Web pages/blogs/Twitter – Smart phones -- Collaboration sites – Facsimile – Backup tapes – Voice mail – Microfiche and film – USB drives – Multi-function devices – RAID drives – MP3 players – IP telephones – Text messages

• Records exist in many media (reprise)

– Paper

– e-Mail

– Structured applications

– Instant messages

– Desktop files

– Shared directories on servers

– Departmental information silos

– Web pages/blogs/Twitter

– Smart phones

-- Collaboration sites

– Facsimile

– Backup tapes

– Voice mail

– Microfiche and film

– USB drives

– Multi-function devices

– RAID drives

– MP3 players

– IP telephones

– Text messages

Differences between RIM and ECM (continued): 6. Governance Every record has an owner/custodian at every moment Every worker is a records manager RIM program is functional and sustainable President and CEO Chief Records Officer General Counsel Vital Records VP of Compliance VP of Operations Chief Information Officer Business Continuity Disaster Recovery Mail Clerk Security Privacy Workflow

Every record has an owner/custodian at every moment

Every worker is a records manager

RIM program is functional and sustainable

Differences between RIM and ECM (continued) 7. Controls Controls are a pillar of RIM RIM has elements of control for everyone who touches records: Education – For processes and responsibilities Training – Skills for job performance Verification – Of education and training Testing – Annual evaluation of competence and skills Audit – Field sampling to verify level of accuracy Some ECM programs only offer training and support

7. Controls

Controls are a pillar of RIM

RIM has elements of control for everyone who touches records:

Education – For processes and responsibilities

Training – Skills for job performance

Verification – Of education and training

Testing – Annual evaluation of competence and skills

Audit – Field sampling to verify level of accuracy

Some ECM programs only offer training and support

Controls How do you measure success? Metrics Dashboard How do you know what you do not know?

How do you measure success?

Metrics

Dashboard

How do you know what you do not know?

Importance of RIM and ECM Coordination RIM and ECM Both Serve Business Operations The goal: Right information in the Right place in the Right format at the Right time at the Right cost... ... While limiting risk!

RIM and ECM Both Serve Business Operations

The goal:

Right information in the

Right place in the

Right format at the

Right time at the

Right cost...

... While limiting risk!

Potential Implications of Independent RIM and ECM Initiatives Business processes are not optimized Copies proliferate Storage requirements rise Record retention is departmental There are no datamaps of electronic information E-Discovery is expensive or impossible Many e-mails are inaccurately indexed Staff is under-prepared to execute legal holds

Business processes are not optimized

Copies proliferate

Storage requirements rise

Record retention is departmental

There are no datamaps of electronic information

E-Discovery is expensive or impossible

Many e-mails are inaccurately indexed

Staff is under-prepared to execute legal holds

How ECM and RIM can work together: ECM brings the tools ECM delivers capabilities ECM brings efficiency ECM saves money ECM brings technical standards ECM captures records RIM brings the rules RIM delivers discipline RIM lowers risks RIM avoids costs RIM brings performance standards RIM disposes records

ECM brings the tools

ECM delivers capabilities

ECM brings efficiency

ECM saves money

ECM brings technical standards

ECM captures records

RIM brings the rules

RIM delivers discipline

RIM lowers risks

RIM avoids costs

RIM brings performance standards

RIM disposes records

Potential Benefits of ECM-powered RIM Operational improvements Avoidance of storage and retrieval costs Compliance: capability to meet audit requests In litigation, the ability to: Effectively employ legal holds and releases Deliver a comprehensive data map with confidence Meet discovery requests and produce documents Justify the appropriate destruction of documents Mount effective legal defense Defend against charges of spoliation and bad faith

Operational improvements

Avoidance of storage and retrieval costs

Compliance: capability to meet audit requests

In litigation, the ability to:

Effectively employ legal holds and releases

Deliver a comprehensive data map with confidence

Meet discovery requests and produce documents

Justify the appropriate destruction of documents

Mount effective legal defense

Defend against charges of spoliation and bad faith

Pointers for ECM/RIM Success Secure a high-level, enterprise sponsor Bring the stakeholders together; build alliances Effective programs include IT, RIM, operations, financial, and legal Collectively agree on an acceptable level of risk Develop an enterprise-wide plan for ECM/RIM Start small, perhaps with a single office or department Establish governance so the program is responsive and sustainable Agree on a glossary to overcome language barriers Install controls to ensure that enterprise risk levels stay within the acceptable range

Secure a high-level, enterprise sponsor

Bring the stakeholders together; build alliances

Effective programs include IT, RIM, operations, financial, and legal

Collectively agree on an acceptable level of risk

Develop an enterprise-wide plan for ECM/RIM

Start small, perhaps with a single office or department

Establish governance so the program is responsive and sustainable

Agree on a glossary to overcome language barriers

Install controls to ensure that enterprise risk levels stay within the acceptable range

Pointers for ECM/RIM Success (continued) Stay flexible and update policies as often as technologies Be active in both AIIM and ARMA Recognize that there are no quick fixes or easy solutions Don’t bet the store on automation; the human factor is still essential. Learn change management, and market. Use software as a tool, not a solution Differentiate between software’s records mgmt. functionality and a robust records program Don’t fixate on a single issue to the exclusion of a comprehensive plan

Stay flexible and update policies as often as technologies

Be active in both AIIM and ARMA

Recognize that there are no quick fixes or easy solutions

Don’t bet the store on automation; the human factor is still essential. Learn change management, and market.

Use software as a tool, not a solution

Differentiate between software’s records mgmt. functionality and a robust records program

Don’t fixate on a single issue to the exclusion of a comprehensive plan

Different but Complementary We really do need each other….

We really do need each other….

Things that Go Well Together Fish & chips, tea & crumpets, pubs & music Coffee & donuts, milk & cookies, chocolate & peanut butter Content Management & Records Management

Fish & chips, tea & crumpets, pubs & music

Coffee & donuts, milk & cookies, chocolate & peanut butter

Content Management & Records Management

Questions?

Stay in touch: Gordon E.J. Hoke, CRM http://gejhoke.googlepages.com (507) 534-2293 [email_address]