Records Management Solution Overview


Published on

Checkout the Records Management Solution made possible by EMC Documentum

Published in: Technology, Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Records Management Solution Overview

  1. 1. Records Management Solution Overview Records, Retention, Rights, Classification Compliance & Governance© Copyright 2011 EMC Corporation. All rights reserved. 1
  2. 2. Records Management Drivers© Copyright 2011 EMC Corporation. All rights reserved. 2
  3. 3. 3D Information Growth Contributesto “Big Data” PRODUCED AMOUNT RICHNESS DISPERSION INFORMATION© Copyright 2011 EMC Corporation. All rights reserved. 3
  4. 4. Sarbanes-Oxley Act (SOX) ~ PCAOB ~ SAS 94 ~ AICPA/CICA Privacy Framework ~ AICPA Suitable Trust Services Criteria ~ SEC Retention of Records, 17 CFR 210.2-06 ~ SEC Controls andProcedures, 17 CFR 240.15d-15 ~ SEC Reporting Transactions and Holdings, 17 CFR 240.16a-3 ~ Basel II ~ BIS Sound Practices for the Management and Supervision of Operational Risk ~ Gramm-Leach-Bliley Act (GLB) ~ Standards for Safeguarding Customer Information, FTC 16 CFR 314 ~ Privacy of Consumer Financial Information Rule ~ Safety and Soundness Standards, Appendix of 12CFR 30 ~ FFIEC Information Security ~ FFIEC Development Acquisition ~ FFIEC Business Continuity Planning ~ FFIEC Audit ~ FFIEC Management ~ FFIEC Operations ~ NASD ~ NYSE ~Recordkeeping rule for securities exchanges, SEC 17 CFR 240.17a-1 ~ Records to be made by exchange members, SEC 17 CFR 240.17a-3 ~ Records to be preserved by exchange members, SEC17 CFR 240.17a-4 ~ Recordkeeping, SEC 17 CFR 240.17Ad-6 ~ Record retention, SEC 17 CFR 240.17Ad-7 ~ HIPAA (Health Insurance Portability and Accountability Act) ~ HIPAA HCFA InternetSecurity Policy ~ NIST Introductory Resource Guide for [HIPAA] (800-66) ~ CMS Core Security Requirements (CSR) ~ CMS Information Security Acceptable Risk Safeguards (ARS) ~ CMSInformation Security Certification & Accreditation (C&A) ~ FDA Electronic Records; Electronic Signatures 21 CFR Part 11+D1 ~ Federal Energy Regulatory Commission (FERC) ~ North AmericanElectric Reliability Council (NERC) ~ VISA CISP (Cardholder Information Security Program) ~ Mastercard SDP (Site Data Protection) Program ~ American Express DSS (Data Security Standard) ~PCI DSS (Payment Card Industry Data Security Standard) ~ FTC ESIGN (Electronic Signatures in Global and National Commerce Act) ~ Uniform Electronic Transactions Act (UETA) ~ FISMA (FederalInformation Security Management Act) ~ FISCAM (Federal Information System Controls Audit Manual) ~ FIPS Security Requirements for Cryptographic Modules 140-2 ~ FIPS Guideline for theAnalysis of LAN Security 191 ~ FIPS Application Profile for GILS 192 ~ Clinger-Cohen Act (Information Technology Management Reform Act) ~ National Strategy to Secure Cyberspace ~ GAOFinancial Audit Manual ~ DOD ...Standard for Electronic Records Management Software...5015-2 ~ CISWG Report on the Best Practices Subgroup ~ CISWG Information Security Program Elements ~NCUA Guidelines for Safeguarding Member Information 12 CFR 748 ~ IRS Revenue Procedure: Retention of books and records 97-22 ~ IRS Revenue Procedure: Record retention: automatic dataprocessing… 98-25 ~ IRS Internal Revenue Code Section 501(c)(3) ~ Federal Rules of Civil Procedure ~ Uniform Rules of Civil Procedure ~ ISO 15489-1 Information and Documentation: Recordsmanagement: General ~ ISO 15489-2 Information and Documentation: Records management: Guidelines ~ DIRKS: A Strategic Approach to Managing Business Information ~ Sedona PrinciplesAddressing Electronic Document Production ~ NIST ...Principles and Practices for Securing IT Systems 800-14 ~ NIST Developing Security Plans for Federal Information Systems 800-18 ~ NISTSecurity Self-Assessment Guide... 800-26 ~ NIST Risk Management Guide... 800-30 ~ NIST Contingency Planning Guide... 800-34 ~ NIST ...Patch and Vulnerability Management Program 800-40 ~NIST Guidelines on Firewalls and Firewall Policy 800-41 ~ NIST Security Controls for Federal Information Systems 800-53 ~ NIST ...Mapping...Information and...Systems to Security Categories 800-60~ NIST Computer Security Incident Handling Guide 800-61 ~ NIST Security Considerations in...Information System Development 800-64 ~ ISO 73:2002 Risk management -- Vocabulary ~ ISO 1335Information technology – Guidelines for management of IT Security ~ ISO 17799:2000 Code of Practice for Information Security Management ~ ISO 27001:2005 ...Information Security ManagementSystems -- Requirements ~ IT Information Library (ITIL) Planning to Implement Service Management ~ IT Information Library (ITIL) ICT Infrastructure Management ~ IT Information Library (ITIL)Service Delivery ~ IT Information Library (ITIL) Service Support ~ IT Information Library (ITIL) Application Management ~ IT Information Library (ITIL) Security Management ~ COSO Enterprise RiskManagement (ERM) Framework ~ CobiT 3rd Edition ~ CobiT 4th Edition ~ ISACA IS Standards, Guidelines, and Procedures for Auditing and Control... ~ NFPA 1600 Disaster/EmergencyManagement and Business Continuity ~ Information Security Forum (ISF) Standard of Good Practice ~ Information Security Forum (ISF) Security Audit of Networks ~ A Risk Management Standard,jointly issued by AIRMIC, ALARM, and IRM ~ Business Continuity Institute (BCI) Good Practice Guidelines ~ IIA Global Technology Audit Guide - Information Technology Controls ~ ISSA Generally REGULATIONS & STANDARDS INCREASEAccepted Information Security Principles (GAISP) ~ CERT Operationally Critical Threat, Asset & Vulnerability Evaluation (OCTAVE) ~ Cable Communications Privacy Act Title 47 § 551 ~Telemarketing Sales Rule (TSR) amendment 16 CFR 310.4(b)(3)(iv) ~ CAN SPAM Act ~ Childrens Online Privacy Protection Act (COPPA) 16 CFR 312 ~ Childrens Online Privacy Protection Act(COPPA) 16 CFR 312 ~ Drivers Privacy Protection Act (DPPA) 18 USC 2721 ~ Family Education Rights Privacy Act (FERPA) 20 USC 1232 ~ Privacy Act of 1974 5 USC 552a ~ Telemarketing SalesRule (TSR) 16 CFR 310 ~ Video Privacy Protection Act (VPPA) 18 USC 2710 ~ Specter-Leahy Personal Data Privacy and Security Act ~ AR Personal Information Protection Act SB 1167 ~ AZAmendment to Arizona Revised Statutes 13-2001 HB 2116 ~ CA Information Practice Act SB 1386 ~ CA General Security Standard for Businesses AB 1950 ~ CA Public Records Military VeteranDischarge Documents AB 1798 ~ CA OPP Recommended Practices on Notification of Security Breach ~ CO Prohibition against Using Identity Information for Unlawful Purpose HB 1134 ~ COConsumer Credit Solicitation Protection HB 1274 ~ CO Prohibiting Inclusion of Social Security Number HB 1311 ~ CT Requiring Consumer Credit Bureaus to Offer Security Freezes SB 650 ~ CTConcerning Nondisclosure of Private Tenant Information HB 5184 ~ DE Computer Security Breaches HB 116 ~ FL Personal Identification Information/Unlawful Use HB 481 ~ GA Consumer ReportingAgencies SB 230 ~ GA Public employees; Fraud, Waste, and Abuse HB 656 ~ HI Exempting disclosure of Social Security numbers HB 2674 ~ IL Personal Information Protection Act HB 1633 ~ INRelease of Social Security Number, Notice of Security Breach SB 503 ~ LA Database Security Breach Notification Law SB 205 Act 499 ~ ME To Protect Maine Citizens from Identity Theft LD 1671 ~MN Data Warehouses; Notice Required for Certain Disclosures HF 2121 ~ MO HB 957 ~ MT To Implement Individual Privacy and to Prevent Identity Theft HB 732 ~ NJ Identity Theft Prevention ActA4001/S1914 ~ NY A4254, A3492 [no title] ~ NV SB 347 [no title] ~ NC Security Breach Notification Law (Identity Theft Protection Act) SB 1048 ~ ND Personal information protection act SB 2251 ~OH Personal information -- contact if unauthorized access HB 104 ~ RI Security Breach Notification Law H 6191 ~ TN Security Breach Notification SB 2220 ~ TX Identity Theft Enforcement andProtection Act SB 122 ~ VT Relating to Identity Theft HB 327 ~ VA Identity theft; penalty; restitution; victim assistance HB 872 ~ WA Notice of a breach of the security SB 6043 ~ EU Directive onPrivacy and Electronic Communications 2002/58/EC ~ EU Directive on Data Protection 95/46/EC ~ US Department of Commerce EU Safe Harbor Privacy Principles ~ Consumer Interests in theTelecommunications Market Act No. 661 ~ Directive On Privacy And Electronic Communications 2002.58.EC ~ OECD Technology Risk Checklist ~ OECD Guidelines on...Privacy and TransborderFlows of Personal Data ~ UN Guidelines for the Regulation of Computerized Personal Data Files (1990) ~ ISACA Cross-border Privacy Impact Assessment ~ The Combined Code on CorporateGovernance ~ Turnbull Guidance on Internal Control, UK FRC ~ Smith Guidance on Audit Committees Combined Code, UK FRC ~ UK Data Protection Act of 1998 ~ BS 15000-1 IT ServiceManagement Standard ~ BS 15000-2 IT Service Management Standard - Code of Practice ~ Canada Keeping the Promise for a Strong Economy Act Bill 198 ~ Canada Personal Information Protectionand Electronic Documents Act ~ Canada Privacy Policy and Principles ~ Argentina Personal Data Protection Act ~ Mexico Federal Personal Data Protection Law ~ Austria Data Protection Act ~Austria Telecommunications Act ~ Bosnia Law on Protection of Personal Data ~ Czech Republic Personal Data Protection Act ~ Denmark Act on Competitive Conditions and Consumer Interests ~Finland Personal Data Protection Act ~ Finland Amendment of the Personal Data Act ~ France Data Protection Act ~ German Federal Data Protection Act ~ Greece Law on Personal Data Protection~ Hungary Protection of Personal Data and Disclosure of Data of Public Interest ~ Iceland Protection of Privacy as regards the Processing of Personal Data ~ Ireland Data Protection Act ~ Ireland DataProtection Amendment 2003 ~ Italy Personal Data Protection Code ~ Italy Protection of Individuals with Regard to...Processing of Personal Data ~ Lithuania Law on Legal Protection of Personal Data © Copyright 2011 EMC Corporation. AllAll rights reserved. © Copyright 2010 EMC Corporation. rights reserved. 4 4
  5. 5. Securing Content More Important Than Ever Value continues to migrate online, and digital data have become more pervasive* Corporations are expected to be more “open” and supply chains increasingly interconnected * Malevolent individuals are becoming uber-sophisticated* *McKinsey Quarterly – June 2011© Copyright 2011 EMC Corporation. All rights reserved. 5
  6. 6. Securing Content More Important Than Ever Verizons Data Breach Investigations Report – 2010 *McKinsey Quarterly – June 2011© Copyright 2011 EMC Corporation. All rights reserved. 6
  7. 7. Records Management and Information Governance© Copyright 2011 EMC Corporation. All rights reserved. 7
  9. 9. Information governance is a strategic issue for many organizations… the risks and costs of e-discovery and compliance have put litigation readiness and information retention management in the spotlight. Source: 451 Group, 2009© Copyright 2011 EMC Corporation. All rights reserved. 9
  10. 10. Effective Information Governance Good Information Governance Corporate Information Industry Security & Privacy Data Protection Recordkeeping Growth Regulations • Records and • Varied, numerous, • Managing the • Unsure about • Protection of retention and continuing to corporations data information corporate management emerge • Truly protecting value (and risk) information • Historical • Regulation our data wherever • Saving • Limiting access preservation/file interpretation it resides everything plan drives policy© Copyright 2011 EMC Corporation. All rights reserved. 10
  11. 11. EMC Documentum Records Management© Copyright 2011 EMC Corporation. All rights reserved. 11
  12. 12. What Is A Record? A record is information created, received, and maintained by an organization or person that is evidence of its activities or operations, and has value requiring its retention for a specific period of time. It can be used in pursuance of legal and regulatory obligations. American National Standards Institute ARMA International Formal Records Typical Records Management Management© Copyright 2011 EMC Corporation. All rights reserved. 12
  13. 13. Definitions Complex set of behaviors that the software Certifications must adhere to and be tested against with expected outcomes ISO 15489 which are best Standards practices/recommendations on how the software should behave Records DOCUMENTUM Guidelines Recommendations on how systems are implemented Management PLATFORM CFR Part 11, mandate how long content is kept in accordance to the law. UK - Laws/Acts Limitation Act 1980, Data Protection Act 1998, Freedom of Information Act 2000, The Regulation of Investigatory Powers Act 2000 Audits The unknown as is it can be internally driven, externally driven or combination of both© Copyright 2011 EMC Corporation. All rights reserved. 13
  14. 14. Records and Retention ManagementFlexible and Customer-Centric Approach Core Records Manager Components Federated Records Services Security Access Control File Plan Report and Auditing Notification Storage Management Web Services for Physical Records Records Services Documentum Retention Policy Services WEB-BASED CLIENT CONTENT SECURITY UNIFIED ARCHITECTURE Documentum Platform© Copyright 2011 EMC Corporation. All rights reserved. 14
  15. 15. Retention Policy Services Overview Helps organizations comply with legal and regulatory requirements Applies and enforces retention and disposition policies automatically Alleviates compliance burden on end-users Provides cost savings for storage, compliance and eDiscovery RETENTION POLICY SERVICES Built on EMC Documentum Platform (RPS)© Copyright 2011 EMC Corporation. All rights reserved. 15
  16. 16. Retention Policy Services Retention Policies Holds Dispositions End-User Friendly Central Administration© Copyright 2011 EMC Corporation. All rights reserved. 16
  17. 17. Records Manager Overview Helps organizations comply with legal and regulatory requirements Simplifies record declaration – paper, email, and electronics documents Enables fast retrieval and lowers discovery costs and penalties Certified against DOD 5015.2, Standard and Classified Records RECORDS MANAGER Built on EMC Documentum Platform (INCLUDES RPS)© Copyright 2011 EMC Corporation. All rights reserved. 17
  18. 18. Records Manager Containment Policies Security, Naming Policies & Record Relationships Restrictive & shared Markings Optional Formal Records Declaration Works with RPS and PRS© Copyright 2011 EMC Corporation. All rights reserved. 18
  19. 19. Certifications  Records Manager  Part of review group for – Certified October MoReq2010 2011 5015.2  Currently assessing the  New DoD certifications new specification – Version 3 of the DoD 5015.2 testing – Standard and Classified Records Test Scripts • Current Status – 6.5 SP3 Certified to Standard & Classified Records December 2009 – 6.7 Certified to Standard & Classified Records October 2011© Copyright 2011 EMC Corporation. All rights reserved. 19
  20. 20. Physical Records Services Overview Helps organizations manage physical and electronic records together Allows one file plan and set of retention rules to manage all content Enables fast and accurate search and retrieval of physical records Creates virtual warehouses and linking physical records to content repository Built on EMC Documentum Platform PHYSICAL RECORDS SERVICES (PRS)© Copyright 2011 EMC Corporation. All rights reserved. 20
  21. 21. Physical Records Services Single file plan Leverage existing policies Disposition Same mark-ups Single notification process & reporting© Copyright 2011 EMC Corporation. All rights reserved. 21
  22. 22. Information Rights Management Who, where ,what, when Allow copying, editing & printing Allow guest access or offline viewing Automatic expiration Dynamic watermarks© Copyright 2011 EMC Corporation. All rights reserved. 22
  23. 23. Pieces of The Compliance Solution • Retention policies applied at container level Retention Policy RPS • Multiple policy reconciliation and disposition Services • Seamless to the end user • 5015.2 Compliant Records Management Records RM Management • Adherence to corporate file plans and policies • Integrations with common business apps Trusted Content • Secure connections within the Documentum platform TCS Services • Encryption of underlying file stores • FIPS and other government standards Information Rights • Secure the integrity of content outside the repository IRM Management • Integration with common business authoring applications • Works stand-alone or integrated with Documentum repository security© Copyright 2011 EMC Corporation. All rights reserved. 23
  24. 24. Documentum & RM – All of the pieces© Copyright 2011 EMC Corporation. All rights reserved. 24
  25. 25. Data Protection & Compliance Business Challenge Solution  Rapidly increasing volume of  Combining Data Discovery information increases the tools that bring the process complexity of managing that in-house for early case information assessment.  Compliance is easier and  Fully compliant enabled more efficient by addressing system and making sure an front-end information immutable version of each management record exists  Need to ensure content  Expired data has been effectively managed externally properly disposed of with the and within Documentum appropriate audit trail© Copyright 2011 EMC Corporation. All rights reserved. 25
  26. 26. Internal & External Searching Documentum File xPlore Internal Automated Intelligence External Automated Searching Searching  Ability to set up automatic  Search on external content queries  Determine what can reside  Notified of any new results externally and what needs to since the last execution be moved within  Link with CIS & RPS to  Link with CIS & RPS once ensure that content is content is moved within the automatically classified, secure repository to be retained and managed automatically classified, retained and managed© Copyright 2011 EMC Corporation. All rights reserved. 26
  27. 27. CIS - Automated Analytics Content Analytics CONTENT CONTENT TEXT ENTITIES RELATIONSHIPS EASILY ADDED ANALYZED EXTRACTED STORED FOUND© Copyright 2011 EMC Corporation. All rights reserved. 27
  28. 28. Retention Policies with IRM Document Generation Data values drive business rules to generate document from Name J.Doe template Age 27 Cust. No Transaction Data Document Assembly Engine • CRM • Policy origination system • Loan management system© Copyright 2011 EMC Corporation. All rights reserved. 28
  29. 29. Retention Policies with IRM Multi-Channel Delivery At that time of disposition the Document delivered via original is deleted and so is the selected channel key to the copies Policy Server Store rights management Portal policies and encryption Storage keys Generated documents managed and archived X with rights policy automatically assigned E-mail Review/Edit (with X CD-Romintegrated workflow)© Copyright 2011 EMC Corporation. All rights reserved. 29
  30. 30. Version Control Is Critical Dynamic policy control allows recipient entitlements changed on-the-fly when individual roles or business needs change, regardless of where the content resides APRIL APRIL MAY In April, a price list protected with IRM is downloaded by a sales person The sales person e-mails the price list to multiple customers On May 1, prices change and a new pricelist is issued At that time, rights on the old price list are revoked, affecting all copies, regardless of location© Copyright 2011 EMC Corporation. All rights reserved. 30
  31. 31. File Intelligence Questions Where do records live that I don’t know about? What kind of risk are we carrying? What business records are out there that I don’t know about? What records are duplicative? What can I do about it? FILE INTELLGENCE© Copyright 2011 EMC Corporation. All rights reserved. 31
  32. 32. Intelligent Information Governance EMC SourceOne Kazeon Enables educated decision-making and policy creation Laptops and desktops File systems Copy/move to enable records retention Documentum E-mail servers Documentum Copy/move to archive storage EMC VNX, Data Domain, Microsoft SharePoint Centera Third-party archives© Copyright 2011 EMC Corporation. All rights reserved. 32
  33. 33. How File Intelligence Works Catalog Analyze Act Classify Search Report Crawl data sources  Classify files based on metadata,  Robust Build index keyword content, and pattern matching action set – Metadata  Age, owner, location, file type, etc. – Move, basic copy, – Metadata  Business value, security risk, delete, with intellectual property, PII, PCI retain, document export, tag type  Analyze data with search and report – Metadata tools  Policy-based with hash actions – Deep crawl – Semantic search with Boolean, proximity, stemming, phrase support – One-time full text – Deep crawl – More than 30 pre-built reports out of the – Scheduled with box – Recurring classification – Custom reports as needed© Copyright 2011 EMC Corporation. All rights reserved. 33
  34. 34. Leverage Retention Management from xCP Process Builder • Use activity templates with no coding required • Retain documents at any point in an xCP workflow or application© Copyright 2011 EMC Corporation. All rights reserved. 34
  35. 35. xCelerator for Declaring Records© Copyright 2011 EMC Corporation. All rights reserved. 35
  36. 36. Records Management & Captiva Each document costs you… $20 in labor to file $120 in labor searching $1 per document to store $5 per document to retrieve …and on average, 5% of documents are lost 25 hours to recreate© Copyright 2011 EMC Corporation. All rights reserved. 36
  37. 37. Records Management & Captiva • Reduce paper management costs • Accelerate paper processes • Eliminate risk of information loss© Copyright 2011 EMC Corporation. All rights reserved. 37
  38. 38. Retention, Disposition, IRM & TCS Author/Control Managed Content •Document Creation Object becomes •Collaboration •Properties Secure Content Management managed within the truly secure •Workflow repository •Business ProcessTrusted Content Services•• Encryption Access Control IRM• Digital Shredding to ensure true Document disposition Multi-Aging Immutability SupportRecords/Retention Management Search Store/ Transfer• Retention Policy Enforcement• Hold Capabilities• Automated & Manual Disposition• Corporate File Plan TCS• Auditing and reporting Global Content Repository AuditInformation Rights Management Notifications• Access• Control• Expiration of Content Records Disposition© Copyright 2011 EMC Corporation. All rights reserved. 38
  39. 39. Partner Solutions© Copyright 2011 EMC Corporation. All rights reserved. 39
  40. 40. Next Generation User Interface Records Management Features Through CARA, users can declare documents as records and work through subsequent related functionality (reserving records, na vigating record categories using the CARA Dimensions) based on the Documentum Records Management rules set up on the docbase.© Copyright 2011 EMC Corporation. All rights reserved. 40
  41. 41. What is Enterprise Compliance Solution? A proven, scalable solution for achieving enterprise compliance based upon a known TCO and built upon EMC’s content management platform© Copyright 2011 EMC Corporation. All rights reserved. 41
  42. 42. Enterprise Compliance Highlights SEAMLESS PERVASIVE COMPREHENSIVE FLEXIBLE• Integrates to • Auto-categorizes • Provides simple • Reusable record existing server and all records configurations of types, taxonomies storage • Creating and records to achieve and applications infrastructure revising records as enterprise scale enabling rapid• Automates the any other • Hides complexities deployment. intelligent storage document of types and • Adaptable by the of information on the proper storage • Declaration a triggers to business for their tier simple, validated implement records specific• Provides native UI action compliance with requirements experience if fewer retentions customer uses • Provides a virtual SharePoint architecture for rapid deployment and extension© Copyright 2011 EMC Corporation. All rights reserved. 42
  43. 43. Things To Consider Simple retention management Reduce costs (storage, management, What is legal, etc.) Required of ENTERPRISE CONTENT Improve information handling throughout enterprise Most MANAGEMENT PLATFORM Organizations? Endure retention policies are being applied Run disposition or deletion consistently© Copyright 2011 EMC Corporation. All rights reserved. 43
  45. 45. Our Strengths – A True Single Solution 1 The Industry’s Most Complete Out of the Box Solution 2 Keys to Reduce Risk of Failure and Demonstrate Program TCO 3 Trustworthy, Defensible Secure Route for Cloud-enabled Records 4 OOTB Integration with eDiscovery Technology to Achieve ROI Please share with us what we have missed Standard OOTB functionality within the core product suite© Copyright 2011 EMC Corporation. All rights reserved. 45
  46. 46. THANK YOU© Copyright 2011 EMC Corporation. All rights reserved. 46