2010 IQPC - Turning Risks into Rewards Developing a Comprehensive Records and Information Management Framework

653 views

Published on

The thesis if this presentation is that good information management is the key to effective eDiscovery and early case assessment, and that poor information management leads to ineffective and costly discovery efforts. The presentation covers; implementing a comprehensive RIM Framework and why it is the best defense in Discovery, Mitigating risk while maintaining record-keeping compliance, Applying Canadian General Standards Board standards to keep records with integrity.

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
653
On SlideShare
0
From Embeds
0
Number of Embeds
59
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

2010 IQPC - Turning Risks into Rewards Developing a Comprehensive Records and Information Management Framework

  1. 1. Turning Risks into Rewards: Developing a Comprehensive Records and Information Management Framework Event: IQPC 2nd Annual eDiscovery Canada Toronto, Ontario, Canada March 28-30, 2010 Presented by; Keith Atteck Supervisor, Information Management Vale
  2. 2.  VALE - (NYSE: VALE)  www.vale.com  Vale was born in 1942 in Brasil  Vale Canada Limited, a wholly-owned subsidiary of Vale  Vale's nickel business, formerly known as Inco, has a rich history dating back more than 100 years in Canada.  What we do  Worlds largest producer of Iron Ore and one of the worlds largest producers of Nickel  Vale also produces copper, manganese, ferroalloys, bauxite, alumina, aluminum, coal, cobalt, PGMs, fertilizers, steel, and energy  Vale operates on six continents through its mining operations, mineral research plants, and commercial offices  Employ > 100,000 employees, including outsourced workers worldwide 2
  3. 3. Topic:  Turning Risks into Rewards: Developing a Comprehensive Records and Information Management Framework  Implementing a comprehensive RIM Framework and why it is the best defense in Discovery  Mitigating risk while maintaining record-keeping compliance  Applying Canadian General Standards Board standards to keep records with integrity 3
  4. 4. Disclaimer The views expressed in this presentation are those of the author. 4
  5. 5. IM is the source for discovery Poor IM = Hard Discovery Good IM = Easy Discovery Source: http://edrm.net/ 5 Goal
  6. 6. Risk: Information Management (IM) Now, where did I put that document? Why must information be systematically managed and protected? eRecords on Servers make the job more critical? 6
  7. 7. Risk: Information Management (IM) Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT 7
  8. 8. Risk: IM Technology Evolution 1. Print, Index, Folder, Cabinet, Box, Binder, Stick File, etc.  Electronic File – Name.doc, xls, ppt, pdf, dgn, dwg, etc. 2. Hard Drive – PC or Laptop, C: Folders 3. Network Shared Drive, S: I: Folders E-mail, Personal Folders - Outlook 5. Present & Past Paper Record, Blue Print Drawing 4. Future, Current  Floppy, CD, DVD, PDA, Flash Drives, iPad etc. 6. Web Sites - Intranet, FTP, Extranet, Portals – SharePoint 7. Tracking Databases – ERP, etc. • Enterprise Content Management (ECM) - Imaging • Wikis, Blogs, IM, Web 2.0, Cloud Computing, etc. 8
  9. 9. RIM: Solving Business Issues  Paper to electronic records paradigm shift Paper the record – electronic the convenience Paradigm Shift Electronic the record – Paper the convenience  Technology Systems Differentiation Systems of Record – Official Corporate Records Vs. Systems of Engagement – Sharing and Messaging Vs. Systems of Management – Dynamic Databases Etc. 9 All may be deemed Records & All may be Relevant In Discovery
  10. 10. Risk: IM is Global! Think Globally and Act Locally 10
  11. 11. Risk: Evidence  Canada Evidence Act  “31.1 Any person seeking to admit an electronic document as evidence has the Authentication of electronic documents burden of proving its authenticity by evidence capable of supporting a finding that the electronic document is that which it is purported to be.”  “31.2 (1) The best evidence rule in respect of an electronic document is satisfied Application of best evidence rule — electronic documents • (a) on proof of the integrity of the electronic documents system by or in which the electronic document was recorded or stored; or • (b) if an evidentiary presumption established under section 31.4 applies.” Standards may be considered  “31.5 For the purpose of determining under any rule of law whether an electronic document is admissible, evidence may be presented in respect of any standard, procedure, usage or practice concerning the manner in which electronic documents are to be recorded or stored, having regard to the type of business, enterprise or endeavour that used, recorded or stored the electronic document and the nature and purpose of the electronic document.” Source: Department of Justice - http://laws.justice.gc.ca/eng/StatutesByTitle/C.html 11
  12. 12. Best Practice: Evidence Canada CAN/CGSB 72.34-2005 - Electronic Records as Documentary Evidence “5.2.1 Those who wish to present an electronic record as evidence in legal proceedings shall be able to prove a) authenticity of the record; b) integrity of the Records Management System that a record was recorded or stored in; and c) that it is "a record made in the usual and ordinary course of business" or that it is otherwise exempt from the legal rule barring hearsay evidence.” Source: CGSB - http://www.tpsgc-pwgsc.gc.ca/ongc/home/index-e.html 12
  13. 13. Best Practices: Standards International ISO 15489:2001 – Information and Documentation – Records Management – Guidelines United States ANSI/AIIM TR31-2004 – Legal Acceptance of Records Produced by Information Technology Systems Canada CAN/CGSB 72.34-2005 - Electronic Records as Documentary Evidence United Kingdom BIP 0008-2004 – Code of Practice for Legal Admissibility and evidentiary weight of information stored electronically Europe MoReq2 Specification – Model Requirements for the Management of Electronic Records Australia PROS 99/007: Version 2: 2005 Management of Electronic Records - Victorian Electronic Records Strategy (VERS) Other GARP – Generally Accepted Recordkeeping Principles (ARMA) 13
  14. 14. Best Practice: ISO15489  ISO15489-1:2001 – Information and documentation – Records management  Applies to records, in all formats, created or received by any public or private organization in the conduct of its activities, or any individual with a duty to create and maintain records.  Supports: • Electronic Records Management (ERM) & Physical Records • ISO9001 – Quality Management Systems • ISO14001 – Environmental Management Systems  Sets principles of Records & Information Management practice • Organization institute comprehensive program • Characteristics, Authenticity, and Integrity of a record • Based on Functional Classification  Design and implementation of record systems • Integrity of the system • Compliance to legal and regulatory environment • Documenting records transactions Source: ISO http://www.iso.org/iso/catalogue_detail?csnumber=31908 14
  15. 15. Best Practice: GARP   Information Governance with Generally Accepted Recordkeeping Principles (GARP) 8 Principles          GARP Capability Maturity Model GARP Maturity Level 1 Sub-standard 2 In Development 3 Essential 4 Proactive 5 Transformational Principle of Accountability Principle of Integrity Principle of Protection Principle of Compliance Principle of Availability Principle of Retention Principle of Disposition Principle of Transparency Source: ARMA http://www.arma.org/garp/index.cfm 15 Colour Status RED ORANGE AMBER BLUE GREEN
  16. 16. RIM: Vision Ecosystem of Information  Working in one environment where all records are;  Created or Captured – once,  Collaborated Globally – version controlled, and  Managed – as records.  Being Confident that;  You can find the original record – every time,  You know who worked on it – who used it, and  You know what it was used for – related to activity.  Know that:  One never has to search any other system,  One can leverage the collective wisdom and knowledge of the organization, and  Everyone’s efforts will not be lost or misplaced. 16
  17. 17. RIM: Guiding Principles  SINGLE authoritative source of information  All documents will be filed electronically  Into one system as a normal course of business  Everyone depends on the system  Manage only ONE COPY  File once – use many times - in many ways  All transacted records made from the document management system  FIRST point of contact principle  The person who is first point of contact with documentation is responsible for determining and ensuring that documentation is appropriately filed 17
  18. 18. RIM: Program Framework Classification Retention Metadata Security Vital Records Electronic Messages Imaging Legal Hold & Discovery Technology Change Organization Change  Fundamentals of Records & Information Management  Uses GARP, ISO15489, CGSB, ARMA, AIIM Standards, etc.  Technology agnostic  Conforms to Laws, Regulations  All must be developed and in place to implement ECM  RIM is the core – the foundation  Everything else is an output of RIM  Including eDiscovery Etc. 18
  19. 19. RIM: Program Framework Record Decision Record Classification & Retention 19 Business Rules
  20. 20. RIM Framework Governs ECM Technology Deployments Enterprise Content Management (ECM) 20
  21. 21. RIM: Compliance Auditing  General - Benefits of Auditing  Test the degree of integrity of systems and procedures  Understanding degree and extent of compliance  Identifying gaps in procedures and training  Local - Due Diligence Reviews  Conduct regular reviews of all record classifications & metadata  Identify change issues of employees and management  Identifies changes in the business environment and gaps in training  Global - Quality Assurance Reviews  Critical for demonstrating integrity of systems, tools and procedures  Management knows if the systems, tools and procedures are working  Important for Litigation support – Safe Harbour 21
  22. 22. Risk Vs. Rewards for Business  Risk – The Blind                Lack of Governance - ad hoc IT is in charge?????? Don’t know what are records Don’t know the custodians Inability to audit Number of uncontrolled information types and sources Volume of duplication Lack of information category structure Too much technology Can’t find anything easily Poor basis for business decisions No idea what is really happening ECM deployments tend to fail Etc. Which version do you want to present in court? Rewards – Clear Vision                Good governance & transparency RIM Manager is in charge Can identify a record and a copy Can identify record authors, custodians and users Auditable - demonstrates due diligence Controlled record types and sources Avoids uncontrolled repositories Reduced volume – original records Global search categories – relevancy Integration of Knowledge Management Can find everything quickly and efficiently – better decisions Controlled technology evolution Reduced stress to the organization and its personnel ECM has a solid foundation and can succeed Etc. ROI – Risk of Incarceration (reduced) 23
  23. 23. RIM Professionals  “RIM professionals can offer a safe harbor of sorts….  This requires that RIM professionals understand the key legal and IT issues and for them to collaborate effectively with staff in those departments to ensure the implementation and management of a solid, documented, and explainable records management program.  When a RIM program is in effect and adhered to as it is written – and the organization can show proof of compliance with the program – the organization’s attorneys are in a much better position to defend its ediscovery processes and the information it did – or didn’t produce.”  Resources:  American Records Management Association (ARMA) • http://www.arma.org/ • Chapters in Canada  Association of Imaging and Information Management (AIIM) • http://www.aiim.org/ • Chapters in Canada Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT 26
  24. 24. IM is the source for discovery Poor IM = Hard Discovery Good IM = Easy Discovery Source: http://edrm.net/ 27 Goal
  25. 25. Questions ????? Contact: Keith Atteck C.Tech. ERMm Supervisor, Information Management Vale Corporate Office Base Metals 2101 Hadwen Road Mississauga, Ontario, Canada, L5K 2L3 T: 1 (905) 403 3179 F: 1 (905) 403 1098 keith.atteck@vale.com 28
  26. 26. Turning Risks into Rewards: Building a Comprehensive Records and Information Management Framework Event: IQPC 2nd Annual eDiscovery Canada Toronto, Ontario, Canada March 28-30, 2010 Presented by; Keith Atteck Supervisor, Information Management Vale

×