SlideShare a Scribd company logo
1 of 9
Information Governance- a programmatic
perspective on driving value through RIM
Practical Goals and Directions for managing information assets..


 Richard Gomes
 Citigroup- Director of Information Governance




                              Richard R Gomes                February 2010
Information Management Services from Citi Global RIM
RETENTION, DISPOSITION, AND ARCHIVING ARE CONSIDERED A SUPER-JURISDICTIONAL RISK

 It isn’t always clear what we are obliged
 to keep or how long it should be kept.
                                                     INFORMATION MANAGEMENT SERVICES MITIGATE
 Though many Citi employees realize that             RISK AND SAVE COST                      Questions about physical and
 they may be dealing with Records in the                                                     electronic files come in via a
                                                                                                               call or email
 course of their daily activities, only a
                                                                                                     Clients
 Records Management Officer (RMO)                                                     Internal
 can tell for certain.
                                                          The query goes to the               Employees
 The type of Record it turns out to be, the               RMO responsible for the
                                                          Sector, Global Function,
 jurisdiction it belongs to, and the type of              Region, and Country                                  • Record Status
 data it contains are just some of the many               associated with the files
                                                                                                               • Jurisdiction of Record
 factors an RMO must take into account                                                       Identify          • IS/Privacy flags
 to ensure we comply with our Legal and                      The RMO compiles the                              • Record Class/Code
 Regulatory obligations to compliantly                           retention, disposal,
                                                                                                               • Retention Schedule
                                                               archive, and retrieval
 retain and dispose of Citi’s information.                                                   Classify          • Deviation if required
                                                                      requirements.
 Contact your RMO before you act-                                                                              • Assign RM-Unit
                                                         The issue is tracked and                              • Update Inventory
 <link>                                                                                Inventory               • Declare Datasource
                                                         managed by RIM until a
 The mishandling of Citi information is a                compliant BAU retention
 big risk that can damage our reputation,                and disposition process is in
                                                         place                    Manage and Facilitate
 and cost us a lot of money.
                                                              Retention,      Disposal                             Active Matter
                                                  Policy and                                                                     Collection and
 After all, only Records Management                          Backup, and   Eligibility and       (e)Discovery      Preservation
                                                 Governance                                                                        Custody
                                                              Archiving      Approval                                  Holds
 Officers are trained and authorized to
 classify records, set retention periods,
 and process deviations.
                               Richard R Gomes                  February 2010
Records and Information Management (RIM) is a key competency that drives
down the cost of protecting our information assets.
The less information we retain, the lest costly it is to securely maintain.

                                                               RIM Assets and Deliverables
                                                 POLICY DRIVEN DISPOSAL.
                                                   ‘Retain only what we are obliged to retain’
                                                 IAI (Information Asset Inventory) targeted protection
                                                   Worldwide golden source of the Information Citi has, where it is,
                                                    and who is responsible for it.
                                                 DEFENSE-IN-DEPTH against Super Jurisdictional- Risk
                                                   Preventive Control- Information Asset Inventory (IAI) identifies IS
                                                    and Privacy control gaps
                                                   Detective Control – Disposition Scheduling identifies IS and
                                                    Privacy operational gaps
                                                   Corrective Control- GOC aligned RIM-organization coordinates
                                                    and facilitates CAP responses
                                                 Service Delivery Model driven cost savings
                                                     Legal Matter Response – ‘eDiscovery’
                                                     Storage Demand
                                                     Data Privacy
                                                     Data Protection
                                                     Information Classification
                                                     Data Classification


                         Richard R Gomes                         February 2010                                       3
                                Citi Internal
Program History at a Glance
                  “a packaged service that focuses on direct and timely benefits”
    CMM Level                                                 Global Program Evolution

   1 – Ad Hoc
                                        2005 – Policy and Governance standards
• Policy and Control Process
                                             • Five Important Control elements developed- Master Record Catalog, Spans of Authority,
                                               Country Retention, Inventory Manifest, Custody Map
   2– Repeatable                        2006 – Organization and Control Processes
• Platform Development and Deployment
                                             • Rev 1 of the IAI (Information Asset Inventory) with integrating the 5 important controls
                                               implemented, Physical Information BAU disposition (‘IC ‘)Project delivered
   3– Defined                           2007 – Enterprise Data Map and Global Process Control
• Improved Process Fidelity                  • Continuous Data Disposition (CDD) of Structured and unstructured electronically stored
                                               information (ESI) initiated in NA, eMail disposition rules introduced
• Broadened Scope and Effectiveness
                                        2008 – CDD Process Development and Regionalization
                                             • Expanded CDD for structured ESI Globally, Prototype CDD for some unstructured ESI,
                                               Legal Hold process reengineering begun
                                        2009 – CDD as BAU, Deploy RIM as a Service
• Embedded RIM into the Data Centers         • BAU Tape backup disposition and extended Archiving deployed, SharePoint and First
                                               Archive automated disposition process delivered (BAU eMail disposition in test in First Archive NA)
  4– Managed                            2010 – RIM Services Global Rollout and Regionalization
• Major Gap in Reporting to be closed
                                             • Close Metrics and Reporting GAP, Improve Financial Reporting of Green and Blue $
                                               saves, deploy automated classification and tagging for unstructured ESI
                                        2011 – Push to CMM Level 4 RIM
• Full benefit Capture                       • Deploy integrated dashboard to track effectiveness of savings, risk, and strategy
                                               enablement (Divestiture, M&A, Storage Reduction, etc)

                                          Richard R Gomes                              February 2010                                                 4
RIM is an effective way to manage the growth rate of retained
Information volume because its about empowering people to act.
         RIM leads to less information in a form that is easier to manage
 Strategic
 1.   Minimally Intrusive to the business-
      Basis of advisory services that help business clients optimize their approach to compliance
 2.   Consistent in the eyes of auditors, regulators and the courts-
      Policy and Control Processes based on legal and regulatory requirements as interpreted by case law and regulatory findings
 3.   Straightforward and well documented –
      RIM is supported by job-aids and guidance and delivered through advisory teams composed of RMs, ISOs, and CoB personal

 Tactical
 1.   Policy aligned framework and methodology-
      Operational processes based on RM Policy which is risk based and integrated with RCSA, and ARR’s SAP
 2.   Enterprise-wide consistent, defensible, and actionable
      Global rules for Local application.
 3.   Serves all constituencies
      Addresses core Information Retention and Handling requirements that apply equally to the Business, Legal, Compliance and
      O&T,


 Actionable
 1.   Clearinghouse / CoE for process development and technology enablement initiatives
 2.   Cost saving identification and capture program
 3.   Knowledge exchange for collaborative sharing of locally developed practices


                                  Richard R Gomes                              February 2010                                       5
Service Focus Cost Containment
Over-retention creates a large drag on performance and is relatively easy to fix.


                            Retention Driven Cost and Risk Factors
Primary and secondary information handling costs
   Electronically Stored Information (ESI) costs about $1.88 / GB-Year – (All in estimate of ESI on-line
    storage and administration costs this translates to at least $MM of savings in North America alone)
   Back-up and Archive costs
      System Back-up Times- (the need for more costly high throughput solutions and increased tape
          volumes)
         Offline ESI-Archive Inventory Overhead- (indexing, retrieval, sampling, and restore overhead drive
          incremental storage requirements)
   eDiscovery costs-
      Collection, Culling, and 3rd Party review cost many large companies $10s of Millions annually
Legal and Regulatory Exposure.
 Matter Scope – (Out of context eMail, EUCs, logs, etc. widen investigation scope and drive up costs)
 Missed/Overlooked information – (Untimely disclosure [e.g. Merrill $1.4B], Inaccurate Data Map [e.g.
    Qualcomm $200MM] resulting in large financial penalties and judicial prejudice)
   Disposition Framework – (Retention inconsistency (e.g.. Intel, Arthur Andersen) resulting in serious and
    costly threats to the Franchise..




                               Richard R Gomes                        February 2010                            6
Internal Clients are a broad and diverse population


       Client Organization                                                     Expected Service Benefit
                                              Risk facing activities (e.g. Data Privacy, Data Protection, IDEM) derive direct expense and
O&T/ Risk Organizations                       FTE benefits from volume reduction and efficiency benefits from a common Data Map-
                                              Case: IDEM u-ESI initiative
                                              Enterprise Data Map and Retention Schedules enable large scale economies
O&T/ Technology Organizations                 associated with Info-centric architectures
                                              Enterprise Data Map provides baseline for Data Classification and forms the basis of a
ISO Organization                              comprehensive Enterprise-Security Data Dictionary governing the risk based handling
                                              of Information in transit and at rest
                                              Right-sizing and cost management of the Information Infrastructure build-out based on
Technology Infrastructure Organizations       rules based predictive growth and volume information derived from well defined
                                              retention scheduling
                                              In aggregate, direct capital and expense savings are in the $.5B range with realization
Financial Control                             within 12-24 months

                                              As a principle user of the Data Map and the Retention Processes associated with
Legal Services / eDiscovery                   CDD, the direct benefit is in significant FTE / external resource reduction associated
                                              with the preservation, collection, culling, review, and production activities.
                                              Based on the effectiveness of the CDD methodology and the consistency of its
Legal / Litigation                            implementation (e.g. SLAs) attorneys responsible for litigation can confidently delegate
                                              eDiscovery oversight to lower levels within their organization and improving skills alignment
                                              Framework for the development of Info-Centric applications that are aware of the
Business / Application Development            information they handle, can look up the rules for handling it, and can systematically
                                              enforce the information lifecycle

                                Richard R Gomes                                February 2010                                                  7
Information Management Services from Citi Global RIM
RETENTION, DISPOSITION, AND ARCHIVING ARE CONSIDERED A SUPER-JURISDICTIONAL RISK

 It isn’t always clear what we are obliged
 to keep or how long it should be kept.
                                                     INFORMATION MANAGEMENT SERVICES MITIGATE
 Though many Citi employees realize that             RISK AND SAVE COST                      Questions about physical and
 they may be dealing with Records in the                                                     electronic files come in via a
                                                                                                               call or email
 course of their daily activities, only a
                                                                                                     Clients
 Records Management Officer (RMO)                                                     Internal
 can tell for certain.
                                                          The query goes to the               Employees
 The type of Record it turns out to be, the               RMO responsible for the
                                                          Sector, Global Function,
 jurisdiction it belongs to, and the type of              Region, and Country                                  • Record Status
 data it contains are just some of the many               associated with the files
                                                                                                               • Jurisdiction of Record
 factors an RMO must take into account                                                       Identify          • IS/Privacy flags
 to ensure we comply with our Legal and                      The RMO compiles the                              • Record Class/Code
 Regulatory obligations to compliantly                           retention, disposal,
                                                                                                               • Retention Schedule
                                                               archive, and retrieval
 retain and dispose of Citi’s information.                                                   Classify          • Deviation if required
                                                                      requirements.
 Contact your RMO before you act-                                                                              • Assign RM-Unit
                                                         The issue is tracked and                              • Update Inventory
 <link>                                                                                Inventory               • Declare Datasource
                                                         managed by RIM until a
 The mishandling of Citi information is a                compliant BAU retention
 big risk that can damage our reputation,                and disposition process is in
                                                         place                    Manage and Facilitate
 and cost us a lot of money.
                                                              Retention,      Disposal                             Active Matter
                                                  Policy and                                                                     Collection and
 After all, only Records Management                          Backup, and   Eligibility and       (e)Discovery      Preservation
                                                 Governance                                                                        Custody
                                                              Archiving      Approval                                  Holds
 Officers are trained and authorized to
 classify records, set retention periods,
 and process deviations.
                               Richard R Gomes                  February 2010
Questions




            Richard R Gomes   February 2010   9

More Related Content

What's hot (6)

Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate Certification
 
Simeio e-Brochure
Simeio e-BrochureSimeio e-Brochure
Simeio e-Brochure
 
Guardian 8 media kit
Guardian 8   media kitGuardian 8   media kit
Guardian 8 media kit
 
Ruth edge presentation
Ruth edge   presentationRuth edge   presentation
Ruth edge presentation
 
Joburg cobit assurance
Joburg cobit assuranceJoburg cobit assurance
Joburg cobit assurance
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4
 

Viewers also liked

Srs sample
Srs sampleSrs sample
Srs sample
sriniefs
 
Whale Rider.Ya Money.Project.Tools
Whale Rider.Ya Money.Project.ToolsWhale Rider.Ya Money.Project.Tools
Whale Rider.Ya Money.Project.Tools
WRider
 
Introduction
IntroductionIntroduction
Introduction
sriniefs
 
Documents and Discovery in Government - Alberta’s Perspective
Documents and Discovery in Government - Alberta’s PerspectiveDocuments and Discovery in Government - Alberta’s Perspective
Documents and Discovery in Government - Alberta’s Perspective
Ledjit
 
CEIC 2010 international panel
CEIC 2010 international panelCEIC 2010 international panel
CEIC 2010 international panel
Ledjit
 
Satin Usability Working Place
Satin Usability Working PlaceSatin Usability Working Place
Satin Usability Working Place
WRider
 
The Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and SolutionsThe Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and Solutions
Ledjit
 
Jess
JessJess
Jess
JORGE
 
Whale Rider устраняем шумы в коммуникациях
Whale Rider   устраняем шумы в коммуникацияхWhale Rider   устраняем шумы в коммуникациях
Whale Rider устраняем шумы в коммуникациях
WRider
 

Viewers also liked (17)

eDiscovery without the headaches
eDiscovery without the headacheseDiscovery without the headaches
eDiscovery without the headaches
 
Srs sample
Srs sampleSrs sample
Srs sample
 
Whale Rider.Ya Money.Project.Tools
Whale Rider.Ya Money.Project.ToolsWhale Rider.Ya Money.Project.Tools
Whale Rider.Ya Money.Project.Tools
 
Introduction
IntroductionIntroduction
Introduction
 
Documents and Discovery in Government - Alberta’s Perspective
Documents and Discovery in Government - Alberta’s PerspectiveDocuments and Discovery in Government - Alberta’s Perspective
Documents and Discovery in Government - Alberta’s Perspective
 
CEIC 2010 international panel
CEIC 2010 international panelCEIC 2010 international panel
CEIC 2010 international panel
 
2014 04-03 061837-mana_telangana
2014 04-03 061837-mana_telangana2014 04-03 061837-mana_telangana
2014 04-03 061837-mana_telangana
 
Satin Usability Working Place
Satin Usability Working PlaceSatin Usability Working Place
Satin Usability Working Place
 
The Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and SolutionsThe Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and Solutions
 
Jess
JessJess
Jess
 
eDiscovery - Advising your Clients on how to be Litigation Ready in the 21st ...
eDiscovery - Advising your Clients on how to be Litigation Ready in the 21st ...eDiscovery - Advising your Clients on how to be Litigation Ready in the 21st ...
eDiscovery - Advising your Clients on how to be Litigation Ready in the 21st ...
 
The radio shack court
The radio shack courtThe radio shack court
The radio shack court
 
Introduction To Forensic Methodologies
Introduction To Forensic MethodologiesIntroduction To Forensic Methodologies
Introduction To Forensic Methodologies
 
The Portable Courtroom
The Portable CourtroomThe Portable Courtroom
The Portable Courtroom
 
Whale Rider устраняем шумы в коммуникациях
Whale Rider   устраняем шумы в коммуникацияхWhale Rider   устраняем шумы в коммуникациях
Whale Rider устраняем шумы в коммуникациях
 
Production of Documents, Technology and Costs
Production of Documents, Technology and CostsProduction of Documents, Technology and Costs
Production of Documents, Technology and Costs
 
developing a financial services brand
developing a financial services branddeveloping a financial services brand
developing a financial services brand
 

Similar to Information Governance-a programmatic perspective on driving value through RIMPractical Goals and Directions for managing information assets

SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
Satish Hemachandran
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
ebuc
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0
debbanerjee
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
Avirot Mitamura
 
Metadata Use Cases You Can Use
Metadata Use Cases You Can UseMetadata Use Cases You Can Use
Metadata Use Cases You Can Use
dmurph4
 
Metadata Use Cases
Metadata Use CasesMetadata Use Cases
Metadata Use Cases
dmurph4
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
DATAVERSITY
 
Course Outline - Disaster Preparedness and Vital Records Protection
Course Outline - Disaster Preparedness and Vital Records ProtectionCourse Outline - Disaster Preparedness and Vital Records Protection
Course Outline - Disaster Preparedness and Vital Records Protection
Lorson Resources Limited
 

Similar to Information Governance-a programmatic perspective on driving value through RIMPractical Goals and Directions for managing information assets (20)

Powerpoint tom
Powerpoint   tomPowerpoint   tom
Powerpoint tom
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record management
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
 
Life & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityLife & Work Online Protecting Your Identity
Life & Work Online Protecting Your Identity
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
Metadata Use Cases You Can Use
Metadata Use Cases You Can UseMetadata Use Cases You Can Use
Metadata Use Cases You Can Use
 
Metadata Use Cases
Metadata Use CasesMetadata Use Cases
Metadata Use Cases
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
“The Fountain of Truth” Web-based Contract Management for Starwood Hotels –
“The Fountain of Truth” Web-based Contract Management for Starwood Hotels – “The Fountain of Truth” Web-based Contract Management for Starwood Hotels –
“The Fountain of Truth” Web-based Contract Management for Starwood Hotels –
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance Requirements
 
Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
 
Simplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS EnvironmentSimplifying PCI on a PaaS Environment
Simplifying PCI on a PaaS Environment
 
Course Outline - Disaster Preparedness and Vital Records Protection
Course Outline - Disaster Preparedness and Vital Records ProtectionCourse Outline - Disaster Preparedness and Vital Records Protection
Course Outline - Disaster Preparedness and Vital Records Protection
 
Vormetric data security complying with pci dss encryption rules
Vormetric data security  complying with pci dss encryption rulesVormetric data security  complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rules
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideout
 
TripleTree eDiscovery
TripleTree  eDiscoveryTripleTree  eDiscovery
TripleTree eDiscovery
 

More from Ledjit

Numérisation de substitution
Numérisation de substitutionNumérisation de substitution
Numérisation de substitution
Ledjit
 
Le web2.0, une mine d'information juridique et judiciaire
Le web2.0, une mine d'information juridique et judiciaireLe web2.0, une mine d'information juridique et judiciaire
Le web2.0, une mine d'information juridique et judiciaire
Ledjit
 
Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...
Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...
Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...
Ledjit
 

More from Ledjit (16)

Rixe sur la preuve électronique
Rixe sur la preuve électroniqueRixe sur la preuve électronique
Rixe sur la preuve électronique
 
Numérisation de substitution
Numérisation de substitutionNumérisation de substitution
Numérisation de substitution
 
Le web2.0, une mine d'information juridique et judiciaire
Le web2.0, une mine d'information juridique et judiciaireLe web2.0, une mine d'information juridique et judiciaire
Le web2.0, une mine d'information juridique et judiciaire
 
Une nouvelle administration de la preuve
Une nouvelle administration de la preuveUne nouvelle administration de la preuve
Une nouvelle administration de la preuve
 
Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...
Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...
Le Procès Sans Papier - Objection... à toute la preuve présentée devant les t...
 
Preuve électronique + Procédure
Preuve électronique + ProcédurePreuve électronique + Procédure
Preuve électronique + Procédure
 
Gestion De L’Information - Obligations et responsabilités du conseiller jurid...
Gestion De L’Information - Obligations et responsabilités du conseiller jurid...Gestion De L’Information - Obligations et responsabilités du conseiller jurid...
Gestion De L’Information - Obligations et responsabilités du conseiller jurid...
 
60 Trucs et astuces Word en 60 minutes
60 Trucs et astuces Word en 60 minutes60 Trucs et astuces Word en 60 minutes
60 Trucs et astuces Word en 60 minutes
 
Salle d'audience portable
Salle d'audience portableSalle d'audience portable
Salle d'audience portable
 
Le Web2
Le Web2Le Web2
Le Web2
 
L'administration de la preuve électronique
L'administration de la preuve électroniqueL'administration de la preuve électronique
L'administration de la preuve électronique
 
Présentation de la preuve électronique
Présentation de la preuve électroniquePrésentation de la preuve électronique
Présentation de la preuve électronique
 
Rédaction et mise en place d’une politique de gestion de l'information
Rédaction et mise en place d’une politique de gestion de l'informationRédaction et mise en place d’une politique de gestion de l'information
Rédaction et mise en place d’une politique de gestion de l'information
 
Révision et analyse des documents
Révision et analyse des documentsRévision et analyse des documents
Révision et analyse des documents
 
L'administration de la preuve électronique - présnentation à CAP
L'administration de la preuve électronique - présnentation à CAPL'administration de la preuve électronique - présnentation à CAP
L'administration de la preuve électronique - présnentation à CAP
 
L'Administration de la preuve électronique - Cours de droit du cyberespace
L'Administration de la preuve électronique - Cours de droit du cyberespaceL'Administration de la preuve électronique - Cours de droit du cyberespace
L'Administration de la preuve électronique - Cours de droit du cyberespace
 

Recently uploaded

Mental Health Issues of Graduate Students
Mental Health Issues of Graduate StudentsMental Health Issues of Graduate Students
Mental Health Issues of Graduate Students
vineshkumarsajnani12
 
Obat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di Bandung
Obat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di BandungObat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di Bandung
Obat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di Bandung
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di SurabayaObat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证
ogawka
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
srcw2322l101
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
vineshkumarsajnani12
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
LR1709MUSIC
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metrics
CaitlinCummins3
 

Recently uploaded (20)

Mental Health Issues of Graduate Students
Mental Health Issues of Graduate StudentsMental Health Issues of Graduate Students
Mental Health Issues of Graduate Students
 
Presentation on cross cultural negotiations.
Presentation on cross cultural negotiations.Presentation on cross cultural negotiations.
Presentation on cross cultural negotiations.
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Obat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di Bandung
Obat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di BandungObat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di Bandung
Obat Aborsi Bandung 0851\7696\3835 Jual Obat Cytotec Di Bandung
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
 
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di SurabayaObat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
 
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deck
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deckPitch Deck Teardown: Goodcarbon's $5.5m Seed deck
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deck
 
如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(SUT毕业证书)斯威本科技大学毕业证成绩单本科硕士学位证留信学历认证
 
Elevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesElevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO Services
 
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
 
wagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORIwagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORI
 
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfProgress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
 
Beyond Numbers A Holistic Approach to Forensic Accounting
Beyond Numbers A Holistic Approach to Forensic AccountingBeyond Numbers A Holistic Approach to Forensic Accounting
Beyond Numbers A Holistic Approach to Forensic Accounting
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
 
Moradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in PenacovaMoradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in Penacova
 
10 Easiest Ways To Buy Verified TransferWise Accounts
10 Easiest Ways To Buy Verified TransferWise Accounts10 Easiest Ways To Buy Verified TransferWise Accounts
10 Easiest Ways To Buy Verified TransferWise Accounts
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metrics
 

Information Governance-a programmatic perspective on driving value through RIMPractical Goals and Directions for managing information assets

  • 1. Information Governance- a programmatic perspective on driving value through RIM Practical Goals and Directions for managing information assets.. Richard Gomes Citigroup- Director of Information Governance Richard R Gomes February 2010
  • 2. Information Management Services from Citi Global RIM RETENTION, DISPOSITION, AND ARCHIVING ARE CONSIDERED A SUPER-JURISDICTIONAL RISK It isn’t always clear what we are obliged to keep or how long it should be kept. INFORMATION MANAGEMENT SERVICES MITIGATE Though many Citi employees realize that RISK AND SAVE COST Questions about physical and they may be dealing with Records in the electronic files come in via a call or email course of their daily activities, only a Clients Records Management Officer (RMO) Internal can tell for certain. The query goes to the Employees The type of Record it turns out to be, the RMO responsible for the Sector, Global Function, jurisdiction it belongs to, and the type of Region, and Country • Record Status data it contains are just some of the many associated with the files • Jurisdiction of Record factors an RMO must take into account Identify • IS/Privacy flags to ensure we comply with our Legal and The RMO compiles the • Record Class/Code Regulatory obligations to compliantly retention, disposal, • Retention Schedule archive, and retrieval retain and dispose of Citi’s information. Classify • Deviation if required requirements. Contact your RMO before you act- • Assign RM-Unit The issue is tracked and • Update Inventory <link> Inventory • Declare Datasource managed by RIM until a The mishandling of Citi information is a compliant BAU retention big risk that can damage our reputation, and disposition process is in place Manage and Facilitate and cost us a lot of money. Retention, Disposal Active Matter Policy and Collection and After all, only Records Management Backup, and Eligibility and (e)Discovery Preservation Governance Custody Archiving Approval Holds Officers are trained and authorized to classify records, set retention periods, and process deviations. Richard R Gomes February 2010
  • 3. Records and Information Management (RIM) is a key competency that drives down the cost of protecting our information assets. The less information we retain, the lest costly it is to securely maintain. RIM Assets and Deliverables  POLICY DRIVEN DISPOSAL.  ‘Retain only what we are obliged to retain’  IAI (Information Asset Inventory) targeted protection  Worldwide golden source of the Information Citi has, where it is, and who is responsible for it.  DEFENSE-IN-DEPTH against Super Jurisdictional- Risk  Preventive Control- Information Asset Inventory (IAI) identifies IS and Privacy control gaps  Detective Control – Disposition Scheduling identifies IS and Privacy operational gaps  Corrective Control- GOC aligned RIM-organization coordinates and facilitates CAP responses  Service Delivery Model driven cost savings  Legal Matter Response – ‘eDiscovery’  Storage Demand  Data Privacy  Data Protection  Information Classification  Data Classification Richard R Gomes February 2010 3 Citi Internal
  • 4. Program History at a Glance “a packaged service that focuses on direct and timely benefits” CMM Level Global Program Evolution 1 – Ad Hoc 2005 – Policy and Governance standards • Policy and Control Process • Five Important Control elements developed- Master Record Catalog, Spans of Authority, Country Retention, Inventory Manifest, Custody Map 2– Repeatable 2006 – Organization and Control Processes • Platform Development and Deployment • Rev 1 of the IAI (Information Asset Inventory) with integrating the 5 important controls implemented, Physical Information BAU disposition (‘IC ‘)Project delivered 3– Defined 2007 – Enterprise Data Map and Global Process Control • Improved Process Fidelity • Continuous Data Disposition (CDD) of Structured and unstructured electronically stored information (ESI) initiated in NA, eMail disposition rules introduced • Broadened Scope and Effectiveness 2008 – CDD Process Development and Regionalization • Expanded CDD for structured ESI Globally, Prototype CDD for some unstructured ESI, Legal Hold process reengineering begun 2009 – CDD as BAU, Deploy RIM as a Service • Embedded RIM into the Data Centers • BAU Tape backup disposition and extended Archiving deployed, SharePoint and First Archive automated disposition process delivered (BAU eMail disposition in test in First Archive NA) 4– Managed 2010 – RIM Services Global Rollout and Regionalization • Major Gap in Reporting to be closed • Close Metrics and Reporting GAP, Improve Financial Reporting of Green and Blue $ saves, deploy automated classification and tagging for unstructured ESI 2011 – Push to CMM Level 4 RIM • Full benefit Capture • Deploy integrated dashboard to track effectiveness of savings, risk, and strategy enablement (Divestiture, M&A, Storage Reduction, etc) Richard R Gomes February 2010 4
  • 5. RIM is an effective way to manage the growth rate of retained Information volume because its about empowering people to act. RIM leads to less information in a form that is easier to manage Strategic 1. Minimally Intrusive to the business- Basis of advisory services that help business clients optimize their approach to compliance 2. Consistent in the eyes of auditors, regulators and the courts- Policy and Control Processes based on legal and regulatory requirements as interpreted by case law and regulatory findings 3. Straightforward and well documented – RIM is supported by job-aids and guidance and delivered through advisory teams composed of RMs, ISOs, and CoB personal Tactical 1. Policy aligned framework and methodology- Operational processes based on RM Policy which is risk based and integrated with RCSA, and ARR’s SAP 2. Enterprise-wide consistent, defensible, and actionable Global rules for Local application. 3. Serves all constituencies Addresses core Information Retention and Handling requirements that apply equally to the Business, Legal, Compliance and O&T, Actionable 1. Clearinghouse / CoE for process development and technology enablement initiatives 2. Cost saving identification and capture program 3. Knowledge exchange for collaborative sharing of locally developed practices Richard R Gomes February 2010 5
  • 6. Service Focus Cost Containment Over-retention creates a large drag on performance and is relatively easy to fix. Retention Driven Cost and Risk Factors Primary and secondary information handling costs  Electronically Stored Information (ESI) costs about $1.88 / GB-Year – (All in estimate of ESI on-line storage and administration costs this translates to at least $MM of savings in North America alone)  Back-up and Archive costs  System Back-up Times- (the need for more costly high throughput solutions and increased tape volumes)  Offline ESI-Archive Inventory Overhead- (indexing, retrieval, sampling, and restore overhead drive incremental storage requirements)  eDiscovery costs-  Collection, Culling, and 3rd Party review cost many large companies $10s of Millions annually Legal and Regulatory Exposure.  Matter Scope – (Out of context eMail, EUCs, logs, etc. widen investigation scope and drive up costs)  Missed/Overlooked information – (Untimely disclosure [e.g. Merrill $1.4B], Inaccurate Data Map [e.g. Qualcomm $200MM] resulting in large financial penalties and judicial prejudice)  Disposition Framework – (Retention inconsistency (e.g.. Intel, Arthur Andersen) resulting in serious and costly threats to the Franchise.. Richard R Gomes February 2010 6
  • 7. Internal Clients are a broad and diverse population Client Organization Expected Service Benefit Risk facing activities (e.g. Data Privacy, Data Protection, IDEM) derive direct expense and O&T/ Risk Organizations FTE benefits from volume reduction and efficiency benefits from a common Data Map- Case: IDEM u-ESI initiative Enterprise Data Map and Retention Schedules enable large scale economies O&T/ Technology Organizations associated with Info-centric architectures Enterprise Data Map provides baseline for Data Classification and forms the basis of a ISO Organization comprehensive Enterprise-Security Data Dictionary governing the risk based handling of Information in transit and at rest Right-sizing and cost management of the Information Infrastructure build-out based on Technology Infrastructure Organizations rules based predictive growth and volume information derived from well defined retention scheduling In aggregate, direct capital and expense savings are in the $.5B range with realization Financial Control within 12-24 months As a principle user of the Data Map and the Retention Processes associated with Legal Services / eDiscovery CDD, the direct benefit is in significant FTE / external resource reduction associated with the preservation, collection, culling, review, and production activities. Based on the effectiveness of the CDD methodology and the consistency of its Legal / Litigation implementation (e.g. SLAs) attorneys responsible for litigation can confidently delegate eDiscovery oversight to lower levels within their organization and improving skills alignment Framework for the development of Info-Centric applications that are aware of the Business / Application Development information they handle, can look up the rules for handling it, and can systematically enforce the information lifecycle Richard R Gomes February 2010 7
  • 8. Information Management Services from Citi Global RIM RETENTION, DISPOSITION, AND ARCHIVING ARE CONSIDERED A SUPER-JURISDICTIONAL RISK It isn’t always clear what we are obliged to keep or how long it should be kept. INFORMATION MANAGEMENT SERVICES MITIGATE Though many Citi employees realize that RISK AND SAVE COST Questions about physical and they may be dealing with Records in the electronic files come in via a call or email course of their daily activities, only a Clients Records Management Officer (RMO) Internal can tell for certain. The query goes to the Employees The type of Record it turns out to be, the RMO responsible for the Sector, Global Function, jurisdiction it belongs to, and the type of Region, and Country • Record Status data it contains are just some of the many associated with the files • Jurisdiction of Record factors an RMO must take into account Identify • IS/Privacy flags to ensure we comply with our Legal and The RMO compiles the • Record Class/Code Regulatory obligations to compliantly retention, disposal, • Retention Schedule archive, and retrieval retain and dispose of Citi’s information. Classify • Deviation if required requirements. Contact your RMO before you act- • Assign RM-Unit The issue is tracked and • Update Inventory <link> Inventory • Declare Datasource managed by RIM until a The mishandling of Citi information is a compliant BAU retention big risk that can damage our reputation, and disposition process is in place Manage and Facilitate and cost us a lot of money. Retention, Disposal Active Matter Policy and Collection and After all, only Records Management Backup, and Eligibility and (e)Discovery Preservation Governance Custody Archiving Approval Holds Officers are trained and authorized to classify records, set retention periods, and process deviations. Richard R Gomes February 2010
  • 9. Questions Richard R Gomes February 2010 9