SlideShare a Scribd company logo

ASG_Record_Mgmts_Breaking_Point_White_Pa

Patrick BOURLARD
Patrick BOURLARD
1 of 8
Download to read offline
C O N T E N T Electronicrecordvolumesareincreasingasenterpriseandbusinesssystemsarmedwithaggregatedcomputing processingpowercreatehundredsofthousands—evenmillions—ofrecordswithinasinglebatchprocess.This whitepaperoutlinesissuesthatmakemanagingtransactionalelectronicrecordschallenging,demonstrateswhy organizationsneedtotamethehigh-volumetransactionalrecordsbeast,andlastly,describeswhattolookforina transactionalelectronicrecordsmanagementsolution. MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS RECORD MANAGEMENT’S BREAKING POINT
RECORDS MANAGEMENT’S BREAKING POINT: MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS C O N T E N T ABOUT AIIM AIIM (WWW.AIIM. ORG) HAS BEEN AN ADVOCATE AND SUPPORTER OF INFORMATION PROFESSIONALS FOR NEARLY 70 YEARS. THE ASSOCIATION MISSION IS TO ENSURE THAT INFORMATION PROFESSIONALS UNDERSTAND THE CURRENT AND FUTURE CHALLENGES OF MANAGING INFORMATION ASSETS IN AN ERA OF SOCIAL, MOBILE, CLOUD, AND BIG DATA. FOUNDED IN 1943, AIIM BUILDS ON A STRONG HERITAGE OF RESEARCH AND MEMBER SERVICE. TODAY, AIIM IS A GLOBAL, NON-PROFIT ORGANIZATION THAT PROVIDES INDEPENDENT RESEARCH, EDUCATION, AND CERTIFICATION PROGRAMS TO INFORMATION PROFESSIONALS. AIIM REPRESENTS THE ENTIRE INFORMATION MANAGEMENT COMMUNITY, WITH PROGRAMS AND CONTENT FOR PRACTITIONERS, TECHNOLOGY SUPPLIERS, INTEGRATORS, AND CONSULTANTS. EXECUTIVE SUMMARY What you don’t see can sometimes be more dangerous than what you can.Visit the office of any large organization and you’ll likely find file cabinets filled with documents and desktop computers runningWord, Excel, email, and other personal productivity applications. All of this information—from mortgage loan applications and email exchanges between employees to Excel customer invoices and training videos posted on the company website—is content that every organization needs to manage. For most organizations, properly classifying, retaining, and then retrieving these records across multiple offices and business units is challenging and time-consuming, especially in light of ever-changing regulations and the omnipresent risk of litigation. However, records created manually and semi-automatically represent just the tip of the records management iceberg. Consider what’s under the surface: millions of records automatically created by high- volume, transactional enterprise systems.These electronic records include customer statements, bills, checks, invoices, and high-volume reports, representing the submerged, potentially dangerous portion of the iceberg. Like theTitanic, organizations are often able to navigate around the part of the iceberg they can see, but it’s what’s under the surface that can cause havoc. Electronic record volumes are increasing as enterprise and business systems armed with aggregated computing processing power create hundreds of thousands—even millions—of records within a single batch process. Simultaneous input from hundreds, if not thousands, of users adds to the data volumes. The good news is that organizations recognize that their electronic records management processes are not up to par, reporting that electronic records are more than twice as likely as paper records to be“unmanaged.”1 The bad news is that many lack a cost-effective, consistent, and efficient method of managing these records across the enterprise. Not only are transactional electronic records out of control, but often organizations can’t find them.The Association for Information and Image Management (AIIM) discovered that 41 percent of organizations are not confident that electronic information (excluding emails) is“accurate, accessible, and trustworthy.”2 It’s ironic that although electronic records are the most voluminous records in any organization, they are the most difficult to manage with current records management solutions—if they are managed at all. In an electronic records environment, traditional records management solutions that rely on manual processes fall short. A records management system adequate for retrieving, processing, and archiving several thousand records per day becomes costly and unwieldy when applied to several million transactional records per day. Like the volume of content itself, the task of getting these records under control may seem overwhelming. However, a new method of managing electronic records does exist.This white paper outlines some of the issues that make electronic records management so challenging, highlights why organizations need to tame the high-volume transactional records beast, and lastly, describes what to look for in a transactional records management solution.
TAMING THE TRANSACTIONAL RECORDS BEAST Electronic records are easy to create but difficult to manage. In a nightly batch job, a billing or payroll system can generate thousands of records that need to be captured, classified, retained, and scheduled for disposal. Organizations also need to integrate the management of these electronic records with other record types created across the organization, including paper documents, XML, HTML, PCL, AFP, DJDE/Metacode, PDF, PostScript, rich media formats, Word documents, Excel spreadsheets, emails, and Outlook calendar entries. Organizations that attempt to apply manual and human-centric records management processes find that these traditional methods wind up being extremely expensive and impractical for several reasons, as described below. OUT OF SIGHT, OUT OF MIND Unlike paper documents that clutter up a file cabinet or storage room, electronic records reside in mainframe or distributed systems—or both—out of sight and often out of mind. Like the late, US-based comic Rodney Dangerfield, electronic records simply “get no respect.” According to AIIM, “Electronic records are still taken less seriously than paper records.”3 Once applications create these records, organizations then need to store them either in the application itself or, more typically, in external archiving or storage systems. But even this movement tends to be haphazard: More than 70 percent of organizations report that they do not have plans or provisioning in place for the long- term storage of electronic records.4 EXPLODING DATA VOLUMES There should be little wonder that managing electronic records is so challenging, since data volumes are exploding and show no signs of slowing down. For example, 18.76 billion payments crossed the Automated Clearing House (ACH) Network in 2009, an increase of 2.6 percent over 20085 , and electronic single-stock trading systems now create 37 percent of U.S. equity trading volume.6 Seventy percent of organizations report that the electronic record volume is “increasing rapidly,” while none report a decrease.7 ACCESS BY ALL It’s not just unwieldy volumes. The pervasive nature of electronic records is what makes them difficult to manage. Unlike paper, these records can’t be confined to a locked file cabinet. Employees, customers, suppliers—even hackers—can view, copy, disseminate, and destroy thousands of records in an instant. Those organizations without an electronic records management strategy are most at risk, with 60 percent of these organizations reporting that they are not confident that their electronic records have not been changed, deleted, or inappropriately accessed.8 SILOED ENVIRONMENT A technology environment in which siloed mainframe and distributed systems are the norm compounds the challenge of managing electronic records. Almost a third of organizations have 20 or more siloed content repositories and more than half have 10 or more.9 Yet the vast majority of records management solutions are standalone systems that address the records retention needs of a single department or application rather than integration with an enterprise-wide records retention plan. TRANSACTIONAL ELECTRONIC RECORDS ARE EASY TO CREATE BUT DIFFICULT TO MANAGE. APPLYING MANUAL AND HUMAN- CENTRIC RECORDS MANAGEMENT PROCESSES WINDS UP BEING EXTREMELY EXPENSIVE AND IMPRACTICAL.
RECORDS MANAGEMENT’S BREAKING POINT: MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS C O N T E N T While organizations create these electronic records in siloed application systems, regulations and laws require that organizations have the ability to treat these records as if they were created by or reside in a single application. For example, a financial institution is court-ordered to place a legal hold on all records of transactions involving an individual customer account. However, those records may include ATM withdrawals, wire transfers, customer statements, and loan documentation housed in different application systems. If the financial institution is global, these records could be contained in different applications throughout the world, all with different retention and storage taxonomies—and under the governance of various disparate regulations. The inability to place a hold on an account within the legal time limit may expose the organization to incurring a multimillion dollar fine. OUTDATED PROCESSES AND STANDARDS In theory, the traditional principles of records management apply to any type of record. In practice, the high volume of these electronic records makes paper-based processes for declaration, classification, and retention tracking of electronic records costly and impractical. For example, while the U.S. Department of Defense Directive 5015.2 and the Model Requirements for Electronic Records Management (MoReq) in Europe provide guidelines that organizations can apply to electronic records management, these standards do not fully address issues specific to high-volume, application-created electronic records. Rather, organizations need to implement standards that consider the speed at which electronic records are created, stored, and disposed. Many organizations use a manually-maintained file plan to manage their paper documents. When a government agency passes a new record retention regulation, the records manager manually enters the new retention criteria into the records management system for each impacted record type. This process may work fine for a limited number of records but becomes exponentially expensive and unwieldy when manually applied to billions of electronic records accumulated over several years. Organizations, especially those that are international and must comply with a wide variety of country-specific jurisdictions, would require an army of records managers to keep pace with changing regulations—as well as the overwhelming numbers of records requiring oversight. RETENTION COMPLICATIONS The IT department typically is responsible for enterprise systems and often—by default—becomes responsible for the classification and retention of the records within those systems. Rather than considering risk, legal, or regulatory ramifications or whether the corporate “memory” is properly protected, the IT department tends to view retention as a storage management issue. Since the IT department is typically not well-versed in records management issues and may be unsure of how to apply appropriate retention schedules, it may err on the side of archiving all electronic records. With storage costs decreasing as a result of new technologies and options such as cloud computing, moving all electronic records to low-cost or alternative storage may seem like an answer. However, without an enterprise-wide electronic records management solution, organizations still cannot properly classify, retain, retrieve, and then delete records stored in siloed systems and databases according to central retention policies. A strategy of “keeping everything” can also result in penalties. In Germany, courts concluded that telecommunications companies must delete telephone and Internet data, overturning the 2006 EU Directive on Data Retention requiring companies to keep such data for six months. Telecommunications companies failing to delete the data now face fines.10 THE U.S. DEPARTMENT OF DEFENSE DIRECTIVE 5015.2, AND THE MODEL REQUIREMENTS FOR ELECTRONIC RECORDS MANAGEMENT (MOREQ) IN EUROPE PROVIDE GUIDELINES THAT ORGANIZATIONS CAN APPLY TO ELECTRONIC RECORDS MANAGEMENT. THESE STANDARDS DO NOT FULLY ADDRESS ISSUES SPECIFIC TO HIGH-VOLUME, APPLICATION CREATED ELECTRONIC RECORDS.
ALTHOUGH APPLICATIONS CREATE HUNDREDS OF THOUSANDS OF RECORDS AS PART OF A SINGLE REPORT, THE LAW REQUIRES ORGANIZATIONS TO TREAT EACH AS AN INDIVIDUAL RECORD. IN SEVERAL HIGH- PROFILE CASES, COURTS HAVE HEAVILY FINED ORGANIZATIONS UNABLE TO PROVIDE ACCESS TO ELECTRONIC RECORDS IN A TIMELY MANNER. WHY HIGH-VOLUME TRANSACTIONAL RECORDS MANAGEMENT MATTERS Is electronic records management—particularly that associated with high-volume, application-created records—worth the effort? In a word: Yes. Those organizations not able to fully manage transactional electronic records risk regulatory noncompliance, legal action, and unauthorized data access that can negatively impact their business. REGULATORY RISK The Bernie Madoff $50 billion Ponzi scheme (2008), the Enron debacle (2001), and the accounting fraud incident at Indian outsourcing provider Satyam Computer Services (2009) are just a few of the highly publicized criminal events that have regulators considering passing a slew of new policies designed to improve information transparency. Although not focused on records management per se, regulations including the Markets in Financial Instruments Directive (MiFID), the Health Insurance Portability and Accountability Act (HIPAA), the USA PATRIOT Act, the Sarbanes-Oxley (SOX) Act, the U.S. Food and Drug Administration’s 21 CFR Part 11, the Consumer Product Safety Improvement Act (CPSIA), and the EU Data Protection Directive include provisions directly attributable to electronic records management. For example, while the major objective of MiFID is to harmonize Europe’s financial markets, MiFID Article 51(3) addresses records retention, specifying a five-year retention period for transactional data. HIPAA, which governs electronic transfers of health information, mandates that organizations retain all medical records, signed consent forms, authorization forms, and other HIPAA-related documentation for six years. It also requires organizations to keep records for two years after a patient’s death. The Anti-Money Laundering Directive 2005/60/ EC requires organizations to keep records for at least five years. Lastly, Directive 2003/88/ EC directs organizations to keep records of employee work hours and provide those records on demand. In several high-profile cases, courts have heavily fined organizations unable to provide access to electronic records in a timely manner. Unfortunately, good intentions and attempting to comply with regulations can still result in hefty fines. For example, the Financial Services Authority (FSA) stated that Goldman Sachs International did not “set out to hide anything,” but still fined the firm £17.5 million for failure to ensure it could comply with UK regulatory reporting rules. Margaret Cole, managing director of enforcement and financial crime for the FSA, stated, “This penalty should send a message—particularly to the senior management of large institutions—of the need to have their firm’s UK reporting obligations at the forefront of their minds.”11 LEGAL RISK Organizations need access to records to not only successfully defend a case, but also for proactive legal activities. In the U.S., the 2006 amendments to the Federal Rules of Civil Procedure (FRCP) incorporated specific e-discovery guidelines for Electronically Stored Information (ESI) used as evidence in a civil or criminal case, including text, images, calendar files, databases, spreadsheets, audio files, animation, websites, and computer programs. Other countries have passed similar rules governing e-discovery. Although applications create hundreds of thousands of records as part of a single report, the law requires organizations to treat each as an individual record. Searching for a single record within a batch file containing thousands of records—or more—is akin to searching for a needle in a haystack. Organizations unable to retrieve records in a timely manner face multimillion dollar lawsuits, not to mention damage to their reputation and brands.
RECORDS MANAGEMENT’S BREAKING POINT: MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS C O N T E N T ELECTRONIC RECORDS ARE CONSIDERED A “TECHNOLOGY ISSUE” AND THEREFORE BECOME THE DE FACTO RESPONSIBILITY OF THE IT DEPARTMENT. IT DEPARTMENTS CAN ADDRESS HOLDS AND OTHER LEGAL REQUESTS SINCE THEY “OWN” THE RECORDS, BUT THEY MAY NOT POSSESS THE EXPERTISE OF LEGAL STAFF WELL-VERSED IN LITIGATION PROCESSES. AN ELECTRONIC RECORDS MANAGEMENT SOLUTION SHOULD LINK MAINFRAME AND DISTRIBUTED PROCESSING TRANSACTIONAL INFORMATION AND STORE RECORDS IN THEIR NATIVE ENVIRONMENT. IT SHOULD ALSO BE HIGHLY SCALABLE. Even those organizations that successfully fulfill e-discovery requests may ultimately spend millions of dollars in man-hours and lost productivity to comply with legal imperatives. Further, company executives may also become personally liable in certain situations and face individual fines or jail time. Even in an increasingly litigious environment, more than half of organizations lack e-discovery procedures. A recent AIIM survey revealed that while 71 percent of organizations address the legal hold of paper records in the event of litigation, only 57 percent have a process in place for electronic records.12 Perhaps part of the reason for a lack of ESI discovery process is that electronic records are considered a “technology issue” and therefore become the de facto responsibility of the IT department. The organization may ask the IT department to address holds and other legal requests since they “own” the records, but the IT department may not possess the expertise of legal staff well-versed in litigation processes. SECURITY RISK Electronic records often contain sensitive information, including employee Social Security numbers and customer account information, making these transactional records attractive to hackers. High-profile data breaches, such as the 2007 theft from TJX Companies, Inc. of transactional record data that compromised the security of 40 million credit and debit cardholders, highlight the need for organizations to integrate data storage and security with electronic records management processes to help protect such sensitive information. CRITICAL COMPONENTS OF AN ELECTRONIC RECORDS MANAGEMENT SOLUTION An electronic records management retention strategy must enable organizations to mitigate regulatory, legal, and security risks while addressing the unique challenges of electronic records. Rather than requiring a rip- and-replace of legacy systems, the solution should manage records across multiple environments yet provide a single, consolidated view; automate records management tasks, including classification and retention; enable individual record management; and provide records managers with easy-to-use administrative tools. WORK WITHIN A HYBRID ENVIRONMENT Most large organizations operate in a heterogeneous technology environment of both legacy mainframe applications and distributed processing systems, and will continue to run this environment for the foreseeable future. However, many records management solutions ignore the reality of this technology environment and require organizations to sunset legacy systems in order to implement an electronic records management practice. For the majority of organizations, a wholesale replacement of legacy systems is cost-prohibitive and overly disruptive to their operations. Rather than forcing a migration to a different platform, an electronic records management solution should link mainframe and distributed transactional information and store records in their native environment. It should also be highly scalable.
MANAGING THE ENORMOUS VOLUMES OF TRANSACTIONAL ELECTRONIC RECORDS REQUIRES A SOLUTION THAT AUTOMATES ALL PROCESSES. SINGLE VIEW INTO MULTIPLE REPOSITORIES Even though the ideal solution can administer electronic records in different repositories, it should contain an interface that provides a single view into records stored in many different locations throughout the organization, regardless of the type or age of the record. AUTOMATE TRANSACTIONAL RECORDS MANAGEMENT Managing the enormous volumes of transactional electronic records requires a solution that automates all processes. First, the solution should ingest application-generated content from mainframe and distributed systems, whether from enterprise-wide systems or line-of-business applications. Next, it should apply predefined business rules that determine who has access to the record, where to keep it, and how long to keep it. The solution should automatically extract metadata for classification and assign a disposition rule based on company requirements. Finally, the solution should automate retention. If the corporate retention policy changes, whether due to regulatory updates or corporate mandates, records managers need only define the new retention criteria once and the solution subsequently applies those criteria across all existing and new transactional records. PROVIDE GRANULARITY Even though applications produce transactional output containing multiple records, legal and compliance requirements force organizations to identify these records individually. Therefore, the solution should present records inside of bulk reports as individual records in taxonomy and enterprise file plans, and enable access controls at the record level. Organizations should be able to hold an individual record in a large report without retaining the complete report—and then be able to destroy individual records based on business events without affecting other records in the same archive. RECORDS MANAGER INTERFACE To be most efficient and effective, a records manager needs an automated, easy-to-use front end to administer the solution. A Web-based user interface based on an open architecture is ideal for providing records managers with a full-range of administrative functions. Records managers can then define hierarchical taxonomies for automatic classification, automatically define and subscribe to events from line- of-business applications, and define a corporate retention schedule with multiple policies and rules, applying those rules to specific record types. CONCLUSION Just as the Titanic was sunk by what was under the surface, your organization can also be “sunk” by what you don’t see: millions of electronic records. Without an automated, enterprise-wide solution specifically designed for high-volume electronic records management, your organization risks regulatory action, litigation, and security breaches.
www.asg.com ASG Worldwide Headquarters | 1.239.435.2200 or 1.800.932.5536 1333 Third Avenue South Naples, Florida USA 34102 Copyright © 2014 Allen Systems Group, Inc. All products mentioned are trademarks or registered trademarks of their respective holders. A recognized innovator in enterprise IT software solutions, ASG Software Solutions has been optimizing 85 percent of the world’s most complex IT organizations for more than 25 years. We create and deploy unique software solutions that reduce cost, mitigate risk and improve service delivery throughout the IT lifecycle. ASG’s comprehensive solutions help you solve today’s challenges, such as Cloud Computing and Big Data, while driving your business forward by providing insight and control across Cloud, distributed and mainframe environments. ASG is a privately held global company based in Naples, Florida, with more than 80 offices worldwide. ASG_Record_Mgmts_Breaking_Point__WP_20140206en REFERENCES 1 State of the ECM Industry. AIIM. 2010. 2 Ibid. 3 Electronic Records Management: Still Playing Catch-Up with Paper. AIIM. 2009. 4 Ibid. 5 NACHA Reports 18.76 Billion ACH Payments in 2009. NACHA-The Electronic Payments Association. April 7, 2010. 6 U.S. Equities: E-Trading Grows. Greenwich Associates. June 4, 2010. 7 Electronic Records Management: Still Playing Catch-Up with Paper. AIIM. 2009. 8 Ibid. 9 Ibid. 10 The Beginning of the End of Data Retention. Electronic Frontier Foundation. March 10, 2010. 11 FSA fines Goldman Sachs International £17.5 million for weakness in controls resulting in failure to provide FSA with appropriate information. FSA. Sept. 9, 2010. 12 Electronic Records Management: Still Playing Catch-Up with Paper. AIIM. 2009.

Recommended

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Larry Levine
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Ian Beckett
 
Future of the Legal Profession
Future of the Legal ProfessionFuture of the Legal Profession
Future of the Legal ProfessionRichard S. Granat
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Irma Article Edrm Software Design And Selection
Irma Article Edrm Software Design And SelectionIrma Article Edrm Software Design And Selection
Irma Article Edrm Software Design And SelectionConni Christensen
 
What's in your digital landfill?
What's in your digital landfill?What's in your digital landfill?
What's in your digital landfill?John Mancini
 
Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?John Mancini
 

Recommended

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Print Security? Are Businesses Complacent?
Print Security? Are Businesses Complacent?Larry Levine
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Ian Beckett
 
Future of the Legal Profession
Future of the Legal ProfessionFuture of the Legal Profession
Future of the Legal ProfessionRichard S. Granat
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Irma Article Edrm Software Design And Selection
Irma Article Edrm Software Design And SelectionIrma Article Edrm Software Design And Selection
Irma Article Edrm Software Design And SelectionConni Christensen
 
What's in your digital landfill?
What's in your digital landfill?What's in your digital landfill?
What's in your digital landfill?John Mancini
 
Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?John Mancini
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyAIIM International
 
White Paper Automate Contract Workflows
White Paper Automate Contract WorkflowsWhite Paper Automate Contract Workflows
White Paper Automate Contract Workflowselixenne
 
IT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperIT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperSarahSanders60
 
Digitisation White Paper Final
Digitisation White Paper FinalDigitisation White Paper Final
Digitisation White Paper FinalTina Wood
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Management Information Systems MGMT205
Management Information Systems MGMT205Management Information Systems MGMT205
Management Information Systems MGMT205Morenike Adekale, PMP, PMI_SP
 
Internal vs. external identity access management
Internal vs. external identity access managementInternal vs. external identity access management
Internal vs. external identity access managementTatiana Grisham
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Governance & Ediscovery
Governance & EdiscoveryGovernance & Ediscovery
Governance & EdiscoveryLouise Spiteri
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
Robert hillard presentation 2
Robert hillard presentation 2Robert hillard presentation 2
Robert hillard presentation 2Ark Group Australia Pty Ltd
 
Security concerns for Electronic business
Security concerns for Electronic businessSecurity concerns for Electronic business
Security concerns for Electronic businessDr. Prashant Vats
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
Dit yvol3iss48
Dit yvol3iss48Dit yvol3iss48
Dit yvol3iss48Rick Lemieux
 
Exploring Latent Semantic Vector Models Enriched With N-grams
Exploring Latent Semantic Vector Models Enriched With N-gramsExploring Latent Semantic Vector Models Enriched With N-grams
Exploring Latent Semantic Vector Models Enriched With N-gramsLeif Gr
 
AIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanAIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanPatrick BOURLARD
 
Club presentation 2015 16
Club presentation 2015 16Club presentation 2015 16
Club presentation 2015 16borofutsal
 
Empowerment of Women through Outsourcing_TP
Empowerment of Women through Outsourcing_TPEmpowerment of Women through Outsourcing_TP
Empowerment of Women through Outsourcing_TPMohammad Tanvir Parvez
 
Records_Manager_-_CE_2013.7.1_-_slides
Records_Manager_-_CE_2013.7.1_-_slidesRecords_Manager_-_CE_2013.7.1_-_slides
Records_Manager_-_CE_2013.7.1_-_slidesPatrick BOURLARD
 
OSI Reference Model ppt by TP
OSI Reference Model ppt by TPOSI Reference Model ppt by TP
OSI Reference Model ppt by TPMohammad Tanvir Parvez
 
კახეთი
კახეთიკახეთი
კახეთიgiorguna123
 

More Related Content

What's hot

Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyAIIM International
 
White Paper Automate Contract Workflows
White Paper Automate Contract WorkflowsWhite Paper Automate Contract Workflows
White Paper Automate Contract Workflowselixenne
 
IT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperIT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperSarahSanders60
 
Digitisation White Paper Final
Digitisation White Paper FinalDigitisation White Paper Final
Digitisation White Paper FinalTina Wood
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Internal vs. external identity access management
Internal vs. external identity access managementInternal vs. external identity access management
Internal vs. external identity access managementTatiana Grisham
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Governance & Ediscovery
Governance & EdiscoveryGovernance & Ediscovery
Governance & EdiscoveryLouise Spiteri
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
Security concerns for Electronic business
Security concerns for Electronic businessSecurity concerns for Electronic business
Security concerns for Electronic businessDr. Prashant Vats
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 

What's hot (15)

Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your Company
 
White Paper Automate Contract Workflows
White Paper Automate Contract WorkflowsWhite Paper Automate Contract Workflows
White Paper Automate Contract Workflows
 
IT Asset Retirement Plan White Paper
IT Asset Retirement Plan White PaperIT Asset Retirement Plan White Paper
IT Asset Retirement Plan White Paper
 
Digitisation White Paper Final
Digitisation White Paper FinalDigitisation White Paper Final
Digitisation White Paper Final
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
 
Management Information Systems MGMT205
Management Information Systems MGMT205Management Information Systems MGMT205
Management Information Systems MGMT205
 
Internal vs. external identity access management
Internal vs. external identity access managementInternal vs. external identity access management
Internal vs. external identity access management
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
Governance & Ediscovery
Governance & EdiscoveryGovernance & Ediscovery
Governance & Ediscovery
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
 
Robert hillard presentation 2
Robert hillard presentation 2Robert hillard presentation 2
Robert hillard presentation 2
 
Security concerns for Electronic business
Security concerns for Electronic businessSecurity concerns for Electronic business
Security concerns for Electronic business
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technology
 
Dit yvol3iss48
Dit yvol3iss48Dit yvol3iss48
Dit yvol3iss48
 

Viewers also liked

Exploring Latent Semantic Vector Models Enriched With N-grams
Exploring Latent Semantic Vector Models Enriched With N-gramsExploring Latent Semantic Vector Models Enriched With N-grams
Exploring Latent Semantic Vector Models Enriched With N-gramsLeif Gr
 
AIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanAIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanPatrick BOURLARD
 
Club presentation 2015 16
Club presentation 2015 16Club presentation 2015 16
Club presentation 2015 16borofutsal
 
Empowerment of Women through Outsourcing_TP
Empowerment of Women through Outsourcing_TPEmpowerment of Women through Outsourcing_TP
Empowerment of Women through Outsourcing_TPMohammad Tanvir Parvez
 
Records_Manager_-_CE_2013.7.1_-_slides
Records_Manager_-_CE_2013.7.1_-_slidesRecords_Manager_-_CE_2013.7.1_-_slides
Records_Manager_-_CE_2013.7.1_-_slidesPatrick BOURLARD
 
კახეთი
კახეთიკახეთი
კახეთიgiorguna123
 
Effective communication
Effective communicationEffective communication
Effective communicationRoseline Ekeke
 
Safety & security Pramary Schools
Safety & security Pramary SchoolsSafety & security Pramary Schools
Safety & security Pramary SchoolsRoseline Ekeke
 
Safety & security in school
Safety & security in schoolSafety & security in school
Safety & security in schoolRoseline Ekeke
 

Viewers also liked (12)

Exploring Latent Semantic Vector Models Enriched With N-grams
Exploring Latent Semantic Vector Models Enriched With N-gramsExploring Latent Semantic Vector Models Enriched With N-grams
Exploring Latent Semantic Vector Models Enriched With N-grams
 
AIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanAIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_Governan
 
Club presentation 2015 16
Club presentation 2015 16Club presentation 2015 16
Club presentation 2015 16
 
Empowerment of Women through Outsourcing_TP
Empowerment of Women through Outsourcing_TPEmpowerment of Women through Outsourcing_TP
Empowerment of Women through Outsourcing_TP
 
Records_Manager_-_CE_2013.7.1_-_slides
Records_Manager_-_CE_2013.7.1_-_slidesRecords_Manager_-_CE_2013.7.1_-_slides
Records_Manager_-_CE_2013.7.1_-_slides
 
OSI Reference Model ppt by TP
OSI Reference Model ppt by TPOSI Reference Model ppt by TP
OSI Reference Model ppt by TP
 
კახეთი
კახეთიკახეთი
კახეთი
 
Effective communication
Effective communicationEffective communication
Effective communication
 
Cocosa B2B
Cocosa B2BCocosa B2B
Cocosa B2B
 
Mysale Plc B2B
Mysale Plc B2BMysale Plc B2B
Mysale Plc B2B
 
Safety & security Pramary Schools
Safety & security Pramary SchoolsSafety & security Pramary Schools
Safety & security Pramary Schools
 
Safety & security in school
Safety & security in schoolSafety & security in school
Safety & security in school
 

Similar to ASG_Record_Mgmts_Breaking_Point_White_Pa

Enterprise Records Management : New challenges & Better Solutions Whitepaper ...
Enterprise Records Management : New challenges & Better Solutions Whitepaper ...Enterprise Records Management : New challenges & Better Solutions Whitepaper ...
Enterprise Records Management : New challenges & Better Solutions Whitepaper ...Jone Smith
 
The Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docx
The Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docxThe Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docx
The Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docxssusera34210
 
Effectiveness implementation of e commerce in the developing countries empiri...
Effectiveness implementation of e commerce in the developing countries empiri...Effectiveness implementation of e commerce in the developing countries empiri...
Effectiveness implementation of e commerce in the developing countries empiri...Alexander Decker
 
White Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsWhite Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsNewton Day Uploads
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesEchoworx
 
Business Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to SharepointBusiness Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to Sharepointtom termini
 
Achieving Digitalization in a Document Intensive Energy Market
Achieving Digitalization in a Document Intensive Energy MarketAchieving Digitalization in a Document Intensive Energy Market
Achieving Digitalization in a Document Intensive Energy MarketCTRM Center
 
Exploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docxExploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docxssuser454af01
 
Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceKen Matthews
 
“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...
“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...
“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...Cheryl McKinnon
 
Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government Workplaceguest9269676
 
Hadoop training in bangalore
Hadoop training in bangaloreHadoop training in bangalore
Hadoop training in bangaloreappaji intelhunt
 
Web technology and commerce unit 3
Web technology and commerce unit 3Web technology and commerce unit 3
Web technology and commerce unit 3arun0501
 
Unstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and SolutionsUnstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and SolutionsDATAMARK
 

Similar to ASG_Record_Mgmts_Breaking_Point_White_Pa (20)

Enterprise Records Management : New challenges & Better Solutions Whitepaper ...
Enterprise Records Management : New challenges & Better Solutions Whitepaper ...Enterprise Records Management : New challenges & Better Solutions Whitepaper ...
Enterprise Records Management : New challenges & Better Solutions Whitepaper ...
 
[EN] Document Management Market | Dr. Ulrich Kampffmeyer | DLM Forum 2000
[EN] Document Management Market | Dr. Ulrich Kampffmeyer | DLM Forum 2000[EN] Document Management Market | Dr. Ulrich Kampffmeyer | DLM Forum 2000
[EN] Document Management Market | Dr. Ulrich Kampffmeyer | DLM Forum 2000
 
The Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docx
The Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docxThe Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docx
The Trouble With Enterprise SoftwareF A L L 2 0 0 7 .docx
 
Digital Landfill
Digital LandfillDigital Landfill
Digital Landfill
 
Jahima Edrm Imrm
Jahima Edrm ImrmJahima Edrm Imrm
Jahima Edrm Imrm
 
Effectiveness implementation of e commerce in the developing countries empiri...
Effectiveness implementation of e commerce in the developing countries empiri...Effectiveness implementation of e commerce in the developing countries empiri...
Effectiveness implementation of e commerce in the developing countries empiri...
 
White Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsWhite Paper - Killing the Shadow Systems
White Paper - Killing the Shadow Systems
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
 
Business Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to SharepointBusiness Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to Sharepoint
 
Achieving Digitalization in a Document Intensive Energy Market
Achieving Digitalization in a Document Intensive Energy MarketAchieving Digitalization in a Document Intensive Energy Market
Achieving Digitalization in a Document Intensive Energy Market
 
MIS.ppt
MIS.pptMIS.ppt
MIS.ppt
 
Exploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docxExploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docx
 
Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government Workplace
 
“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...
“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...
“Recognizing Value from a Shared RM/DM Repository: Canadian Government Perspe...
 
Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government Workplace
 
Hadoop training in bangalore
Hadoop training in bangaloreHadoop training in bangalore
Hadoop training in bangalore
 
Web technology and commerce unit 3
Web technology and commerce unit 3Web technology and commerce unit 3
Web technology and commerce unit 3
 
Unstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and SolutionsUnstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and Solutions
 
E-FILE Corporate Profile
E-FILE Corporate ProfileE-FILE Corporate Profile
E-FILE Corporate Profile
 
Taming the data beast
Taming the data beastTaming the data beast
Taming the data beast
 

ASG_Record_Mgmts_Breaking_Point_White_Pa

  • 1. C O N T E N T Electronicrecordvolumesareincreasingasenterpriseandbusinesssystemsarmedwithaggregatedcomputing processingpowercreatehundredsofthousands—evenmillions—ofrecordswithinasinglebatchprocess.This whitepaperoutlinesissuesthatmakemanagingtransactionalelectronicrecordschallenging,demonstrateswhy organizationsneedtotamethehigh-volumetransactionalrecordsbeast,andlastly,describeswhattolookforina transactionalelectronicrecordsmanagementsolution. MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS RECORD MANAGEMENT’S BREAKING POINT
  • 2. RECORDS MANAGEMENT’S BREAKING POINT: MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS C O N T E N T ABOUT AIIM AIIM (WWW.AIIM. ORG) HAS BEEN AN ADVOCATE AND SUPPORTER OF INFORMATION PROFESSIONALS FOR NEARLY 70 YEARS. THE ASSOCIATION MISSION IS TO ENSURE THAT INFORMATION PROFESSIONALS UNDERSTAND THE CURRENT AND FUTURE CHALLENGES OF MANAGING INFORMATION ASSETS IN AN ERA OF SOCIAL, MOBILE, CLOUD, AND BIG DATA. FOUNDED IN 1943, AIIM BUILDS ON A STRONG HERITAGE OF RESEARCH AND MEMBER SERVICE. TODAY, AIIM IS A GLOBAL, NON-PROFIT ORGANIZATION THAT PROVIDES INDEPENDENT RESEARCH, EDUCATION, AND CERTIFICATION PROGRAMS TO INFORMATION PROFESSIONALS. AIIM REPRESENTS THE ENTIRE INFORMATION MANAGEMENT COMMUNITY, WITH PROGRAMS AND CONTENT FOR PRACTITIONERS, TECHNOLOGY SUPPLIERS, INTEGRATORS, AND CONSULTANTS. EXECUTIVE SUMMARY What you don’t see can sometimes be more dangerous than what you can.Visit the office of any large organization and you’ll likely find file cabinets filled with documents and desktop computers runningWord, Excel, email, and other personal productivity applications. All of this information—from mortgage loan applications and email exchanges between employees to Excel customer invoices and training videos posted on the company website—is content that every organization needs to manage. For most organizations, properly classifying, retaining, and then retrieving these records across multiple offices and business units is challenging and time-consuming, especially in light of ever-changing regulations and the omnipresent risk of litigation. However, records created manually and semi-automatically represent just the tip of the records management iceberg. Consider what’s under the surface: millions of records automatically created by high- volume, transactional enterprise systems.These electronic records include customer statements, bills, checks, invoices, and high-volume reports, representing the submerged, potentially dangerous portion of the iceberg. Like theTitanic, organizations are often able to navigate around the part of the iceberg they can see, but it’s what’s under the surface that can cause havoc. Electronic record volumes are increasing as enterprise and business systems armed with aggregated computing processing power create hundreds of thousands—even millions—of records within a single batch process. Simultaneous input from hundreds, if not thousands, of users adds to the data volumes. The good news is that organizations recognize that their electronic records management processes are not up to par, reporting that electronic records are more than twice as likely as paper records to be“unmanaged.”1 The bad news is that many lack a cost-effective, consistent, and efficient method of managing these records across the enterprise. Not only are transactional electronic records out of control, but often organizations can’t find them.The Association for Information and Image Management (AIIM) discovered that 41 percent of organizations are not confident that electronic information (excluding emails) is“accurate, accessible, and trustworthy.”2 It’s ironic that although electronic records are the most voluminous records in any organization, they are the most difficult to manage with current records management solutions—if they are managed at all. In an electronic records environment, traditional records management solutions that rely on manual processes fall short. A records management system adequate for retrieving, processing, and archiving several thousand records per day becomes costly and unwieldy when applied to several million transactional records per day. Like the volume of content itself, the task of getting these records under control may seem overwhelming. However, a new method of managing electronic records does exist.This white paper outlines some of the issues that make electronic records management so challenging, highlights why organizations need to tame the high-volume transactional records beast, and lastly, describes what to look for in a transactional records management solution.
  • 3. TAMING THE TRANSACTIONAL RECORDS BEAST Electronic records are easy to create but difficult to manage. In a nightly batch job, a billing or payroll system can generate thousands of records that need to be captured, classified, retained, and scheduled for disposal. Organizations also need to integrate the management of these electronic records with other record types created across the organization, including paper documents, XML, HTML, PCL, AFP, DJDE/Metacode, PDF, PostScript, rich media formats, Word documents, Excel spreadsheets, emails, and Outlook calendar entries. Organizations that attempt to apply manual and human-centric records management processes find that these traditional methods wind up being extremely expensive and impractical for several reasons, as described below. OUT OF SIGHT, OUT OF MIND Unlike paper documents that clutter up a file cabinet or storage room, electronic records reside in mainframe or distributed systems—or both—out of sight and often out of mind. Like the late, US-based comic Rodney Dangerfield, electronic records simply “get no respect.” According to AIIM, “Electronic records are still taken less seriously than paper records.”3 Once applications create these records, organizations then need to store them either in the application itself or, more typically, in external archiving or storage systems. But even this movement tends to be haphazard: More than 70 percent of organizations report that they do not have plans or provisioning in place for the long- term storage of electronic records.4 EXPLODING DATA VOLUMES There should be little wonder that managing electronic records is so challenging, since data volumes are exploding and show no signs of slowing down. For example, 18.76 billion payments crossed the Automated Clearing House (ACH) Network in 2009, an increase of 2.6 percent over 20085 , and electronic single-stock trading systems now create 37 percent of U.S. equity trading volume.6 Seventy percent of organizations report that the electronic record volume is “increasing rapidly,” while none report a decrease.7 ACCESS BY ALL It’s not just unwieldy volumes. The pervasive nature of electronic records is what makes them difficult to manage. Unlike paper, these records can’t be confined to a locked file cabinet. Employees, customers, suppliers—even hackers—can view, copy, disseminate, and destroy thousands of records in an instant. Those organizations without an electronic records management strategy are most at risk, with 60 percent of these organizations reporting that they are not confident that their electronic records have not been changed, deleted, or inappropriately accessed.8 SILOED ENVIRONMENT A technology environment in which siloed mainframe and distributed systems are the norm compounds the challenge of managing electronic records. Almost a third of organizations have 20 or more siloed content repositories and more than half have 10 or more.9 Yet the vast majority of records management solutions are standalone systems that address the records retention needs of a single department or application rather than integration with an enterprise-wide records retention plan. TRANSACTIONAL ELECTRONIC RECORDS ARE EASY TO CREATE BUT DIFFICULT TO MANAGE. APPLYING MANUAL AND HUMAN- CENTRIC RECORDS MANAGEMENT PROCESSES WINDS UP BEING EXTREMELY EXPENSIVE AND IMPRACTICAL.
  • 4. RECORDS MANAGEMENT’S BREAKING POINT: MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS C O N T E N T While organizations create these electronic records in siloed application systems, regulations and laws require that organizations have the ability to treat these records as if they were created by or reside in a single application. For example, a financial institution is court-ordered to place a legal hold on all records of transactions involving an individual customer account. However, those records may include ATM withdrawals, wire transfers, customer statements, and loan documentation housed in different application systems. If the financial institution is global, these records could be contained in different applications throughout the world, all with different retention and storage taxonomies—and under the governance of various disparate regulations. The inability to place a hold on an account within the legal time limit may expose the organization to incurring a multimillion dollar fine. OUTDATED PROCESSES AND STANDARDS In theory, the traditional principles of records management apply to any type of record. In practice, the high volume of these electronic records makes paper-based processes for declaration, classification, and retention tracking of electronic records costly and impractical. For example, while the U.S. Department of Defense Directive 5015.2 and the Model Requirements for Electronic Records Management (MoReq) in Europe provide guidelines that organizations can apply to electronic records management, these standards do not fully address issues specific to high-volume, application-created electronic records. Rather, organizations need to implement standards that consider the speed at which electronic records are created, stored, and disposed. Many organizations use a manually-maintained file plan to manage their paper documents. When a government agency passes a new record retention regulation, the records manager manually enters the new retention criteria into the records management system for each impacted record type. This process may work fine for a limited number of records but becomes exponentially expensive and unwieldy when manually applied to billions of electronic records accumulated over several years. Organizations, especially those that are international and must comply with a wide variety of country-specific jurisdictions, would require an army of records managers to keep pace with changing regulations—as well as the overwhelming numbers of records requiring oversight. RETENTION COMPLICATIONS The IT department typically is responsible for enterprise systems and often—by default—becomes responsible for the classification and retention of the records within those systems. Rather than considering risk, legal, or regulatory ramifications or whether the corporate “memory” is properly protected, the IT department tends to view retention as a storage management issue. Since the IT department is typically not well-versed in records management issues and may be unsure of how to apply appropriate retention schedules, it may err on the side of archiving all electronic records. With storage costs decreasing as a result of new technologies and options such as cloud computing, moving all electronic records to low-cost or alternative storage may seem like an answer. However, without an enterprise-wide electronic records management solution, organizations still cannot properly classify, retain, retrieve, and then delete records stored in siloed systems and databases according to central retention policies. A strategy of “keeping everything” can also result in penalties. In Germany, courts concluded that telecommunications companies must delete telephone and Internet data, overturning the 2006 EU Directive on Data Retention requiring companies to keep such data for six months. Telecommunications companies failing to delete the data now face fines.10 THE U.S. DEPARTMENT OF DEFENSE DIRECTIVE 5015.2, AND THE MODEL REQUIREMENTS FOR ELECTRONIC RECORDS MANAGEMENT (MOREQ) IN EUROPE PROVIDE GUIDELINES THAT ORGANIZATIONS CAN APPLY TO ELECTRONIC RECORDS MANAGEMENT. THESE STANDARDS DO NOT FULLY ADDRESS ISSUES SPECIFIC TO HIGH-VOLUME, APPLICATION CREATED ELECTRONIC RECORDS.
  • 5. ALTHOUGH APPLICATIONS CREATE HUNDREDS OF THOUSANDS OF RECORDS AS PART OF A SINGLE REPORT, THE LAW REQUIRES ORGANIZATIONS TO TREAT EACH AS AN INDIVIDUAL RECORD. IN SEVERAL HIGH- PROFILE CASES, COURTS HAVE HEAVILY FINED ORGANIZATIONS UNABLE TO PROVIDE ACCESS TO ELECTRONIC RECORDS IN A TIMELY MANNER. WHY HIGH-VOLUME TRANSACTIONAL RECORDS MANAGEMENT MATTERS Is electronic records management—particularly that associated with high-volume, application-created records—worth the effort? In a word: Yes. Those organizations not able to fully manage transactional electronic records risk regulatory noncompliance, legal action, and unauthorized data access that can negatively impact their business. REGULATORY RISK The Bernie Madoff $50 billion Ponzi scheme (2008), the Enron debacle (2001), and the accounting fraud incident at Indian outsourcing provider Satyam Computer Services (2009) are just a few of the highly publicized criminal events that have regulators considering passing a slew of new policies designed to improve information transparency. Although not focused on records management per se, regulations including the Markets in Financial Instruments Directive (MiFID), the Health Insurance Portability and Accountability Act (HIPAA), the USA PATRIOT Act, the Sarbanes-Oxley (SOX) Act, the U.S. Food and Drug Administration’s 21 CFR Part 11, the Consumer Product Safety Improvement Act (CPSIA), and the EU Data Protection Directive include provisions directly attributable to electronic records management. For example, while the major objective of MiFID is to harmonize Europe’s financial markets, MiFID Article 51(3) addresses records retention, specifying a five-year retention period for transactional data. HIPAA, which governs electronic transfers of health information, mandates that organizations retain all medical records, signed consent forms, authorization forms, and other HIPAA-related documentation for six years. It also requires organizations to keep records for two years after a patient’s death. The Anti-Money Laundering Directive 2005/60/ EC requires organizations to keep records for at least five years. Lastly, Directive 2003/88/ EC directs organizations to keep records of employee work hours and provide those records on demand. In several high-profile cases, courts have heavily fined organizations unable to provide access to electronic records in a timely manner. Unfortunately, good intentions and attempting to comply with regulations can still result in hefty fines. For example, the Financial Services Authority (FSA) stated that Goldman Sachs International did not “set out to hide anything,” but still fined the firm £17.5 million for failure to ensure it could comply with UK regulatory reporting rules. Margaret Cole, managing director of enforcement and financial crime for the FSA, stated, “This penalty should send a message—particularly to the senior management of large institutions—of the need to have their firm’s UK reporting obligations at the forefront of their minds.”11 LEGAL RISK Organizations need access to records to not only successfully defend a case, but also for proactive legal activities. In the U.S., the 2006 amendments to the Federal Rules of Civil Procedure (FRCP) incorporated specific e-discovery guidelines for Electronically Stored Information (ESI) used as evidence in a civil or criminal case, including text, images, calendar files, databases, spreadsheets, audio files, animation, websites, and computer programs. Other countries have passed similar rules governing e-discovery. Although applications create hundreds of thousands of records as part of a single report, the law requires organizations to treat each as an individual record. Searching for a single record within a batch file containing thousands of records—or more—is akin to searching for a needle in a haystack. Organizations unable to retrieve records in a timely manner face multimillion dollar lawsuits, not to mention damage to their reputation and brands.
  • 6. RECORDS MANAGEMENT’S BREAKING POINT: MANAGING TRANSACTIONAL ELECTRONIC RECORDS IN HIGH-VOLUME ENVIRONMENTS C O N T E N T ELECTRONIC RECORDS ARE CONSIDERED A “TECHNOLOGY ISSUE” AND THEREFORE BECOME THE DE FACTO RESPONSIBILITY OF THE IT DEPARTMENT. IT DEPARTMENTS CAN ADDRESS HOLDS AND OTHER LEGAL REQUESTS SINCE THEY “OWN” THE RECORDS, BUT THEY MAY NOT POSSESS THE EXPERTISE OF LEGAL STAFF WELL-VERSED IN LITIGATION PROCESSES. AN ELECTRONIC RECORDS MANAGEMENT SOLUTION SHOULD LINK MAINFRAME AND DISTRIBUTED PROCESSING TRANSACTIONAL INFORMATION AND STORE RECORDS IN THEIR NATIVE ENVIRONMENT. IT SHOULD ALSO BE HIGHLY SCALABLE. Even those organizations that successfully fulfill e-discovery requests may ultimately spend millions of dollars in man-hours and lost productivity to comply with legal imperatives. Further, company executives may also become personally liable in certain situations and face individual fines or jail time. Even in an increasingly litigious environment, more than half of organizations lack e-discovery procedures. A recent AIIM survey revealed that while 71 percent of organizations address the legal hold of paper records in the event of litigation, only 57 percent have a process in place for electronic records.12 Perhaps part of the reason for a lack of ESI discovery process is that electronic records are considered a “technology issue” and therefore become the de facto responsibility of the IT department. The organization may ask the IT department to address holds and other legal requests since they “own” the records, but the IT department may not possess the expertise of legal staff well-versed in litigation processes. SECURITY RISK Electronic records often contain sensitive information, including employee Social Security numbers and customer account information, making these transactional records attractive to hackers. High-profile data breaches, such as the 2007 theft from TJX Companies, Inc. of transactional record data that compromised the security of 40 million credit and debit cardholders, highlight the need for organizations to integrate data storage and security with electronic records management processes to help protect such sensitive information. CRITICAL COMPONENTS OF AN ELECTRONIC RECORDS MANAGEMENT SOLUTION An electronic records management retention strategy must enable organizations to mitigate regulatory, legal, and security risks while addressing the unique challenges of electronic records. Rather than requiring a rip- and-replace of legacy systems, the solution should manage records across multiple environments yet provide a single, consolidated view; automate records management tasks, including classification and retention; enable individual record management; and provide records managers with easy-to-use administrative tools. WORK WITHIN A HYBRID ENVIRONMENT Most large organizations operate in a heterogeneous technology environment of both legacy mainframe applications and distributed processing systems, and will continue to run this environment for the foreseeable future. However, many records management solutions ignore the reality of this technology environment and require organizations to sunset legacy systems in order to implement an electronic records management practice. For the majority of organizations, a wholesale replacement of legacy systems is cost-prohibitive and overly disruptive to their operations. Rather than forcing a migration to a different platform, an electronic records management solution should link mainframe and distributed transactional information and store records in their native environment. It should also be highly scalable.
  • 7. MANAGING THE ENORMOUS VOLUMES OF TRANSACTIONAL ELECTRONIC RECORDS REQUIRES A SOLUTION THAT AUTOMATES ALL PROCESSES. SINGLE VIEW INTO MULTIPLE REPOSITORIES Even though the ideal solution can administer electronic records in different repositories, it should contain an interface that provides a single view into records stored in many different locations throughout the organization, regardless of the type or age of the record. AUTOMATE TRANSACTIONAL RECORDS MANAGEMENT Managing the enormous volumes of transactional electronic records requires a solution that automates all processes. First, the solution should ingest application-generated content from mainframe and distributed systems, whether from enterprise-wide systems or line-of-business applications. Next, it should apply predefined business rules that determine who has access to the record, where to keep it, and how long to keep it. The solution should automatically extract metadata for classification and assign a disposition rule based on company requirements. Finally, the solution should automate retention. If the corporate retention policy changes, whether due to regulatory updates or corporate mandates, records managers need only define the new retention criteria once and the solution subsequently applies those criteria across all existing and new transactional records. PROVIDE GRANULARITY Even though applications produce transactional output containing multiple records, legal and compliance requirements force organizations to identify these records individually. Therefore, the solution should present records inside of bulk reports as individual records in taxonomy and enterprise file plans, and enable access controls at the record level. Organizations should be able to hold an individual record in a large report without retaining the complete report—and then be able to destroy individual records based on business events without affecting other records in the same archive. RECORDS MANAGER INTERFACE To be most efficient and effective, a records manager needs an automated, easy-to-use front end to administer the solution. A Web-based user interface based on an open architecture is ideal for providing records managers with a full-range of administrative functions. Records managers can then define hierarchical taxonomies for automatic classification, automatically define and subscribe to events from line- of-business applications, and define a corporate retention schedule with multiple policies and rules, applying those rules to specific record types. CONCLUSION Just as the Titanic was sunk by what was under the surface, your organization can also be “sunk” by what you don’t see: millions of electronic records. Without an automated, enterprise-wide solution specifically designed for high-volume electronic records management, your organization risks regulatory action, litigation, and security breaches.
  • 8. www.asg.com ASG Worldwide Headquarters | 1.239.435.2200 or 1.800.932.5536 1333 Third Avenue South Naples, Florida USA 34102 Copyright © 2014 Allen Systems Group, Inc. All products mentioned are trademarks or registered trademarks of their respective holders. A recognized innovator in enterprise IT software solutions, ASG Software Solutions has been optimizing 85 percent of the world’s most complex IT organizations for more than 25 years. We create and deploy unique software solutions that reduce cost, mitigate risk and improve service delivery throughout the IT lifecycle. ASG’s comprehensive solutions help you solve today’s challenges, such as Cloud Computing and Big Data, while driving your business forward by providing insight and control across Cloud, distributed and mainframe environments. ASG is a privately held global company based in Naples, Florida, with more than 80 offices worldwide. ASG_Record_Mgmts_Breaking_Point__WP_20140206en REFERENCES 1 State of the ECM Industry. AIIM. 2010. 2 Ibid. 3 Electronic Records Management: Still Playing Catch-Up with Paper. AIIM. 2009. 4 Ibid. 5 NACHA Reports 18.76 Billion ACH Payments in 2009. NACHA-The Electronic Payments Association. April 7, 2010. 6 U.S. Equities: E-Trading Grows. Greenwich Associates. June 4, 2010. 7 Electronic Records Management: Still Playing Catch-Up with Paper. AIIM. 2009. 8 Ibid. 9 Ibid. 10 The Beginning of the End of Data Retention. Electronic Frontier Foundation. March 10, 2010. 11 FSA fines Goldman Sachs International £17.5 million for weakness in controls resulting in failure to provide FSA with appropriate information. FSA. Sept. 9, 2010. 12 Electronic Records Management: Still Playing Catch-Up with Paper. AIIM. 2009.