Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Bring IT together_2015_ECOOandOASBO

416 views

Published on

Moving records management from a paper based strategy to a electronic strategy requires re-thinking what needs to be protected and where the threats to security exist.

The key is to stop focusing on the artifact (the document) and focus on the information that is important. Documents are just the storage media to move the information from person to person.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Bring IT together_2015_ECOOandOASBO

  1. 1. Increase records security through process Christopher Wynder, Ph.D Director of Client Services @ChrisW_thinkdox chrisw@thinkdox.com ThinkDox LLC.
  2. 2. Education has the third highest rate of records breaches in 2014-2015 ThinkDox LLC. These first two are symptoms of how poor/slow adoption of technology has been for records handling. The last three are purely process maturity. Suggesting that even if adoption of EDRMs technology was higher significant issues would still exist.
  3. 3. Effective ERM is service driven: It is embedded into normal work processes Provides time-savings to system users Aligns with organization strategy and goals
  4. 4. Most records management procedures are based on “paper” • Rigid organization- enforced taxonomy. • Retention rules • Disposition workflow • Audit of deletion schedules Capture Organize Use Archive or retire How it is generated does not matter in a paper world. The physical artifact is “handed over” Use is controlled via ownership of artifact.
  5. 5. Documents consist of information that is used for particular business processes. There is no requirement for documents to be maintained for any period of time. Records are a subclass of documents that must be treated differently. Specifically, they must be maintained in a format that can not be changed for a specific length of time. Processes produce both documents and records. Users do not have “silo’ed” work days where they handle just records or handle just documents. 9am DATE ? 5pm The average user’s day ERP/CRM ThinkDox LLC.
  6. 6. EIM as a strategy reduces risk of user confusion Process and storage location alignment = risk reduction Before R&DSales CEO HR After R&DSales CEO A year later Do we have any tape? Someone needs to organize this! That looks great…but where do I put my vacation request-is it HR or department? Do we have any tape? I thought we organized this?!
  7. 7. DATE ERM ShrePoint Legacy Exchange ERP Information can be found in a lot of places- and is a mix of personal and work On-Premise Software Cloud and SaaS ThinkDox LLC.
  8. 8. How people work has changed vastly Capture Organize Use Archive or retire Information lifecycle User information lifecycle Generate Record Use Forget or storeOrganize Re-Organize Envisioned Starting point Actual Starting point Forget or store
  9. 9. Align user information and ECM lifecycles at key points in the process Adoption and BRPs are linked together. Solve the users’ key needs and you’ll solve your compliance concerns surrounding structured documents and records. Capture Organize Use Archive or retire ECM lifecycle User information lifecycle Generate Record Use Forget or store ? Organize Re-Organize ECM works best when the information is organized at capture The un-asked question-”How do users get work done?” This is key to how users expect to find documents Users lack the tools to appropriately archive content Re-use leads to lots of local copies.
  10. 10. Move beyond just ERM to EIM ThinkDox LLC. ERM Add User ECM ERP or LMS Student records
  11. 11. Focus on the user tools that solve user frustration with their day-to-day activities. How many different applications are they using 9am DATE ? 5pm How many times are they breaking compliance ERP/CRM how do users generate content-what are the filetypes, what are the key applications where is the information from that content being recorded? Office documents, applications what is the point of the content? Is the information being shared? Is it for revenue generation? Does it need to be moved to other people? ....is the information source used again. What do users really need, what can you securely provide them. G enerate R ecord O rganize W hen
  12. 12. Account for GROW-th by accepting the organic nature of information An architect plans the design of information, brings structure to unstructured sources by enabling users to move through a "journey“. Requires existing user compliance and understanding of information sources. A gardener sets the parameters of access, provides a single point of entry to user needs by understanding that every user has multiple “journeys” that encompass their job. Requires access control to key information sources to ensure user compliance.
  13. 13. Be the gardener: plant the seed, control the weeds, and nourish the environment • Gardeners do not control growth they only maximize the conditions for growth. • What can you as an Information Gardener do: ◦provide appropriate access (the size of the plot). ◦Set limits on where the seeds can grow (users) and ◦provide within that plot the nutrients (information) that seeds need. • You cannot control the growth but you can limit the unwanted growth. Growth on ECM is going to be organic but you can limit the space provided.
  14. 14. 1. Can we manage the customization? 2. Can we gather enough information on users Start by defining what you want the system to do IT Competency 1. What are users going to do IN system? 2. How embedded should the system be in our processes? 1. What can our ECM system do / do we features should we be prioritizing? 2. Do we have a taxonomy? 3. What is a disposition needs? 1 2 3 Information Governance Technology readiness
  15. 15. LMS Idealized process ThinkDox LLC. ERM Add Student records
  16. 16. The reality of how student records get updated Add 
  17. 17. School level How do we move to better process Board level System of interaction System of record Access control Findability Archive Ad hoc/ Fileshare Holistic planning for information management Infrastructure planning Requirement gathering Implementation Integrated retention and disposition schedules Understanding trends in content generation Information management strategy Technological support for managing information THINKDOX LLC.
  18. 18. Case study: Evaluating a broken process Who K- 8 School board in Mid- west US. Central IT administration Charter schools have own IT budget Problem Updating student records at end of year is time- consuming for both teachers and central admin Process “feels” unique for each school to enter same data Complications Some schools use Google Apps. Central Admin and many schools are standardized on Microsoft Central use O365. Most schools are migrating to O365 THINKDOX LLC.
  19. 19. The reality is their “process” is actually 3 processes 1 2 3 Records change approval Records change workflow Records update capture
  20. 20. Optimizing each sub-process 1 Records change approval Why is this happening outside the system? Do we care? Risks? Printing student records increases the number of different places that regulated information is stored. Speed of process has led to paid overtime for Admin staff constraining infrastructure upgrades. Why: Key approval is an “email guy” doesn’t want to learn a new system. It fits with the communication and template locations that currently exist.
  21. 21. Addressing the “Why” – understand how each user works Admin Student records Facilities management User Journey of a Admin’s day Check information Get Approval Confirm Updates Request updates Review orders Send orders Request approval Draft orders Analysis: The nature of approvals is the real issue. Facilities management is completely done through accounting software. Has no ability to capture “wet signatures” Approver wants to just send an email.
  22. 22. Identify the “most dangerous” user personas What core users or departments are the most dependent on ECM or have roles that generate the most content for ECM? Go right to the source: Where are the roadblocks in the process? • Survey users about their activities. • Compare the activities of people in problem processes. Where are the compliance issues? Which group of users is the organization most concerned with? Non-compliance from user groups that know better is often due to a lack of support for BRPs Use IT system data: What does the log-in data tell us? Is there an AD role that is under represented? Users that are under-represented in access logs are likely dissatisfied with ECM. What department has the most complex site organization? Complex granular trees often result from user groups copying and re-filing information for new projects. Search logs – are there commonly searched terms? Searching for the same document is a sign that users do not recall where documents live.
  23. 23. Dealing with capture and re-capture problems 3 Records update capture Why is this happening outside the system? Do we care? Risks? Errors in data input cause problems for teachers and administrators attempting to evaluate educational plans. Duplicated records is an serious issue for both storage growth and audit controls Why: No one knows how to update documents in the system. Information is captured in a different system then the records management system
  24. 24. Use of word templates and no required metadata “hides” documents from ERM Collaboration System of record Access control Templates PDF generation strips metadata and is not linked to a form type in Laserfiche Admin kept copy of template on HD No one actually used SharePoint for version control Template IT had tied metadata to “live” copy
  25. 25. Move the whole process to form based approach Capture Organize Use Archive or retire
  26. 26. Take advantage of the metadata system to connect records classification to both information and process Text Date List Dynamic “In progress” Information Folder Information sorting (Templates) Process step identification Tags Confidential Templates can be applied to either folders or documents Tags can convey information or restrict access
  27. 27. The brain uses two descriptors for recall. Take advantage of this to limit the number of descriptors • People vaguely recall the name of a document • People recall why they made or last used a document • People are hard wired to remember WHO they: ◦Work with ◦Communicated with ◦Made the original • The right two pieces of process information will allow users to find the right documents Take advantage of how the brain works. Weak recall Weak recall Strong recall Object Who = = =
  28. 28. Describe the user journey based on how people work Expand using descriptors that describe work patterns Facet Description Examples Matter Objects, typically inanimate. Desktops; Servers; Storage; Buildings. Energy Actions and Interactions. “processes”. Customer service; Quality control; Manufacturing; Research; Accounts payable. Space Locations, departments, Human resources; APAC; Guatemala; Building A2. Time Hour, period, or duration Morning; Q3; Financial close; Winter; 2011.
  29. 29. Build out the descriptors based discrete tasks during the process Client size Depart. Budget related Location Order approvals fulfillment Initiative Intranet ERP Other sources Website HR structures Remember our goal at the beginning is to have enough taxonomy to confidently allow users to add content to ECM for the purposes that the organization has defined. The taxonomy WILL need to updated through a controlled process. The key with “semantic search” is a clear process for evaluating the usage. The goal should be to have these integrated into the controlled vocabulary to replace unused terms rather than create a shadow metadata system
  30. 30. Categorize the non-records descriptors based on GROW fields Contract negotiations Billing Contracts Secondary office Remote CRM logs Surveys Direct interaction Location financials Call list Daily activities Calendar Hand-over Workgroup Potential taxonomy descriptors (GROW) These could be the drop- down terms Wide category Remember this initial goal is about gaining control over documents. The long term goal is a living set of descriptors that mirror business practices. These are probably too specific. Additional personas will generalize these further to make them usable.
  31. 31. Use process descriptions to enable both findability and security Long lists of anything are a disaster for information collection Marketing Joke: “What is the biggest state in the United States?” The Answer: 8x3 The human brain has a storage and sorting limit of eight items. This means drop-down items 9 - ∞ will not be considered. Keep your taxonomy to three levels of detail, each with about eight items. The taxonomy for a facet, therefore, can have 83 – or 512 – items.
  32. 32. Define the complete view of what people do to extend content descriptors Persona Business Process Users Workflow New cases Case management Check schedule Follow-up Schedule meeting Check for information Review previous Monitor action Request action Review reports Service Management BPM case module CRM case # Workflow Confirm by SMTP Social Services
  33. 33. Refined the process maps with the actual information they need DATE CRM Constituent or Council needs Vacation request Agenda/ Budget What information outside of their job description do users need to “get work done” DATE DATE DATE How many of these resources are up-to- date?
  34. 34. Well-governed information is both protected and used. • Start by determining how similar the key intra- and inter-departmental information movement patterns are. Do HR and corporate services speak the same language. • School boards with cloud based educational tools e.g. GAFE, Office 365, D2L should evaluate the processes and security of how information moves into these systems. • Move away from “E-documents” such as fillable PDFs to dynamic forms and workflow. This is easier to manage long term • Don’t forget about social. School officials need to have policy and process for when constituent information and conversation moves beyond community “engagement” to legally binding or regulated action. RegulationsOrganization-wide data Similarities Departmental data Key considerations for how to maximize the use of your ECM
  35. 35. Thank you Have questions or want a copy of the presentation: Email me: chrisw@thinkdox.com Don’t want to email me: See our websites presentation page http://thinkdox.com/news/presentations/ We are on twitter and LinkedIn @Thinkdox @ChrisW_thinkdox https://www.linkedin.com/company/thinkdox-inc- ?trk=biz-companies-cym

×