4. Governance Framework
• Governance
• Decisions and directives (policies)
• Risk Management
• Procedures and guidelines implementing boundary restraints
• Compliance
• Assessments of adherence to policies, procedures, directives
5. Governance Framework
• GRC - Governance, Risk Management, Compliance
• IG - Information Governance
• RIM - Records and Information Management
• ERM - Electronic Records Management
6. Why ERM?
• Up to 90% of records today are born digital*
• ERM is key component of robust RIM Program
• RIM is foundational to Information Governance
• IG supports institutional GRC
* http://www.clir.org/pubs/reports/reports/pub149/pub149.pdf
9. Are You Experiencing…
• Unmanaged records in legacy systems
• Disparate, siloed document repositories
• No system-wide standard index or metadata
• No recognized executive sponsor of program
• Uncertainty regarding email as a record
• Few to no practical means to enforce retention
10. …Any of These Symptons?
• Difficulty demonstrating adherence to policies
• Lack of training or awareness of policies
• Ineffective legal (litigation) hold implementation
• Lack of sure-fire method of total e-discovery
• Lengthy response time to Open Records requests
• Random, undocumented application of disposition
11. If Yes, GoTo ERM!
• Definition of ERM
• Application of principles of records management to electronic
records:
Any form of digitally recorded material generated, transmitted, received
and/or stored that is designated a record by data owner or law, based on content
and/or subject matter. This includes but is not limited to electronic digital
interchange, email, digital/text voice messages, instant messages and text
messages.
• Can apply to mangement of electronic records, or to electronically
managing non-digital records
14. ERM - Technology
Examples of DoD5015.2-certified RMAs
• IBM Enterprise Records 5.1
• Open Text Records Management
• EMC Documentum Records Manager 6.7
• Gimmal Compliance Suite for MS SharePoint 2010
• HP Automony Records Manager 12.6 and HP TRIM
• Feith Systems BrideLogiQ RMA v9
• Oracle WebCenter Content: Records
• Alfresco Records Management 2.0.3
• Laserfiche Records Management Edition 9
• ZL Unified Archive
15. ERM - Process
• Capture process - direct ingestion or scan paper
• Tagging process - auto, user, or records staff
• Search process - by category, key word, security
• Production process - download, attach, print
• Disposition process - record of deletion, approval
16. ERM - Philosophy
• Accepting electronic records as official copy
• Accepting change in work habits
• Accepting digital methods of authorization
• Accepting time and volume contraints on digital
workspaces
18. Windows 255-character limit on file names
Password
protection
Case management Hidden
zipped
files
Naming
conventions
19. Reality Checks
• No Pain, No Gain
• Business Process Analysis and Change Management
• Funding Justification
• Implementation Cost + Training + Ongoing Operational Costs
• IT Resources and Security
• Server Space + Annual Licenses + Database Hygiene + Profile Management
• Realistic Metrics to Gauge Effectiveness
• Quicker Response, Greater Confidence of Retrieval, Better Audit Trails
20. GARP® Maturity Model
A - Accountability
T - Transparency
I - Integrity
P - Protection
C - Compliance
A - Availability
R - Retention
D - Disposition
22. Benefits of ERM
• Standardized Record Classification (Tags)
• One-Stop Shop for E-Discovery of Records
• Auditable Retention and Disposition Processes
• Tighter Control of Legal Holds and Releases
• Permits Time-Based Auto-Delete of Non-Record or
Transitory Information Repositories
23. Do You Need ERM?
• ERM requires people, process, technology
• ERM is key component of RIM Program
• ERM supports goals of Information Governance
• ERM satisfies GRC drivers:
• Governance - Records management and retention Policies
• Risk Management - Data loss prevention, documented legal holds
• Compliance - Auditable controls for access, retention, disposition