Strategic Planning

The Panama Papers 2.6 Terabyte Terror

“This is not a leak. This is a Hack.” – Ramon Fonseca

Known to be the largest and now most controversial data leak of all time, the Panama Papers is a prime case to be examined by information management providers. Mossack Fonseca, an international law firm, is now facing extreme backlash for their ties to foreign money.  Hacked and leaked by an anonymous source, this is the largest recorded data breach in history. The crime in question, the hacking of Mossack Fonseca’s private information has been overshadowed by the scandal of their relationships to foreign politicians and what some are saying, dirty money.

Hacking can occur in a number of ways. The computer systems itself can be hacked and mined for information. Websites can be compromised and emails can be phished. If your organization is a target for a cyber hacking, there’s not much you can do to prevent it. See how the NSA, JP Morgan Chase, and Sony Entertainment couldn’t help but be victims to malicious targeted cyber hacks & data leaks.

However, if you’re not a target with a big red market on your back, then it’s still better to be safe than sorry. Take precautions by improving your information security so that an accidental hacking doesn’t tear down your organization. Here are 3 easy benchmarks any organization can check off, to proactively combat a potential cyber hack.

1.    Perform required software updates for your document management systems, operating systems and web browsers.

2.   Ensure implementation of appropriate firewalls to servers, networks, and devices.

3.   Manage all passwords with an encryption software or change your passwords often.

It seems to be that cyber hacking is the new cool but that’s what makes this all the scarier. As intelligent engineers are lured into employing their skills towards malicious criminal activity, all an organization can do is be aware, proactive, and smart about how their information is controlled.

 

Taxonomy and User Experience

“Integrate the taxonomy DIRECTLY into the user experience.”- John Mancini, AIIM President and CEO

On a scale of 1 to 10, where would you rate your organization skill?

This seems to be one of those questions that most employers ask when looking to hire a new associate; I’m sure most of you remember responding to this question at least once. Unless we’re asked, we tend not to think about it. This is the same for taxonomy. It’s not often we think about taxonomy in our daily lives, but that’s simply due to how well organized our lives actually are, even if you yourself aren’t the most organized person.

Organization of one’s information should begin with taxonomy in mind to make information management simpler. Take for example, Ikea. It’s an enormous warehouse style retailer, full of every home good you may possibly need or want and somehow, you’re able to find exactly what you’re looking for. This user experience is due to the implementation of taxonomy.

I’d like to share an article that’s almost a year old, but is still very relevant. As this new year is now moving forward in full gear, it’s time to take a look into how well organized our information might be and how that may be affecting our work. 

Find the AIIM article, ‘3 Things an IKEA dresser can teach us about Content Management,” written by Mancini, here.

Here are Mancini’s quick tips:

1. Make your taxonomy as complicated as is necessary to get the job done, and not one bit more.

2. Integrate the taxonomy directly into the user and employee experience.

3.You don’t need to limit your organization to just one repository, but you do need to have a strategy.

Mancini states that the true key to Ikea’s success is that, “There is a method and a structure to the madness that allows people to navigate this incredible inventory of ‘stuff’ on their own and with a minimum of supervision, find exactly what they need, load it onto flatbed carts, and move on beyond the cash registers.”

The user experience has been streamlined and made positive due to the organization’s understanding and application of taxonomy. The more organized our lives are the less we have to work to find the information or things that we need. That should be the goal, maximize personal productivity with little to no effort, and taxonomy is how we get there. My next trip to Ikea is going to be seen with a new perspective.

FileTrail's Jim Merrifield to Present Opening Keynote Address at ARMA Houston 2014 Conference

We are excited to be at the ARMA Houston 2014 Conference & Expo this week (April 22nd & 23rd) at the Norris Conference Center. This year's theme is a very timely one,  "Bridging the Gap - Records Management to Information Governance.” We encourage you to please stop by our booth to discuss some IG or just say hello. In addition, we're pleased to announce that FileTrail's, Jim Merrifield, will be delivering the opening keynote address entitled " Embrace Information Governance - The Time is Now!

A brief summary of what will be discussed is shown below:

Summary: Information Governance is more than just a new “buzz” word for records management. Good governance requires good record keeping. However, records management is only the foundation and a starting point. Information is stored everywhere and it needs to be controlled and managed. It’s not enough to manage just “records”, organizations must manage all its information regardless of where it is stored, regardless of medium and whether it is a records or not.

Information Governance is a strategic discipline that requires RIM professionals to think outside the box and expand their thinking beyond just managing records. A truly holistic and comprehensive view is needed.

By attending this presentation you will learn how to help your organization in the following four (4) ways:

1. Manage information risk and ensure compliance with business requirements.

2. Develop an IG strategic plan and framework that works

3. Gain control of information and optimize its value

4. Reduce cost by disposing of information when it’s no longer needed

About Jim:

Jim Merrifield is the Information Governance Evangelist for FileTrail, Inc. and Co-founder of the Information Governance Conference. He focuses on educating organizations on how to design and implement enterprise records management and information governance solutions. Prior to joining FileTrail, Inc, Jim was the Records Manager for Finn Dixon & Herling LLP. Jim holds both industry leading designations, the certified Information Governance Professional (IGP) and certified Information Professional (CIP). He also holds many AIIM certificate designations including Electronic Records Management, SharePoint and Taxonomy and Metadata. Jim is co-developer of the ARMA IGP Course, an AIIM education partner, AIIM Expert Blogger, and President of the ARMA Connecticut Chapter.

Automation Should Get The Job Done And Be Defensible In Court

When is automation going to deliver the promises we have been hearing for years?  Automation is software that automatically classifies records, starts the review cycle automatically, notifies reviewers by email, escalates to managers when reviewers pass deadlines, and presents content for review on the desktop of the reviewers so they don’t have to print and circulate reports (just now, I felt a great disturbance in the Force, as if millions of trees suddenly cried out in relief…). This real automation means that we Records Managers are not doing the clerical work anymore.  Instead, we are managing the process and the policies and enforcing their implementation.  This automation is here and is changing records management. Today as a solution to the information explosion, organizations have decided to adopt a document retention policy and schedule. The purpose of adopting such a document is to ensure:

1)  Orderly access to and retention of important documents

2)  Routine and appropriate disposal of such materials that is no longer necessary for the organization to meet its business, ethical or legal obligations.

3)  Full compliance with the organizations legal and ethical duties, including, but not limited to, any duties that may arise as a result of any litigation

If your organization has a document retention policy, this is usually the time of year when you review the retention schedule and attempt to dispose of the information that has satisfied the end of its document lifecycle. I say “attempt” because most organizations fail at the monitor and audit stage in the lifecycle. They have a clear document retention policy and schedule which outlines how long to keep certain documents, but the process is not followed. One reason is that no one in the organization wants to be held responsible for disposing of the information. Another reason is that mergers and acquisitions happen all the time and people are constantly moving in and out of roles and responsibilities.  Today with the right automation these processes are handled by the software, no one can stop the system from reviewing and bringing to the attention of the stake holders the items that need to be destroyed or on hold or need to be placed on hold. This is automated policy enforcement.

What usually gets lost in the shuffle? You guessed it…Records Management. Now, if you’re fortunate enough to still have a Records Manager on staff, they will do their best to move the process along. However, they will not be the ones to pull the trigger and dispose of the information. The reality is that it’s actually worse to have a document retention policy and not follow it, than not have one at all. On the other hand, it’s not good practice to keep everything forever, just because you may need the information someday. This will just compound your disposition problem and make matters worse when you finally decide to start disposing of information.

Think about what would happen if you never got rid of anything in your home and you lived in it for years and years. Every time you purchased a new item, such as a piece of furniture, toy, etc., you just tossed the old item in the attic. What would happen when you ran out of room in your attic or decided to move to another location? It would take forever for you to go through all your stuff. How much better it would have been to dispose of the old items when you purchased the new ones.

The solution to this problem is to automate the disposition process and that automation forces action to take place. Actionable Records Management and Compliance enforcement. This needs to happen to be successful and insure that all that up front document retention development work doesn’t go to waste.  But what does “automate” really mean.  Many of my peers talk about the drudgery of using their automation solutions.  Sure, the software calculates destruction dates.  Sure, the software allows them to place holds on content.  But, many are still printing out reports, screaming for people to do reviews, then entering holds and approvals from the marked-up report.  A few lucky souls have workflows that provide a little more “automated” solution.

And if you are not yet in a galaxy far, far away, here are a few radical concepts that could change our lives.  Real automation lets me control the automation; it gives me actionable dashboards so I can react to the processes that are in front of me without further searching and evaluation. All this based on policies and retention times that were decided, approved and made policy previously.  Some content is important and disposition needs to be signed off explicitly.  I want to trim my workload by making the disposition reviews for other types of content simply optional –it is gone if it has no value and there is no review.

In summary, organizations need automation that enforces their policies. We need to stop hoarding all of that information. The more information we have, the harder it will be to find that “needle in a haystack” and produce during the discovery process. As Records Managers, we need to stop hiding behind our boxes and take the lead on this initiative and make our companies aware that there is automation that finally meets these previously unattainable goals that we have had for years. The software is there to make our life much easier; we just need to embrace it. And that’s the bottom line, because this Records Manager said so!!!

Jim Merrifield, Director of Information Governance at FileTrail, Inc.

Email me: JMerrifield@filetrail.com

Call me: (646) 584-7687

Follow me on twitter: @jimerrifield

Information Governance is like Your Fitness Goals for 2014

This is the time of year when everyone is making resolutions and setting goals for 2014. By far, the most popular goals tend to focus on fitness. Why? Because people are obsessed with the way they look. It’s just the way the world is today. Many focus on bulking-up, getting shredded or just maintaining their physique. The same goals and principles can be applied to Information Governance. How so?

BULK UP

There is so much education at our fingertips today surrounding Information Governance. So, there is no excuse to not understand its meaning. Here are some ways to bulk-up in 2014:

1. Get Certified – In my opinion there are three leading courses that can propel an information professional to the next level.

  • ARMA IGP (Information Governance Professional) Certification – a person who receives this designation demonstrates that he or she has the strategic perspective and the requisite knowledge to help an organization leverage information for maximum value while reducing costs and mitigating risks associated with using and governing content. The exam consists of 6 competency domains: Managing Information Risk and Compliance, Developing IG Strategic Plan, Developing IG Framework, Establishing the IG Program, Establishing IG Business Integration and Oversight, Aligning Technology with the IG Framework.  For more info http://www.arma.org/r2/igp-certification/domains
  • AIIM CIP (Certified Information Professional) Certification - A person who receives this designation will be well positioned to help their organization manage and control content across the enterprise. The exam consists of 6 domain areas across the spectrum of content and information management including but not limited to Information Governance, Records Management, Social Media, eDiscovery, Cloud Computing and Information Capture. For more info http://www.aiim.org/Training/Certification
  • AIIM Information Governance Practitioner Designation – this course is designed to ensure the effective and efficient use of information in achieving organizational goals. The course content is applicable across all industries, and is independent of any particular technology or vendor solution. It consists of 10 modules focusing on information management, information governance components and information governance technologies and instruments. For more info: http://www.aiim.org/Training/Certificate-Courses/Information-Governance#modules

2. Attend Webinars, Seminars, and Conferences – There is an overabundance of educational opportunities each and every year. And 2014 will be no different. Most webinars are free and provided through industry leading software and consulting companies, non-profit organizations, etc. Most are offered during lunchtime, so why not make it a goal to listen to one information governance focused webinar per week. You’re only sacrificing 52 hours per year!!! If you’re like me and prefer face-to-face interaction, plan to attend seminars and conferences in 2014. Here is a preliminary list of events that I plan to attend this year. Which events are you attending?

  • Legal Tech NYC – February 4-6
  • ARMA International IGP Prep Workshop in Hartford, CT – February 7
  • Microsoft SharePoint Conference in Las Vegas – March 3-6
  • ARMA NYC Spring Seminar – March 11
  • AIIM International Conference in Orlando – April 1-3
  • ARMA Houston Spring Seminar – April 22-23
  • ARMA CT Information Governance Workshop – May 6
  • MER Conference in Chicago – May 19-21
  • ARMA North East Leadership Conference in Boston – TBD
  • ILTA Conference in Nashville – August 17-21
  • ARMA International Conference in San Diego – October 26-28

3. Read…Read…Read – I think you get the point. We all have a computer, smartphone, tablet or some other electronic device. The topic of Information Governance has exploded across the internet. Go ahead and Google the word “Information Governance”, and see how many articles and blog posts there are from which to choose from. If you have a twitter account (by now everyone should), search under the hashtag #infogov, I guarantee you will be reading for hours. So, why buy a book, when there’s so much “free” information!!!

GET SHREDDED

Information Governance enables defensible disposition. Keep your organizations “lean” and “clean” by following through on your document retention policies. The end of the calendar year is most organizations trigger for disposing of information that has reached its retention requirements. So make sure you “SHRED” your information. 2014 may be the year for your organization to invest in a 3rd party software application to automate the process and thus eliminate end user involvement in the disposition process.

3 Benefits of Defensible Disposition of Information

  • Reduce Storage (physical and electronic content)  and Other Operational Costs
  • Reduce Legal Fees in connection with eDiscovery
  • Reduce Risk Exposure

The bottom line is “SHRED THE FAT”.

MAINTAIN

Maintain your zeal for information governance and records management. Don’t give up!! Maybe at your organization you are not getting the respect you deserve. Perhaps no one is listening to your strategy or ideas on managing and controlling your organizations information. In most organizations, the CIO looks to IT to make the information management decisions. In my opinion, this is one of the biggest mistakes an organization can make. Why? Because IT doesn’t care about managing information, they care about servers and infrastructure. I believe that 2014 is the year of the NEW RECORDS MANAGER. Start the year off right by making a list of your goals for 2014 and sharing them with your boss. It just might be your ticket to finally getting your seat at the table.

MY FINAL THOUGHT….

Be obsessed with Information Governance in 2014. Be a sponge and take in as much information as you possibly can. Don’t keep all the knowledge you gain to yourself, share it with others in your organization. Remember BSM in 2014….BULK, SHRED, MAINTAIN.

What are your #InfoGov Goals for 2014?

Jim Merrifield, Director of Information Governance

Phone:(646) 584-7687

Email: JMerrifield@filetrail.com

Twitter: https://twitter.com/jimerrifield

LinkedIn: http://www.linkedin.com/in/jmerrifield