GRC Journal - (Page 16) PROACTIVE eSTuff MANAGEMENT it seems like businesses get buried in all their e-stuff. How can businesses use their technology effectively and efficiently to manage their information? Organizations need to understand that what technology they buy, how they implement it, and how they manage it can, and does, impact the overall management and production of information. For example, institutions often improperly use disaster recovery backup to do retention or archiving. Using recovery backup for retention and archiving leads doesn’t work very well because it makes it difficult to find individual records. So, this form of technology simply cannot do what so many businesses are relying on it to do. In contrast, institutions that take records management seriously develop a records management plan that efficiently uses both human and IT resources. A good example would be for a business to institute rules for all employees to follow regarding what information to keep and for how long. While not the only element of a records management plan, this initial step gets rid of a lot of junk information to allow for better storage of more important information. Most information has a finite life, which is based upon its business value and legal requirements. When that life is over, information should and legally can be disposed of, provided it is not needed for a lawsuit, audit, or investigation. What that does for an institution is significant – it allows the company to clean house, making a more efficient business, ensuring that the information they need remains, and making it easier to find essential business information. Further, IT resources are not wasted storing unnecessary information, and search tools are not burdened by combing through larger volumes of data. There can be heavy financial burdens when a company is implementing an information management platform. Can companies do this in a cost-effective manner? What steps should be taken to ensure that the money spent satisfies the needs of an organization? Statistics indicate that the average employee spends about 150 hours per year looking for information that they need to do their job. If you quantify the soft and hard costs of managing information or the potential risk and liability associated with mismanagement of information, you quickly come to conclude that proactive information management has huge business and legal benefits. That said, I think most organizations, when considering an information management purchase, need to consider not only the business needs and IT realities, but also the legal requirements. Many organizations do total cost of ownership (TCO) calculations. Some institutions may do return on investment (ROI) calculations. At Kahn Consulting, we 50 BTQ developed a methodology called, “Total Cost of Failure“or “TCF” – a calculation that quantifies the kind of legal or compliance regulatory risk, the soft and hard costs of that risk, and the likelihood of experiencing that risk, liability, or cost in the future – to help institutions understand not only the economic business benefits to harnessing their information as an asset, but also to quantify what legal liability and regulatory failure looks like. Another thing that organizations should consider, before moving forward with the implementation of information management technology, is to develop policy in advance of a technology purchase. So often companies buy technology and then realize that their legal and/or business needs weren’t necessarily addressed efficiently given the technical limitations of the technology purchased. Ultimately the technology succeeds only if the information management policy works. Do employees buy into their role in the process? Are plans in place to make sure that things are done correctly? In that regard, executive support, leadership, and communication are essential to success. Institutions also need to delegate responsibility throughout the enterprise. Information management doesn’t happen without the support and help of employees, and companies must delegate responsibilities and be proactive. Finally, to increase the likelihood of success, everyone needs to understand that information management is a process, not a project; it’s an everyday, every year, and every employee exercise. If you truly believe information is an asset, you’ll manage it proactively and effectively to make the institution a more profitable and effective business. There have been instances where organizations will incorporate separate information management utilities for various reasons. Is there evidence suggesting that separate applications can be useful, or is a single streamline approach the best way to achieve storage goals? I don’t think there’s one ubiquitous, all-powerful, allknowing piece of software that can do everything for every possible business or technical need. Clearly, having central control, centralized management, and consistent rules, technology, and policy to manage information makes the information management process that much more effective, increasing the likelihood of achieving storage goals. But again, it is too much to expect that one system can do it all. While arguments of relevance and importance can be made, it remains true that IT professionals can save themselves from nagging headaches if they familiarize themselves with the legal issues involved with information management. Likewise, legal counsel would be sensible in knowing key issues surrounding electronic discovery. What are some general themes that both sides should Q1 2007 | www.btquarterly.com Business Trends Quarterly http://www.btquarterly.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.