This article appears in the Fall-Winter 2019 digital issue of DOCUMENT Strategy. Subscribe.

Image by: sofirinaja, ©2019 Getty Images

Can an organization manage the vast array of records and information assets without a third-party tool? While Microsoft Office 365 proclaims to have many records management capabilities, it also professes that it can’t deliver all requirements to effectively manage assets outside of it. Therefore, many organizations use third-party tools to fill the gaps to meet other records management and information governance needs.

To make smart acquisition decisions, an organization should balance its objectives around compliance, risk, and return on investment that best satisfies requirements for good records management and information governance practices. Then, research the vendors that can provide those solutions.

There are five basic categories of tools to consider when contemplating the need for a records and information management (RIM) solution, including:
  • Solutions to manage the records retention policies
  • Solutions to manage physical assets
  • Solutions to manage digital assets
  • Solutions to analyze, classify, and action the data for disposition
  • Solutions to provide information governance.
Many solutions overlap across categories, but few provide a single solution that can truly do it all.

1. Records Retention Policy Management Solutions

Foremost is the management of the records retention policies. A means to develop, manage, and publish a records retention schedule to employees is essential. A common method is to develop and maintain it in Excel or Word and then publish it in PDF to capture basic retention attributes, such as the record code, title, and description; examples of associated record types and the retention period, citations, record owner, location for systems of record; and categories with private, confidential, or sensitive information.

More robust solutions may include multi-jurisdictional citation management, declaration functionalities, legal hold, time, event, or metadata-based retention triggers, and built-in disposition approval workflow. System connectors can push this out to structured or unstructured systems.

2. Records Management Systems (Physical Assets Management)

As many physical assets still abound, the next tool to consider is a solution to keep track of assets such as boxes in storage, active files, media, and other artifacts from ascension to disposition, using a barcode and scanning system. A records management system provides an electronic repository to track the inventory and its movement from one location to another. The system can also apply the retention and calculates the disposal date for annual clean-up, implements legal holds, and runs activity reports to project storage and disposition costs. Usually, off-site storage vendors, such as Iron Mountain, GRM, Access Corporation, or Crown Records Management, will provide a courtesy system to track the inventory at their location but will not track assets outside of their property.

There are also third-party vendors that offer standalone systems to capture inventories in multiple locations. This is ideal for organizations using multiple off-site storage, those who maintain their own box storage warehouse, or have multiple offices in dispersed locations.

These solutions should capture the metadata of the physical assets, such as the retention code and category, department or function, basic and detailed content description, date range of content, retention period, disposition date, legal hold, record owner, and provide an audit trail of asset movement.

3. Document and Enterprise Content Management Systems (Electronic Assets Management)

Managing electronic data has reached critical mass in most organizations. For organizations using Microsoft Office 365 or Google Docs, the inherent capabilities may suffice.

For instance, documents can be managed within the SharePoint or OneDrive environments. For other organizations, a more robust document management system or electronic content management system (ECMS) is needed. Though the two types of systems have many similarities, there are some distinct differences in capabilities and applications.

Document management systems are primarily aimed at the life cycle management of traditional documents, such as office documents, from creation, distribution, use, to final disposition, including workflow management. It is more suited to organizations in a highly regulated industry where documents must be tightly controlled and managed for compliance reasons (e.g., the pharmaceutical industry). Whereas, an ECMS includes the management of all types of content, including traditional office documents as well as other content, such as videos, drawings, web pages, and now social media content. ECM systems are more broadly used to manage various digital content assets throughout the enterprise.

Both types of solutions must be able to apply retention, manage legal holds, and protect sensitive information. Typically, both can house the data in a repository within the application, bringing the data into the system rather than leaving it in their native locations.

4. Analytics, Auto-Classification, and Artificial Intelligence

Many organizations have a plethora of unmanaged and unidentified legacy data, media, and systems. Retaining this longer than necessary poses a risk during e-discovery. Often, no one knows the content or wants to take ownership of the data, costing companies time and money to store it.

Analytic solutions can extract data, analyze the metadata or content, index, and classify unknown data for retention and disposition. It is often used to determine the disposition of content in hard-drives, network drives, back-up tapes, collaboration sites, structured and unstructured data, where information about the data is not easily determined. It is commonly deployed to clean up redundant, obsolete, and trivial content. It can quarantine data or migrate it into other repositories.

Data analytics was originally used in e-discovery to aid in identifying and code relevant and responsive content through predictive coding and technology-assisted review (TAR). Tools today use artificial intelligence and machine learning to more accurately interpret and predict content to classify the data.

5. Information Governance and Compliance

An information governance tool is now a dominant category in records and information. It is more comprehensive and brings in other capabilities under one roof. At its core, it acts like an electronic police for records and information. It can contain the rules, the retention policies, enforce and apply them by scheduling retention and disposition in a timely manner, stop traffic with legal holds to suspend disposal of records, and protect the data with security and privacy capabilities, placing heavy emphasis on compliance requirements for security and privacy with the ability to identify, classify, and protect confidential, private, and sensitive data to meet compliance with laws and regulations in multi-jurisdictions, such as HIPAA, Sarbanes Oxley, General Data Protection Regulation (GDPR), The California Consumer Privacy Act (CCPA), and New York Cyber regulations, etc. It can provide safeguards for cyber security to prevent data breaches.

These solutions will include such capabilities as records retention policy management, records management, risk and compliance management, file analytics, and archiving. Generally, it will manage the data in-place in multiple repositories for both structured and unstructured, including network shares, SharePoint, email and document management, and enterprise content management systems. Some systems may allow the data to be brought into its own repository.

This solution is becoming the dominant solution in the marketplace, with some vendors rebranding existing solutions under information governance and enhancing the security and privacy components.

Now What?

Before embarking on any acquisitions, first conduct a needs analysis and determine the requirements and see where the gaps are that can be filled with any of the tools. Then look at the inherent capabilities in the native applications. For example, many structured systems already have retention features built-in and just need to be turned on. Secondly, before reaching out to another vendor, consider if an existing one can offer a solution you are seeking and have them bundle their offerings. When the first two options can’t be satisfied, then consider looking at a new resource.

In the final analysis, decision makers should ask how the solution contributes to meeting compliance requirements of the company and with laws and regulations of the industry in which it operates. Does implementing the solution help mitigate risks associated with the retention and disposition of records and information that could otherwise cause legal, financial, or reputational harm to the organization if it weren’t implemented? And more importantly to the bottom line, is to weigh these factors against the cost benefit of making the investment, even though hard cost savings is difficult to measure. The soft benefits, such as compliance and risk, may be the driving factor for many organizations.

Cindy Zuvich, CRM, is the Principal of Unigrated Global, an information governance consultancy and records management services company based in White Plains, New York. Contact Cindy at cindy.zuvich@unigrated.com.