Information Lifecycle Governance Launching a High Impact Defensible

Disposal Program in Your Organization

Measuring and Ensuring Success

2

Barriers To Launching a Program: Lack of Funding, Lack of Operational Model

2

AP

B

On leadership: 57% of respondents’ companies had information governance - leadership committees

yet only 17% said right stakeholders were at the table

Similar information governance starting point

78% cannot reliably dispose of data

Common goal andapproach

98% agree rigorous discovery and defensible disposal of information is a desired benefit and requisite outcome of information governance efforts

On ownership: only 25% of companies said the IG ownership model works well today

On process management:

#1 barrier to achieving IG is managing the enormity of the effort to make the change

In search of a better Information Governance Program

3

Overcoming Funding Barrier: Quantify Economic Benefits of Defensible Disposal

We could free up $150m to drive revenue and profit

We could lower run rate $3m now and spend $24m less over 3 years

We could spend $35m less next year and lower our run rate

4

Strategy: ILG Policy and Process Integration ILG Leadership and Execution

Organization Focuses enterprise on ILG savings and risk reduction opportunityDrives charter, directive, resources and cross-functional accountability for ILG program.

Metrics Align and engage enterprise stakeholders, focus progress toward process maturity targets, capacity requirements, goal achievement

Process CapacityImprove and Integrate Processes, Consistently and Defensibly Dispose, Decommission. Automate processes, ensure transparency, provide capacity. Accelerated deployment to drive faster save.

Asset Recovery Remove Excess Storage, Infrastructure Savings-prioritized recovery of infrastructure to drive P&L benefit

LOWER LEGAL AND IT COSTS, REDUCED RISK

LEAD

ERSH

IPEX

ECU

TIO

N

Overcoming Operational Program Model Barrier: Establish a Strong Strategy and a Clear Execution Path

P +

5

Operationalizing ILG Program is Only Possible with a Precise Path to Success

Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and

Risk Reduction Opportunity

6

1. People and Organization

Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and

Risk Reduction Opportunity

7

Governance Organizational Model: 4 Levels of Leadership, Program Structure

Executive Committee:Validate Metrics, Objectives and roles and responsibilities as defined by Program Director and Senior Advisory Group Process and policy resolutionResources and capacity alignmentAudit onset and cadence approval

Senior Advisory Group:Identity delegates and working group participants in their respective organizationsProcess and policy definitionMonitor process maturation and workstream results in the areaEnsure capacity is aligned with program objectives

Program Director and PMO:Drive execution on 15 core business processes based on business recommendations from function leaders and practice delegatesCommunication and training plan oversightMaturity assessment cadence and dependenciesEstablishes audit cadence and ratifies audit onsetReviews and ratifies implementation/maturation methodology

Working Group Delegates & Leads:Audit onset timingProcess implementation/maturation methodologyCapacity and capability recommendations to line of business leadership and executive committeeCommunication and training in their domain

8

Metrics, Measurements and Communication

Metrics Communication and Reporting Roles and Cadence

9

Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and Risk Reduction Opportunity

2. Process

1010

16 Business Processes to be Enhanced and Instrumented

1111

RISK ELEMENT

A. Legal does not identify the right custodians.

B. Actual, rogue or IT managed data sources are missed.

C. IT or employees migrate, retire or modify data due to no hold visibility.

D. Legal fails to follow through on information identified in custodian interview process.

E. Collection failure from overlooked source, departing employee, incomplete prior collection inventory, communication and tracking errors.

F. Unable to assemble, understand or defend the audit trail of discovery activities.

G. Failures in record keeping and regulatory change management.

H. IT ‘saves everything’ increases discoverable mass, complexity.

I. IT disposes of data of value to the business or with legal obligation.

J. Private customer data is exposed, theft, brand damage, or regulatory penalty occurs.

K. Legal obligations for data are poorly understand and executed from miscommunication or lack of information.

L. Systems are incapable of complying with information obligations

M. IT lacks full facts on disposal of information so excess accumulates or data is lost

N. Legacy data is poorly understood, overlooked in litigation, expensive or difficult to find and not reliably disposed

O. Unable to reclaim or recover unused assets or allocate based on business need

P. Unable to pass an audit on compliance with retention, preservation, protection and disposal policies

Low risk Does not require constant monitoring and is easy to prevent, detect, correct, defend. Less than 10% likelihood

Moderate risk Requires frequent monitoring to prevent and detect; costly to correct or mitigate.Between 10% -50% likelihood

High risk Requires constant monitoring and review, immediate escalation on failure or impending failure. 50% likelihood

Likelihood to Occur

Pote

ntial

Impa

ct

Highest Risk

A

B C D

E

F

G

HI

J

K

L

M

O

N

P

AB

C D

E

FGH

I

J

K

L

M

O

P

N

Enhancing and Instrumenting These 16 Processes Reduces Inherent Risk

12

AD HOC, INCONSISTENTInconsistent activityInformal or incompleteFacts isolated to an individual Can’t easily be compared, reconciled or monitored

Process Maturity Levels

1

2

3

4

SILO’ED, MANUAL

SILO’ED, CONSISTENT & INSTRUMENTED

INTEGRATED, INSTRUMENTED ENTERPRISE PROCESSES

Target maturity level needed for defensible disposal, lower risk and cost

Typical maturity level today, cause of excess data, cost and risk

Facts are difficult to retrieve but available; isolated to dept

People in the group use the same method

Spreadsheets are stored in common place or in shared email

People in the group use the same method

Process is automated

Process facts are routinely incorporated in departmental process

Process is repeatable, consistent

Process and facts are isolated in department

People in the group use the same method

Process is automated and facts are routinely incorporated in process

Process is repeatable, consistent and reliable in dynamic enterprise

Facts from adjacent stakeholders are routinely incorporated in process

Process provides enterprise transparency

Process dependencies and risks are systematically detected, communicated across processes

HIGHRISK, COST

HIGHTRANSPARENCY& CONTROL

13

Measure the Current State to Develop a Path ForwardThe Current State May be Manual and Silo’ed

Process 1: Ad Hoc, Manual

2: Manual Structure, Silo’ed

3: Instrumented, Silo’ed

4: Instrumented, Integrated

A Employees on Legal Holds

B Data on Legal Hold

C Hold publication

D Legal Interviews

E Evidence Collection

F Evidence Analysis & Cost Controls

G Legal Record

H Master Retention Schedule & Taxonomy

I Departmental Information Practices

J Privacy & Data Protection

K Data Source Catalog & Stewardship

L System Provisioning

M Disposal & Decommissioning

N Legacy Data Management

O Storage Alignment

P Audit

14

Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and Risk Reduction Opportunity

3. Technology

15

Process Capabilities & Requirements

HOLD, DISCOVERRigorous DiscoveryRobust, affirmative legal holds for people, records, and dataPreserve in place automation where disposition occursEfficient data analysis and collectionLegal cost and risk analytics

RETAIN, ARCHIVEValue-BasedTaxonomy and regulatory requirementsBusiness value inventoryReliable, executable retention schedules for records and information of value Archive during period of value only Information cost and risk analytics

DISPOSEDefensible DisposalCatalog of information value and duty by asset Legacy data clean up, application retirementProcedures and capabilities for disposal by source Risk and cost dashboard for information portfolio

STORE, SECUREEfficient StorageStore and optimize by valueMeet SLAs for structured and unstructed information accessILG execution capability and enablement (holds, retention, disposal, collection) for dataData hygiene and governance

CREATE, USEOptimal accessibilityCommunicate value and durationTap governance liaisons Access valuable information more easilyAnalytics on volume/cost of information

PROCESS TRANSPARENCYUnified Governance Transparency across stakeholder processesCommon governance data model and enterprise mapLinkage of duties, value to information assets and business processesGovernance analytics

IBM Solution Systematically Links Obligations and Valueto Assets to Address Root Cause, Lower Cost and Risk

16

LEGAL BUSINESS IT RECORDS

Modernize eDiscovery Process

Precise, reliable legal holds

Assess evidence in place, collect lessLower legal risk, cost

State Information Value

Guidance on information utility

Participate in volume reductionAlign around value

Optimize Information Volume

Dispose and retire unnecessary data

Optimize storage based on valueLower information cost

Modernize Retention Process

Address electronic information

Executable schedules can be automatedLower legal risk, cost

Information

Department

Systems

Matter

Hold

Laws & Regs

Retention Schedule

DUTY DUTYVALUE

ASSET

IBM’s ILG Solution Links Records, Legal, the Business and IT to Enable Defensible Disposal

Instrumentation and Execution

• RIM/Business - Records and Retention Management

• Legal - Rigorous eDiscovery

• Business/IT Value-Based Archiving

• IT - Governance and Disposal

Capabilities by Stakeholder

18

Summary – Information Economics Drive ILG Programs

Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and Risk Reduction Opportunity

1919

Policy and Process Integration Across Information Stakeholders Enables Disposal, Lowers Cost and Risk

Strategy and Execution Drive Business Outcomes with Structure, Defined Processes, Metrics, Capacity & Accountability

Governance Program Driving Savings and Risk MetricsCharter, directive and accountability for enterprise program. Savings achievement cadence and reporting.

Program Office to Coordinate Stakeholders, Drive Benefit Achievement Ensures cross-silo engagement and progress toward maturity targets and financial objectives, change management

Technology Provides Capacity to Improve and Integrate Processes, Consistently and Defensibly Dispose, DecommissionAutomates processes, ensures transparency, provides capacity. Accelerated deployment to drive faster save.

Reclamation Removes Excess Storage, Infrastructure Savings-prioritized reclamation and recovery of infrastructure to drive P&L benefit

>$300M enterprise value created over 3 years

with lower legal and IT costs, reduced risk

STRA

TEG

YEX

ECU

TIO

N

IBM Has Strong Strategy and Clear Execution Path to Achieve the Risk and Cost Reduction Opportunities

2020

Only IBM Provides Rigorous Compliance, Value-Based Archiving & Defensible Disposal Strategy, Software & Services

2121

Learn More & Join the ConversationCompliance, Governance and Oversight Council

Online and in person eventsRegional and International summitsPublished materials

Join the CGOC!•Forum of over 1600 corporate legal, IT, records and information management professionals. CGOC conducts primary research, has dedicated working groups on challenging topics, and hosts meetings throughout the U.S. and Europe where practice leaders convene to discuss discovery, retention, privacy and governance. •Mission: To provide executives the opportunity to benchmark and exchange case studies; its practice groups focus on discreet areas in preservation, retention, and information governance to deliver work products that help our members best approach the challenges in maintaining best-in-class programs.

22

Additional Sessions

• Improving Information Economics with Information Lifecycle Governance• Information Governance Programs - launching a high-impact

defensible disposal program in your enterprise• Modernizing eDiscovery and Hold Process - Reduce risks,

increase transparency• Modernizing Retention Program - Express Information Value• Value-Based Archiving and Defensible Disposal - Dispose

rather than store unnecessary data