Upload
moses-whitehead
View
217
Download
1
Tags:
Embed Size (px)
Citation preview
Information Lifecycle Governance Launching a High Impact Defensible
Disposal Program in Your Organization
Measuring and Ensuring Success
2
Barriers To Launching a Program: Lack of Funding, Lack of Operational Model
2
AP
B
On leadership: 57% of respondents’ companies had information governance - leadership committees
yet only 17% said right stakeholders were at the table
Similar information governance starting point
78% cannot reliably dispose of data
Common goal andapproach
98% agree rigorous discovery and defensible disposal of information is a desired benefit and requisite outcome of information governance efforts
On ownership: only 25% of companies said the IG ownership model works well today
On process management:
#1 barrier to achieving IG is managing the enormity of the effort to make the change
In search of a better Information Governance Program
3
Overcoming Funding Barrier: Quantify Economic Benefits of Defensible Disposal
We could free up $150m to drive revenue and profit
We could lower run rate $3m now and spend $24m less over 3 years
We could spend $35m less next year and lower our run rate
4
Strategy: ILG Policy and Process Integration ILG Leadership and Execution
Organization Focuses enterprise on ILG savings and risk reduction opportunityDrives charter, directive, resources and cross-functional accountability for ILG program.
Metrics Align and engage enterprise stakeholders, focus progress toward process maturity targets, capacity requirements, goal achievement
Process CapacityImprove and Integrate Processes, Consistently and Defensibly Dispose, Decommission. Automate processes, ensure transparency, provide capacity. Accelerated deployment to drive faster save.
Asset Recovery Remove Excess Storage, Infrastructure Savings-prioritized recovery of infrastructure to drive P&L benefit
LOWER LEGAL AND IT COSTS, REDUCED RISK
LEAD
ERSH
IPEX
ECU
TIO
N
Overcoming Operational Program Model Barrier: Establish a Strong Strategy and a Clear Execution Path
P +
5
Operationalizing ILG Program is Only Possible with a Precise Path to Success
Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and
Risk Reduction Opportunity
6
1. People and Organization
Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and
Risk Reduction Opportunity
7
Governance Organizational Model: 4 Levels of Leadership, Program Structure
Executive Committee:Validate Metrics, Objectives and roles and responsibilities as defined by Program Director and Senior Advisory Group Process and policy resolutionResources and capacity alignmentAudit onset and cadence approval
Senior Advisory Group:Identity delegates and working group participants in their respective organizationsProcess and policy definitionMonitor process maturation and workstream results in the areaEnsure capacity is aligned with program objectives
Program Director and PMO:Drive execution on 15 core business processes based on business recommendations from function leaders and practice delegatesCommunication and training plan oversightMaturity assessment cadence and dependenciesEstablishes audit cadence and ratifies audit onsetReviews and ratifies implementation/maturation methodology
Working Group Delegates & Leads:Audit onset timingProcess implementation/maturation methodologyCapacity and capability recommendations to line of business leadership and executive committeeCommunication and training in their domain
9
Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and Risk Reduction Opportunity
2. Process
1111
RISK ELEMENT
A. Legal does not identify the right custodians.
B. Actual, rogue or IT managed data sources are missed.
C. IT or employees migrate, retire or modify data due to no hold visibility.
D. Legal fails to follow through on information identified in custodian interview process.
E. Collection failure from overlooked source, departing employee, incomplete prior collection inventory, communication and tracking errors.
F. Unable to assemble, understand or defend the audit trail of discovery activities.
G. Failures in record keeping and regulatory change management.
H. IT ‘saves everything’ increases discoverable mass, complexity.
I. IT disposes of data of value to the business or with legal obligation.
J. Private customer data is exposed, theft, brand damage, or regulatory penalty occurs.
K. Legal obligations for data are poorly understand and executed from miscommunication or lack of information.
L. Systems are incapable of complying with information obligations
M. IT lacks full facts on disposal of information so excess accumulates or data is lost
N. Legacy data is poorly understood, overlooked in litigation, expensive or difficult to find and not reliably disposed
O. Unable to reclaim or recover unused assets or allocate based on business need
P. Unable to pass an audit on compliance with retention, preservation, protection and disposal policies
Low risk Does not require constant monitoring and is easy to prevent, detect, correct, defend. Less than 10% likelihood
Moderate risk Requires frequent monitoring to prevent and detect; costly to correct or mitigate.Between 10% -50% likelihood
High risk Requires constant monitoring and review, immediate escalation on failure or impending failure. 50% likelihood
Likelihood to Occur
Pote
ntial
Impa
ct
Highest Risk
A
B C D
E
F
G
HI
J
K
L
M
O
N
P
AB
C D
E
FGH
I
J
K
L
M
O
P
N
Enhancing and Instrumenting These 16 Processes Reduces Inherent Risk
12
AD HOC, INCONSISTENTInconsistent activityInformal or incompleteFacts isolated to an individual Can’t easily be compared, reconciled or monitored
Process Maturity Levels
1
2
3
4
SILO’ED, MANUAL
SILO’ED, CONSISTENT & INSTRUMENTED
INTEGRATED, INSTRUMENTED ENTERPRISE PROCESSES
Target maturity level needed for defensible disposal, lower risk and cost
Typical maturity level today, cause of excess data, cost and risk
Facts are difficult to retrieve but available; isolated to dept
People in the group use the same method
Spreadsheets are stored in common place or in shared email
People in the group use the same method
Process is automated
Process facts are routinely incorporated in departmental process
Process is repeatable, consistent
Process and facts are isolated in department
People in the group use the same method
Process is automated and facts are routinely incorporated in process
Process is repeatable, consistent and reliable in dynamic enterprise
Facts from adjacent stakeholders are routinely incorporated in process
Process provides enterprise transparency
Process dependencies and risks are systematically detected, communicated across processes
HIGHRISK, COST
HIGHTRANSPARENCY& CONTROL
13
Measure the Current State to Develop a Path ForwardThe Current State May be Manual and Silo’ed
Process 1: Ad Hoc, Manual
2: Manual Structure, Silo’ed
3: Instrumented, Silo’ed
4: Instrumented, Integrated
A Employees on Legal Holds
B Data on Legal Hold
C Hold publication
D Legal Interviews
E Evidence Collection
F Evidence Analysis & Cost Controls
G Legal Record
H Master Retention Schedule & Taxonomy
I Departmental Information Practices
J Privacy & Data Protection
K Data Source Catalog & Stewardship
L System Provisioning
M Disposal & Decommissioning
N Legacy Data Management
O Storage Alignment
P Audit
14
Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and Risk Reduction Opportunity
3. Technology
15
Process Capabilities & Requirements
HOLD, DISCOVERRigorous DiscoveryRobust, affirmative legal holds for people, records, and dataPreserve in place automation where disposition occursEfficient data analysis and collectionLegal cost and risk analytics
RETAIN, ARCHIVEValue-BasedTaxonomy and regulatory requirementsBusiness value inventoryReliable, executable retention schedules for records and information of value Archive during period of value only Information cost and risk analytics
DISPOSEDefensible DisposalCatalog of information value and duty by asset Legacy data clean up, application retirementProcedures and capabilities for disposal by source Risk and cost dashboard for information portfolio
STORE, SECUREEfficient StorageStore and optimize by valueMeet SLAs for structured and unstructed information accessILG execution capability and enablement (holds, retention, disposal, collection) for dataData hygiene and governance
CREATE, USEOptimal accessibilityCommunicate value and durationTap governance liaisons Access valuable information more easilyAnalytics on volume/cost of information
PROCESS TRANSPARENCYUnified Governance Transparency across stakeholder processesCommon governance data model and enterprise mapLinkage of duties, value to information assets and business processesGovernance analytics
IBM Solution Systematically Links Obligations and Valueto Assets to Address Root Cause, Lower Cost and Risk
16
LEGAL BUSINESS IT RECORDS
Modernize eDiscovery Process
Precise, reliable legal holds
Assess evidence in place, collect lessLower legal risk, cost
State Information Value
Guidance on information utility
Participate in volume reductionAlign around value
Optimize Information Volume
Dispose and retire unnecessary data
Optimize storage based on valueLower information cost
Modernize Retention Process
Address electronic information
Executable schedules can be automatedLower legal risk, cost
Information
Department
Systems
Matter
Hold
Laws & Regs
Retention Schedule
DUTY DUTYVALUE
ASSET
IBM’s ILG Solution Links Records, Legal, the Business and IT to Enable Defensible Disposal
Instrumentation and Execution
• RIM/Business - Records and Retention Management
• Legal - Rigorous eDiscovery
• Business/IT Value-Based Archiving
• IT - Governance and Disposal
Capabilities by Stakeholder
18
Summary – Information Economics Drive ILG Programs
Costs and Risks of ‘Keep Everything’ Defensible Disposal-Driven Cost and Risk Reduction Opportunity
1919
Policy and Process Integration Across Information Stakeholders Enables Disposal, Lowers Cost and Risk
Strategy and Execution Drive Business Outcomes with Structure, Defined Processes, Metrics, Capacity & Accountability
Governance Program Driving Savings and Risk MetricsCharter, directive and accountability for enterprise program. Savings achievement cadence and reporting.
Program Office to Coordinate Stakeholders, Drive Benefit Achievement Ensures cross-silo engagement and progress toward maturity targets and financial objectives, change management
Technology Provides Capacity to Improve and Integrate Processes, Consistently and Defensibly Dispose, DecommissionAutomates processes, ensures transparency, provides capacity. Accelerated deployment to drive faster save.
Reclamation Removes Excess Storage, Infrastructure Savings-prioritized reclamation and recovery of infrastructure to drive P&L benefit
>$300M enterprise value created over 3 years
with lower legal and IT costs, reduced risk
STRA
TEG
YEX
ECU
TIO
N
IBM Has Strong Strategy and Clear Execution Path to Achieve the Risk and Cost Reduction Opportunities
2020
Only IBM Provides Rigorous Compliance, Value-Based Archiving & Defensible Disposal Strategy, Software & Services
2121
Learn More & Join the ConversationCompliance, Governance and Oversight Council
Online and in person eventsRegional and International summitsPublished materials
Join the CGOC!•Forum of over 1600 corporate legal, IT, records and information management professionals. CGOC conducts primary research, has dedicated working groups on challenging topics, and hosts meetings throughout the U.S. and Europe where practice leaders convene to discuss discovery, retention, privacy and governance. •Mission: To provide executives the opportunity to benchmark and exchange case studies; its practice groups focus on discreet areas in preservation, retention, and information governance to deliver work products that help our members best approach the challenges in maintaining best-in-class programs.
22
Additional Sessions
• Improving Information Economics with Information Lifecycle Governance• Information Governance Programs - launching a high-impact
defensible disposal program in your enterprise• Modernizing eDiscovery and Hold Process - Reduce risks,
increase transparency• Modernizing Retention Program - Express Information Value• Value-Based Archiving and Defensible Disposal - Dispose
rather than store unnecessary data