Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© 2014 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks
of Iron Mountain Incorporated. All other trademarks and registered trademarks are the property of their respective owners.
Turning INSIGHTS Into ACTIONSue Trombley, Managing Director, Thought Leadership,
Iron Mountain February 20, 2015
Agenda
▶ Benchmark Findings
▶ Action #1: Adopt IG
▶ Action #2: Tackle RIM
▶ Change Agent Role
▶ Resources
2
PwC/Iron Mountain Risk Index
Report for Mid-Market and
Enterprise
1200 NA and Europe respondents
Benchmarking: Cohasset and PwC Reports
Cohasset/ARMA Information
Governance Benchmarking
Survey Report
1500 respondents
3
Have you experienced
THE GAP?
4
5
Benchmark Report findings: A Call for Modernization
Effective IG is increasingly recognized as an imperative.
IG must modernize its efforts to manage ESI or never “catch up”.
Legal holds present major concerns due to over-preservation.
IG programs are more prevalent, better designed, and inclusive of
ESI. However, there are elements not addressed.
6
Information Risk findings: A Common Challenge
RISK AWARE
“Businesses have woken up to the need to manage risk. However, they are uncertain about what to do and remain ill-equipped to tackle the threat.”
65.7%Combined Index Score
66.3%Europe
65.7%North America
Source – PwC Information Risk Report
Your information is growing
EXPONENTIALLY.
It’s in all formats and scattered across
your organization – making it difficult to
find and even harder to manage.
Information Governance Challenges: InternalInternalInformation Governance Challenges
Transition from paper to digital records“Keep everything culture”All information, not just records, needs to be managedVolume, velocity, and variety of information
of organizations have no defensible disposition practice78%
have no automated tools to destroy eligible information75%
of information is ROT (redundant, obsolete, temporary)69% Of businesses see paper as highest information risk67%
more information created in 201440%
8.5 billion apps downloaded in 2015Social and mobile:
9
Information Governance Challenges: InternalInternalInformation Governance Challenges
Each function has its own concernsBig data pressureMetrics are missingData protection and security
measure complianceonly 8%Information used for competitive advantage
Potentially sold as an asset
Breaches are on the rise
Access controlsIT, LOBs, Compliance, RIM, Legal, Data Officer
10
Information Governance Challenges: External
Retention rules
Privacy (EU Data Protection Regulation)
Security
EU and national regulatory bodies
Customers
AuditsRegulations continue to increase
ExternalInformation Governance Challenges
Take Action #1:
Encourage Adoption of
Information Governance
11
“
Information Governance is the
multi-disciplinary enterprise
accountability framework that
ensures the appropriate behavior
in the valuation of information
and the definition of the roles,
policies, processes, and metrics
required to manage the
information lifecycle, including
defensible disposition.
RIM is a member of the IG
Council, not the sole owner of
the Program!
Make the Transition to Information Governance
Source: Information Governance Reference Model
/ © 2012 / v3.0 / edrm.net
12
13
IG Council Members’ Points of View
Records and
Information
Management:
How can I
ensure policy
is consistently
being
practiced?
Lines of
Business:
How can we
leverage the
information
in a
meaningful
way?
Compliance /
Audit:
How can we
ensure we meet
regulatory
requirements?
Security /
Risk:
What are the
risks to our
customers'
privacy for
keeping the
information?
Information
Technology /
Data Officer:
Can we save
cost by
removing
unnecessary
files from
servers? Can
we keep
everything
for analysis?
Legal:
How long
should we
hold on to
information
to meet our
legal
requirements
for
discovery?
Everyone comes to the table with a different motivation!
IG Engagement
14
How to get stakeholders
engaged? Change the
conversation!
Speak about information as an asset
rather than just a liability.
▶ Shift from fear to value
▶ Use analytics
▶ Advocate smart risk
Take Action #2:
Get Your RIM
House in Order
15
RIM Insights: Commitment/Practice Gap
TAKE ACTION: Audit current policy and implementation results
realistically and periodically. Create an action plan for improvement.
Consider employing self-assessment risk “controls” to monitor business
unit performance.
of organizations claim to have a mature RIM program
Yet, only…
▶ 8% use metrics to “inspect what they expect”
▶ 17% conduct RIM compliance audits
16
17
RIM Risk & Control Framework
RIM Insights: Employee Engagement
TAKE ACTION: Create a scheduled certification program for employees
that can be easily administered, such as eLearning. Provide a take away
upon completion for reinforcement.
Only 7% report
employees are
engaged in RIM
Just 35% train
employees every
1 to 2 years…
…and 26%
never train.
18
RIM Insights: Retention Schedules
TAKE ACTION: Schedule a refresh with emphasis on fewer classes and
more timely updates to rules for ease of use. Create a task force to
consider methods for managing event-based rules.
of organizations have a Records Retention
Schedule, yet respondents want:
▶ a more “uniform” Schedule (69%)
▶ fewer classes, series, or categories (51%)
▶ options for event-based rules (65%)
19
RIM Insights: Barriers to Disposition
TAKE ACTION: COLLABORATE with stakeholders to make disposition
decisions. Identify and document risks, excess spending, and productivity
losses to cost justify automated tools.
say “keep everything culture” is an impediment to
efficient RIM
▶ 75% have no automated tools to destroy eligible information
▶ 37% cannot obtain approvals for destruction
20
RIM Insights: Legal Holds
TAKE ACTION: Form strong bonds with your legal team. Explain how
blanket holds lead to non-compliance and increased risk and cost.
say they have a legal hold process, yet:
▶ Only 50% use automation
▶ 70% agree that more information than necessary is retained
▶ 30% indicate that holds aren’t regularly or effectively terminated
21
RIM Insights: Modernize Management of ESI
TAKE ACTION: Include oversight of ESI in IG strategy (all formats and
locations) or risk being viewed as outdated or unrealistic in your approach.
indicate they are in the planning process to
improve the deletion of ESI.
60% state that there is no process for regularly
scheduled deletion
22
RIM Insights: Lack of Planning in Application Development
TAKE ACTION: Form bonds with IT for involvement in technology
systems acquisitions, implementations, redesign and decommissioning.
Only 13% of respondents indicate RIM involvement in IT
decisions is mature, while just 39% say improvements are
underway.
23
IG Insights: Cross Functional Governance
TAKE ACTION: Composition of IG Council should include members from
various departments and functional areas, but not necessarily the senior-
most executives.
report cross-functional
governance structures are
maturing or improving
24
Your Role as Change
Agent
25
Making a Difference
26
report failure to
secure enterprise-
wide adoption.1Source: Iron Mountain Compliance Benchmark Report : A
View into Unified Records Management
of companies report
having formal
policies in place, but
Creating policy is
NOT ENOUGH.
Change Agent: The Psychology
27
Where do you focus to get the
most out of your IG Program?
Adopt the language of your
audience – speak to their
concerns. Act as a consultant.
Consider your organization’s
culture.
Manage your identity and
mission purposefully.
It starts with
A CONVERSATION.
Change Agent Success Factors
SPEAK WITH ONE VOICE.
A consistent message that represents the needs of all stakeholders
for the organization to follow.
KEEP IT SIMPLE.
Start with small victories, build consensus and grow organically by
demonstrating success.
KEEP IT FRESH.
Suggest rotating IG members if organizational distractions effect
commitment levels.
BUILD A GROUNDSWELL OF SUPPORT.
Communicate benefits with examples.
1
2
3
4
28
29
5 - 100
BE PASSIONATE!
30
Complimentary Resources
www.ironmountain.com/thoughtleadership
▶ Practical Guide to Information Governance
▶ RIM Best Practices Manual
▶ Event-Based Retention Whitepaper
▶ PwC and IM Information Risk Whitepaper
▶ Cohasset/ARMA Benchmark report
• All industries
• Oil & Gas
• Healthcare
• Financial Services & Insurance
• Federal Government
• Law Firms
Thank you.
Sue Trombley, MLIS, IGPManaging Director, Thought Leadership,
Iron Mountain
(617) 678-6855
@sue_trombley