Totally Automatic, Rules-Driven Email Management & Archiving

by Frank 15. December 2015 06:00

 

More than thirty years after the advent of email as a convenient and fast means of business to business communication most organizations still don’t have an effective way to analyze, monitor, select, capture and classify emails. If your organization does, then you are the exception.

This means most businesses don’t come even close to meeting the requirements of any compliance legislation that applies to their business. Nor do they even come close to managing real corporate risk.

It also means that most businesses don’t effectively guard against sexism, racism, obscenity, theft and bullying in their email system.

Is this a case of ‘heads in the sand’ or is the problem seen as just too hard? Maybe, senior management doesn’t really see unmanaged and unmonitored emails as a problem. Well, at least until the first court case.

In my experience, many organizations think they have a solution but in reality, they don’t; at least not a one hundred-percent solution. In the case of email management, ‘good enough’ is certainly not good enough. It only takes one bad email to slip through the cracks to bring the whole house down.

In many examples, organizations rely on end users to monitor, manage and police email. The problem with this model is that end users are human and typically exhibit all the strengths and weaknesses of humans. In this case, we are more concerned with the failings. As humans we are not always on top of our game; we have good days and we have bad days. We get distracted, we are prejudiced, we are sometimes lazy, we are sometimes careless and for a small number, we are sometimes outright dishonest.

Human beings will never produce a one-hundred-percent consistent result; that is not in our nature. Maybe when AI gets to the stage that we can all be ‘upgraded’ to cyborgs this will change, but I seriously doubt it. As long as there is any trace of humanity we will still be lovingly unreliable and inconsistent entities.

You don’t have a one hundred-percent reliable system if you don’t control and standardize all the inputs. Instead, you have a form of ‘managed chaos’ and inconsistent and unreliable results. You will also probably have a false sense of security, “Sure, we are managing all emails (well, kind of).”

I have been a proponent of the fully-automatic, server-centric paradigm for email management for many years and still promote it as the only one hundred-percent reliable way to effectively and consistently manage all incoming and outgoing emails. It is also the only way to manage risk effectively.

To be one hundred-percent sure you must have a one hundred-percent consistent paradigm. That is, a common set of rules that all emails are judged against plus a common set of processes to apply after an email has been ‘judged’.

Following are some example of what our fully-automatic, rules-driven email management system should be doing 24/7:

  • Is the email of a personal nature and harmless? If so, it can be ignored, there is no reason to capture and classify it.
  • Is the email all about business? If so, it needs to be captured and correctly classified within our corporate store.
  • Does the email contain expletives or sexual references? If so, it needs to be captured, quarantined by our security system and referred to a responsible officer for further examination and possible action.
  • Does the email contain references to corporate IP or classified material? If so, it needs to be captured, quarantined by our security system and referred to a responsible officer for further examination and possible action.
  • Is the email about business and does it require some action or response? If so, it needs to be captured, correctly classified within our corporate store and appropriate workflow initiated.
  • Is the email from a senior executive, about business and does it require some action or response with appropriate access controls applied? If so, it needs to be captured, correctly classified within our corporate store with appropriate security and access rights assigned and appropriate workflow initiated.

We produced our first fully-automatic, rules-driven email managements system in 1994. By today’s standards the technology was primitive but it worked and we used it within our business to demonstrate to our customers and partners how it could function in the real world. We called that product GEM for ‘GMB’s Email Management’ system. 

GEM has been redesigned and rewritten multiple times since so as to utilize the latest technology and tools. We still call it GEM even though our company is now called Knowledgeone Corporation, not GMB; the name works for us and our customers and we see no need to change it. It is after all, a ‘gem’ of a product.

We have used each and every version of GEM since 1994 within our company (we are the primary Beta test site) to automatically analyze all incoming and outgoing emails and to store and classify captured emails in our corporate store based on the RecFind 6 relational database. I can’t imagine running my business without GEM and I don’t understand how other organizations can exist without GEM, but they do albeit, taking huge risks.

The latest version of GEM, 2.7.1, is a major upgrade and involves a significant change in the way we connect to email servers of any type (e.g., Exchange, Office 365, GroupWise, Notes, etc.). We have standardized and simplified the interface to the email server using IMAP and converted our Agents to Windows Services to make the installation and management of GEM as easy as possible for your IT staff.

We have also improved the Rules engine to make it as easy as possible to define all the rules you need to manage your emails.

Because we have 21 years’ experience installing, configuring and using GEM in a real-world production example we also have the world’s most experienced GEM consultants to assist our customers.

How GEM integrates with any other EDRMS

GEM is designed to use the RecFind 6 relational database as its image & data repository. However, we provide several options for integrating to any other EDRMS such that the other EDRMS can search for and access emails (and the associated Metadata) captured by GEM. The four main methods, in order of ease-of-use are:

  1. Capturing encapsulated XML records produced by GEM;
  2. Using the RecFind 6 Mini API;
  3. Using the RecFind 6 SharePoint Integration Module (for customers using SharePoint as their EDRMS); and
  4. Using the RecFind 6 SDK

Please contact Support at Knowledgeone Corp for more information on the above methods.

How to clean up your shared drives, Frank’s approach

by Frank 22. August 2014 06:00

In my time in this business (enterprise content management, records management, document management, etc.) I have been asked to help with a ‘shared drive problem’ more times than I can remember. This particular issue is analogous with the paperless office problem. Thirty years ago when I started my company I naively thought that both problems would be long gone by now but they are not.

I still get requests for purely physical records management solutions and I still get requests to assist customers in sorting out their shared drives problems.

The tools and procedures to solve both problems have been around for a long time but for whatever reason (I suspect lack of management focus) the problems still persist and could be described as systemic across most industry segments.

Yes, I know that you can implement an electronic document and records management system (we have one called RecFind 6) and take away the need for shared drives and physical records management systems completely but most organizations don’t and most organizations still struggle with shared drives and physical records. This post addresses the reality.

Unfortunately, the most important ingredient in any solution is ‘ownership’ and that is as hard to find as it ever was. Someone with authority, or someone who is prepared to assume authority, needs to take ownership of the problem in a benevolent dictator way and just steam-roll a solution through the enterprise. It isn’t solvable by committees and it requires a committed, driven person to make it happen. These kind of people are in short supply so if you don’t have one, bring one in.

In a nutshell there are three basic problems apart from ownership of the problem.

1.     How to delete all redundant information;

2.     How to structure the ‘new’ shared drives; and

3.     How to make the new system work to most people’s satisfaction.

Deleting redundant Information

Rule number one is don’t ever ask staff to delete the information they regard as redundant. It will never happen. Instead, tell staff that you will delete all documents in your shared drives with a created or last updated date greater than a nominated date (say one-year into the past) unless they tell you specifically which ‘older’ documents they need to retain. Just saying “all of them” is not an acceptable response. Give staff advance notice of a month and then delete everything that has not been nominated as important enough to retain.  Of course, take a backup of everything before you delete, just in case. This is tough love, not stupidity.

Structuring the new shared drives

If your records manager insists on using your already overly complex, hierarchical corporate classification scheme or taxonomy as the model for the new shared drive structure politely ask them to look for another job. Do you want this to work or not?

Records managers and archivists and librarians (and scientists) understand and love complex classification systems. However, end users don’t understand them, don’t like them and won’t use them. End users have no wish to become part-time records managers, they have their own work to do thank you.

By all means make the new structure a subset of the classification system, major headings only and no more than two levels if possible. If it takes longer than a few seconds to decide where to save something or to find something then it is too complex. If three people save the same document in three different places then it is too complex. If a senior manager can’t find something instantly then it is too complex. The staff aren’t to blame, you are.

I have written about this issue previously and you can reference a white paper at this link, “Do you really need a Taxonomy?”

The shared drives aren’t where we classify documents, it is where we make it as easy and as fast as possible to save, retrieve and work on documents; no more, no less. Proper classification (if I can use that term) happens later when you use intelligent software to automatically capture, analyse and store documents in your document management system.

Please note, shared drives are not a document management system and a document management system should never just be a copy of your shared drives. They have different jobs to do.

Making the new system work

Let’s fall back on one of the oldest acronyms in business, KISS, “Keep It Simple Stupid!” Simple is good and elegant, complex is bad and unfathomable.

Testing is a good example of where the KISS principle must be applied. Asking all staff to participate in the testing process may be diplomatic but it is also suicidal. You need to select your testers. You need to pick a small number of smart people from all levels of your organization. Don’t ask for volunteers, you will get the wrong people applying. Do you want participants who are committed to the system working, or those who are committed to it failing? Do you want this to succeed or not?

If I am pressed for time I use what I call the straight-line-method. Imagine all staff in a straight line from the most junior to the most senior. Select from both ends, the most junior and the most senior. Chances are that if the system works for this subset that it will also work for all the staff in between.

Make it clear to all that the shared drives are not your document management system. The shared drives are there for ease of access and to work on documents. The document management system has business rules to ensure that you have inviolate copies of important documents plus all relevant contextual information. The document management system is where you apply business rules and workflow. The document management system is all about business process management and compliance. The shared drives and the document management system are related and integrated but they have different jobs to do.

We have shared drives so staff don’t work on documents on ‘private’ drives, inaccessible and invisible to others. We provide a shared drive resource so staff can collaborate and share information and easily work on documents. We have shared drives so that when someone leaves we still have all their documents and work-in-process.

Please do all the complex processes required in your document management system using intelligent software, automate as much as possible. Productivity gains come about when you take work off staff, not when you load them up with more work. Give your staff as much time as possible so they can use their expertise to do the core job they were hired for.

If you don’t force extra work on your staff and if you make it as easy and as fast as possible to use the shared drives then your system will work. Do the opposite and I guarantee it will not work.

I am willing to bet that you are still not managing your emails effectively

by Frank 25. November 2012 06:00

According to various industry surveys, 65% to 75% of companies still have no systems in place to manage email records. Based on my own observations and dialog with Knowledgeone Corporation’s customers and prospects, I would say the percentage is far higher; say 85% or more. My guess is that the industry surveys inadvertently included a number of email ‘cleaning’ systems as email management systems; thereby skewing the figures.

 

Given that there is now a variety of proven email management systems (like Knowledgeone Corporation’s GEM) available for most email servers (e.g., Exchange, GroupWise and Notes) and given the enormous danger of unmanaged email it is, on the surface, difficult to explain the apparent reluctance of organizations to implement email management policies and systems.

 

My own experience leads me to believe that the following are the major reasons organizations do not take this critical step:

1. Lack of ownership and leadership

Email management transects all of the traditional vertical organizational boundaries. There may well be an IT person in charge of the email servers but there is rarely a senior management person in charge of email organization-wide. That is, no one person actually ‘owns’ the problem and no one person has the authority to implement an organization-wide solution.

2. Lack of an understanding of the problem and of the solution

Most of the people who are senior enough in an organization to be aware of this problem do not comprehend the complexities of the problem. They have dialogs with IT people who explain the issues in technical terms, not in business or risk-management terms. Email management should come under an organization’s risk management regime because that is where a great deal of risk lies.

3. Lack of desire to solve the problem plus active opposition to a solution

There are a large number of IT people and others in every organization who simply do not want their emails managed, analysed, scrutinized, indexed and saved. This fact is never going to change and must always be addressed at a senior level by the person responsible for risk management policies and practice. Uncooperative and/or recalcitrant employees should not be allowed to put an organization at risk no matter what their position in the management hierarchy.

4. Confusion over what is involved in complying with a plethora of laws and regulations

One hundred percent of what well-meaning bureaucrats and politicians have done to ‘solve’ what they see as email privacy issues has been badly thought out, badly drafted and counterproductive; simply ill-informed, knee-jerk reactions. As you can see, I am no fan of politicians and bureaucrats who pass knee-jerk laws without understanding or caring about the full implications.

 

As far as I am concerned the privacy issue is secondary to the fact that every employer has to right to determine how its resources are used. Every employer has the right to protect itself. Every employer has the right to tell its employees if private emails are allowed or not. Every employer has the right to tell its employees what is acceptable and what is not acceptable in an email.

 

Solving the so called privacy policy is dead easy; herewith is the McKenna solution.

 

Tell employees that:

1. Private emails are not allowed and all emails will be scrutinized for inappropriate content; or

2. Private emails are allowed (in moderation) but that all emails, including private emails, will be scrutinized for inappropriate content; or

3. Private emails are allowed (in moderation) but that they MUST be identified by the keyword “Private” (or a word or phrase of your choice) in the subject line. All emails without the keyword “Private” in the subject line will be scrutinized for inappropriate content.

5. Confusing and misleading claims by companies marketing email management systems

It is a complex problem (have you ever tried to set up a multi-server email system in a large organization?) often poorly understood and poorly explained by the sales person. Add to this the fact that the sales person is usually speaking to the IT person (who lives in a different universe) who then has to ‘translate’ what he thinks the sales person said to senior management. Too often, the harried sales person, under intense pressure from the IT interrogator, will simply say “Yes” without really understanding the question or its implications.

 

My best advice to senior management is that if they don’t fully understand, keep asking questions until they do or, seek assistance from an independent authority. It is just plain dumb and dangerous to sign something off you don’t really understand.

6. Multiple and conflicting objectives

Is your objective to simply be aware of everything that is in your email store or is it to also meet a plethora of complex and competing regulations and certification standards?

 

Have you inadvertently set the goal post too high? Have you made the problem many times more complex than it should be? Has it become a “Wish List” instead of a requirement? Is the selection of a suitable product always held up by someone demanding that it has to also do something else? Has your horse now morphed into a camel?

 

My best advice? Why don’t you try ‘Getting wet slowly’ and review your needs again when the basic but critical email management problem is solved?

 

In the end it is about ownership, understanding and will. If just one senior person with the necessary authority understands the problem and commits to a solution then it will happen. The solutions are out there; they are just waiting for a committed purchaser with a clear and simple view of what needs to be achieved.

 

You must be aware of what is in your email store and you must be alerted to infringements before they grow into expensive problems. You can’t do this without an email management system in place.

 

Month List