The Enterprise Content Management (ECM) challenges of managing ‘Records-in-Place’

by Frank 18. February 2020 01:01

 

The Challenge

An interesting challenge for Records Managers, Knowledge Managers and CIOs is the newer document management paradigm of being asked to manage all content according to the ‘Records-In-Place’ paradigm, without a single central repository. That is, to be responsible for all content across a myriad of locations controlled by a myriad of applications and a myriad of departments/organizations and people.

We all realize that Enterprise Content Management, or Content Services as it is now called by Gartner, is a moving target, constantly evolving with new challenges and new paradigms.

For example:  

  • How do we filter out only relevant information from social media?
  • How do we avoid capturing personal data and being culpable under privacy laws?
  • How do we capture all emails containing sexism, racism and bullying without being guilty of an invasion of privacy of the individual?
  • How do we meet all of our compliance obligations when our staff are spread across multiple states/counties/provinces and multiple countries with different legislation and compliance requirements?

All weighty challenges for the modern Records Manager, Knowledge Manager or CIO. Now we have a new challenge, how to manage multiple silos of information without a central repository.

Multi-Repository (multi-Silo) Systems

In multiple-repository systems we find multiple document stores or silos, local files, network file shares, local data bases, multiple file servers, multiple copies of SharePoint and multiple Cloud repositories like Dropbox, Box, iCloud, Google Cloud Storage and other hosted document storage. The CIO may proudly claim to manage multiple information silos but what he or she really has is a laissez faire document management ecosystem that may well be centrally monitored (hopefully) but is most certainly not centrally managed.

In the multiple silo model, the documents in our multiple locations are ‘managed’ by multiple people and multiple and independent applications (e.g., SharePoint, Google Docs, Office 365, etc.). We may have implemented another layer of software above all these diverse applications trying to keep up with what is happening but If I am just ‘watching’ then I don’t have an inviolate copy and I don’t have any control over what happens to the document. I am unable to enforce any standards. There is no ‘standard’ central control over versioning or retention and no control over the document life cycle or chain of evidence.

For example, you wouldn’t know if the document had since been moved to a different location that you are not monitoring. You wouldn’t know if it had been deleted. You wouldn’t know its relationship to other documents and processes in other silos. You wouldn’t know its context in your enterprise and therefore you wouldn’t know how relevant this document was. The important distinction is that under the multiple silo model you are ‘watching’ not managing; other multiple pieces of software are managing the life cycles and dispositions of the documents independently.

All you really know is that at a certain point in time a document existed and what its properties were at that time (e.g., historical ‘natural’ Metadata such as original filename, author, date created, etc.). However, you have no contextual Metadata, no transactional Metadata, no common indexing and no common Business Classification System. In this case, you don’t have a document management system, you have a laissez faire document management ecosystem, an assortment of independently ‘managed’ information silos. Most importantly, you are not able to link documents to business processes that transcend organizational structures and silos.

What are the issues?

Sure, SharePoint and Cloud silos make collaboration easier but at what cost? What can’t we do with this multi-silo ecosystem? Why doesn’t this solution meet the best-practice objectives of an enterprise Document Management System? What are the major areas where it falls short? How does the proliferation of multiple silos and content repositories affect us? What are our risks? Here is my assessment of the major shortfalls of this ‘Records-In-Place’ paradigm.

We are unable to: 

  1. extract the critical insights that enterprise information should provide
  2. define all the relationships that link documents to enterprise business processes
  3. find the right information at the right time
  4. provide a single access point for all content
  5. Implement an effective, consistent enterprise-wide document security system
  6. effectively protect against natural or man-made disasters
  7. produce evidence-standard documents
  8. minimize document handling costs
  9. guarantee the integrity of a document
  10. guarantee that a document is in fact the most recent version
  11. guarantee that a document is not an older copy
  12. minimize duplicate and redundant information
  13. meet critical compliance targets like Sarbanes-Oxley Act (SOX) and the HIPAA
  14. create secure, searchable archives for digital content
  15. effectively secure all documents against loss
  16. implement common enterprise version control
  17. facilitate enterprise collaboration
  18. Improve timeliness
  19. manage enterprise document security and control
  20. manage smaller and more reliable backups
  21. achieve the lowest possible document management and archiving costs
  22. deliver the best possible knowledge management access and search
  23. guarantee consistent content
  24. optimize management and executive time
  25. standardize the types of documents and other content can be created within an organization.
  26. define common use template to use for each type of document
  27. standardize the Metadata required for each type of document
  28. standardize where to store a document at each stage of its life cycle
  29. control access to a document at each stage of its life cycle
  30. move documents within the organization as team members contribute to the documents' creation, review, approval, publication, and disposition
  31. implement a common set of policies that apply to documents so that document-related actions are audited, documents are retained or disposed of properly, and content that is important to the organization is protected
  32. manage when and if a document has to be converted from one format to another as it moves through the stages of its life cycle
  33. guarantee that all documents are treated as corporate records, that common retention policies are applied determining which documents must be retained according to legal requirements and corporate guidelines
  34. guarantee enterprise-wide Regulatory compliance
  35. produce an enterprise-wide audit trail
  36. share information across departmental and/or silo boundaries
  37. centrally manage the security access to documents/information across different areas of the organization
  38. consistently classify documents as each repository may be used by a different department and be classified differently  
  39. identify duplicates based on document name
  40. easily find things based on metadata, as it wouldn’t be common across repositories
  41. control access via AD single sign on
  42. access all enterprise documents using a single license
  43. centrally audit access and changes to metadata

What are your risks?  

Your risks are huge!

 

Why the multiple ECM Repository/Silo model is not a good idea

by Frank 15. November 2016 06:00

“43 Reasons why Managing Records in-Place may not be good enough”

Enterprise Content Management is a moving target, constantly evolving with new challenges and new paradigms. For example, how do we filter out only relevant information from social media? How do we avoid capturing personal data and being culpable under privacy laws? How do we capture all emails containing sexism, racism and bullying without being guilty of an invasion of privacy of the individual? How do we meet all of our compliance obligations when our staff are spread across multiple states/counties/provinces and multiple countries with different legislation and compliance requirements? All weighty challenges for the modern Knowledge Manager or CIO.

Another interesting challenge for Knowledge Managers and CIOs is the newer document management paradigm of being asked to manage all content without a single central repository. That is, to be responsible for all content across a myriad of locations controlled by a myriad of applications and a myriad of departments/organizations and people. Back when I was an employee and not an employer, my tough (ex-military) manager in Blue Bell, PA would just bang his fist on his desk and say, “Goddam Frank, just do it!” That was always a signal for me to get creative.

However, try as I may, I am finding it nigh on impossible to get creative enough to work out how I could effectively and reliably manage all content across an enterprise without a single central repository.

In multiple-repository systems we find multiple document stores; local files, network file shares, local data bases, multiple file servers, multiple copies of SharePoint and multiple Cloud repositories like Dropbox, Box, iCloud, Google Cloud Storage and other hosted document storage. The CIO may proudly claim to manage multiple information silos but what he or she really has is a laissez faire document management ecosystem that may well be centrally monitored (hopefully) but is most certainly not centrally managed.

In the multiple silo model the documents in our multiple locations are ‘managed’ by multiple people and multiple applications (e.g., SharePoint, Google Docs, etc.). We may have implemented another layer of software above all these diverse applications trying to keep up with what is happening but If I am just ‘watching’ then I don’t have an inviolate copy and I don’t have any control over what happens to the document. I am unable to enforce any standards. There is no ‘standard’ central control over versioning or retention and no control over the document life cycle or chain of evidence.

For example, you wouldn’t know if the document had since been moved to a different location that you are not monitoring. You wouldn’t know if it had been deleted. You wouldn’t know its relationship to other documents and processes in other silos. You wouldn’t know its context in your enterprise and therefore you wouldn’t know how relevant this document was. The important distinction is that under the multiple silo model you are ‘watching’ not managing; other software is managing the life-cycle and disposition of the document.

All you really know is that at a certain point in time a document existed and what its properties were at that time (e.g., historical ‘natural’ Metadata such as original filename, author, date created, etc.). However, you have no contextual Metadata, no transactional Metadata, no common indexing and no common Business Classification System. In this case, you don’t have a document management system, you have a laissez faire document management ecosystem, an assortment of independently ‘managed’ information silos. Most importantly, you are not able to link documents to business processes that transcend organizational structures and silos.

Sure, SharePoint and Cloud silos make collaboration easier but at what cost? What can’t we do with this multi-silo ecosystem? Why doesn’t this solution meet the best-practice objectives of a document management system? What are the major areas where it falls short? How does the proliferation of multiple silos and content repositories affect us? What are our risks? Here is my assessment of the major shortfalls of this paradigm.

 We are unable to:

1.    extract the critical insights that enterprise information should provide

2.    define all the relationships that link documents to enterprise business processes

3.    find the right information at the right time

4.    provide a single access point for all content

5.    Implement an effective, consistent enterprise-wide document security system

6.    effectively protect against natural or man-made disasters

7.    produce evidence-standard documents

8.    minimize document handling costs

9.    guarantee the integrity of a document

10.guarantee that a document is in fact the most recent version

11.guarantee that a document is not an older copy

12.minimize duplicate and redundant information

13.meet critical compliance targets like Sarbanes-Oxley Act (SOX) and the HIPAA

14.create secure, searchable archives for digital content

15.effectively secure all documents against loss

16.implement common enterprise version control

17.facilitate enterprise collaboration

18.Improve timeliness

19.manage enterprise document security and control

20.manage smaller and more reliable backups

21.achieve the lowest possible document management and archiving costs

22.deliver the best possible knowledge management access and search

23.guarantee consistent content

24.optimize management and executive time

25.standardize the types of documents and other content can be created within an organization.

26.define common use template to use for each type of document.

27.standardize the Metadata required for each type of document.

28.standardize where to store a document at each stage of its life cycle.

29.control access to a document at each stage of its life cycle.

30.move documents within the organization as team members contribute to the documents' creation, review, approval, publication, and disposition.

31.implement a common set of policies that apply to documents so that document-related actions are audited, documents are retained or disposed of properly, and content that is important to the organization is protected.

32.manage when and if a document has to be converted from one format to another as it moves through the stages of its life cycle.

33.guarantee that all documents are treated as corporate records, that common retention policies are applied determining which documents must be retained according to legal requirements and corporate guidelines.

34.guarantee enterprise-wide Regulatory compliance

35.produce an enterprise-wide audit trail

36.share information across departmental and/or silo boundaries

37.centrally manage the security access to documents/information across different areas of the organization.

38.consistently classify documents as each repository may be used by a different department and be classified differently.  

39.identify duplicates based on document name.

40.easily find things based on metadata, as it wouldn’t be common across repositories.

41.control access via AD single sign on

42.access all enterprise documents using a single license.

          43.centrally audit access and changes to metadata.

What are your risks?  Your risks are huge!

 

 

 

 

 

Month List