The Enterprise Content Management (ECM) challenges of managing ‘Records-in-Place’

The Challenge

An interesting challenge for Records Managers, Knowledge Managers and CIOs is the newer document management paradigm of being asked to manage all content according to the ‘Records-In-Place’ paradigm, without a single central repository. That is, to be responsible for all content across a myriad of locations controlled by a myriad of applications and a myriad of departments/organizations and people.

We all realize that Enterprise Content Management, or Content Services as it is now called by Gartner, is a moving target, constantly evolving with new challenges and new paradigms.

For example:  

• How do we filter out only relevant information from social media?
• How do we avoid capturing personal data and being culpable under privacy laws?
• How do we capture all emails containing sexism, racism and bullying without being guilty of an invasion of privacy of the individual?
• How do we meet all of our compliance obligations when our staff are spread across multiple states/counties/provinces and multiple countries with different legislation and compliance requirements?

All weighty challenges for the modern Records Manager, Knowledge Manager or CIO. Now we have a new challenge, how to manage multiple silos of information without a central repository.

Multi-Repository (multi-Silo) Systems

In multiple-repository systems we find multiple document stores or silos, local files, network file shares, local data bases, multiple file servers, multiple copies of SharePoint and multiple Cloud repositories like Dropbox, Box, iCloud, Google Cloud Storage and other hosted document storage. The CIO may proudly claim to manage multiple information silos but what he or she really has is a laissez faire document management ecosystem that may well be centrally monitored (hopefully) but is most certainly not centrally managed.

In the multiple silo model, the documents in our multiple locations are ‘managed’ by multiple people and multiple and independent applications (e.g., SharePoint, Google Docs, Office 365, etc.). We may have implemented another layer of software above all these diverse applications trying to keep up with what is happening but If I am just ‘watching’ then I don’t have an inviolate copy and I don’t have any control over what happens to the document. I am unable to enforce any standards. There is no ‘standard’ central control over versioning or retention and no control over the document life cycle or chain of evidence.

For example, you wouldn’t know if the document had since been moved to a different location that you are not monitoring. You wouldn’t know if it had been deleted. You wouldn’t know its relationship to other documents and processes in other silos. You wouldn’t know its context in your enterprise and therefore you wouldn’t know how relevant this document was. The important distinction is that under the multiple silo model you are ‘watching’ not managing; other multiple pieces of software are managing the life cycles and dispositions of the documents independently.

All you really know is that at a certain point in time a document existed and what its properties were at that time (e.g., historical ‘natural’ Metadata such as original filename, author, date created, etc.). However, you have no contextual Metadata, no transactional Metadata, no common indexing and no common Business Classification System. In this case, you don’t have a document management system, you have a laissez faire document management ecosystem, an assortment of independently ‘managed’ information silos. Most importantly, you are not able to link documents to business processes that transcend organizational structures and silos.

What are the issues?

Sure, SharePoint and Cloud silos make collaboration easier but at what cost? What can’t we do with this multi-silo ecosystem? Why doesn’t this solution meet the best-practice objectives of an enterprise Document Management System? What are the major areas where it falls short? How does the proliferation of multiple silos and content repositories affect us? What are our risks? Here is my assessment of the major shortfalls of this ‘Records-In-Place’ paradigm.

We are unable to: 

1. extract the critical insights that enterprise information should provide
2. define all the relationships that link documents to enterprise business processes
3. find the right information at the right time
4. provide a single access point for all content
5. Implement an effective, consistent enterprise-wide document security system
6. effectively protect against natural or man-made disasters
7. produce evidence-standard documents
8. minimize document handling costs
9. guarantee the integrity of a document
10. guarantee that a document is in fact the most recent version
11. guarantee that a document is not an older copy
12. minimize duplicate and redundant information
13. meet critical compliance targets like Sarbanes-Oxley Act (SOX) and the HIPAA
14. create secure, searchable archives for digital content
15. effectively secure all documents against loss
16. implement common enterprise version control
17. facilitate enterprise collaboration
18. Improve timeliness
19. manage enterprise document security and control
20. manage smaller and more reliable backups
21. achieve the lowest possible document management and archiving costs
22. deliver the best possible knowledge management access and search
23. guarantee consistent content
24. optimize management and executive time
25. standardize the types of documents and other content can be created within an organization.
26. define common use template to use for each type of document
27. standardize the Metadata required for each type of document
28. standardize where to store a document at each stage of its life cycle
29. control access to a document at each stage of its life cycle
30. move documents within the organization as team members contribute to the documents' creation, review, approval, publication, and disposition
31. implement a common set of policies that apply to documents so that document-related actions are audited, documents are retained or disposed of properly, and content that is important to the organization is protected
32. manage when and if a document has to be converted from one format to another as it moves through the stages of its life cycle
33. guarantee that all documents are treated as corporate records, that common retention policies are applied determining which documents must be retained according to legal requirements and corporate guidelines
34. guarantee enterprise-wide Regulatory compliance
35. produce an enterprise-wide audit trail
36. share information across departmental and/or silo boundaries
37. centrally manage the security access to documents/information across different areas of the organization
38. consistently classify documents as each repository may be used by a different department and be classified differently  
39. identify duplicates based on document name
40. easily find things based on metadata, as it wouldn’t be common across repositories
41. control access via AD single sign on
42. access all enterprise documents using a single license
43. centrally audit access and changes to metadata

What are your risks?  

Your risks are huge!