A GUIDE TO INFORMATION GOVERNANCE C2C Systems 2014
TABLE OF CONTENTS 1. OVERVIEW 2. IGRM REFERENCE MODEL 3. GOVERNANCE AND RISK 4. GOVERNANCE AND RETENTION 5. GOVERNANCE AND COMPLIANCE 6. GOVERNANCE AND BUSINESS INTELLIGENCE 7. COST OF INFORMATION GOVERNANCE
CHAPTER ONE OVERVIEW
What is Information Governance? Companies large and small wrestle with the notion of Information Governance. At its core, Information Governance is an all-encompassing approach to managing corporate information through the implementation of processes, controls, and metrics that treat this information as a business asset. Information Governance encompasses all the requirements as well as the outline of how companies will manage data within their entire organisation. Information Management, the corollary to Information Governance, is the collection of practical processes which are required to implement that organization s Information Governance strategy. Unstructured Data is largely unmanaged Unstructured data which makes up at least 90% of the information flowing into and through companies is largely unmanaged. Even the largest most sophisticated organisations, which have developed detailed Information Governance strategies and guidelines, are often unaware of the sheer volume of unmanaged data within their organization. This is because unstructured data begins its life unmanaged: much of this data is not created by an organization, but rather flows into it, usually as email. This poses a challenge to companies: they need to determine this data s relevance and ultimate value from attributes within the data before they apply activities such as archiving or retention or in-place deletion. Using Information Management to achieve Governance Initiatives C2C s role in Information Governance is to provide Information Management solutions that can apply policies and perform actions on unstructured data across a variety of IT projects in a consistent, repeatable, and defensible manner, regardless of where that data is found. This is critical to achieving any company s Information Governance initiatives. INFORMATION GOVERNANCE ENABLES YOU TO Manage unstructured data for its business value Automate processes in a repeatable, defensible manner Better manage infrastructure and capacity requirements Provide clean, auditable data for greater business insights
CHAPTER TWO IGRM REFERENCE MODEL
IGRM Reference Model A comprehensive Information Governance model called the Information Governance Reference Model (IGRM) has been developed by the same group who was responsible for the highly successful EDRM work model for the legal community. Information Governance Reference Model (IGRM) Linking due + value to information asset = efficient, effective management Duty Value: Asset: Legal obligation for specific Utility or purpose of Specific container of Information specific information information Information Governance Reference Model / 2012 / v3.0 / edrm.net
IGRM Reference Model Because Information Governance is multi-faceted and cross-functional, companies need clear objectives to develop a comprehensive Information Governance strategy: How should companies categorize unstructured data (metadata, subject, contents?) How will data flow through an organization based on its relevance? How will compliance regulations be satisfied? What unstructured data needs to be retained (not simply for compliance) and for how long? How can companies determine the business value of data? How do organizations need to be able to analyse and mine this retained data? How will the organization dispose of such data when it no longer has business or compliance value? Achieving IGRM-defined Information Governance Initiatives C2C s Information Management solutions are all designed with the view as to how information flows through an organization, from determining how it should be managed to ultimately deleting it. Read about specific Information tasks which can be accomplished using C2C solutions
CHAPTER THREE GOVERNANCE & RISK
Governance & Risk One of the key goals in an Information Governance framework is to mitigate risk. Companies data poses risks in numerous ways: May contain sensitive information which can compromise security and expose companies to prosecution May contain information which is considered trade or company secrets May contain sensitive company financial information May contain information relevant to ongoing investigations or legal discovery Volume leads to Risk Other risks are less obvious, but just as significant. Large volumes of retained information pose a risk, since they can escalate investigation and discovery costs. ROT (redundant, obsolete or trivial) information poses a risk that it will inflate storage and capacity costs for information without delivering any business value. To manage risk inherent in unstructured information, companies deploy Information Management solutions from C2C to help Identify and secure information that is sensitive, secure information which is potentially relevant to investigations and discovery, and eliminate information which has no identifiable business value KEY POINTS Managing risks improves overall business health Securing information which may be relevant for legal reasons helps mitigate further risk Eliminating information with no further business value reduces potential risk
CHAPTER FOUR GOVERNANCE & RETENTION
Governance & Retention Governance is not simply about retaining business information; it is about identifying the business value and drivers behind retaining such information. Retention and Deletion are both part of Information Governance Aside for emails which must be retained to comply with specific laws and regulations, most emails have a limited business value, which decreases as those emails age. A policy-driven Information Governance strategy can utilize Information Management software which automatically places a value on email through based on a series of criteria. That value can subsequently determine that data s retention and deletion schedule. Companies who have mounted deletion strategies have avoided legal sanctions and other issues because there was a sound and fairly applied business rationale behind why they retained and ultimately deleted email data. This is where C2C s Information Management solutions provide automated, rules-based, and documented processes to retain and/or delete unstructured data in a defensible manner. KEY POINTS Policy-based retention and deletion are based on business values Business information is retained only if it has value or relevance Defensible deletion is automated. Information with no value is disposed of
CHAPTER FIVE GOVERNANCE & COMPLIANCE
Governance & Compliance A substantial number of regulations, Acts and laws require companies to preserve specific email data for varying periods of time. For example, financial institutions in the US are required to preserve all communications between brokers and dealers or customers for three years, but are not required to preserve internal communications. UK organizations are required to delete personally-identifiable customer information when they no longer have a business need to retain it. Information Governance looks to ensure that preservation is occurring properly as part of a company s compliance initiatives.. Information Management systems from C2C ensure that email data is properly captured and preserved, and when it is appropriate to delete it, providing audit trails should companies ever need to demonstrate proper compliance. KEY POINTS Properly preserving information to demonstrate compliance can avoid costly fines and sanctions. Automated preservation through Information Management is the best way to meet governance objectives.
CHAPTER SIX GOVERNANCE & BI
Governance & Business Intelligence Companies want to mine hidden value out of their unstructured information; they look to Business Intelligence products to perform the mining, but these products are ineffective without both in-place Governance Framework and Information Management processes to ensure those Governance initiatives are routinely carried out. Business Intelligence relies on Information with business value An Information Governance strategy is critical for these companies to ensure that the unstructured data which they are mining is has business value. In particular, ROT can skew business intelligence routines and require an unreasonable amount of resources simply to sift through the volume of information. Companies support their Information Governance strategy by deploying Information Management software with routines that identify and delete information such as ROT which has no business value. Because such information runs the gamut from.wav files to obsolete documents, the only effective means to deal with these is an automated Information Management system that will identify and remove them without manual intervention KEY POINTS Business Intelligence succeeds only when the information being mined has value. Information Management automates the management of information with value Information with no value, that can skew business intelligence, is eliminated
CHAPTER SEVEN COST OF GOVERNANCE
Cost of Information Governance When most consultants and analysts write about how companies develop successful Information Governance strategies, they describe large companies who have assembled crossfunctional teams and identified the entire life cycle of information throughout their organizations and determined guidelines for management at each stage. Mid-market companies struggle to justify Information Governance initiatives Reality is quite different: mid-market companies in particular don t have the manpower to mount such large scale efforts, and the ROI for Information Governance tends to be measured in soft dollars. Therefore, many companies do not have a comprehensive information governance strategy. At all stages, there are costs which companies incur without some type of information governance. A company with some 25,000+ employees found it would take 100,000 man-hours to have those employees personally decide which email data to keep when the company migrated PST files. Another company found they had over 15 terabytes of duplicate email data held in perpetual secondary storage and maintained year after year. Another company had to devote three solid weeks of its legal staff s time to discover and collect relevant email from less than 25 custodians. Information Management includes those processes which achieve corporate Information Governance mandates and initiatives, and companies are finding that effective information management can be implemented from straightforward IT projects. In this way, companies grow into Information Governance versus mandating it from the top down. C2C has long been a proponent of this more pragmatic, bottoms-up approach and C2C s information management solutions all include straightforward tools to automatically apply management rules to unstructured data. KEY POINTS Information Governance can be achieved through pragmatic, project-based Information Management. Mid-market companies can realize an immediate benefit. Information Governance strategies developed from the bottom up are more easily internalized.
About C2C C2C is a leading provider of archiving and management software for email and files. Our products provide centralised control over archiving, retention, disposition, compliance, preservation and discovery of corporate data. From our initial compression product twenty years ago, to our flagship ArchiveOne Enterprise platform, C2C products are recognized for easeof-use and flexibility. C2C continues to meet the evolving needs of organisations and our customers benefit from improved server performance, reduced storage costs, improved search and discovery processes, and lower corporate risk because they manage email and data before it overwhelms them. Organisations choose ArchiveOne, C2C s data archiving solution, because it provides a seamless user experience and tightly integrates with all version of Microsoft Exchange. PST Enterprise, C2C s data management solution, helps organisations to locate, migrate, and ultimately expire data held in dark PST email containers. This allows them to consolidate resources, migrate to new architectures, and eliminate the risk inherent in old, unknown email data. C2C, a Microsoft Gold Certified Partner, was established in 1992, and is a privately-held company with offices in Reading, UK and Westborough, MA. SIGN UP FOR A FREE DEMO TODAY Request a personalised demonstration and discover how C2C s information management solutions can help optimize your organisation s messaging environment. 0118 951 1211 www.c2c.co.uk info@c2c.co.uk