Information Lifecycle Governance Surabhi Kapoor & Jan Lambrechts
Information Lifecycle Governance Executive Overview 1
Introduction to Information Lifecycle Governance 2
It s no longer about one thing Volume Velocity Variety 12 terabytes of Tweets create daily Analyse product sentiment 5 million trade events per second Identify potential fraud 4 terabytes/site/day average surveillance video Monitor events of interest 15 petabytes 500 million 80% info growth of new information daily call detail records per day is unstructured content Determine relevance Prevent customer churn Improve customer satisfaction 3
Very Simple Savings Proposition: Dispose of Unnecessary Data Enterprise Information Everything Else 69% Subject to Legal Hold 1% Regulatory Record Keeping 5% Has Business utility 25% Hold & Collect Evidence Archive for Value & Dispose Retain Records & Dispose Dispose of unnecessary data Cost & Risk Reduction Enables Disposal Cost Reduction Normalises growth curve %s based on CGOC Summit 2012 Survey 4
Our Customers Find Data Growth Outpaces Storage Budget and Business Processes Run rate costs rise continuously, consume more of budget Curbs storage growth, lowers run rate permanently Governance processes have not matured to reflect volume, this leads to excess data and cost as well as operational challenges that in turn contribute to risk. ILG Program: Process Improvement, Expertise and Technology Value-Based Archiving & Defensible Disposal Extend and automate retention management Automate the legal holds and ediscovery process Information Lifecycle Governance Strategy Lowers Costs and Risks, Addresses Root Cause for Systemic Improvement 5
Silo Processes: Holds & Retention Don t Tie to Asset Form Doesn t Serve Intended Function in Information Environment Legal holds defined by employees involved Tracking laws on a spreadsheet Thousands of legal matters a year Thousands of employees subject to hold, but relying on IT to preserve data Notices sent to employees directly; Records and IT not informed High legal (review) cost a function of total information volume DUTY Matter Hold VALUE Department ASSET Systems Retention Schedule DUTY Laws & Regs Schedules documented by record class Covers regulated information and may not encompass business value Policies published on a web site for employees and IT, reliance on employees to manage records Insufficient or unauditable location for electronic records Information IT has most of the data organised by asset code -- but no visibility to legal duties or business value 800% or more data growth in 5 years but budget needs to come down Unaware that legal risks and responsibilities have been shifted to it No physical link between legal obligations (holds), regulatory requirements (records, privacy), business value and servers or information 6
The Risk, Cost and Value of Data 7
Compliance Tax, Rising Risk and Declining Value Value Economics Peak Value Period Peak Cost Period Risk Cost-to- Value Gap Risk-to- Value Gap Cost Value Time Value = Total Cost Business need and benefit is highest 0 Value > Cost = Compliance Tax Business need lapses, retained for regulators need Total Cost >> Purpose = 0 Regulators need lapses, inability to efficiently dispose 8
The ILG Processes 9
Information Economics: Tying Supply to Demand, Optimising Value, Cost & Risk DEMAND: What the organisation needs SUPPLY: What IT supplies BUSINESS VALUE Customer, product and market information that drive shareholder value DUTY & RISK Evidentiary obligation to keep as potential or actual evidence Privacy obligations to dispose of unnecessary data or protect with certain standards INFORMATION ASSETS Application portfolio Collaboration and office tools Messaging Storage Back up and D/R DUTY & RISK Regulatory duty to retain information Laws for information in the countries we do business in 10
The Program Will Optimise 18 Business Processes & Mitigate Inherent Risks 11
Cost Drive Out 12
Process Maturity Affects 4 Cost Buckets 4 Cost Levers Program Actions to Reduce Costs Storage Infrastructure storing data with no utility Storing data at a cost higher than data value 1 2 Dispose of data with no utility Archive aging data and store at right cost ILG Program will dispose of data allowing removal of infrastructure by: Identifying and attaching business value to data Identifying and securing records that are legally required to be maintained Securing data currently on legal hold Result: Disposal of data with no business value or legal obligation resulting in large reduction in storage capacity Remove legacy data from largest Mainframe applications through moving to an archive file off the production application MIPS reduction occurs as MIPS no longer consumed for data I/O in processor Reduction in MIPS related vendor charges Applications supported without real business value 3 Decommission applications, Dispose of data Expand decommissioning of applications with no business value by providing access to the data without the current application or supporting infrastructure Accelerate the pace of application decommissioning through the use of a decommissioning factory ediscovery Vendor Spend 4 Reduce data processed and reviewed Review volume reductions through 3 levers: Review only relevant data through more accurate, iterative culling Settle cases prior to expensive review when appropriate Collect less data for evidence after disposing of legacy data 13
The Technology Solution 14
The Solution Enables Disposal from Policy to Data Source: Capabilities Unified approach to define & syndicate governance policies and decisions on what information to preserve, retain, archive, protect and delete. Retention Policies & Schedules (Taxonomy, law library, master schedules, business inventory, privacy requirements) Legal Holds & Collections (Scope sources and custodians, action holds and preservation notices) Governance Map & Defensible Disposal ( Data source catalog, risk dashboard, asset/obligation transparency) Policy Syndication (Policy Connectors syndicate to systems with data custody) Policy and rules for what and when to retain, hold, collect and dispose Efficient, systematic policy and decision execution in systems so that structured and unstructured data is managed by business value and legal / regulatory needs Syndicate policy to native sources for execution or collect data to automate manage-byvalue and dispose of unnecessary data Structured Data Archives (Structured data archive, compression and disposal execution) Prioritize & Understand Structured Data (Database prioritisationsize and complexity and Data Model Discovery) Structured Data Sources (Applications) Records Repositories & Federation (Organise regulated content and Dispose) Unstructured File & Email Archives (Manage unstructured content by value and execute holds & retention policy) Classification and Collection of Unstructured Data (De-duplication, classify and execute retention and hold policy) Unstructured Data Sources (File Shares, SharePoint, Email, etc.) Evidence Mgmt & Assessment (Hold automation, evidence management & Analysis) 15
The Solution Systematically Links Obligations and Value to Assets to Address Root Cause, Lower Cost and Risk DUTY VALUE DUTY Matter Department Laws & Regs Hold Systems ASSET Retention Schedule Information LEGAL BUSINESS IT RECORDS PRIVACY Modernise ediscovery Process Precise, reliable legal holds Assess evidence in place, collect less Lower legal risk, cost State Information Value Guidance on information utility Participate in volume reduction Align around value Optimise Information Volume Dispose and retire unnecessary data Optimise storage based on value Lower information cost Modernise Retention Process Address electronic information Executable schedules can be automated Lower legal risk, cost Modernise Privacy Process Protect Sensitive Information Enable data deidentification or deletion Lower legal risk, cost 16
The Approach 17
Our Approach With your sponsorship, we will conduct an opportunity analysis And deliver a fact-based assessment of total savings opportunity and a full plan to realise those savings 18
ILG Assessment Structure We take a systematic approach to business case development: Where are you today (A)? Where do you need to be (B)? What needs to happen (P) to get from A to B? How much will P cost and what Return on Investment will it provide in terms of savings and compliance? As Is Assessment Define Future State Gap Analysis Develop Business Case Process Assessment Target Maturity Level Process Gaps Assessment Summary Cost & Risk Profile Governance & Policies Costs and Savings Identification Information Economics Capability Assessment Capability Required Capability Gaps Governance Approach Policy & Governance Assessment Target Objectives Policy & Governance Uplift Cost / Benefits Communication 19
Maturity Assessment Process The CGOC Maturity Assessment framework will be used to enable a structured assessment of the organisation s current state. 1 2 3 The assessment will generate a heat map, which will enable us to understand and represent the as is state of 4 ILG Maturity. Interviews will be conducted with the customer s executives and staff to assess ILG Maturity based on the questionnaire and artefact assessment. ILG Maturity uplift roadmap and action plan will be delivered as a result of this process 20
Business Value Assessment What we will need from you 21
Business Value Assessment SMS will conduct a thorough business value assessment of the current information governance processes and technologies within your organisation. With the facts gathered during the interviews and workshops with key stakeholders, we will prepare an analysis of the current processes, recommended process improvements and the risk and cost reductions associated with those improvements. In the executive report, we will provide an analysis of the costs and risks of the current practices in the areas assessed and a statement on the future practices with your solution in place. 22
Questions? 23
TelSoc.org