slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Enterprise Records Knowledge Conference 2010 The FOG of Information Governance Information Governance Architecture and I PowerPoint Presentation
Download Presentation
Enterprise Records Knowledge Conference 2010 The FOG of Information Governance Information Governance Architecture and I

Loading in 2 Seconds...

play fullscreen
1 / 34

Enterprise Records Knowledge Conference 2010 The FOG of Information Governance Information Governance Architecture and I - PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on

Enterprise Records Knowledge Conference 2010 The FOG of Information Governance Information Governance Architecture and Implementation. May 20 th , 2010 Sacramento, California. Agenda. Introduction Challenges of Information Governance Realities on the ground Information Governance Platforms

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Enterprise Records Knowledge Conference 2010 The FOG of Information Governance Information Governance Architecture and I' - etoile


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Enterprise Records Knowledge Conference 2010

The FOG of Information GovernanceInformation Governance Architecture and Implementation

May 20th, 2010

Sacramento, California

agenda
Agenda
  • Introduction
  • Challenges of Information Governance
  • Realities on the ground
  • Information Governance Platforms
  • Information Governance Programs
  • Examples
  • Discussion
speaker
Speaker

Bassam Zarkout

Chief Technology Architect

RSD Corporation

Email: bza@rsd.com

Mobile: 1-613-7913033

rsd corporate background
RSD Corporate Background
  • Founded in Geneva, 1973
    • Offices in New York, London, Paris, Zürich, Madrid
  • More than 1,200 customers worldwide
    • Over 2,000,000 users
  • Pioneer in high-volume mainframe report and output management
    • EOS (Enterprise Output Solution)
  • Innovator in records and document management, and Information Governance
    • RSD Folders
    • RSD GLASS™
agenda1
Agenda
  • Introduction
  • Challenges of Information Governance
  • Realities on the ground
  • Information Governance Platforms
  • Information Governance Programs
  • Examples
  • Discussion
corporate challenges
Corporate Challenges
  • Information Governance (IG) challenge
    • An urgency at the executive level in every enterprise
  • Initial efforts to “tame the beast” have resulted in…
    • Solutions with unsound designs
    • The proliferation of content repositories
    • Skyrocketing management and admin overhead costs

Patriot Act

Growing urgencyto gain controlof this dynamic

Basel II

SEC 17a-4

MiFID

Title 21 CFR 11

DoD 5015.2

managing corporate risk is critical
Managing Corporate Risk is Critical
  • Managing information-related risks is critical
    • Enabling legal and regulatory compliance
    • Maximizing operational value of information assets
    • Improving competitiveness
  • Three key terms to explore
    • Governance, Risk Management, and Compliance
    • Enterprise Information Management
    • Information Governance

Enterprise Information Management

Business Intelligence

Governance, Risk Management, and Compliance (GRC)

Information Governance

Physical

Security

Financial

Reporting

Compliance

ECM

RM

Imaging Systems

IDARS

what does information governance provide
What does Information Governance provide?
  • Solve RM problem
    • Too much information
    • No easy mechanism to address compliance and disposition
  • Address eDiscovery problem
    • Reduction of ESI discovery burden for information retained
    • Information accessible within authenticated and auditable context
  • Address compliance and legal concerns
    • Compliance and legal requirements are enforced within Information Governance (IG) policy, procedures and methods
  • Bridge gap between RM and IT
    • Management by policy enforcement at a Tier 2 level or below
  • Address cost of governance
    • Efficiently manage very large records management programs
  • Integrate functions of managing record lifecycle
    • Retention and disposition, ediscovery, data privacy, system overhead costs, auditability, etc.
managing corporate risk is critical1
Managing Corporate Risk is Critical

Enterprise IG Platforms

Federated RM

eDiscovery

Email Archiving

Electronic RM

New Laws?

New Regulations?

Financial

Crisis 2008

HIPAA

New Laws?

Morgan Stanley

E-Discovery irregularity fine $1.58b

New Regulations?

Enron Scandal

Sarbanes-Oxley

Zubulake-UBS Warburg

FRCP 2006

Goldman Sachs

9/11

Patriot Act

DoD 5015.2

MoReq

information governance challenges
Information Governance Challenges

Patriot Act

Complexity of requirements growsexponentially with size of organization

Basel II

SEC 17a-4

Current

Generation

Solutions

MiFID

Title 21 CFR 11

DoD 5015.2

legal and regulatory landscape
Legal and Regulatory Landscape

Hundreds and in some cases thousands of laws and regulations

* Depending on vertical

agenda2
Agenda
  • Introduction
  • Challenges of Information Governance
  • Realities on the ground
  • Information Governance Platforms
  • Information Governance Programs
  • Examples
  • Discussion
realities on the ground
Realities on the ground

End Users

End Users

Laws

Regulations

Internal Policies

Best Practices

Etc.

Content Producers

- MS Office

- MS SharePoint

- Alfresco

- Business Applications

- Other

Content Consumers

- MS SharePoint

- Alfresco

- Business Applications

- Other

Privacy

Officer

Legal

Counsel

Risk

Officer

Security

Officer

Other

Officer

Compliance

Officer

The FOG of Information Governance

Corporate Records Retention Schedule?

Capture Information?

Retrieve Information?

Security?

Cost Governance?

eDiscovery & Holds?

Lifecycle Event Sources

- Business Applications

- Processes

Data Privacy?

Corporate

IT

Standard Metadata Definitions?

Events that impactinformation lifecycle?

System Admin?

Business

Managers

Records

Management?

Storage ILM?

Corporate

RM

BOD

Federated RM

Functionality?

Other Jurisdictions

Jurisdiction C

Jurisdiction n

Jurisdiction A

Other Repositories

RSD Folders

ECM

System

ECM

System

Other Repositories

types of record formats
Types of Record Formats

- Paper

- Film

- Fiche

Unstructured content

(high volumes)

- MS-Office

- PDF

- Other

Other

- MS Exchange

- Lotus Notes

- IM

- Other

Entries in data warehouse

Structured content

(very high volumes)

Entries in SQL Database

- AFP

- PDF

- Other

multiple facets of information lifecycle policies
Multiple facets of information lifecycle policies

Legal

Counsel

Security

Officer

Other

Officer

Privacy

Officer

Privacy

Officer

Risk

Officer

Compliance

Officer

IT

IT

IT

RM

multiple facets of information lifecycle policies1
Multiple facets of information lifecycle policies

Legal

Counsel

Security

Officer

Other

Officer

Privacy

Officer

Risk

Officer

Compliance

Officer

?

Corporate

IT

Declassify Record

Comply with government

de-classification requirements

Dispose of Record

Comply with legal and regulatory

record retention requirements

Anonymize Record

Comply with Privacy requirements

Declare as Record

Comply with legal and regulatory

record retention requirements

Move Content to Storage Tier n

Reduce costs of storing content

Operational Usage of Content

Delete Content Index

Reduce costs of storing content indexes

Corporate

RM

BOD

days

weeks

months

years

decades

evolution in the solutions landscape
Evolution in the solutions landscape

Current Solutions Landscape

To be continued…

Structured Content Repositories

RM

ECM

IDARS

Data Privacy

Policies

Control & Admin

Policies

Control & Admin

Repository

eDiscovery

Policies

Control & Admin

Repository

Policies

Control & Admin

Policies

Control & Admin

Repository

Policies

Control & Admin

Repository

Next Generation Intelligent

Content Addressable Storage Repositories

Policies

Control & Admin

Repository

Size of bubbles not to scale

agenda3
Agenda
  • Introduction
  • Challenges of Information Governance
  • Realities on the ground
  • Information Governance Platforms
  • Information Governance Programs
  • Examples
  • Discussion
evolution in the solutions landscape1
Evolution in the solutions landscape

Current Solutions Landscape

Creative Solution Strategy

Structured Content Repositories

RM

Corporate Information

Governance Policies

ECM

Rules

(Policies)

IDARS

Data Privacy

Information Governance

Corporate/Regional/Jurisdictional

Control and Administration Processes

Policies

Control & Admin

Policies

Control & Admin

Repository

eDiscovery

Policies

Control & Admin

Repository

Tools

(Control &Admin)

Data

Privacy

Audit

Mgmt

Records

Mgmt

Policies

Control & Admin

eDiscovery

Other

Policies

Control & Admin

Repository

Policies

Control & Admin

Repository

Information Repositories

Regional/Jurisdictional/Local

Next Generation Intelligent

Content Addressable Storage Repositories

Tools

(Repositories)

Content in

Data Whse

Content in

ECM Systems

Policies

Control & Admin

Repository

Content in

IDARS

Content in

CAS Systems

Size of bubbles not to scale

key differences with existing rm ecm technologies
Key Differences with existing RM/ECM Technologies
  • Modular architecture aligned with emerging market specifications
  • Comprehensive repository-independent IG policy
    • Human readable (Web or PDF based)  analog policies
    • Application readable/integratable  digital policies
  • Integration of all facets of the record lifecycle
    • Retention and disposition
    • Security declassification lifecycle
    • Data privacy lifecycle
    • Migration of electronic records across storage tiers (storage ILM)
    • Metadata lifecycle (very granular)
    • Content index lifecycle
    • Other
  • Standardized record metadata definitions
  • “Business” and “Operational” events integrated with lifecycle functions of IG Platform
enterprise information governance solution platform
Enterprise Information Governance Solution Platform

Information Governance

Steering Committee

End Users

End Users

Laws

Regulations

Internal Policies

Best Practices

Etc.

Content Producers

- MS Office

- MS SharePoint

- Alfresco

- Business Applications

- Other

Content Consumers

- MS SharePoint

- Alfresco

- Business Applications

- Other

Privacy

Officer

Legal

Counsel

Security

Officer

Risk

Officer

Other

Officer

Compliance

Officer

Enterprise Information Governance Solution Platform

Information Governance Policies

- Retention and Disposition

- Data Privacy

- Discovery

- Migration across storage tiers

- Standard Metadata Definitions - Other

Capture Information

Retrieve Information

Security

Cost Governance

eDiscovery & Holds

Lifecycle Event Sources

- Business Applications

- Processes

Standard Metadata Definitions

Data

Privacy

EDiscovery & Holds

Corporate

IT

Standard Metadata Definitions

Events that impactinformation lifecycle

Control and

Administration

of lifecycle for

ALL information

System Admin

Business

Managers

Records

Management

Storage ILM

Corporate

RM

BOD

Enforce lifecycle actions

Other Jurisdictions

Jurisdiction C

Jurisdiction n

Jurisdiction A

Other Repositories

RSD Folders

ECM

System

ECM

System

Other Repositories

enterprise information governance solution platform1
Enterprise Information Governance Solution Platform

Information Governance

Steering Committee

End Users

End Users

Laws

Regulations

Internal Policies

Best Practices

Etc.

Content Producers

- MS Office

- MS SharePoint

- Alfresco

- Business Applications

- Other

Content Consumers

- MS SharePoint

- Alfresco

- Business Applications

- Other

Privacy

Officer

Legal

Counsel

Security

Officer

Risk

Officer

Other

Officer

Compliance

Officer

Enterprise Information Governance Solution Platform

Information Governance Policies

- Retention and Disposition

- Data Privacy

- Discovery

- Migration across storage tiers

- Standard Metadata Definitions - Other

Capture Information

Retrieve Information

Corporate IG Policies

Security

Cost Governance

eDiscovery & Holds

Lifecycle Event Sources

- Business Applications

- Processes

Standard Metadata Definitions

Data

Privacy

EDiscovery & Holds

Corporate

IT

Events that impactinformation lifecycle

Control and

Administration

of lifecycle for

ALL information

System Admin

Business

Managers

Records

Management

IG Policies

IG Policies

Storage ILM

IG Control & Admin

IG Control & Admin

Corporate

RM

BOD

Enforce lifecycle actions

Enforcement

Enforcement

Other Jurisdictions

Jurisdiction C

Jurisdiction n

Jurisdiction A

ECM

System

Other Repositories

RSD Folders

ECM

System

Other Repositories

file plan security
File Plan Security
  • ACL Security
    • Inherited from Master Classification
    • Inherited from parent to child within File Plan
    • ACL assignments can be modified by Security Officer or Administrator
  • Security Classification
    • Inherited from Master Classification
    • Inherited from parent to child within File Plan
    • Security Classification can be increased but NOT decreased
  • Metadata-value Security
    • Inherited from Master Classification
    • Inherited from parent to child within File Plan
    • Right to change field value limited to authorized Security Officers
  • Repository Security
    • Security assigned to Object in Repository respected in IG Platform
  • Security Accreditation (used within US DoD)

http://www.archives.gov/isoo/training/marking-booklet.pdf

http://metadata.dod.mil/mdr/irs/DDMS/documents/ICS2007-500-2SecurityMarkingMetadata.pdf

information governance platform benefits
Information Governance Platform Benefits
  • Enable legal and regulatory compliance
    • Mitigate overall corporate risks by supporting the implementation and operation of an effective and agile enterprise-wide Information Governance Program
  • Maximize operational value of information assets
    • Address pressing needs for advanced content access and information lifecycle management
    • Transparent access to corporate content in all repositories (structured and unstructured)
  • Improve competitiveness
    • Provide cost governance capabilities through the use of advanced IT-centric as well as business and compliance centric information lifecycle functions
      • Reduce overall cost of infrastructure
      • Reduce overall cost of storage
      • Reduce amount of information stored on Tier 1 storage through granular management of information lifecycle
agenda4
Agenda
  • Introduction
  • Challenges of Information Governance
  • Realities on the ground
  • Information Governance Platforms
  • Information Governance Programs
  • Examples
  • Discussion
information governance programs
Information Governance Programs
  • Definition
    • IG Programs support compliance and accountability regarding corporate information throughout their lifecycle
  • Primary objectives
    • Enable legal and regulatory compliance and mitigate related risk
    • Maximize operational value of information assets
    • Improve competitiveness

Information Governance Programs

RM Programs

information governance programs1
Information Governance Programs
  • Superset of RM Program
  • Features analogous methodologies and processes
    • Create and manage corporate policies and procedures about how information should be “properly looked after” consistently
    • Carry out policies and procedures
    • Enforce policies on corporate information
    • Maintain audit trail of these activities

Information Governance Programs

RM Programs

main activities in the ig program
Main activities in the IG Program
  • Develop and maintain IG policies and procedures at corporate and jurisdictional levels
    • IG Steering Committee
  • Deploy IG policies and procedures into jurisdictions
  • Manage information lifecycle in business units and department
    • Perform control and administration of IG activities
    • Enforce IG lifecycle actions on information
  • Maintain audit trail on above

Corporate

Jurisdictions & Legal Entities

Corporate

Corporate IG Policies:- Retention and disposition- Data Privacy- Electronic discovery- Lifecycle of content- Lifecycle of content indexes- Lifecycle of metadata- Other

Jurisdictions & Legal Entities

IG Policies in Jurisdictions and Legal Entities

Business Units

File Plans in Business Units controlled by IG Policies

Information Governance Steering Committee

Corporate IG Policies

Business Units

Local IG Policies (Jurisdictions)

IG Control and

Administration Activities

IG Enforcement Activities

Repository

Repository

corporate rm programs versus corporate ig programs
Corporate RM Programs versus Corporate IG Programs

Conventional Corporate RM Program

Jurisdiction #1

Corporate RM Program

Manual Retention Policy Development

Policy in Excel/Email/Paper/PDF

Management of unstructured documents

Retention policy ONLY

Little or no involvement of IT

File Plan

File Plan

File Plan

Records

Admin

Legal

Counsel

Risk

Officer

Corporate

IT

Records

Admin

Records

Admin

Records

Admin

Records

Admin

Retention

Schedule

Retention

Schedule

Manual RM

RMA

Jurisdiction #2

File Plan

File Plan

File Plan

File Plan

Retention

Schedule

Retention

Schedule

Manual Administration

of RM Program

Manual RM

RMA

Records

Admin

Jurisdiction #n

Corporate RM

File Plan

File Plan

File Plan

File Plan

File Plan

File Plan

End User

Corporate

RM

Retention

Schedule

Retention

Schedule

Retention

Schedule

RMA

Manual RM

corporate rm programs versus corporate ig programs1
Corporate RM Programs versus Corporate IG Programs

Information Governance Program

Jurisdiction #1

Corporate IG Program

All facets of Information Lifecycle

Management of all forms of records

Policies in application integratable form

Direct involvement of IT

File Plan

File Plan

File Plan

Records

Admin

Legal

Counsel

Risk

Officer

Corporate

IT

Records

Admin

Records

Admin

Records

Admin

Records

Admin

IG Policies

IG Control & Admin

Enforcement

Jurisdiction #2

File Plan

File Plan

File Plan

File Plan

Integrated Administration

of IG Program

RRS

IG Policies

IG Control & Admin

Records

Admin

Enforcement

Jurisdiction #n

Corporate RM

File Plan

File Plan

File Plan

File Plan

File Plan

File Plan

End User

Corporate

RM

IG Policies

RRS

RRS

IG Policies

IG Policies

IG Control & Admin

IG Control & Admin

IG Platform technology deployed at Corporate

Enforcement

Enforcement

information governance steering committee
Information Governance Steering Committee

Privacy

Officer

Legal

Counsel

Security

Officer

Risk

Officer

Other

Officer

Compliance

Officer

Corporate IT: Manage corporate information and IT infrastructure

Corporate RM:- Manage process of creating IG policies- Ensure that policies are up to date- Ensure policies are available to field personnel

Legal Counsel: Responsible for legal department within organization - must be able to act decisively regarding legal challenges that face organization.

Risk Officer: Manage risk matters within organization

Privacy Officer: Oversee and manage compliance with Privacy laws and regulations

Compliance Officer: Oversee and manage compliance issues within organization

Security Officer: Responsible for security matters within organizations, including data security

Other Officer: Other corporate officer

BOD: Board of Directors with primary responsibility for approving corporate IG policy

Other: Depends on organization.

Corporate

IT

Corporate

RM

BOD

agenda5
Agenda
  • Introduction
  • Challenges of Information Governance
  • Realities on the ground
  • Information Governance Platforms
  • Information Governance Programs
  • Examples
  • Discussion
discussion
Discussion

Thankyou!

Bassam Zarkout

bza@rsd.com