© 2012 IBM Corporation

Automating Information Lifecycle Governance

Tom Utiger

ILG Competency Leader, GBS North America

Successful Implementation of Records Management WorkshopApril 18, 2012

© 2012 IBM Corporation2

My Background

Grew up in Las Vegas UC Berkeley - Physics Random IT jobs Videogame developer – My company ECM / ILG

– Pacific Gas & Electric– Charles Schwab– ZANTAZ – email archive startup– Data Empowerment Group – My company– IBM

First Records Management Job– Microfilm Tech – Clark Country Records Department

© 2012 IBM Corporation3

CIO in Hostage Situation

Company data volume increases 875% in 5 years Data management costs exceed $1B annually with

volume

Data growth is unmanageable Budget eroded by waste

Federal evidence rules extended to electronic data; “save everything”

2008 2010 20122006

IT Spend Outpaces Revenue

IT Spend Growing Faster than Revenues

© 2012 IBM Corporation4

Information growth has out paced information governance processes

High Risks & Mitigation Burden

Governance processes have not matured to reflect volume, specifically how to: Define and execute legal holds and data collection (A-F) Apply retention schedules to electronic information (G,H) Align storage and manage information based on specific legal

obligations and business value [I] Provision, decommission and dispose of data [L,M,N]

This leads to excess data and cost as well as operational challenges that in turn contribute to risk:Difficulty disposing of unnecessary data Complexity in applying legal holds Inefficiencies in data management and governance

15 governance processes impacted by high data volume such as placing holds, collecting evidence, decommissioning systems and their inherent risks, represented in A-O.

Storage: Direct Procurement Costs in Millions

Run rate costs rise continuously, consume more of budget

Our Customers Find Data Growth Outpaces Storage Budget and Business Processes

© 2012 IBM Corporation5

Value-Based Archiving & Defensible Disposal Archive to shrink storage, align cost to value Dispose rather than store unnecessary data

Extend and automate retention management Include electronic data that has business value in addition to

records for regulatory requirements Automate retention schedules across all information to enable

reliable, systematic disposal.

Automate the legal holds and ediscovery process Structure and automate legal holds process to lower risk,

increase precision, enable disposal Analyze in place to reduce unnecessary collection, processing

and review

Information Lifecycle Governance Program Executive charter for enterprise initiative Processes, capabilities and accountability to achieve cost and risk

reduction benefits through

Process improvements, expertise and technology:

Estimated Risk or Mitigation Burden Reduction

Curbs storage growth, lowers run rate permanently Program leadership, process improvement and technology from IBM

Run rate reduction and growth avoidance Run rate

Storage Direct Procurement Costs

IBM’s Information Lifecycle Governance Strategy Lowers Costs and Risks, Addresses Root Cause for Systemic Improvement

© 2012 IBM Corporation6

Silo Processes Are Misaligned: Holds & Retention Don’t Tie to Asset

Thousands of legal matters a year

Thousands employees subject to hold, but

relying on IT to preserve data

Notices sent to employees directly; records and IT

not informed

High legal (review) cost a function total information

volume

Covers regulated information and may not

encompass business value

Web site for employees and IT, reliance on

employees to manage records

Insufficient or unauditable location for electronic

records

800% or more data growth in 5 years – but budget needs to come down

Unaware that legal risks and responsibilities have been shifted to it

No link between legal obligations (holds), records, business value and servers or information

Legal holds defined by employees involved

Legal holds defined by employees involved

Information

Department

Systems

Matter

Hold

Laws & Regs

Retention Schedule

DUTY DUTYVALUE

ASSET

IT has most of the data organized by asset code --

but no visibility to legal duties or business value

IT has most of the data organized by asset code --

but no visibility to legal duties or business value

Schedules documented by

record class

Schedules documented by

record class

© 2012 IBM Corporation7

A Billion Choices for IT, None of Them Actionable

Department

System

Information

(Content itself)

Matter

Hold

Law or Regulation

Retention Schedule

DUTY DUTYVALUE

LEGAL BUSINESSRIM

IT

6500 laws6500 laws

642 codes642 codes

10 PB 10 PB

12,000

12,000

15,000

15,000

27,000 departments

300,000 people

27,000 departments

300,000 people

5,0005,000

How does IT efficiently determine which of 15,000 legal obligations apply to which departments, employees and

information assets?

How can IT clean up legacy data, retire applications and

optimize without creating new legal risks?

© 2012 IBM Corporation8

Breakthrough Solution for CIOs

1 2 3Link Value &

Obligations to Assets

Clean Up Legacy Data & Retire Applications

Assess Risk & Allocate Resources

Efficiently

Align IT investments with information

needs and value

Dispose of unnecessary data,

eliminate unnecessary cost

and risk

Reduce total cost of compliance and

reduce risk mitigation costs

© 2012 IBM Corporation9

Governance improvements and outcomes

1. Significant cost savings the CIO and GC need

2. Fundamental improvement in

information management practices

Save Money:

Dispose of unnecessary information

Save Money:

Dispose of unnecessary information

Save Money:

Remove and reduce legal

costs

Save Money:

Remove and reduce legal

costs

Save Money:

Manage information

by value

Save Money:

Manage information

by value

Reduce Risk:

Improve compliance

process rigor

Reduce Risk:

Improve compliance

process rigor

© 2012 IBM Corporation10 10

The Results: Case Study at Global 3 Pharma

A global program to manage electronic information better:

1. Dispose of unnecessary data promptly

2. Store and retrieve information easily and promptly for business use

3. Consistently store and identify Company records

4. Meet regulatory and legal requirements related to information

Which requires policies, procedures and systems to:

1. Legal hold and discovery case management system that significantly reduces the business and operational disruption required to meet legal obligations

2. Policies that comprehensively address Privacy, Information Security, Records Management and Legal requirements

3. Procedures and systems that increase efficiency of record keeping and data retrieval for business users

4. Systems that support and streamline end-user management of information needed for daily tasks and official Company records

$300 million savings

© 2012 IBM Corporation11

Financial Benefits2011: 2014 ($ M)

$27m benefit in 2012

$38m benefit in 2013

$46m benefit in 2014

$132m over 3 years

Estimated Cost Savings on Storage OnlyStorage H/W OpEx

CIO Achieves Cost Reduction Goals

Value-Based Archiving & Defensible Disposal Change Storage Growth Trajectory

The day of reckoning is here as illustrated by a client case study

© 2012 IBM Corporation12

THE SOLUTION

© 2012 IBM Corporation13

Enterprise Information

Very Simple Savings Proposition: Dispose of Unnecessary Data

© 2012 IBM Corporation14

Cut volume to cut cost

Cut volume to cut cost

Interplay Between ILG and eDiscovery(What you retain and archive will show up in ediscovery)

© 2012 IBM Corporation15

Align Information Management with Information Utility for Transformative Results

Policy and Process Integration Across Information Stakeholders Enables Disposal, Lowers Cost and Risk

Operationalize Program and Drive Business Outcomes with Structure, Defined Processes, Metrics Accountability

1. Executive SponsorshipCharter, directive and accountability for enterprise program

2. Metrics and Routine Measurement Defined dashboards with quarterly visibility on cost and risk reduction targets, operational progress and capacity

3. Program Office Coordinates across Stakeholders, Drives Achievement Ensures cross-silo engagement and progress toward maturity targets and financial objectives, change management

4. Delegates and Practice Leaders from IT, Legal, Records, and Business Mature ProcessesProcess implementation, audit readiness, capacity recommendations to leadership

5. Technology Provides Capacity to Mature, Integrate and EnableAutomates processes and ensures transparency, provides essential capacity

© 2012 IBM Corporation16

IBM Solution Summary Stakeholder Capabilities

HOLD, DISCOVERRigorous Discovery

Robust, affirmative legal holds for people, records, and data

Preserve in place automation where disposition occurs

Efficient data analysis and collection

Legal cost and risk analytics

RETAIN, ARCHIVEValue-Based

Taxonomy and regulatory requirementsBusiness value inventory

Reliable, executable retention schedules for records and information of value

Archive during period of value only Information cost and risk analytics

DISPOSEDefensible Disposal

Catalog of information value and duty by asset Legacy data clean up, application retirement

Procedures and capabilities for disposal by source Risk and cost dashboard for information portfolio

STORE, SECUREEfficient Storage

Store and optimize by valueMeet SLAs for structured and unstructed information accessILG execution capability and

enablement (holds, retention, disposal, collection) for data

Data hygiene and governance

CREATE, USEOptimal accessibility

Communicate value and durationTap governance liaisons

Access valuable information more easilyAnalytics on volume/cost of information

PROCESS TRANSPARENCYUnified Governance

Transparency across stakeholder processes

Common governance data model and enterprise map

Linkage of duties, value to information assets and business processes

Governance analytics

© 2012 IBM Corporation17

Logical Reference Model

© 2012 IBM Corporation18

Systematically Link Legal, Regulatory and Business Decisions to Data Management

EXECUTION AUTOMATIONEfficient, automated execution of legal holds, retention and disposition on file shares, records, and application data

DECISION MANAGEMENTUnified approach to decisions on what information to preserve, retain, archive, protect and delete.

Syndicated policy to native sources for execution or collect data to manage by value and dispose of unnecessary data

© 2012 IBM Corporation19

Case

Parameters

IBM Atlas eDiscovery Process Management

for Legal, IT and Employees

(Legal Holds and Collections)

IBM Global Retention Policy and Schedule Management

(Retention Policies, Schedules, and Privacy)

IBM Disposal and Governance Management

(Governance and Disposition)

Structured and Unstructured Sources (Symantec, SharePoint, Oracle, etc.)

IBM Enterprise Records

+

IBM FileNet P8

EMC Records Manager

+

EMC Documentum

IBM Optim for Data Growth

(Structured Data Archive)

IBM Classification Module, IBM Content Collector, IBM Records Federation Services

Policy Syndication (Legal Holds, Collection Instructions, Schedules)

Legal Hold

Evidence Collection

Retention & Privacy

Disposition

Example Solution Components

Connector

Legal Matter Management

IBM eDiscovery Manager and eDiscovery Analyzer

Evidence Management and Assessment

Migrate

Physical Records

© 2012 IBM Corporation20

ILG Risks Embedded in Business Processes2.21 Process Risk Posed by Process Failure

A Employees on Legal Holds Custodians are not identified and potentially relevant information is inadvertently modified or deleted

B Data on Legal Hold Actual, rogue or IT managed data sources missed in hold execution, potentially relevant information is inadvertently modified or deleted

C Hold publication IT or employees migrate, retire or modify data because they lacked hold visibility

D Legal Interviews Dynamic, diverse Information facts not considered in preservation and collection planning, data is overlooked; no follow through on information identified in custodian interviews

E Evidence Collection Collection failure from overlooked source, departing employee, incomplete prior collection inventory, communication and tracking errors

F Evidence Analysis & Cost Controls

Material issues in dispute are poorly understood until after strategy established and expenses incurred. Excessive data causes litigation costs to exceed dispute value

G Legal Record Unable to readily assemble, understand or defend preservation and discovery record. Failures in custodian and data source management. Preservation, collection detected long after occurrence and cause unnecessary remediation cost and risk

H Master Retention Schedule & Taxonomy

Company is unable to comply or demonstrate compliance with its regulatory record keeping obligations. Disparate nomenclatures for records make application of retention schedules/procedures difficult to apply and audit.

I Departmental Information Practices

IT ‘saves everything’ which increases discoverable mass, complexity and legal risk; IT disposes of information of business value undermining enterprise operation. Procedures for retention/disposal difficult to articulate and defend and unapplied by LoB.

J Privacy & Data Protection

Access, transport and use limitations are not understood by employees with information custody or collections responsibility and customers or employees rights are impacted

K Data Source Catalog & Stewardship

The type and nature of data in a system or process is poorly understood, leading to incomplete or inaccurate application of retention, preservation, privacy, and collection and disposition policy.

L System ProvisioningSystems are unable to comply with or execute defined procedures for retaining, preserving, collecting, protecting and disposing of information, exposing the company to significantly higher costs and risks

M Disposal & Decommissioning

IT is unable to dispose of data and decommission systems causing significant unnecessary cost and risk; IT improperly disposes of data causing unnecessary risk and legal or business expense

N Legacy Data Management

IT is unable to associate data with business stakeholders or ensure legal duties are met, leading to oversight in collecting evidence and unnecessary legal and operating costs

O Storage Alignment Storage is over-allocated, misaligned with business needs and consumes unnecessary capital; IT is unable to reclaim storage and eliminate cost after data is deleted causing unnecessary cost.

P Audit Unable to demonstrate reasonable efforts to establish and follow governance policies and procedures increases sanctions risks, penalties and judgments and erodes customer trust

© 2012 IBM Corporation21

Example Program Roadmap and Workstream Approach

Elaboration

Infrastructure and

Deployment

Archival & Disposal

E-Discovery

Records and Retention

ProgramManagement

Program Governance & Project Management

Steering Committee

Archive Structured & Unstructured Data RepositoriesFoundation Staging Archive Factory

Ingest existing target apps

Archive next X appsTarget Source Inventory

Archive and MonitorHandle errors and exceptions

Complete Move to Tiered Storage architecture

Configure tools for adding new data sources and alerts to IT staff

Define report/dashboard

Design/Stage/ConfigModel/Test ArchiveRollout First appsArchive first Systems

Defensible Disposal & Monitoring

Legal Hold & Collection Modernization

Design & Specify eDiscovery Future state

Install &Configure Legal Holds and Collections

Deploy policy automation and classification methods to repositories (using reference configurations) as appropriate to business process objectives

Decomissioning files, apps, serversDeploy repositories with configuration, policy automation, and classification methods

Import existing holds Establish roles, workflows, templates for legal, IT and RIM teams

Role Based User Enablement

Legal Hold & Collection Automation

Define Legal Hold & Collection Connector for Structured Sources

Define Legal Hold & Collection Connector for Unstructured Sources

Installation of enforcement technology

Implement hold & collection connectors to ECM repositories

Audit & Monitor automatic hold & collections of email, files & structured data

RIM Modernization Global Disposal SchedulesUS Disposal Schedules

Design RIM Future state

Configure Retention Policies/Schedules

Ingest US Schedule legal codes, citation references

Setup records coordinator network

Configure audit reports and audit workflow for program audits

Refine analysis reports to detect additional risk/cost savings

Establish/Advise Steering CommitteeEngage leadership, shared metrics to build momentum

Monitor cost take-outs

Guide Change Management topicsOrchestrate Communication PlanProvide Oversight & Coordination of Project Workstreams

Configure Solution for assessments, bulletins, questionnaires, dashboards

Configure Solution for systems inventory: metadata and attributes, categorization

US Records Coordinators define & map records & non-records to data source

RIM Program team audits & updates results

Configure Solution for assessments for Global Records Liaisons & LOBS

Installation of enforcement technology

Implement schedule propagation to reference repositories

Implement change management and periodic re-assessment process across record coordinator network

2012

1Q

ProgramWork Streams

Program Roadmap

Size/Scale ArchitectureDetail PlanningWork Stream Roadmap

2Q 3Q 4Q

2013 & the future

Monitor compliance & data volumes quantitatively, report & dashboards

Transition Archiving to Client staff

Source app assessment

Specify archive requirements

Establish Archival Factory process

Define roll-out planDefine Data Policy for Back-up/Archive/Disposal

Setup tools/environment

© 2012 IBM Corporation22

Contact Information

Tom Utiger

tom.utiger@us.ibm.com

Contact Information

Tom Utiger

tom.utiger@us.ibm.com