5/19/2016
1
ERM: the Basics of Managing Electronically Stored Information
Georgia Records Association Annual Conference – Callaway GardensJune 15, 2016
Marry-Ellyn Strauser, CRMDirector, Records & Information Management
Federal Reserve Bank of Atlanta
1
Today’s Journey
Strategy & Approach
Research & Planning
Fortify the Foundation
2
FoundationLevel-setting as you start the journey
3
5/19/2016
2
The Digital World
Data
Information
Records
4
What We’re Talking about Today
1% 5%
25%
69%
Business Information
Litigation Hold ≈ 1% Records ≈ 5% Business Value ≈ 25% Digital Debris ≈ 69%
Source: Forbes online, “Defensible Disposal: You Can't Keep All Your Data Forever” July 17, 2012
5
Today’s Business Records
Born digital Applications Word Processing documents Spreadsheets Presentations Email Social Media
Born physical. . . so let’s scan them! Let’s do a cost analysis first & consider
the following:Retention periodBusiness use & activityHistoric/research value
6
5/19/2016
3
Where Do They Live? Applications/databases
Data warehouses
Cloud
ECM – electronic content management systems
EDM – electronic document management systems
ERM – electronic records management systems
External media
Google docs
Internet sites
Intranet sites
Personal drives
Shared drives
SharePoint
Social media
Websites
7
Question: What is a record?
Answer: It depends on your perspective.
8
A User’s View
<Blank Stare>HR documents Accounting documents Not my documents Dept. specific work product
“We don’t have any records”
9
5/19/2016
4
An IT View
Records are an efficient way to store and access data. Since each record may contain multiple data types, a single record may include many different types of information. For example, a personnel record may contain an ID number, name, birthdate, and photo, which are all different data types. Individual fields within the personnel record can be easily accessed or compared with other records using a database query. Additionally, records can be easily created, modified, and deleted without affecting other data in the database.
Source: TechTerms.com10
An IT View
Records are an efficient way to store and access data. Since each record may contain multiple data types, a single record may include many different types of information. For example, a personnel record may contain an ID number, name, birthdate, and photo, which are all different data types. Individual fields within the personnel record can be easily accessed or compared with other records using a database query. Additionally, records can be easily created, modified, and deleted without affecting other data in the database.
Source: TechTerms
11
A RIM View
“. . . information that has business, operational, legal, fiscal, or historical value to the organization and that memorializes or evidences the organization, business activities, events, operations, transactions, decisions, procedures, policies, final work products, or legal obligations.”
12
5/19/2016
5
A RIM View
“. . . information that has business, operational, legal, fiscal, or historical value to the organization and that memorializes or evidences the organization, business activities, events, operations, transactions, decisions, procedures, policies, final work products, or legal obligations.”
13
Archivist’s View of Archival Records
Materials created or received by a person, family, or organization, public or private, in the conduct of their affairs that are preserved because of the enduring value contained in the information they contain or as evidence of the functions and responsibilities of their creator.
Source: SAA14
Varieties of E-Records
Structured records
Unstructured records
Records repository
System of Record
Official Record
15
5/19/2016
6
E-Records
Structured records
Electronic records that combine data from fixed fields within a database management systems
HR Systems – PeopleSoft
CRM Systems - SalesForce
16
E-Records
Unstructured records
Electronic records where the content itself is not organized within database management systems
MS Office documents
17
E-Records
Records repository Place where the records reside
My Docs
Shared drives
SharePoint
Databases
E-Systems
External media
18
5/19/2016
7
E-Records
System of Record Privacy Act - system of records contains
information that is retrieved by an individual's name or other unique identifier.
PII – “information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc."
Source: GSA19
E-Records
Official Record
1. record created by, received by, sanctioned by, or proceeding from an individual acting within their designated capacity; 2. complete, final, and authorized copy of a record, especially the copy bearing an original signature or seal.
Source: SAA20
Research & PlanningDefining what you must have, would like to have, and what you can you live without
21
5/19/2016
8
Considerations
RIM functionality
Risk
Cost
Repository’s Lifecycle Status
22
RIM Functionality
RIM Capability Required/Optional
Identify/search/retrieve records Required
Apply metadata to records Optional
Destroy/delete records accordingto retention periods and retain destruction documentation
Required
Export/transfer records Optional
Exclude “Holds” from disposition
a.Place records on legal orbusiness hold and/or
b.Exclude records on hold fromdisposition (i.e. destruction)
Optional
Required
23
Records Risk
What’s your organization’s tolerance for risk?
What factors should you consider?What would happen if you couldn’t
produce the record?What would happen if you were
hacked?How sensitive is the information?How prevalent is the information?Small group of internal staffOrganization wide 24
5/19/2016
9
Records Risk
Exposure to risk dollars
e-Discovery cost per GB repository size = Exposure
$17,500/GB 200 GB = $3.5 million
25
Cost
Hard dollars Consulting fees
Software
Equipment
User training (3rd party provider)
Soft dollars Internal IT
User training (internal provider)
Project duration26
Lifecycle Status
New
Active – major upgrade/update within x months/years
Active – steady state
Active – decommissioning within x months/years
Decommissioned
27
5/19/2016
10
Repository Profile 1
Item Findings Results
Records Risk Rating
1. Used organization wide2. $150K risk exposure3. No PII or other sensitive
information
Moderate
Costs to add RIM Functionality
Software Upgrade – manual process
$37,000
Lifecycle status Repository is planned for continued use for the next 3 to 5 years
Active –steady state
Recommendation Business decision unique to your organization
28
Repository Profile 2
Item Findings Results
Records Risk Rating
1. Used organization wide2. $1.5 million risk exposure3. HR records
High
Costs to add RIM Functionality
Software Upgrade – manual process
$37,000
Lifecycle status Repository is planned for continued use for the next 3 to 5 years
Active –steady state
Recommendation Business decision unique to your organization
29
Changing the Paradigm
RIM is a journey
RIM professional is a jack-of-all trades and a master of one
Reframe RIM to align with your organization’s
Values
Goals
Objectives
Risk tolerance 30
5/19/2016
11
Your Roadmap
Where do you want your program to be Long-termMid-term – the next 3 to 5 years Short-term – Years 1 and 2
31
Selling RIM
Craft your message for your audienceYour goal is to make your audience
think, feel, and actEngage themMake your message relatableRemember risk is relativeSell benefits
32
Strategies
Raise awareness with basic concepts Records Business information Digital debris Risk exposure
Add value through small victories What are your organization’s pain points? Teach them something new about the tools they
already have Clean-up, organize, manage with tools that fit the
repository
Go for the gold Update policies & procedures Update practices – get that seat at the table
33
5/19/2016
12
A Simple ApproachRIM is a journey. Build on small victories.
34
Built-in Tools
Clean-up with Windows Explorer Properties Sort Document preview Search
Organize & Manage with standardization Naming Conventions Folder Structures
35
Naming Conventions
UVA
36
5/19/2016
13
Traditional Folder Structure – 3 Folders Deep
Level 1
Level 2
Level 3
37
Modified Folder Structure – 2 Folders Deep
Level 1
Level 2
38
Naming Folder Structure – 1 Folder Deep
39
5/19/2016
14
Questions?
40
Top Related