Ten Ways to Drive ILM
By James E. Geis, Forsythe Solutions Group, Inc.
With all the fear, uncertainty and doubt about information lifecycle management (ILM), it comes down to one simple question: How do you manage the information in your organization so it's protected, deliverable, organized and usable to ensure compliance? It's imperative that your people, processes and tools merge with your business drivers and overall information management framework and strategy.
Outlined below are suggestions on what companies can do, even as industry and government refine the details of ILM.
1. Partner with the legal department to understand the impact of compliance on the IT infrastructure and the organization.
Your legal department determines what laws, rules and regulations by which the entire organization must abide. Whether it's information related to regulatory compliance or Occupational Safety and Health Administration standards, this entity in your organization should provide guidance. Some regulations sweep across all types of businesses; some are focused on specific industries. Compliance can be generally summarized as such: dictating guidelines about the availability, authenticity, accessibility, security and recoverability of information as well as the documentation and audit-trail processes for ensuring compliance. Know how each of these facets is addressed by your information management practices.
2. Examine information and security policies.
Information and security policies provide clear and concise guidelines for how to handle unpredictable situations that have vague outcomes. For example, should you have the unfortunate circumstance of being involved in litigation that involves some electronic information, the court is more likely to be on your side if a policy outlines the treatment of that information, whether it was audited for use, that the policy was followed, and that the policy was based on some compliance regulation and reasonable business practice. Here is the policy test: How is the business supposed to act in this specific situation?
3. Evaluate current paper methods for managing information and archiving.
What happens to a letter, fax or signed contract after you receive it? Where does it go? How is it indexed, archived or filed? Does it get shoved in a box and go to a warehouse, or is it in a file cabinet? Can you find it again, and how easily can you find it? Whether your paper process is good or bad, examine that process, improve it based on policy and best practices, and use it as your starting point for managing electronic information, making sure that paper and electronic methods are consistent.
4. Understand information flow through the organization.
Who sees what and why are they seeing it? Understanding information flow means seeing that everyone has the appropriate data-access rights. It means the organization monitors its e-mail and instant message traffic to know who is sending and receiving what information. This is done to avoid potential problems, such as having a price list or an internal memo go to someone's Hotmail account or, worse yet, to a competitor.
5. Review, classify and categorize all the different types of information within the organization .
It's not just punch cards anymore. We now have hundreds of types of information, and it will be some time before we have the magic tool to correlate it all. Know what types of information you have. Know definitively if it's mission-critical or disposable and what its access rights are. Then treat it appropriately.
6. Start the ILM socialization process now and integrate it into corporate culture.
Employees need to know that the company owns all information on company networks, and that all electronic information could be a potential evidentiary fact in litigation. Legally, employees have no privacy rights when it comes to their electronic mailbox. Has your organization written a policy on appropriate use of information? Until your employees have been educated on the policy and have signed an acknowledgement form stating that they have been educated and understand it, there is a larger opportunity for problems. Inappropriate e-mail, computer crime and security breaches (whether from the inside or outside) put your company at risk.
7 . Understand the people and processes as related to information management.
Organizations must know who owns and has responsibility for the integrity and validity of their information. Similar to No. 6 above, it's important that each employee understands his role in the information management process. Almost every employee processes some form of electronic information daily. The key question for concern is: How do they handle that information?
8. Review current information management tools and assess new tools.
The stark reality is that this is the most immature piece of the overall information management framework. The more structured the information (databases, e-mail, etc.), the more mature the tools for managing and organization. The less structured, the more complicated the task becomes since generally no organization is inherent to that specific "type" of information. Companies now have faxes, scanned documents, medical images and numerous other types of electronic documents that have no single tool to correlate their relationship.
9. Analyze your information management framework to understand readiness.
Your information management framework is the compilation of policy, process and technology that supports the delivery of information. At the top, policy is influenced by many factors -- mainly compliance, as well as operational and financial drivers. Your policies then guide the treatment of information and your overall information strategy. This strategy then feeds your ILM processes, since you have a better understanding of the creation and demise of information.
10. Ensure that purchasing and architectural decisions are based on policies that drive the information management framework.
Once you've built information policy and understand information flow and value, making purchasing and architectural decisions is less complicated. Buying the right technology is easier when you know why you're buying it and what information management requirements it's meeting.
James E. Geis is director of storage solutions for Forsythe Solutions Group, a Skokie-Ill.,-based provider of technology infrastructure solutions. Geis developed Forsythe’s unique information management framework – the roadmap Forsythe uses for information and storage consulting engagements. To learn more about Forsythe, visit www.forsythe.com