powerpoint tom
Post on 16-Jan-2015
575 Views
Preview:
DESCRIPTION
TRANSCRIPT
© 2012 IBM Corporation
Automating Information Lifecycle Governance
Tom Utiger
ILG Competency Leader, GBS North America
Successful Implementation of Records Management WorkshopApril 18, 2012
© 2012 IBM Corporation2
My Background
Grew up in Las Vegas UC Berkeley - Physics Random IT jobs Videogame developer – My company ECM / ILG
– Pacific Gas & Electric– Charles Schwab– ZANTAZ – email archive startup– Data Empowerment Group – My company– IBM
First Records Management Job– Microfilm Tech – Clark Country Records Department
© 2012 IBM Corporation3
CIO in Hostage Situation
Company data volume increases 875% in 5 years Data management costs exceed $1B annually with
volume
Data growth is unmanageable Budget eroded by waste
Federal evidence rules extended to electronic data; “save everything”
2008 2010 20122006
IT Spend Outpaces Revenue
IT Spend Growing Faster than Revenues
© 2012 IBM Corporation4
Information growth has out paced information governance processes
High Risks & Mitigation Burden
Governance processes have not matured to reflect volume, specifically how to: Define and execute legal holds and data collection (A-F) Apply retention schedules to electronic information (G,H) Align storage and manage information based on specific legal
obligations and business value [I] Provision, decommission and dispose of data [L,M,N]
This leads to excess data and cost as well as operational challenges that in turn contribute to risk:Difficulty disposing of unnecessary data Complexity in applying legal holds Inefficiencies in data management and governance
15 governance processes impacted by high data volume such as placing holds, collecting evidence, decommissioning systems and their inherent risks, represented in A-O.
Storage: Direct Procurement Costs in Millions
Run rate costs rise continuously, consume more of budget
Our Customers Find Data Growth Outpaces Storage Budget and Business Processes
© 2012 IBM Corporation5
Value-Based Archiving & Defensible Disposal Archive to shrink storage, align cost to value Dispose rather than store unnecessary data
Extend and automate retention management Include electronic data that has business value in addition to
records for regulatory requirements Automate retention schedules across all information to enable
reliable, systematic disposal.
Automate the legal holds and ediscovery process Structure and automate legal holds process to lower risk,
increase precision, enable disposal Analyze in place to reduce unnecessary collection, processing
and review
Information Lifecycle Governance Program Executive charter for enterprise initiative Processes, capabilities and accountability to achieve cost and risk
reduction benefits through
Process improvements, expertise and technology:
Estimated Risk or Mitigation Burden Reduction
Curbs storage growth, lowers run rate permanently Program leadership, process improvement and technology from IBM
Run rate reduction and growth avoidance Run rate
Storage Direct Procurement Costs
IBM’s Information Lifecycle Governance Strategy Lowers Costs and Risks, Addresses Root Cause for Systemic Improvement
© 2012 IBM Corporation6
Silo Processes Are Misaligned: Holds & Retention Don’t Tie to Asset
Thousands of legal matters a year
Thousands employees subject to hold, but
relying on IT to preserve data
Notices sent to employees directly; records and IT
not informed
High legal (review) cost a function total information
volume
Covers regulated information and may not
encompass business value
Web site for employees and IT, reliance on
employees to manage records
Insufficient or unauditable location for electronic
records
800% or more data growth in 5 years – but budget needs to come down
Unaware that legal risks and responsibilities have been shifted to it
No link between legal obligations (holds), records, business value and servers or information
Legal holds defined by employees involved
Legal holds defined by employees involved
Information
Department
Systems
Matter
Hold
Laws & Regs
Retention Schedule
DUTY DUTYVALUE
ASSET
IT has most of the data organized by asset code --
but no visibility to legal duties or business value
IT has most of the data organized by asset code --
but no visibility to legal duties or business value
Schedules documented by
record class
Schedules documented by
record class
© 2012 IBM Corporation7
A Billion Choices for IT, None of Them Actionable
Department
System
Information
(Content itself)
Matter
Hold
Law or Regulation
Retention Schedule
DUTY DUTYVALUE
LEGAL BUSINESSRIM
IT
6500 laws6500 laws
642 codes642 codes
10 PB 10 PB
12,000
12,000
15,000
15,000
27,000 departments
300,000 people
27,000 departments
300,000 people
5,0005,000
How does IT efficiently determine which of 15,000 legal obligations apply to which departments, employees and
information assets?
How can IT clean up legacy data, retire applications and
optimize without creating new legal risks?
© 2012 IBM Corporation8
Breakthrough Solution for CIOs
1 2 3Link Value &
Obligations to Assets
Clean Up Legacy Data & Retire Applications
Assess Risk & Allocate Resources
Efficiently
Align IT investments with information
needs and value
Dispose of unnecessary data,
eliminate unnecessary cost
and risk
Reduce total cost of compliance and
reduce risk mitigation costs
© 2012 IBM Corporation9
Governance improvements and outcomes
1. Significant cost savings the CIO and GC need
2. Fundamental improvement in
information management practices
Save Money:
Dispose of unnecessary information
Save Money:
Dispose of unnecessary information
Save Money:
Remove and reduce legal
costs
Save Money:
Remove and reduce legal
costs
Save Money:
Manage information
by value
Save Money:
Manage information
by value
Reduce Risk:
Improve compliance
process rigor
Reduce Risk:
Improve compliance
process rigor
© 2012 IBM Corporation10 10
The Results: Case Study at Global 3 Pharma
A global program to manage electronic information better:
1. Dispose of unnecessary data promptly
2. Store and retrieve information easily and promptly for business use
3. Consistently store and identify Company records
4. Meet regulatory and legal requirements related to information
Which requires policies, procedures and systems to:
1. Legal hold and discovery case management system that significantly reduces the business and operational disruption required to meet legal obligations
2. Policies that comprehensively address Privacy, Information Security, Records Management and Legal requirements
3. Procedures and systems that increase efficiency of record keeping and data retrieval for business users
4. Systems that support and streamline end-user management of information needed for daily tasks and official Company records
$300 million savings
© 2012 IBM Corporation11
Financial Benefits2011: 2014 ($ M)
$27m benefit in 2012
$38m benefit in 2013
$46m benefit in 2014
$132m over 3 years
Estimated Cost Savings on Storage OnlyStorage H/W OpEx
CIO Achieves Cost Reduction Goals
Value-Based Archiving & Defensible Disposal Change Storage Growth Trajectory
The day of reckoning is here as illustrated by a client case study
© 2012 IBM Corporation12
THE SOLUTION
© 2012 IBM Corporation13
Enterprise Information
Very Simple Savings Proposition: Dispose of Unnecessary Data
© 2012 IBM Corporation14
Cut volume to cut cost
Cut volume to cut cost
Interplay Between ILG and eDiscovery(What you retain and archive will show up in ediscovery)
© 2012 IBM Corporation15
Align Information Management with Information Utility for Transformative Results
Policy and Process Integration Across Information Stakeholders Enables Disposal, Lowers Cost and Risk
Operationalize Program and Drive Business Outcomes with Structure, Defined Processes, Metrics Accountability
1. Executive SponsorshipCharter, directive and accountability for enterprise program
2. Metrics and Routine Measurement Defined dashboards with quarterly visibility on cost and risk reduction targets, operational progress and capacity
3. Program Office Coordinates across Stakeholders, Drives Achievement Ensures cross-silo engagement and progress toward maturity targets and financial objectives, change management
4. Delegates and Practice Leaders from IT, Legal, Records, and Business Mature ProcessesProcess implementation, audit readiness, capacity recommendations to leadership
5. Technology Provides Capacity to Mature, Integrate and EnableAutomates processes and ensures transparency, provides essential capacity
© 2012 IBM Corporation16
IBM Solution Summary Stakeholder Capabilities
HOLD, DISCOVERRigorous Discovery
Robust, affirmative legal holds for people, records, and data
Preserve in place automation where disposition occurs
Efficient data analysis and collection
Legal cost and risk analytics
RETAIN, ARCHIVEValue-Based
Taxonomy and regulatory requirementsBusiness value inventory
Reliable, executable retention schedules for records and information of value
Archive during period of value only Information cost and risk analytics
DISPOSEDefensible Disposal
Catalog of information value and duty by asset Legacy data clean up, application retirement
Procedures and capabilities for disposal by source Risk and cost dashboard for information portfolio
STORE, SECUREEfficient Storage
Store and optimize by valueMeet SLAs for structured and unstructed information accessILG execution capability and
enablement (holds, retention, disposal, collection) for data
Data hygiene and governance
CREATE, USEOptimal accessibility
Communicate value and durationTap governance liaisons
Access valuable information more easilyAnalytics on volume/cost of information
PROCESS TRANSPARENCYUnified Governance
Transparency across stakeholder processes
Common governance data model and enterprise map
Linkage of duties, value to information assets and business processes
Governance analytics
© 2012 IBM Corporation17
Logical Reference Model
© 2012 IBM Corporation18
Systematically Link Legal, Regulatory and Business Decisions to Data Management
EXECUTION AUTOMATIONEfficient, automated execution of legal holds, retention and disposition on file shares, records, and application data
DECISION MANAGEMENTUnified approach to decisions on what information to preserve, retain, archive, protect and delete.
Syndicated policy to native sources for execution or collect data to manage by value and dispose of unnecessary data
© 2012 IBM Corporation19
Case
Parameters
IBM Atlas eDiscovery Process Management
for Legal, IT and Employees
(Legal Holds and Collections)
IBM Global Retention Policy and Schedule Management
(Retention Policies, Schedules, and Privacy)
IBM Disposal and Governance Management
(Governance and Disposition)
Structured and Unstructured Sources (Symantec, SharePoint, Oracle, etc.)
IBM Enterprise Records
+
IBM FileNet P8
EMC Records Manager
+
EMC Documentum
IBM Optim for Data Growth
(Structured Data Archive)
IBM Classification Module, IBM Content Collector, IBM Records Federation Services
Policy Syndication (Legal Holds, Collection Instructions, Schedules)
Legal Hold
Evidence Collection
Retention & Privacy
Disposition
Example Solution Components
Connector
Legal Matter Management
IBM eDiscovery Manager and eDiscovery Analyzer
Evidence Management and Assessment
Migrate
Physical Records
© 2012 IBM Corporation20
ILG Risks Embedded in Business Processes2.21 Process Risk Posed by Process Failure
A Employees on Legal Holds Custodians are not identified and potentially relevant information is inadvertently modified or deleted
B Data on Legal Hold Actual, rogue or IT managed data sources missed in hold execution, potentially relevant information is inadvertently modified or deleted
C Hold publication IT or employees migrate, retire or modify data because they lacked hold visibility
D Legal Interviews Dynamic, diverse Information facts not considered in preservation and collection planning, data is overlooked; no follow through on information identified in custodian interviews
E Evidence Collection Collection failure from overlooked source, departing employee, incomplete prior collection inventory, communication and tracking errors
F Evidence Analysis & Cost Controls
Material issues in dispute are poorly understood until after strategy established and expenses incurred. Excessive data causes litigation costs to exceed dispute value
G Legal Record Unable to readily assemble, understand or defend preservation and discovery record. Failures in custodian and data source management. Preservation, collection detected long after occurrence and cause unnecessary remediation cost and risk
H Master Retention Schedule & Taxonomy
Company is unable to comply or demonstrate compliance with its regulatory record keeping obligations. Disparate nomenclatures for records make application of retention schedules/procedures difficult to apply and audit.
I Departmental Information Practices
IT ‘saves everything’ which increases discoverable mass, complexity and legal risk; IT disposes of information of business value undermining enterprise operation. Procedures for retention/disposal difficult to articulate and defend and unapplied by LoB.
J Privacy & Data Protection
Access, transport and use limitations are not understood by employees with information custody or collections responsibility and customers or employees rights are impacted
K Data Source Catalog & Stewardship
The type and nature of data in a system or process is poorly understood, leading to incomplete or inaccurate application of retention, preservation, privacy, and collection and disposition policy.
L System ProvisioningSystems are unable to comply with or execute defined procedures for retaining, preserving, collecting, protecting and disposing of information, exposing the company to significantly higher costs and risks
M Disposal & Decommissioning
IT is unable to dispose of data and decommission systems causing significant unnecessary cost and risk; IT improperly disposes of data causing unnecessary risk and legal or business expense
N Legacy Data Management
IT is unable to associate data with business stakeholders or ensure legal duties are met, leading to oversight in collecting evidence and unnecessary legal and operating costs
O Storage Alignment Storage is over-allocated, misaligned with business needs and consumes unnecessary capital; IT is unable to reclaim storage and eliminate cost after data is deleted causing unnecessary cost.
P Audit Unable to demonstrate reasonable efforts to establish and follow governance policies and procedures increases sanctions risks, penalties and judgments and erodes customer trust
© 2012 IBM Corporation21
Example Program Roadmap and Workstream Approach
Elaboration
Infrastructure and
Deployment
Archival & Disposal
E-Discovery
Records and Retention
ProgramManagement
Program Governance & Project Management
Steering Committee
Archive Structured & Unstructured Data RepositoriesFoundation Staging Archive Factory
Ingest existing target apps
Archive next X appsTarget Source Inventory
Archive and MonitorHandle errors and exceptions
Complete Move to Tiered Storage architecture
Configure tools for adding new data sources and alerts to IT staff
Define report/dashboard
Design/Stage/ConfigModel/Test ArchiveRollout First appsArchive first Systems
Defensible Disposal & Monitoring
Legal Hold & Collection Modernization
Design & Specify eDiscovery Future state
Install &Configure Legal Holds and Collections
Deploy policy automation and classification methods to repositories (using reference configurations) as appropriate to business process objectives
Decomissioning files, apps, serversDeploy repositories with configuration, policy automation, and classification methods
Import existing holds Establish roles, workflows, templates for legal, IT and RIM teams
Role Based User Enablement
Legal Hold & Collection Automation
Define Legal Hold & Collection Connector for Structured Sources
Define Legal Hold & Collection Connector for Unstructured Sources
Installation of enforcement technology
Implement hold & collection connectors to ECM repositories
Audit & Monitor automatic hold & collections of email, files & structured data
RIM Modernization Global Disposal SchedulesUS Disposal Schedules
Design RIM Future state
Configure Retention Policies/Schedules
Ingest US Schedule legal codes, citation references
Setup records coordinator network
Configure audit reports and audit workflow for program audits
Refine analysis reports to detect additional risk/cost savings
Establish/Advise Steering CommitteeEngage leadership, shared metrics to build momentum
Monitor cost take-outs
Guide Change Management topicsOrchestrate Communication PlanProvide Oversight & Coordination of Project Workstreams
Configure Solution for assessments, bulletins, questionnaires, dashboards
Configure Solution for systems inventory: metadata and attributes, categorization
US Records Coordinators define & map records & non-records to data source
RIM Program team audits & updates results
Configure Solution for assessments for Global Records Liaisons & LOBS
Installation of enforcement technology
Implement schedule propagation to reference repositories
Implement change management and periodic re-assessment process across record coordinator network
2012
1Q
ProgramWork Streams
Program Roadmap
Size/Scale ArchitectureDetail PlanningWork Stream Roadmap
2Q 3Q 4Q
2013 & the future
Monitor compliance & data volumes quantitatively, report & dashboards
Transition Archiving to Client staff
Source app assessment
Specify archive requirements
Establish Archival Factory process
Define roll-out planDefine Data Policy for Back-up/Archive/Disposal
Setup tools/environment
© 2012 IBM Corporation22
Contact Information
Tom Utiger
tom.utiger@us.ibm.com
Contact Information
Tom Utiger
tom.utiger@us.ibm.com
top related