5 steps to better EIM
I have spent a lot of time in the last couple of weeks talking about how to set the boundaries of organizational risk and responsibility with respect to information.
I always start by re-directing the conversation towards why they care about information. This then leads to a conversation focused on what information users need to get their job done. This is the essentially the requirements gathering for their "UIM" or User Information Management system. This is how I describe the bunch of products and vendors that are part of the Enterprise File Sync and Share (EFSS) and cloud ECM markets. This would include products ranging from Evernote, Dropbox, to Box. Sometimes, these are not appropriate you need a full blown ECM that can be used for collaboration because such a large portion of a user's day is spent handling records.
This is where it gets complicated in large part due to the central role of email and documents in the average person’s work. In my opinion Office 365 and Google Apps are not information management technologies they are productivity suites. However, the choice of O365 or “Google” does have repercussions on your information management strategy, particularly as it relates to records and high value content that you would want in a true enterprise information management system.
At the end of the day your enterprise information management strategy should be focused on the user needs. Users are the foundation of the revenue stream and the main source of risk. Their ability to get work done in the systems you provide is the key to both.
The critical starting point for your EIM strategy is understanding what users actually do with information. This is also a huge blind spot for C levels and IT who have organizational level views of how "stuff gets done" but rarely a user level view. The good news is that it is a solvable problem. One that we help clients with all the time.
Once you know what users do with information, it is important to define what they should not do by rationalizing their workflow against your organization's regulations and internal rules. One of the key value points of a DoD certified ECM such as Laserfiche is that it eases the compliance overhead – the time and effort that staff spend proving their compliance
Five points of EIM strategy-compliance angle
- Understand the tactical value of information. How do people use information to generate revenue. Remember this is about enterprise wide platforms? This need to be firmly grounded in the idea that information is a asset that furthers business goals.
- Define the importance of historical information across filetypes. Is there value in keeping audit logs and sensitive information past the required dat? Would access to this information decrease the complexity of a user's task.
- Build a complete picture of the retention and audit complexity. What are the patterns of information movement and storage location that put the organization at risk? This risk should be minimized by automating at least the parts of the process that break compliance.
- Define the maturity of IT to successfully manage the EIM strategy. Does IT understand the compliance environment sufficiently and do we have a partner in the legal/compliance office who can supply the information?
- Evaluate IT's vendor management strategy. What types of storage media are a no-go? (for example certain consumer EFSS may not be appropriate.) If we need to lock down storage locations how do we optimize the ECM/RM/DM to provide a single pane view of the users informational needs to get work done.
Compliance may be an organization issue but the prime concern is the people handling the information. Compliance requires a good user experience- it is rare that you can force users to stay in system. Start small, and talk to the users, understand their pain points- why they continually put PII in their consumer dropbox. The answer is likely due to a hole in the EIM platform rather than animus or hubris.