Knowing is half the battle. Never have those words been so true as in today's enterprise content management realm. By now, most sizable organizations know that they need an enterprise CMS solution and many have already implemented one. However, as the saying implies, there's another half of the battle to be won. The information contained within a CMS is only as good as the safeguards that protect it. If the data, both content and metadata, is easily lost and difficult to recover then your CMS quickly becomes a part of the records and information management problem, rather than the solution. Cindy Elliott, Vice President of Business Development and Marketing with CYA Technologies, recently wrote about the five major gotchas when it comes to information protection within an enterprise content management system and how these traps can be avoided. But before we get into the list, perhaps you are wondering what the big fuss is about. The importance of ECM information protection is two-fold. First of all, lost content results in immediate productivity costs as either the content has to be recovered or recreated. Furthermore and regardless of the triviality of the content in your CMS, you never know when it will subpoenaed and thus will have to be produced for either regulatory or compliance purposes. If everyone is appropriately terrified, we can move on to where the issues can arise and how they can be addressed. # No Synchronization of Content and Metadata The unstructured content in a file store (e.g. documents, web content, video, images, etc.) are simply files in a folder on a hard drive somewhere if the associated metadata is missing. At the same time, the metadata contained within a database is simply rows in a table if the associated content cannot be found. In order to avoid the mysterious disappearance of content, a solution is required that complements your existing backup and recovery solution and is able to synchronize both content and metadata at the object level. # Loss of Data Integrity While the importance of content and metadata cannot be emphasized enough, it is also absolutely vital to protect other objects within a CMS that are associated with content and metadata. The objects in question are: workflows, audit trails, lifecyles, renditions, signatures, retention schedules, etc. The loss of these objects that maintain associations between documents and users can result in hundreds of hours of recovery work. This problem can be solved by: 1) proactively checking the integrity of processes and workflows, 2) creating action plans that can be executed quickly and efficiently when corruption does occur, and 3) recovering only the corrupted content rather than risking an entire repository. # Partial Information Loss While natural disasters and catastrophic hardware failures are valid concerns, a rogue mouse click or a fat-fingered command on a command line can be just as disastrous. Partial information loss can be sudden, usually followed by a muffled "oops" and the scramble to assess the damage. As bad as that is, the good news is you know you made a mistake and you can start fixing it. The scarier side of partial information loss is when things have been corrupted over a period of weeks or months and you are blindsided on a random Tuesday morning when thousands of files have vanished. The bright side is that if you have followed the advice in #1 above, your data recovery process should be able to save your proverbial bacon. # CMS Unavailability As more and more organizations move to global 24x7 operations, the idea of "off hours" no longer applies. As your organization becomes more dependent on your CMS for day-to-day productivity, the application simply cannot go down. With this need in mind, it becomes even more important that your backup and recovery solution: capture changes during frequent synchronous passes through the system, validates integrity at the object level during the capture process to avoid backing up corrupt data, and recovers only the necessary information to avoid impacting the availability of the system. # Impacts to Compliance If none of the above four risks convince you to re-evaluate your information protection policies, then the threat and repercussions of non-compliance should be enough. The bottomline when it comes to compliance is that you have to do more than simply be able to produce a piece of content. You must also be able to provide an electronic chain of custody for a piece of content that can stand up to scrutiny by a regulatory commission. If said commission knocked on your door tomorrow, would you be ready? Kudos to the organizations, and the respective IT staffs, that can confidently tick-off each of the above items as complete. If you less than sure, then we highly recommend that you shift some of these items to the top of your priority list and then buzz on over and dig into the CYA white paper (registration required).