Many businesses claim they have been busy over the past two years developing and implementing records and information management strategies. But scratch the surface and you find many of those strategies aren't especially effective.
Blame a lack of employee engagement, a lack of commitment at the management level and the absence of meaningful ways to measure the strengths and weaknesses of these efforts.
The Scope of the Problem
It is probably unnecessary to note that poor information management costs businesses a lot of money. It can also lead to compliance-related disasters and considerable security risks. These are just a few of the conclusions of the 2014 Information Governance Benchmark survey.
The survey, sponsored by information management vendor Iron Mountain, reflects responses from 1,300 clients of Cohasset Associates, ARMA International and AIIM — the organizations that conducted the study.
It's the eighth biennial survey carried out across the records information management (RIM) space since the surveys were introduced in 1999. This year’s survey shows mixed results. While some progress has been made since the last survey two years ago, development of RIM strategies in many organizations is still stagnant. Too many managers embrace a “keep everything” culture under the misperception it is better than careful records governance.
To find out more about the study we talked to Sue Trombley, managing director of thought leadership for Iron Mountain. She conceded many stakeholders have failed to embrace RIM:
The survey shows organizations remain committed to making records and information management a priority, but that important gaps still remain. Information management, when done right, can push your businesses ahead and be a strategic lever for success. But until you achieve buy-in at all levels of the organization, master fundamentals like timely destruction, and implement a system to monitor program effectiveness, the benefits will remain elusive."
She also points out that many organizations have yet to move from paper to electronic and digital records. This is a problem, particularly because judges in a number of significant cases over the past couple of years have ruled that tweets and Instant Messages (IM) can constitute records and, in some cases, need to be preserved.
The fact that many enterprises are still wasting time with paper records is no real surprise though, and conforms to research from both Adobe and AIIM in the past year that show the concept off a “paperless office” is as elusive now as it ever was.
In fact, the AIIM research from last August showed the move to paperless offices is tediously slow. Paper intensive organizations have cut a mere 5 percent of the paper-based processes they could, despite technologies that facilitate easy, secure document capture.
Trombley said the Iron Mountain sponsored research is not just an appraisal of the current state of enterprise RIM policies, but a call to action.
Mature, well-run RIM programs have the ability to adapt as information grows and changes. Organizations that embrace new thinking and adopt proven practices will be able to elevate their records and information programs and realize what is deemed an information advantage."
None of this is rocket science. It just stands to reason that the better your information is organized and managed, the stronger your commercial edge will be.
However, as Mimi Donne pointed out in a recent piece on CMSWire, many enterprises are still leaving legacy content lying around even though that information could have considerable business value.
4 Trends and Obstacles
Trombley noted two trends and two obstacles:
- Information governance programs are more prevalent, better-designed and inclusive of Electronically Stored Information (ESI).
- Effective information governance is increasingly being recognized as essential for corporate compliance and risk mitigation.
- Many enterprises still need to modernize.
- Legal hold processes are more common, but over preservation is a huge challenge
1. Missing Information Governance elements
If the vast majority of organizations have developed records and information programs (87 percent overall, 95 percent of large organizations), there are still many missing elements. On top of this, a majority of enterprises have introduced standards and policies to address issues around electronically stored information, particularly issues related to the volume of information that currently needs to be stored.
The research also found that other information governance disciplines, like compliance, data protection, audit and information technology have all been pulled into RIM strategies, while retention schedules in the vast majority of organizations are media neutral.
If all this is quite positive, there are a number of areas that need to be addressed. According to respondents, when asked about support and engagement with RIM programs the lowest scoring groups were management and employees.
This is a problem for organizations because the vast majority of information is managed directly by business operations and not by the IT department, meaning that a large portion of business information could potentially slip through the cracks.
As a result, nearly 80 percent of respondents said their organization have adopted “keep everything” policies which impede RIM development because of massive information overload. In fact, 50 percent of respondents state that employees never receive RIM training. This has significant impact on information management and lifecycle decisions because employees are not in a position to make the right information lifecycle decisions without that training.
There is one further element that is crucial that is also missing in the majority of enterprises. The research found only 8 percent of respondents report RIM metrics for ESI are mature and only an additional 29 percent report ESI metrics are improving.
2. Compliance and Risk Mitigation
The research indicates most enterprises recognize the link between information governance and risk mitigation with the coordination and integration of both policies on the rise.
This information space is also occupied by issues around compliance, privacy and legal, all of which have similar purposes and all of which depend on the development of an effective information governance policies.
Survey data shows that there is also increasing support for the management of these areas, which is reflected in a change in reporting relationship with 28 percent of RIM programs now under the control of Legal and/or Compliance departments, up from the 14 percent in 2005.
There are also encouraging signs of integration between RIM and all the other information governance disciplines, with information security, for example, now integrated with RIM in 38 percent of cases and legal hold 36 percent of the time.
Even so, only 53 percent rated their cross-functional RIM governance as mature or improving, indicating the creation of cross functionality is not easy.
Taking the development of cross-functionality into account along with improvements in ESI, it is clear that information governance still needs to modernize or spend as much time trying to catch-up as manage information.
With the information explosion, employees have a tendency to simply abandon information that is no longer deemed necessary. That would be fine, if enterprises didn’t need to ensure that information was deleted securely.
The result is that more than 60 percent of organizations indicate that eligible ESI is not regularly deleted, with 75 percent planning process improvements for the deletion of ESI.
A further problem is that many organizations have yet to catch up with technology developments. While many organizations are currently using cloud storage or services for significant classes of information and many are integrating new media types, survey results show that new media and locations (e.g., cloud services, smart phones, social media, and collaborative tools) are largely overlooked by information governance.
In most cases, less than 10 percent of respondents indicate that management of these types of ESI is mature. By neglecting information in these formats, records management will be increasingly marginalized.
4. Legal Hold
If legal holds are more common than they were in the past, over preservation of data is still a massive problem. With the increasing costs and fines associated with the premature destruction of information, enterprises have traditionally taken a “keep everything” approach.
The problem is that routine disposal can come to a screeching halt. This shutdown results in increased costs of storage, inefficiency and litigation complexities.
If 74 percent of those surveyed for this report say that their organization has a legal hold process, many of them have no idea about, or the benefits of legal hold policies for voice mail (34 percent), social media (55 percent ), mobile devices (41 percent), outsourced (cloud) data (56 percent).
Finally, over one-third of participants responded that legal holds are not regularly and effectively terminated. Over-preservation of information for legal holds halts deletion practices and entrenches a hold everything mentality.
Title image by Studio 37 (Shutterstock).