Enterprise content management is going through some changes — on that (under)statement we can all agree.
My last few posts on where I think ECM is headed has resulted in some substantial conversations — I’ll spare you the gory details. But the conversations made me realize I should take a step back and look at the ECM situation from a higher level to clear up any confusion about what I'm trying to do with these articles.
A New Approach to ECM
People have misunderstood me as advocating for this or that technology over others in these posts, when in reality, what I’m suggesting is we need a new way to approach ECM to achieve success, a new way to conceptualize the ECM problem to avoid the missteps of the last 15 years.
For me, the way forward comes down to what content you focus on — or don’t — and why. If you treat all content as equal, and undertake ECM to address it from this perspective, more often than not you’ll fail.
Instead, you need to begin viewing content in terms of some combination of risk and value and treat it accordingly, using people, process and technology to find success.
Breaking Down Content Into 2 Components
Content risk is a fairly straightforward concept, but it helps to segment it along four dimensions:
- Operational Risk: What’s the risk to the day to day business if this content can’t be found or accessed?
- Legal Risk: What’s the risk to the organization’s ability to respond to/effectively defend against a lawsuit if this content can’t be found or accessed or is kept longer than legally required?
- Compliance and Regulatory Risk: What’s the risk to the organization if this content can’t be found or accessed in order to comply with regulations, standards, etc., or can’t be managed in accordance with regulations, standards, etc.?
- Information Security and Privacy Risk: What’s the risk to the organization if access to this content isn’t managed properly or if it leaves the organization as the result of a breach?
Given this list, when you think about “doing ECM,” you should first asses the level of risk any given content poses in terms of each of these dimensions and then choose the technology, process and people effort appropriate to that risk.
For example, if a given category of content scores low on all four, you should consider ignoring it until later — or not addressing it at all. If it scores high on Information Security and Privacy, you should consider finding a way to better control access to it or deleting it if no longer needed. If it poses an operational risk, you should consider either improving the native repository it resides in, to allow for more effective access, or moving it to a repository that does. And so on.
When you approach your content from this risk perspective, you’ll find challenges that previously seemed intractable — what business units to address, what repositories to use, what guidance to give to end users — tend to go away. This is because using risk as a primary qualifier simplifies your decisions and focuses them on a single, clear and business-valuable criterion — which is so often lacking in discussions about how to “do ECM.”
Unlike risk, content value is more of a moving target. It typically depends on industry, firm size and organizational culture.
Given these factors, it’s difficult to make meaningful generalizations about content value, but let’s give it a shot.
We can think about content value along the following dimensions:
- Operational: What impact does this content have on operations if it’s easily accessible and up to date?
- Regulatory or Compliance: What impact does this content have on regulatory and compliance if it’s easily accessible and up to date?
- Legal: What impact does this content have on legal if it’s easily accessible and up to date?
After looking at this list, you may be thinking, “these look like the flip side of the risk dimensions.” And you’d be right. Overwhelmingly, content risk dimensions and content value dimensions go hand in hand. It’s more a matter of shading, i.e., what aspect of the content are you stressing, what's the impact if something goes wrong or the value if something goes right?
The reason why you would choose one over the other (or choose both) depends on your specific situation, i.e., funding context, organizational culture, past history with ECM, etc. And it’s not a decision you should take lightly: betting on risk versus value or vice versa can backfire and prevent you from gaining the dollars and support you need to succeed with ECM … so choose wisely.
What This Looks Like in Practice
Okay, all this probably sounds good so far, but how do you act on it?
The most important thing you can do is to right-size your ECM technology portfolio so the lowest overhead repositories contain the lowest risk, lowest value content and your highest overhead repositories contain the highest risk, highest value content — and ditto with those that fall somewhere in between.
So, your legacy ECM systems (e.g., IBM FileNet, OpenText, Documentum), enterprise business process management (BPM) systems (e.g., Pega, Lombardi, K2) and line of business systems (e.g., mortgage origination, claims processing, account opening) should be reserved for content that is either high risk, high value or both.
Low risk, low value content, in contrast, should live in low-overhead systems.
Let's Go 'Do ECM'
Given all of this, the first thing you need to do to “do ECM” successfully is to assess your content for risk and value. Only by doing so can you determine the right level of effort and complexity to address it with.
Doing so gives you a greater likelihood of success with ECM. Failing to do so gives you a greater likelihood of failing (or of succeeding, but at too high a price).
The firms I see succeeding are all adopting this approach, and the firms I see struggling aren’t. Where do you fall in this spectrum? Are you considering risk and value, or are you adopting a one-size-fits-all approach? The answer will determine whether you ultimately succeed or fail.