This is the fourth and final day at SharePoint Conference Las Vegas. After a good party last night, it's time to talk risk management in my first session of the day, presented by Paul Olenick: "Reducing Organizational Risk Through Effective Information Management."


  • Define it
  • Apply it
  • Wrap it up

Information Management

Paul sees information as a living organism: It comes in, it comes out, it grows, it rests. We want to do something with it: react, proact(ive), find, keep safe, relay. We are not just talking about documents, but also of people and other context.

The IT View is policy, metadata and search. Paul follows with a brief description of these terms, which most of the people in the room are probably already familiar with. But he follows his definitions with the following statement, which I agree with: information management is not a list of features. It is more about how we react to data or how we handle access to data.

  • React Tools: Metadata
  • Proact(ive) Tools: Policy, Metadata, Search
  • Find Tools: Search, Metadata
  • Keep Safe Tools: Policy, Metadata
  • Relay Tools: Metadata

There are some obvious and not so obvious consequences to poor or non-existent information management:

Obvious stuff

  • Audits: Legal, Financial
  • Compliance: HIPPA, Affordable care act
  • Data security: Permissions, email, print

Not so obvious stuff

  • Ineffectiveness
  • Fundability
  • Incorrect processes
  • Inability to react
  • Frustrated information workers
  • Lack of transparency
  • Loss of IP,
  • Productivity leak,
  • Loss of revenue

Some of this probably applies to most organizations, it’s a good reminder of what happens without information management.

Example One: Hidden Risks

SharePoint has some out of the box capabilities that can help in this area. e-Discovery can take snapshots of a lot of data that results from a search query. This can be used when you have a legal audit. This is a very good feature, I think it really gives business value if you have structured data.

There's brief mention of how with the auditing policy on you can create reports on document change, etc.

At this point the presentation got a bit more technical, let's hope Paul keeps it on the business track! 

Example 2: Inability to Visualize Data

This example looks at data located in silos outside of SharePoint that are related, but unconnected. By using search crawling, a unique record can be made that could help FAST search to crawl different file servers and relate the data inside and outside of SharePoint. (This is my understanding, I may have described incorrectly as I don't have the technical skills in the area.)

Paul discussed building a foundation for your information management plan. He makes the point here that you shouldn't discuss this with the CIO, but rather talk to the business. It’s very good point for him to make and for people to hear.

  • Focus and define high-level business value
  • Every thing should have a specific outcome
  • Know your audience
  • Find consensus and build form there. (Organizational buy-in)
  • Identify and quantify risk
  • Identify and quantify opportunities
  • Determine project scope
  • Build your buy-in

Paul suggests watching out for these factors when working on your information management plan:

  • Conceptual, not technical
  • Fear of impending business
  • Fear of automation, this is something I have felt as well, also when discussing integrations.
  • Resistance from end-users
  • Getting into the weeds
  • Failure to gain consensus
  • Understand how to quantify risks

In conclusion he makes some good points:

  • Stay business focused
  • Focus on opportunity and revenue
  • Metadata is the fuel to that drives automation and search, surfacing info
  • Challenges will be organizational, not technical.

Off to another session; will try to write another article filling in the gaps later.