Unstructured mess: Firms still laying themselves open to risk due to improper information management
Many companies still fail to manage their unstructured information, which can comprise 80 percent of their total data, effectively.
A report titled Document and Records Management (DRM) out of U.K.-based research firm Butler Group contends that if organisations look beyond compliance to plan the implementation of DRM, they will derive cost efficiencies—especially when it comes to compliance.
“Despite an increase in the number of regulations and legislation to which organisations must adhere, compliance is still low on the agenda for many, and litigation risk continues to be a bigger driver in the U.K. and Europe”, says Sue Clarke, a senior analyst with Butler Group and the report’s coauthor. “Better manageability of unstructured information is a determining factor in the decision to implement DRM. It is our belief that return-on-investment can be achieved and therefore DRM justified on the savings that can be made through better management of information alone, although it is often difficult for business managers to justify the required budget on these grounds.”
The major technology issue for organisations is how DRM can address their particular needs, and which type of solution will provide the closest fit. For organisations considered to be document-centric, creating most of their documents internally with little requirement for integration with other repositories, an electronic document and records management (EDRM) system may be sufficient. This generally provides workflows that support the life cycle of a document, including its declaration as a record, but does not provide extensive integrations with other applications. These products are geared towards serving organisations in document-centric, regulated industries.
However, an enterprise content management (ECM) platform with DRM capabilities will generally be better suited for organisations that import rather than create a high percentage of their documents, have a need to integrate with structured data as well as unstructured information sources, and require complex document-centric processes.
Future thoughts versus current needs
Organisations therefore need to carefully consider what type of product to deploy, and must take into account future requirements rather than simply current needs. In terms of DRM functionality, there is little to choose between the leading ECM vendors. The areas in which they differentiate themselves are in broader ECM fields such as business process management (BPM); digital rights management; scanning and imaging; digital asset management; email archiving; and output management. These additional capabilities of the ECM vendors are reflected in the price of the platforms, although some of the additional capabilities are offered as optional modules.
Regardless of the type of DRM system that organisations implement, a potential issue they all face is that of the long-term retention of information. Whilst most organisations now recognise the need to carry out a hardware refresh periodically, they also face issues of file format obsolescence, and there are currently a number of new file formats being developed for long-term retention.
Records management debate
One of the more contentious areas of record management (RM) currently is the debate between integrated RM and in-place or federated RM. Whilst Butler Group regards an integrated approach to be more secure, it recognises that there are circumstances when this is not appropriate and federated RM is the only feasible option. In these circumstances organisations need to pay particular attention to the security of the records that are maintained in their native repositories.
As organisations look to replace existing DRM systems, it is of the utmost importance that they get the implementation right. The cost of failure can be high with the system not addressing the pain points of the organisation, or take-up by employees low because it provides them with few benefits and is cumbersome to use. The way to avoid failure is to plan the implementation in detail with the objectives fully defined and understood, and by following best practices.
Says Clarke, “Organisations struggle to manage growing volumes of information, having little idea or control over content employees create or retain. They are exposing themselves to risk, particularly as the fines for non-disclosure grow in size as the courts and regulators become tougher on organisations unable to fulfil disclosure requests. In addition they typically suffer brand damage. Senior executives must understand their responsibilities for the management of information—claiming ignorance of poor practices is no defence.”