Records Management Does Not Equal Information Governance

I am going to revisit a topic I have blogged about before, mostly because of the feedback I received at Microsoft Ignite last month (September) - that of records management versus information governance. To state the obvious up front; records management does not equal information governance and here is why.

Some definitions:

“Information governance, or IG, is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.” From Wikipedia

“Records management, or RM, is the supervision and administration of digital or paper records, regardless of format. In this context, a record is content that documents a business transaction. Records management activities include the creation, receipt, maintenance, use and disposal of records. The goal of records management is to help an organization keep the necessary documentation accessible for both business operations and compliance audits.” From TechTarget’s SearchCompliance

I realize many will not completely agree with the above definitions, however I think most will agree that records management is not the same as information governance, rather it is a subset of IG.

The reason I brought this up is because of the conversations I had with visitors to the Archive360 booth at the annual Microsoft Ignite event.

Several booth visitors from large companies stopped by because of our data migration and cloud archiving solutions. They were looking for cheaper ECM solutions for their “records” because their current ECM solutions were now so expensive to keep up and too complex for end-users, they wanted something less expensive, easier for end-users to use, and preferably cloud-based. Most of these booth visitors were records management professionals.

Cutting the 95% adrift?

After explaining the many records management features of the Archive2Azure Intelligent (Azure-based) archive, I asked them what they were doing with the other 95% of their enterprise data that wasn’t considered a record. Most responded that they didn’t know, or they weren’t doing anything with it (ignoring it), or had instructed end-users to “take care of it” by categorizing and filing all content…somewhere, usually without any disposition instructions at all.

Another type of visitor were IT folks that, when asked about the issues of huge amounts of unmanaged and unstructured data in the enterprise, were extremely animated about the problems it caused, especially around backups and eDiscovery. I asked them what they were planning to do about it and universally the answer was “not a priority for management so nothing planned this year.”

The third type of visitor were those end-users that didn’t really think about all that content they were accumulating (and never disposing of). I asked these folks why they were keeping all of this unstructured data and the typical answers included; for later reference, CYA, and mostly because they didn’t have the time to actually manage it.

The bottom line was companies are accumulating huge amounts of unstructured data with little or no management around it. This makes it harder to find stuff when it’s needed, drives up the cost and risk of eDiscovery, and consumes enterprise resources. Let me related a real-life example:

A real life example

While consulting for a large multinational several years ago, I ran into this specific issue. This company wanted our group to help them with several file systems containing 400 + terabytes of unstructured data. The issue was they hadn’t managed them and so had no idea what was in these file systems. This caused expensive problems during discovery because they had to “rediscover” the file systems each time they were sued, which was several times per month.

Whose job is it anyway?

In one of the first large meeting with the customer to better define the problem, an interesting dynamic appeared. The meeting consisted of the GC and his senior staff, the VP of IT and several of his directors, the CTO, and the VP of Records with her senior staff. Altogether there were approximately 25 people in the room.

The General Counsel started the discussion by describing his eDiscovery issues around this large, unmanaged and unindexed storage repository. That being it dramatically drives up the cost of collection and review and lengthens the eDiscovery cycle – also a cost issue. He wanted to know whose responsibility it was to 1. know what was in the repository and 2. who was supposed to be managing it.

At this point everyone in the room looked at the VP of IT (suggesting this would be a good time for him to jump in). The VP of IT talked about his issues with the file systems including constantly having to add additional storage because the current directive (from who knows where) was to not limit storage on these systems. The other IT issue was the time and expense of backing up the file systems. As for responsibility, his department was responsible for storage SLAs etc., not policy.

It’s not my job

At this point the CTO jumped in and looked at the VP of Records and suggested that this 400 + terabytes of file system data was her responsibility. After a bit of eye-rolling, the VP of Records asked the CTO why he thought it was a Records Department issue. The CTO responded that “information is information” and wasn’t it her job to manage information. The VP of Records responded by saying information is not necessarily records and her department was responsible for records only and therefor the file systems were not her responsibility. Obviously surprised, the CTO asked her how she knew there were no records on the file shares… the VP of Records responded “because we have told employees to put all documents deemed a record in the ECM system.”

At this point the meeting broke down into squabbling and finger-pointing. The moral of the story is this; managing the 5% that are records only – ignoring the 95%, is not information governance and drives up the cost and risk in eDiscovery, forces IT to constantly purchase and support additional, expensive storage resources, and lowers overall employee productivity.

Instead of on-prem file servers…

One of the issues with file system storage is its not indexed for easy search nor managed with retention/disposition policies. Another issue is that most organizations have a long standing culture that expects employees to manage their own data. There are few companies that capture and manage all employee generated data – except in highly regulated industries.

Some additional examples

I once consulted for a bank that removed all local storage capability and deactivated all USB ports on all desktop computers forcing all data retention into enterprise resources that then actively managed it.  

Additionally, a non-regulated company I also consulted for setup a system to capture all employee data by forcing all files to be saved to the “My Documents” folder which was periodically synced with central data management resources for content control and retention/disposition.

Intelligent, cloud-based information governance

The next logical step is to move employee content to the cloud for lower cost, but more importantly, actual information governance for all data, not just records. By managing all unstructured data, you can ensure old data is eventually disposed of, responsive content easily searched for and put on a litigation hold, and all data indexed and easily searchable.

Archive360 has the perfect data migration and Azure-based cloud solution for information governance challenges. Archive2Azure allows you to centralize and manage all unstructured data in your Azure subscription in its native format instead of expensive enterprise file shares and relying on employees to actually manage their data.

Archive2Azure now provides the capability to extend and manage file shares in Microsoft Azure, providing additional IG capability such as access control, retention disposition, search, encryption, and audit/reporting, all at a much lower cost per GB.