Post on 19-Jan-2016
11
Building RIM Programs
Chattanooga Chapter of ARMA International
byHelen Streck
President and CEOKaizen InfoSource LLC
22
2
Answering the Proverbial WHY?• Why spend money on an RIM Program:
– Lowest productivity of employees in U.S. ever – • Different departments trying to solve their part of the
puzzle alone• Least effective team work in solving an enterprise issue• Ever evolving technology and company demands• Duplicate work by employees
– Cost of chaos – hard numbers and total lost value– Information the new currency– Inoperability between systems – no info
connection– Bad press – is it worth the risk?– Is compliance a real “Why?”
33
3
What is a Program?
• Programs do not have start and end dates
• Have governance or rules• Have a budget allotted• Have staffing• Have a mission, strategy, and ongoing
initiatives and activities
44
4
What a Program is NOT?
• Programs are NOT projects• Retention Schedules and Policy(s) are
not Programs• Assigning RIM oversight to non-RIM
professionals• Hoping file shares will clean
themselves up• Rules without training and education
55
5
Benefits of RIM
• Documents compliance with laws and regulations
• Increases employee productivity• Reduces expenses (e.g. servers and
offsite)• Reduces risk exposure• Reduces eDiscovery costs
66
Area of ROI with a RIM Program
• eDiscovery savings• Storage costs• Improved ability to search and find• Improved ability to mine data• Increased employee productivity
6
77
7
Where to Start?1. Know where your organization is today2. Identify pain points3. Determine the mission of the RIM
Program4. Identify initiatives and resource
requirements5. Define the rules6. Build the governance7. Apply Change Management
88
8
Start with an SWOT
• Start with a SWOT – Assessment of Strengths, Weaknesses, Opportunities and Threats– Describes your current electronic
information state– Identifies gaps between current state and
best practices• Then recommend next steps based on
risks, priorities, and resources
99
9
Strengths Opportunities
Weaknesses Threats
1010
10
Strengths Opportunities
Executive/Corporate Secretary Support RMP staff commitment Improved collaboration with IT Good vendor services for hard copy
storage Commitment of Records Manager Existence of RMP policy and procedures
Expand scope of RIMP to include all information types
Revise rules, controls and processes and to be comprehensive in the appropriate documentation
Defining and building formal partnerships both internal and external
Creating educational courses to increase understanding and knowledge
Updating RIMP strategy, mission and scope in line with industry best practices
Weaknesses Threats
Lack of RIM professional staff on RIMP team
Formal partnerships with other departments
Outdated policy, records retention schedule and procedures
Lack of adequate procedures RIMP scope does not include all
information
Increased volume of information in multiple formats
Increased litigation and demands for more information access and preservation
Increased risk of data loss or exposure of private information due to uninformed employees
Loss of vital or critical data for Company operations
Increase demand on corporate resources to store, find and access information because of lack of classification
1111
11
Benefits of a SWOT
• Objective view of the state• Tool to obtain consensus and buy in• Suggests RIM is an ongoing effort and
identifies areas of risk• Serves as an internal marketing tool to
raise awareness and senior-level support
• A place to work from to build the strategy and initiatives
1212
12
1313
13
Elements of a RIM Program
• Mission/Vision• Governance – Policy, Retention
Schedule, Standards• Training and Education• Process(es) – Procedures• Automation• Accountability
1414
Conflict of Ownership and Accountability
• Departments own the work process and product deliverables
• Organization “owns” the data• Documentation and the need for
standardization• Understanding the risk of poor
documentation• Productivity vs. Compliance (us vs
them)
14
1515
15
Retention
“An organization shall maintain its information for an appropriate time, taking into account legal, regulatory,
fiscal, operational, and historical requirements.”
1616
16
Using the Retention Schedule
• List of records series • Primary level of classification• Associated documents • Defining metadata at the primary
level• Length to maintain each series• Risk of “over-keeping” data
1717
17
Importance of Classification
• RIM provides good classification– Document/Data categories– Identification of records vs. non-records– Legal identification of retention
requirements– Workflows across departments– Classification/Index/Taxonomies– Multiple views – people and computers
1818
18
What Protection and Security?
• Protection and security – Private information – knowing if entire
category is confidential and/or private– Security classes of information– Rights and access to the various classes– Protection of restricted/classified
information– HIPAA and other laws and regulations– Procedures and standards
1919
19
Vital and Important Information
• The loss of important information may disrupt business but not jeopardize the mission.
• Important records may be cost prohibitive to replace.
• Important records are not required to have special protection, but often they do.
2020
20
What is the Vital Records Component of RIM?
• It’s the systematic, comprehensive, and economical control associated with vital information
• It prepares an organization for nearly any threatening situation.
• It has evaluated the risks and determined the necessary level of protection.
2121
21
Keys of Managing Vital Information
• Identifies information that MUST be available during or after a disaster to resume business
• Identifies potential and existing exposures to risk for a class of documents
• Establishes ways to measure and evaluate such risks
• Determines actions to remove or reduce risks• Implements Change Management for
improved behaviors• Provides ongoing scrutiny against future risks
2222
22
Conundrums of RIM• Starting after years of amassing data• Takes time to build• Needs resources for a time before ROI• Getting Management’s attention to the
need• Building in “doable” steps• Defining who is in charge of the team –
accountability• Applying change management so
employees are enabled to make change
2323
BUILDING AN RIM PROGRAM
23
2424
Steps and Elements of RIM Program
1. Conduct a SWOT2. Assign accountability and responsibility for
the Program3. Identify the internal and external partners4. Define the strategy and approach5. Develop the right level of Governance6. Develop an implementation plan and training7. Train employees and implement procedures8. Develop and implement Change
Management and Communication
24
2525
25
Develop Governance
• Policies – Records and Information Management Policy
• Retention Schedule - Primary level classification
• Standards and Procedures– Multiple procedures for active, inactive,
legal hold, etc.
2626
26
Legal Holds Component
• Legal holds can suspend disposition while actual or pending litigation is in process.
• Need documented procedures
• Coordination between Legal and RIM
• Be sure employees know
2727
27
Session Summary
• What is a RIM Program• Where to Start• RIM Team• Building the Framework• Special Considerations – DRBC– Privacy– Security
2828
28
Closing Notes• The scope of RIM for information is
broader than just storing the records.• There are many factors that affect
good recordkeeping—standards, litigation, disasters, privacy. They all must be addressed in an RIM program.
• Start with know what you have• Develop a strong team
2929
THANK YOU!
Helen StreckPresident and CEO
Kaizen InfoSource LLCwww.2kaizen.com
29