HPE Information Governance

AIIM Market IntelligenceDelivering the priorities and opinions of AIIM’s 80,000 community

Information Governance:too important to be left to humans

aiim.org l 301.587.8202

Industry

Watch

Underwritten in part by:

Industry

Watch

©2015 AIIM - The Global Community of Information Professionals 1

Information G

overnance: too im

portant to be left to humans

About the ResearchAs the non-profit association dedicated to nurturing, growing and supporting the information management community, AIIM is proud to provide this research at no charge. In this way, the entire community can leverage the education, thought leadership and direction provided by our work. We would like these research findings to be as widely distributed as possible. Feel free to use individual elements of this research in presentations and publications with the attribution – “© AIIM 2015, www.aiim.org”. Permission is not given for other aggregators to host this report on their own website.Rather than redistribute a copy of this report to your colleagues or clients, we would prefer that you direct them to www.aiim.org/research for a download of their own.

Our ability to deliver such high-quality research is partially made possible by our underwriting companies, without whom we would have to return to a paid subscription model. For that, we hope you will join us in thanking our underwriters, who are:

Process Used and Survey DemographicsWhile we appreciate the support of these sponsors, we also greatly value our objectivity and independence as a non-profit industry association. The results of the survey and the market commentary made in this report are independent of any bias from the vendor community.The survey was taken using a web-based tool by 398 individual members of the AIIM community between September 04, 2015, and September 30, 2015. Invitations to take the survey were sent via e-mail to a selection of the 80,000 AIIM community members.Survey demographics can be found in Appendix 1. Graphs throughout the report exclude responses from organizations with less than 10 employees, and suppliers of ECM products and services, taking the number of respondents to 368.

About AIIMAIIM has been an advocate and supporter of information professionals for 70 years. The association mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community: practitioners, technology suppliers, integrators and consultants.

About the AuthorDoug Miles is Chief Analyst at AIIM. He has over 30 years’ experience of working with users and vendors across a broad spectrum of IT applications. He was an early pioneer of document management systems for business and engineering applications, and has produced many AIIM survey reports on issues and drivers for Capture, ECM, Information Governance, SharePoint, Mobile, Cloud, Social Business and Big Data. Doug has also worked closely with other enterprise-level IT systems such as ERP, BI and CRM. Doug has an MSc in Communications Engineering and is a member of the IET in the UK.

© 2015AIIM The Global Community of Information Professionals1100 Wayne Avenue, Suite 1100Silver Spring, MD 20910+1.301.587.8202www.aiim.org

Hewlett Packard Enterprise3000 Hanover St.Palo Alto, CA, 94304Tel: 1-877-686-9637Web: www.hpe.com/software/infogov

http://www.aiim.org

http://www.aiim.org/research

http://www.hpe.com/software/infogov

Industry

Watch


Information G

overnance: too im


Table of ContentsAbout the Research . . . . . . . . . . . . . . . 1Process Used and Survey Demographics . . . . . . 1About AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1About the Author . . . . . . . . . . . . . . . . . . . . . . . . . .1

Introduction. . . . . . . . . . . . . . . . . . . . . . 3Key Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Drivers for Information Governance. . 4Data Loss Incidents . . . . . . . . . . . . . . . . . . . . . . . 5Data-related Incidents . . . . . . . . . . . . . . . . . . . . . 6Email Governance . . . . . . . . . . . . . . . . . . . . . . . . 6Non-Compliance Issues . . . . . . . . . . . . . . . . . . . . 7

Records and IG Maturity . . . . . . . . . . . 8IG Perception . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8IG Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9IG Committees . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Policy Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Policy Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9External Help with IG . . . . . . . . . . . . . . . . . . . . . 11

Storage Reduction and Data Retention . . . . . . . . . . . . . . . . . . 11Strategies for Reduction . . . . . . . . . . . . . . . . . . 12Retention Management . . . . . . . . . . . . . . . . . . . 13

Auto-Classification. . . . . . . . . . . . . . . 14Types of Auto-Classification . . . . . . . . . . . . . . . . 15Content Correction . . . . . . . . . . . . . . . . . . . . . . . 15Auto-Classify Results . . . . . . . . . . . . . . . . . . . . . 16Manual vs Auto-Classification. . . . . . . . . . . . . . . 16Benefits of Auto-Classification . . . . . . . . . . . . . . 17

Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . 18Cloud Models . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Cloud Benefits . . . . . . . . . . . . . . . . . . 19

E-Discovery. . . . . . . . . . . . . . . . . . . . . 20Legal Hold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Impact of Litigation . . . . . . . . . . . . . . . . . . . . . . . 21

Opinions and Spend. . . . . . . . . . . . . . 22Spend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Conclusion and Recommendations . 24Recommendations . . . . . . . . . . . . . . . . . . . . . . . 24

Appendix 1: Survey Demographics 25Survey Background . . . . . . . . . . . . . . . . . . . . . . 25Organizational Size . . . . . . . . . . . . . . . . . . . . . . 25Geography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Industry Sector . . . . . . . . . . . . . . . . . . . . . . . . . . 26Job Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Appendix 2: General Selective Comments. . . . . . . . . . . . . . . . . . . . . . 27

Underwritten in part by . . . . . . . . . . . 28Hewlett Packard Enterprise . . . . . . . . . . . . . . . . 28AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Industry

Watch


Information G

overnance: too im


IntroductionIn just a few short years, the somewhat closed world of records management has moved center stage by linking up all aspects of content security, accessibility, inquiry, and life-cycle management under the umbrella of Information Governance. This is not just a terminology change, it reflects the importance of governance in all areas, and the need to work together with IT, Legal, and Operations to set policies and initiate good practices. The driver in the first instance is to protect content from the massive new threats, and the very visible impact of leaks and breaches. Part of that threat involves the increasing volumes of content, most of which add no value to the business, cluttering up servers and adding to data center costs. Meanwhile, litigation and compliance are becoming increasingly expensive in potential fines and damages, but also in the cost of legal processes for defense. Information governance policies are also required to support the needs of local, remote and mobile staff for collaboration and knowledge exploitation, and to extend that content access to partners and customers.

As we have found in this report, there are huge volumes of content in most organizations that are not under any form of information governance, retention management or e-discovery. These include in particular emails, but also file-shares, cloud shares and even a high proportion of SharePoint and ECM systems. Even if day-forward policies are adopted to classify and tag this content, the volumes involved, and the change in staff attitudes needed, represent a huge hurdle to jump. Automated processes or prompted assistance are likely to provide the only enduring solutions. Tagging and classifying the existing content to add value and remove ROT (redundant, obsolete and trivial content) would be quite impossible without automated agents working on rules-based algorithms that match the defined governance policies.

In this report, we take an in-depth look at the scale of IG issues, the drivers to bring it under control, the effectiveness of automated classification, and the impact on risks and costs.

Key FindingsIG Drivers and Issuesn In the light of recent leaks, hacks and email issues, IG is very high on the senior management

agenda for 28% of organizations, and 53% have new IG initiatives. 57% of respondents say senior management are only interested when things go wrong

n 51% have had data-related incidents in the past 12 months, including 16% suffering a data breach – half from external hacking and half from staff. Staff negligence or bad practice is the most likely cause of data loss (20%).

n 41% describe their email management as “chaotic”. Of the rest, 16% have fixed delete-all policies and 19% keep all emails. Only 24% apply value-based retention policies.

n 45% of respondents agree that the lack of information governance leaves their organization wide open to litigation and data protection risks. 22% reported negative financial impact from cases that hinged around electronic records, compared to 9% with positive impact.

n 60% of respondents agree that automation is the only way to keep up with the increasing volumes of electronic content. 21% are already using automated declaration or classification of records, and 26% have new projects under way.

n The biggest drivers for IG are compliance (61%) and preventing data losses (51%), then creating searchable knowledge (48%) and reducing storage requirements via defensible deletion (35%).

IG Maturityn The volume of paper records is increasing in 33% of organizations, and decreasing in 39%. This

net difference of 6% deceasing compares to 10% increasing in 2014. The largest organizations (5,000+ emps) are making most progress (21% net decreasing).

n 14% have a mature view of information governance across all electronically stored information with a further 22% recently re-aligning to that view, and 22% planning to adjust in the next 12 months. 31% still have divided responsibilities between IT and RM , and 12% are still in the paper-only world.

n 15% of organizations have enterprise-wide IG/RM policies, plus 28% with mixed maturity across departments or regions. 36% of the smallest organizations have no IG policies, or just have vague plans, but the same is true for 10% of the largest.

Industry

Watch


Information G

overnance: too im


n Information retention, access security and data protection are covered by most IG policies, but only 47% cover mobile access and mobile devices, including BYOD (39%). Only 36% have specific policies for cloud-based content sharing.

n Enforcing the IG policy once created is the biggest issue for 41%. Getting the right people interested and involved, particularly senior management is the next issue (39%).

Storage Reduction and Data Retentionn As well as replacing file-shares with ECM, 22% are considering a cloud model to reduce storage

costs, and 25% are automating retention, deletion and data cleaning. 25% will just go on buying more discs.

n 37% are seeing storage volumes and costs increasing, 7% rapidly, but 42% are holding costs level. 20% are achieving reduced costs, including 10% with reduced volumes.

n Only 11% of network file-shares, 30% of SharePoint/ECM systems and 37% of scanned image archives are being operated with effective retention period management. But this only rises to 67% of dedicated RM systems, compared to 74% for paper records. .

Automating IGn 18% are using automated classification at the point of ingestion to ECM, RM or email systems,

and 15% within a workflow or process. 8% are trawling legacy content for metadata improvement and 13% processing migrated content.

n 34% feel that automated classification is more consistent than humans, including 20% who feel it’s more accurate too. 48% prefer the idea of machine prompt with human review.

n The biggest benefits given for auto-classification are improved searchability (63%) then improved productivity (43%). Defensible deletion and compliance are cited by 37%, and adding value to dead content by 30%.

Cloudn 30% are committed to cloud for records storage, with a further 36% waiting for security and

reliability to mature. Only 10% say definitely not. Adoption is remarkably consistent across different sizes of organization.

n Cost saving is the biggest driver for cloud (66%), then business resilience (49%). Easier cross-enterprise access and adoption is cited by 42%.

E-Discoveryn 50% rely on manual search for e-discovery across electronic and paper records. 14% have a

dedicated e-discovery application within or across systems.

n 54% of the largest organizations will have multiple legal holds applied per year. But so will 11% of the smallest.

n Only 37% of SharePoint systems are operating with legal hold, and 20% of file-shares, cloud or otherwise. Only 50% of email servers or email archives have legal hold.

Spendn Data clean-up and migration tools show the greatest increase in organizations intending to spend

more. Then automated classification and email management. RM and compliance staff levels are set to increase, as is spending on IG training.

Drivers for Information GovernanceThe business case for records management has always vied between the pro-active - exploitation of the corporate knowledge base, and the defensive - maintaining compliance. With the change to a broader information governance view, we have a third key driver – preventing data losses, privacy breaches and confidentiality issues, which is cited by 51% of our survey respondents. Reducing storage requirements via defensible deletion is also important, along with supporting and defending litigations and disputes.

Industry

Watch


Information G

overnance: too im


Figure 1: What are the three biggest drivers to create and enforce IG policies in your organization? (N=319)

Data Loss IncidentsNews headlines around data leaks, hacked websites and email security have raised the profile of information governance across all sectors and types of organization. Compliance officers, data security managers, IT departments and records management departments are all involved in maintaining security and governance, but it also needs strong leadership and an awareness of the potential issues that can arise. Following a recent UK data theft incident of 2.5m customer records, the CEO of a major telecoms supplier was questioned on headline television news as to why she had not invested more to keep customer data secure.

In our survey, 28% of our respondents report that IG is now very high up on the senior management agenda, although only 8% set it as the highest single IT priority. 53% are specifically reviewing, auditing and revising IG policies, with just 9% confident that they already have robust and effective policies in place. For 22% it’s “business as usual”.

Figure 2: Which of the following describes the importance of information governance and data security in your organization right now, in the light of recent leaks, hacks and

email issues? (N=363)

0% 10% 20% 30% 40% 50% 60% 70%

Compliance with legal, audit and regulators’ rules

Preven�ng data losses, privacy breaches andconfiden�ality issues

Crea�ng searchable knowledge for futurereference

Reducing storage space/defensible dele�on

Securing intellectual proprietary, compe��veor sensi�ve informa�on

Suppor�ng or defending li�ga�on or disputes

Ability to respond to requests, e.g. FoIA,personal data, etc.

Defining staff responsibili�es for desk, homeand mobile security

0% 5% 10% 15% 20% 25% 30% 35%

It’s very high up on the senior management agenda

It’s the highest single IT priority

We have set up recent ini�a�ves toinves�gate and audit

We are revising, upda�ng and enforcing ourIG policies

It’s pre�y much business as usual here

We already have robust policies and areconfident of their effec�veness

0% 10% 20% 30% 40% 50% 60%

A data breach from external hacking orintrusion

A data breach involving internal staff or ex-staff

A data loss or exposure due to staffnegligence or bad prac�ce

Internal or HR incidents due to unauthorizedaccess

None of these

Chao�c: users choose their own archive loca�ons

(e.g. local PST files) and dele�on policies, 41%

Rigid: fixed dele�on periods are enforced on

the mail server, 9%

Deferred: we offload emails to a basic email archive

then have fixed dele�ons, 7%

Open-ended: we keep everything,

19%

Defined: we move emails to an email

archive system with search,

reten�on and hold, 16%

Value-based: we selec�vely archive to the ECM/RM/

SharePoint system, 8%

0% 10% 20% 30% 40% 50% 60% 70%









0% 5% 10% 15% 20% 25% 30% 35%







0% 10% 20% 30% 40% 50% 60%





None of these




the mail server, 9%




19%






Industry

Watch


Information G

overnance: too im


Data-related IncidentsMany organizations will not admit to data loss incidents, and a third of our respondents picked the Don’t Know option, but of those who did answer the question, 51% have had a data-related incident in the past 12 months. Of the 16% who have suffered a data breach, only half are from external hackers. There is just as big a risk of data theft from internal staff or ex-staff (and this is likely to be somewhat under-reported). Amongst the largest organizations (5,000+ employees), 65% have suffered some form of data incident, with 14% experiencing an external data hack, compared with 5% of the smallest.

Rather more likely is the loss or exposure of data due to staff negligence – lost laptops and USB devices, unsecured phones, misdirected emails and open passwords are all too frequent, as reported by 22% of our respondents.

Figure 3: Has your organization suffered any of the following in the last 12 months? (N=268, excl. 135 Don’t Know)

Email GovernanceManaging emails as records has always been the big gap between theory and practice in information governance, despite the fact that these days most court cases and compliance investigations pivot around email evidence. Lack of policy has been compounded by the archiving arrangements of popular email clients – Outlook in particular, with its PST files created on a local drive as the default setting. Similarly, using multiple clients on different mobile devices can easily result in incomplete records of “Sent items”. Mail servers have been equally inconsistent, with a lack of coordination between SharePoint developments and Exchange developments, and a lack of recommended methodology in the cloud 365 products.

Overall, 41% of our respondents describe their email governance as chaotic, including 34% of the largest organizations. For these organizations, users chose their own archive locations and set their own delete policies. Beyond that we have two extremes, with 16% having fixed-period “delete everything” policies, and 19% a completely open-ended “keep everything” policy. 23% have dedicated email archive systems, but a third of these do not provide basic records management functions of search, hold and retention. Only 8% use a value-based judgment as to which emails to retain, transferring them selectively into their ECM/RM/SharePoint system. Of course, as we will see later, this is a human dependent process that may be better dealt with through automation.

0% 10% 20% 30% 40% 50% 60% 70%









0% 5% 10% 15% 20% 25% 30% 35%







0% 10% 20% 30% 40% 50% 60%





None of these




the mail server, 9%




19%






Industry

Watch


Information G

overnance: too im


Figure 4: How would you describe the governance of emails in your organization? (N=361)

Non-Compliance IssuesData losses and email are crucial aspects of IG, but non-compliance can create many other disruptive issues. Records are a fundamental part of audits, both internal and external. In the past two years 26% of our respondents have had internal issues and 11% external issues with audit. A surprisingly high 24% have had issues with Freedom of Information requests, rising to 45% if we limit the sample to government organizations only.

21% have had data protection issues and 20% litigation and discovery problems, rising to 39% of the largest organizations. 10% of these large companies also had found compliance issues with anti-competition, money laundering or miss-selling.

Figure 5: In your organization, has non-compliance with good IG practice created a significant issue with any of the following in the last 2 years? (N=334)

41% of respondents describe their governance of emails as “chaotic”. 51% have had a data-related incident in the past 12 months, including 22% suffering data loss or exposure due to negligence or bad practice by staff.

0% 10% 20% 30% 40% 50% 60% 70%









0% 5% 10% 15% 20% 25% 30% 35%







0% 10% 20% 30% 40% 50% 60%





None of these




the mail server, 9%




19%






0% 10% 20% 30%

Internal audits (regulatory, financial, HR)

Informa�on Requests (FoI, FOIA, Personal data)

Data protec�on compliance and privacy issues

Li�ga�on and discovery

Incident response, business con�nuity

External audits (industry, government)

HR issues and staff disputes

Regulatory submissions

Compliance with an�-compe��on, moneylaundering, miss-selling, etc.

None of these

Increasing rapidly, 10%

Increasing somewhat, 23%

Stable, 27%

Decreasing somewhat, 29%

Decreasing rapidly, 10%

Records management is mostly about

paper files in our organiza�on, 12%

Records Managers manage records,

but the rest is not so well managed,

17%


and IT take care of the rest, 14%

We have plans to adjust

responsibili�es in the next 12-18 months, 22%

We have recently adjusted our view to align with this,

22%

We have looked at things this way for quite some �me (3+ years), 14%

We don’t have informa�on and

records management policies, 6%

We plan to develop

enterprise-wide informa�on and


We have informa�on and

records management

policies but have nothing you could

describe as mature, 36%

We have established

policies in some areas/

departments but not others, 28%

We have robust, enterprise-wide

informa�on governance

policies, 15%

Industry

Watch


Information G

overnance: too im


Records and IG MaturityWe have surveyed the changes to paper records volumes over many years, and this year have finally seen a greater number of organizations reporting a decrease than increase by a net of 6%. In 2014 we reported a net increase of 10% - i.e., more were seeing an increase than a decrease. This year’s improvement is driven by the biggest organizations showing a net decrease of 21%.

Figure 6: Is the volume of your paper records? (N=365)

IG PerceptionThe 10% reporting rapidly increasing paper records will be amongst the 12% who admit that, for them, records management is mostly about paper files. In these offices, electronic records management is likely to be of the print and manually file variety. There are a further 31% who still have strict divides between records management responsibilities and IT. This leaves 36% who have moved and 22% who are moving towards the more holistic information governance view. Although smaller businesses are more likely to be paper-based (19%) they are also ahead in maturity of IG thinking (37%).

Figure 7: To what extent would you say the perception of information governance in your organization has progressed from management of declared records, to management of ALL

electronically stored information for access, privacy, security, compliance and e-discovery? (N=363)

0% 10% 20% 30%










None of these



Stable, 27%







17%






22%




We plan to develop




records management



We have established





policies, 15%

0% 10% 20% 30%










None of these



Stable, 27%







17%






22%




We plan to develop




records management



We have established





policies, 15%

Industry

Watch


Information G

overnance: too im


IG PoliciesAligning IG policies across the business is inevitably a challenge, especially those spanning multiple geographic regions and jurisdictions. Our data shows that only 15% of organizations have achieved it. Although it might be considered easier for smaller organizations, it is in fact the largest who lead the way at 25% compared to 14% of the smallest. While falling short of the ideal, a further 28% overall have established policies in some areas or departments.

Figure 8: How mature are your information governance (IG) and records management (RM) policies? (N=364)

IG CommitteesIG policies do not just happen. They require considerable work to create and implement. Ideally, they should be driven by a cross departmental committee that includes representatives from multiple business departments as well as IT, Legal, Compliance and Records Management. 22% have such a broad-based committee in place, plus a further 15% who have such a committee but without representation from line-of-business departments. 11% leave departments to manage their own policies.

23% have little in the way of IG policies, including, somewhat surprisingly, 16% of those with over 5,000 employees.

Figure 9: Do you have an Information Governance Committee? (N=318)

Policy Depth Of course having an IG policy is not the whole picture: It depends on how extensive the coverage is. Only 16% can check-off all of the areas listed in Figure 10. Retention and access are basic requirements, covered by over 90% of those with an IG framework. Policies for data protection and personal information are covered in 65% of organizations (which is low given the fact that every organization will have some

0% 10% 20% 30%










None of these



Stable, 27%







17%






22%




We plan to develop




records management



We have established





policies, 15%

0% 5% 10% 15% 20% 25%

Yes, with representa ves from acrossbusiness departments

Yes, involving Legal/Compliance, IT, andIM/Records

Yes, involving just IT and Records Manager(s)

We are planning to create one

Departments set their own policy/managetheir own records

No, we have li�le in the way of RM or IGpolicies

0% 20% 40% 60% 80% 100%

Informa on reten on

Access/confiden ality

Data protec on and PII

Dele on and disposi on processes

Legal holds and e-discovery

Informa on in mo on – laptops, USB s cks, etc.

Audit of compliance

Content in archive/back up

Laws and regula ons in mul ple jurisdic ons

Mobile access and on-device storage

Personal devices (BYOD and home)

Use of cloud-based content sharing

None of these/We have no policy

0% 10% 20% 30% 40% 50%

Enforcing it once completed

Ge�ng anybody to be interested

Having the right people at the table

Ge�ng senior management endorsement

Extending from records to all stored content

Alloca ng sufficient me from the day jobs

Transla ng the policies into system rules

Being over ambi ous in scope and detail

Iden fying the legal requirements

Understanding security issues and threats

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Convincing senior management of theimportance of good governance

Standardizing a taxonomy and classifica onscheme

Content assessment and file analysis

Restructuring legacy infrastructure

Finding or training internal informa onprofessionals

Legal aspects of reten on policies

How to delete content defensibly andsecurely

Industry

Watch


Information G

overnance: too im


sensitive employee information). Retention policies are only effective if they match with deletion or disposition procedures, but only 62% have these. Looking further down the list, only 49% cover off back-ups and archives. Mobile access and on-device security are only covered by 47%, and only 39% have BYOD policies.

Figure 10: Which of the following elements are included in your information governance policies? (N=320, adjusted for 16% “All of these”)

Policy IssuesThere is little point in having an IG policy if it is very shallow, but even the most extensive policy is of little use if it is not complied with by employees across the business. 41% of our respondents cited enforcement as one of their biggest IG issues. Next are a number of issues related to getting the right people interested and involved, particularly senior management. Despite the positive acceptance of the IG concept, 34% have struggled to extend policy coverage from records to all stored content.

In open-ended comments, many refer to the difficulty of getting IT engaged in the IG concept, although one also mentions “getting IT out of the way”!

Figure 11: What have been the three biggest issues with creating an information governance policy? (N=318)

0% 5% 10% 15% 20% 25%







0% 20% 40% 60% 80% 100%

Informa on reten on






Audit of compliance







0% 10% 20% 30% 40% 50%











0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%








0% 5% 10% 15% 20% 25%







0% 20% 40% 60% 80% 100%

Informa on reten on






Audit of compliance







0% 10% 20% 30% 40% 50%











0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%








Industry

Watch


Information G

overnance: too im


External Help with IGAlthough most of the areas listed in Figure 12 for possible help are of a technical nature, the most cited is the need to convince senior management of the importance of good governance. There is no doubt that external consultants can provide an objective view here, along with evidence and examples of the risks involved from poor IG – although it has to be said that any senior manager reading the news should see sufficient evidence of the potential drawbacks of a data leak or a regulator’s investigation. Finding or training internal information professionals is another area which will help to initiate projects, and of course, AIIM can provide well-targeted training in this area. www.aiim.org/training

Figure 12: In what areas have you used (or could you use) external help to get started or build out your IG project? (N=289)

Storage Reduction and Data RetentionA key element of information governance is the rigorous and defensible deletion of content that is no longer useful or required to be kept. Unfortunately, for most organizations, only a small proportion of their stored information is suitably tagged and typed such that it has a defined retention period – or, indeed, so that it can be usefully found when searched for. The rest is termed ROT – redundant, obsolete or trivial. Providing storage space for this ROT is a pure cost to the business since it has no redeeming value.

Without a sample audit or suitable content assessment tools it is very difficult to put an accurate figure on the amount of ROT being stored in a business, but the general consensus from our survey is that the volume of stored information with no business value is likely to be at least 30%, and could be as much as 80%, with an average estimate of 51%.

Figure 13: In your estimation, what proportion of electronically stored information in your business is likely to be of no business value, out of its retention period, or duplicated elsewhere? (N=294)

0% 5% 10% 15% 20% 25%







0% 20% 40% 60% 80% 100%

Informa on reten on






Audit of compliance







0% 10% 20% 30% 40% 50%











0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%








0% 5% 10% 15% 20%

10% of ESI

20% of ESI

30% of ESI

40% of ESI

50% of ESI

60% of ESI

70% of ESI

80% of ESI

90% of ESI

0% 10% 20% 30% 40% 50%

Implement an ECM/ERM system to replacefile-shares

Move to a cloud model for content/recordsstorage

Consolidate storage into larger data centers

Automate reten�on polices and dele�ons

Rigorously implement reten�on policies anddele�ons manually

Outsource content/records storage

Segment data for hierarchical storage/archive

Implement file reduc�on technologies

Use automated data cleaning/data reduc�onagents

Our strategy is to just go on buying more discs

We don’t have a strategy, so we’ll just go on buying more discs

We are seeing reduced

volumes and costs, 10% We are

reducing costs but not

volumes, 10%

We are holding our own, 33%

Volumes are increasing but not costs, 9%

Volumes and costs are

increasing steadily, 30%


increasing rapidly, 7%

0% 10% 20% 30% 40% 50%

Random: we don’t have defined reten�on periods/policies

Most things are never deleted

When IT decide to ra�onalize storagevolumes

Office, facility or legacy systemra�onaliza�on

Some�me a�er the reten�on date, but notsooner

Manual process or confirma�on at end ofreten�on period

Fully automated based on the nature/valueof content

Fully automated at end of reten�on period

http://www.aiim.org/training

Industry

Watch


Information G

overnance: too im


Strategies for Reduction Implementing an ECM or ERM system to replace file-shares is a first step to managing increasing volumes of information, and 45% of our respondents have this as part of their strategy. Having done so, rigorously implementing manual retention policies and deletions - or better still automating them - is the only way to reduce volumes over time, and 20% are doing this. Using automated data cleaning or metadata correction agents can also be effective, although only 5% are using these as yet.

Regarding strategies for the storage systems themselves, 22% are considering a cloud model for content archives, along with 15% outsourcing their storage. Consolidating storage into larger data centers is a key strategy for 21%, and segmenting data for hierarchical storage is utilized by 13% - and this is an area where correct metadata is important.

7% of organizations have a chosen strategy to simply buy more discs, plus 18% who have no strategy, and so will have to go on buying more discs.

Figure 14: Which of the following strategies have you adopted to deal with the cost of storing rapidly increasing information volumes? (N=299)

Of course, the justification for not having a reduction strategy is that storage is getting cheaper all the time. It is interesting to see in Figure 15 that only 7% of organizations are actually experiencing rapidly increasing costs, with a further 30% seeing costs and volumes steadily increasing. 9% are managing increasing volumes with no increase in costs, and 33% feel they are holding their own on both storage volumes and costs. 10% are managing increased volumes while reducing costs. Only 10% are seeing both reduced volumes and costs as a result of their content reduction policies.

0% 5% 10% 15% 20%

10% of ESI

20% of ESI

30% of ESI

40% of ESI

50% of ESI

60% of ESI

70% of ESI

80% of ESI

90% of ESI

0% 10% 20% 30% 40% 50%















volumes, 10%







0% 10% 20% 30% 40% 50%









Industry

Watch


Information G

overnance: too im


Figure 15: To what extent would you say your strategies (or lack of) are working? (N=300)

Retention Management47% of our survey respondents admit that in their organization, most things are never deleted. 21% say deletions are random as there are no set retention periods. For 33% deletions are driven by system rationalization or a facility or building move. 23% respect retention dates, but are not rigorous in the timing of deletions after that and 38% rely on a manual process at the end of the retention period. Only 8% have automated deletion either based on the nature or value of the content, and/or at the end of the defined retention period.

Figure 16: How rigorously would you say content deletion is carried out in your organization? (Multiple) (N=278, excl. 26 Don’t Know)

We saw earlier that users are keen to bring their content under the management of an ECM or RM system in order to manage it and reduce storage volumes. However, unless content management systems have an effective retention-period management capability, volumes will not be reduced – and compliance risks will increase.

We would not expect a great deal of retention management from a file-share system, although it can work if structured by year and by content type. SharePoint, on the other hand, and other ECM/DM systems should have such a capability, but as a proportion, only 28% of our SharePoint-using respondents have this implemented. Things improve to 52% of other ECM system users, but only 37% of scanned image archives have retention management.

0% 5% 10% 15% 20%

10% of ESI

20% of ESI

30% of ESI

40% of ESI

50% of ESI

60% of ESI

70% of ESI

80% of ESI

90% of ESI

0% 10% 20% 30% 40% 50%















volumes, 10%







0% 10% 20% 30% 40% 50%









0% 5% 10% 15% 20%

10% of ESI

20% of ESI

30% of ESI

40% of ESI

50% of ESI

60% of ESI

70% of ESI

80% of ESI

90% of ESI

0% 10% 20% 30% 40% 50%















volumes, 10%







0% 10% 20% 30% 40% 50%









Industry

Watch


Information G

overnance: too im


It seems a huge omission that only 40% of email archives have defined retention management given that this is the area of biggest volume and biggest risk. Perhaps less surprisingly, but storing up problems for the future, only 18% of cloud file-shares have retention management – as currently implemented.

Perhaps most surprising of all is that only 67% of those with dedicated records management systems have effective deletion management, compared to 74% who dispose of paper records rigorously.

Figure 17: Which of your content systems have effective retention-period management? (N=299 Line length indicates N/A or Don’t Know)

The average estimate for stored content of no value (ROT) is 51%. In 47% of organizations, most things are never deleted, or deletions are random. 25% are happy to simply go on buying more discs. Most content systems, email archives and many RM systems are not configured for retention management.

Auto-ClassificationAlthough some organizations are successfully tagging and declaring records, many have struggled to get staff to do so consistently and reliably. Where there are high volumes of inbound content, staff struggle to keep up, and quickly conclude that to attempt any kind of manual “back-filing”, in order to tidy up existing repositories, would be a tedious and thankless task.

In parallel with these increasing challenges, the computing power available to run rules-based or intelligent learning systems has increased dramatically. As we will see, the results are not perfect, but they are likely to be more consistent and therefore more defensible than poorly managed human classification.

21% of our respondents are already achieving success with automated classification, and a further 26% are just getting started. Add to this the 13% who are keen to make a start, and we have 59% who are pro-actively moving towards auto-classification, plus 21% who may do so in the future. 17% have no plans, and just 3% have tried it and couldn’t make it work.

-80% -60% -40% -20% 0% 20% 40% 60% 80%

Network file share

SharePoint

Other ECM/DM

Image/scanned archives

Cloud file share/cloud content stores

Email server

Dedicated email archive system

Records management system

Paper records

No Yes

Doing it successfully

across a number of

content types, 12%


across one or two content

types, 9%

Just ge�ng started, 26%Keen to

automate as soon as we can,

13%

It’s something we plan to do in the future, 21%

We have experimented, but with poor

results, 3%

No plans, 17%

0% 2% 4% 6% 8% 10%12%14%16%18%20%

Automa�cally classify/declare content at thepoint of inges�on to ECM/RM/email system

Automa�cally classify/declare content aspart of workflow/process

Prompt for records declara�on and suggestclassifica�on

Use OCR to iden�fy/auto-classify inboundscanned documents

Trawl legacy content for data cleansing orimprovement

Process migrated content for metadatacorrec�on or re-alignment

0% 5% 10% 15% 20% 25%

Monitor unusual user ac�vityFlag for dele�on based on applica�on of

reten�on rulesMonitor performance and resilience of

ECM/ERM system

Tag, add or enhance metadata based on rulesDetect security risks and misallocated access

or confiden�ality

Detect PII (personally iden�fiable informa�on)

Detect duplicate filesData selec�on or metadata mapping in

advance of migra�onDetect non-compliance with appropriate use,insider trading, an�-compe��on, bribery, etc.

Measure access frequency for hierarchicalstorage

Detect/par��on/delete trivial or non-important content

Industry

Watch


Information G

overnance: too im


Figure 18: How would you best describe your overall plans for automated declaration/classification of records? (N=270, excl. 17 Don’t Know)

Types of Auto-ClassificationThe most popular application for automated classification is at the point of ingestion into an ECM/RM or email system (19%) along with those who do so as part of a subsequent workflow or process (15%). 16% use auto-prompting for records declaration and classification, and 15% use OCR to identify, route and classify inbound scanned documents. As a clean-up process on existing repositories, 8% trawl to improve metadata quality, and therefore security and findability, and 13% use similar techniques as part of content migration between repositories.

Figure 19: Do you do any of the following? (N=280, excl. 51% “None of these”)

Content CorrectionLooking at these content trawling techniques or batch agents in more detail, we find they can be used for quite a wide variety of tasks. 22% use them for monitoring unusual user activity, and 15% for overall system performance. 16% are flagging content for deletion and 14% enhancing metadata based on rules – which can also detect security risks and PII (personally identifiable information). Detecting duplicate content is perhaps the simplest application (11%) but can produce impressive amounts of data storage recovery.

-80% -60% -40% -20% 0% 20% 40% 60% 80%

Network file share

SharePoint

Other ECM/DM



Email server



Paper records

No Yes


across a number of

content types, 12%



types, 9%



13%



results, 3%

No plans, 17%

0% 2% 4% 6% 8% 10%12%14%16%18%20%







0% 5% 10% 15% 20% 25%



ECM/ERM system


or confiden�ality






-80% -60% -40% -20% 0% 20% 40% 60% 80%

Network file share

SharePoint

Other ECM/DM



Email server



Paper records

No Yes


across a number of

content types, 12%



types, 9%



13%



results, 3%

No plans, 17%

0% 2% 4% 6% 8% 10%12%14%16%18%20%







0% 5% 10% 15% 20% 25%



ECM/ERM system


or confiden�ality






Industry

Watch


Information G

overnance: too im


Figure 20: Do you use any automated or batch agents to perform the following functions? (N=272, excl. 51% “Not used”)

One quite specific use of content correction agents is for use with scanned image repositories. 39% of those with image archives (57% of the total) are re-capturing using OCR, and re-applying metadata, thereby improving searchability and adding value. As part of exercises like this, 41% are making increasing use of PDF/A to incorporate the additional metadata. This OCR conversion is the only way that scanned documents can be used for analytics, and is a prime driver for 3%.

Auto-Classify ResultsOverall, the outcomes from auto-classification projects are mixed. 49% of users are getting effective results and 22% feel that compliance risks are reduced. However, 53% find setting the rules difficult, but the alternative of self-learning systems can take time (24%). Accuracy is an issue for 35%.

Figure 21: What have been your experiences with classification tools? (Check all that apply) (N=95, using classification tools)

Manual vs Auto-ClassificationWhen it comes to comparing automated classification to manual, 34% of respondents feel automation is more consistent than humans, including 20% who feel it is more accurate too. However, 48% would prefer a combined machine prompt with human review. 10% accept the pragmatic view that even if humans are more accurate than machines, they are also more expensive.

-80% -60% -40% -20% 0% 20% 40% 60% 80%

Network file share

SharePoint

Other ECM/DM



Email server



Paper records

No Yes


across a number of

content types, 12%



types, 9%



13%



results, 3%

No plans, 17%

0% 2% 4% 6% 8% 10%12%14%16%18%20%







0% 5% 10% 15% 20% 25%



ECM/ERM system


or confiden�ality






0% 10% 20% 30% 40% 50% 60%

They perform very well

Generally effec�ve

De-Duplica�on gives good returns

On the whole, they decrease compliance risks

Se�ng the rules is difficult

System learning �mes are too long

Inability to scale sufficiently

Accuracy is an issue for us

Automa�on is more accurate

and more consistent, 20%

Humans are more accurate

but less consistent, 14%

Machine prompt plus

human review is best, 48%

Humans may be more accurate,

but they are expensive, 10%

I do not feel automa�on can replace a human in our business,

8%

0% 10% 20% 30% 40% 50% 60% 70%

Improved searchability

General staff produc�vity

Defensible dele�on

Demonstrable compliance

Adding value to otherwise dead content

Storage volume reduc�on

Repository alignment

Smoother migra�on

Storage recovery from de-duplica�on

Yes, we already do, 11%

Yes, ac�vely considering/ planning, 19%

Yes – but only when security and reliability mature, 36%

No, probably not, 24%

No, definitely not, 10%

Industry

Watch


Information G

overnance: too im


Figure 22: How do you feel overall about the accuracy that automated systems achieve compared to manual? (N=293)

Benefits of Auto-ClassificationImproved searchability is the biggest benefit of automated classification (63%) and in this respect, high accuracy is less of an issue, as any degree of improved tagging is likely to improve the findability. This in itself leads to improved staff productivity (43%) although taking away the burden of manual filing also contributes here.

Accuracy is more of an issue when it comes to defensible deletion and compliance. In many ways, having a demonstrable and consistent mechanism which follows the declared IG policies is more likely to produce a favorable judgment in court than manual procedures, which are not followed or enforced.

Adding value to otherwise “dead content” is a primary benefit for 30%, and reducing storage volumes for 24%.

Figure 23: What would you expect to be/what have been the three biggest benefits from automated classification? (N=249, excl. 54 N/A)

59% are making pro-active moves towards auto-classification, with 21% successfully doing it. Of these users, 49% are getting effective results, but 53% find initial set-up difficult. The biggest benefit is given as improved searchability, then staff productivity.

0% 10% 20% 30% 40% 50% 60%













Machine prompt plus





8%

0% 10% 20% 30% 40% 50% 60% 70%








Smoother migra�on







0% 10% 20% 30% 40% 50% 60%













Machine prompt plus





8%

0% 10% 20% 30% 40% 50% 60% 70%








Smoother migra�on







Industry

Watch


Information G

overnance: too im


CloudWhen we first asked about using cloud or SaaS systems for records in 2011, 59% said definitely or probably not. This year that has shrunk to 34%. Those already using cloud has risen from 2% to 11%, plus 19% actively planning, compared to 11% in 2011. Security and reliability are still the big issues, with 36% still waiting until these mature, compared to 30% in 2011.

Although smaller organizations are much more likely to say definitely not (18%), there is a slightly higher 13% saying that they already do. Cloud adoption for records in Europe and the Rest of World is also significantly higher than in North America.

Figure 24: Would you consider adopting a Cloud/SaaS system for your records? (N=274)

Cloud ModelsThe concerns about security from non-users have a big effect on the choice of cloud model, with 59% stating a preference for a private (virtualized) cloud, 36% in their own data centers and 23% outsourced. For current users or those with immediate plans, this switches around to 20% in own centers, 33% outsourced, a total of 53%. SaaS systems hosted by the application provider are also more popular with current users at 21%, but public shared cloud and combination of private and public cloud are very similar.

Overall, only 41% would entertain a “genuine” multi-tenanted shared service cloud.

Figure 25: Which of the following is your preferred cloud model for your records system(s)? (N=249, excl. 59 “None of these”)

In terms of how cloud storage would actually be used, 45% would be looking to extend an existing SharePoint or ECM system as a cloud + on-premise hybrid, whereas 25% would use a dedicated cloud-based ECM/SharePoint system or a cloud-based RM system.

0% 10% 20% 30% 40% 50% 60%













Machine prompt plus





8%

0% 10% 20% 30% 40% 50% 60% 70%








Smoother migra�on







Private (virtualized) cloud in our

own data center(s), 36%

Private cloud in outsourced data

centers, 23%

SaaS systems hosted by the

applica�on provider, 13%

Public (shared services) cloud,

4%

Combina�on of private and

public cloud, 24%

As part of an exis�ng

SharePoint or ECM system extended/

hybrid/ moved to the cloud,

45%

As part of a dedicated cloud-

based SharePoint/ECM

system, 17%

As a dedicated cloud-based RM

system, 8%

For discrete content

processing projects, 8%

As a result of using SaaS

applica�ons, 8%

Using cloud as part of a

hierarchical storage system,

9%

As a dedicated long-term

archive, 5%

0% 20% 40% 60% 80%

Cost saving

Business resilience/disaster recovery

Easier adop�on across the organiza�on

Be�er access, eg, hybrid combina�ons

Mul�-�er security

Open-ended expansion and dimensioning

Client-free/Device agnos�c

Manual search across file

shares, email and physical records, 50%

In-system/siloed search within

each of several ECM and RM systems, 23%

One or more specific search

tools, 13%

Dedicated e-discovery mechanism accross mul�ple ECM/ERM

systems, 7%Dedicated e-discovery mechanism within single ECM/ERM

systems, 7%

Industry

Watch


Information G

overnance: too im


Figure 26: What would be the most likely way that you would (or do) use cloud for your records? (N=195, excl. 73 N/A or None)

Cloud BenefitsAs with most cloud justification, cost saving is the main target (66%) for a move to the cloud for records, and then business resilience (49%) - brought to prominence by a number of major weather, earthquake and nuclear incidents. Easier cross-enterprise access and adoption are cited by 42%.

Figure 27: What benefits would you be looking for in a cloud solution? (Max THREE) (N=212, excl. 55 N/A)

There is still some resistance to storing records in the cloud, but 30% are committed to the idea, albeit mostly as private clouds, and hybrid configurations. Cost savings and business resilience are the biggest potential benefits.




centers, 23%




4%


public cloud, 24%




45%



system, 17%


system, 8%




applica�ons, 8%



9%


archive, 5%

0% 20% 40% 60% 80%

Cost saving












tools, 13%



systems, 7%




centers, 23%




4%


public cloud, 24%




45%



system, 17%


system, 8%




applica�ons, 8%



9%


archive, 5%

0% 20% 40% 60% 80%

Cost saving












tools, 13%



systems, 7%

Industry

Watch


Information G

overnance: too im


E-DiscoveryLitigation processes vary from country to country, particularly in the area of pre-disclosure, but in almost any court situation, evidence will be spread across emails and documents that are stored in content systems, records stores, and probably file shares too. The same will apply, perhaps even more so, for inquiries and investigations by regulators. In either case, lawyers need to find what documents and content are available that are relevant to the case. They will then need to place a hold on those documents so that they cannot be altered or deleted, and will then need to pull them into the “discovery funnel” so that their relevance can be scored and filtered. Sometimes these things need to happen at speed so that senior management can be briefed, and PR damage avoided. In all cases, the process needs to be consistent and efficient, as lawyers are expensive, especially external discovery specialists.

Unfortunately, for 50% of the organizations surveyed, the discovery process is a manual one of searching across file shares, email and physical records. Things are easier if content is contained within ECM or RM systems, but efficiency will be dependent on the organization’s governance practices and the sophistication of search that is available. Beyond that, 14% of organizations have dedicated e-discovery mechanisms that include hold functions either within a single ECM/RM system (7%) or across multiple systems (7%). This rises to a total of 23% of the largest organizations, with 10% in mid-sized and 11% in the smallest.

Figure 28: What is your primary e-discovery mechanism? (N=242, excl. 39 Don’t Know)

Legal HoldOf course, the usefulness of a dedicated tool will depend somewhat on the frequency with which legal discovery calls and hold orders are made. Not surprisingly, this is strongly dependent on the size of the organization, although we can see in Figure 29 , that while 54% of the largest organizations will apply multiple legal holds per year, so will 11% of the smallest, and a further 18% of all sizes will have one or two a year. The net-net is that 31% of the largest organizations and 26% of mid-sized are managing multiple legal holds per year without a dedicated mechanism.

Figure 29: How often do you have legal holds applied to stored electronic content pending litigation or investigation? (N=242, excl. 39 Don’t Know)




centers, 23%




4%


public cloud, 24%




45%



system, 17%


system, 8%




applica�ons, 8%



9%


archive, 5%

0% 20% 40% 60% 80%

Cost saving












tools, 13%



systems, 7%

0% 10% 20% 30% 40% 50% 60%

Never, or hardly ever

Every few years

Once or twice a year

Mul�ple per year

10-500 emps

500-5,000 emps

5,000+ emps

-60% -40% -20% 0% 20% 40% 60%

File shareSharePoint

Other ECM/DMCloud file share/content stores

Image/scanned archivesEmail server

Dedicated email archive systemRecords management

Paper records

No

Yes

0% 10% 20% 30% 40%

Drama�c - nega�veDrama�c - posi�ve

Substan�al –nega�veSubstan�al - posi�ve

Considerable, but balancedMinorNone

80% 60% 40% 20% 0% 20% 40% 60% 80%

Our biggest problem is not crea�ng IG policies, it’s enforcing them.

Senior management take no interest ingovernance un�l things go wrong.

Our email governance wouldn’t stand up to any kind of scru�ny or enquiry.

Security is becoming a non-issue for cloud-storedrecords.

We don’t have any effec�ve strategies to limit storage growth.

Automa�on is the only way to keep up with thevolumes coming at us.

We could extract much be�er business value bypost-processing/re-capturing our archives.

Our lack of effec�ve IG leaves our organiza�onvulnerable to li�ga�on and/or data privacy issues

Strongly Disagree Disagree Neither Agree nor Disagree Agree Strongly Agree

0% 5% 10% 15% 20% 25% 30% 35% 40%

Data clean-up/migra�on tools

Informa�on governance training

Automated classifica�on

Email management/Email archive

Enterprise search

Dedicated ERM system(s)

ERM modules or add-ons

RM/IM/Compliance staff

e-Discovery applica�ons or modules

Intelligent capture (OCR, data extrac�on, etc.)

SaaS/Cloud provision for RM

Outsourced data cleaning/migra�on services

Back-file scanning of paper records

Back-file digital records processing

Outsource paper records/box store

Industry

Watch


Information G

overnance: too im


Of course, larger organizations in particular will have multiple content systems, and achieving one-touch legal hold across all of them would be very complex. However, even within those individual systems, a legal hold mechanism needs to be agreed and implemented in accordance with the IG policies set – and this is not just a question of technology, although it does tend to be one of the core records management functions that is missing in simpler DM systems – and early versions of SharePoint. Again, only 50% of email servers and archives have hold functionality, despite the importance of preventing deletion at early stages in investigations. Even within dedicated RM systems, 18% have been implemented without effective hold.

Figure 30: Which of your content systems has an effective legal hold mechanism? (N=271)

Impact of LitigationThe impact of litigation is generally measured in financial terms, although the disruption that is caused if discovery and hold processes need to be triggered without previous planning and procedures can be just as damaging. And within the financial impact, things aren’t always negative. Having good records can result in winning a case as much as bad ones can lose a case. The general view of our respondents is that 22% suffered a negative financial impact, including 9% where the financial cost was dramatic, compared to 9% with a positive impact, including just 2% that were dramatic (no doubt after deducting the legal costs!).

Figure 31: How would you describe the financial impact (positive or negative) of fines, damages or awards resulting from cases or potential cases in the past two years, which hinged around the

validity, completeness or retention of your electronic records? (N=177, excl. 101 Don’t Know)

Half of organizations are still reliant on manual search for e-discovery. Less than half of SharePoint systems, email archives and cloud content stores have legal hold mechanisms.

0% 10% 20% 30% 40% 50% 60%


Every few years


Mul�ple per year

10-500 emps

500-5,000 emps

5,000+ emps

-60% -40% -20% 0% 20% 40% 60%





Paper records

No

Yes

0% 10% 20% 30% 40%




80% 60% 40% 20% 0% 20% 40% 60% 80%










0% 5% 10% 15% 20% 25% 30% 35% 40%





Enterprise search











0% 10% 20% 30% 40% 50% 60%


Every few years


Mul�ple per year

10-500 emps

500-5,000 emps

5,000+ emps

-60% -40% -20% 0% 20% 40% 60%





Paper records

No

Yes

0% 10% 20% 30% 40%




80% 60% 40% 20% 0% 20% 40% 60% 80%










0% 5% 10% 15% 20% 25% 30% 35% 40%





Enterprise search











Industry

Watch


Information G

overnance: too im


Opinions and SpendOur “opinions” question is intended to take the pulse of active practitioners, and those who are aware of the possibilities but may have more pragmatic issues to solve.

n 70% agree that the biggest problem with IG policies is enforcing them.

n 57% agree that senior management take no interest in governance until things go wrong.

n 47% feel that their email governance wouldn’t stand up to any kind of scrutiny or inquiry.

n Only 12% agree that security is becoming a non-issue for cloud-stored records, with 59% disagreeing, 25% strongly.

n 52% admit that they don’t have any effective strategies to limit storage growth.

n 60% feel that automation is the only way to keep up with the volume of information

n 42% agree that they could extract much better business value from their archives by post-processing or re-capturing them

n 45% admit that their lack of effective information governance leaves their organization wide open and vulnerable to litigation and/or data privacy issues. 27% do not feel vulnerable at all.

Figure 32: How do you feel about the following statements? (N=273)

SpendThe indications are for strong growth in the number of organizations investing in IG products across the board, but particularly data clean-up and migration tools, and automated classification. There is also some evidence that the chaotic email issue will receive some attention.

It is also re-assuring that information governance training has a high priority for spend, not just because AIIM has an IG course program, but also that organizations see the need to improve IG skills across RM, IT and business with both training, and increased staff numbers.

0% 10% 20% 30% 40% 50% 60%


Every few years


Mul�ple per year

10-500 emps

500-5,000 emps

5,000+ emps

-60% -40% -20% 0% 20% 40% 60%





Paper records

No

Yes

0% 10% 20% 30% 40%




80% 60% 40% 20% 0% 20% 40% 60% 80%










0% 5% 10% 15% 20% 25% 30% 35% 40%





Enterprise search











Industry

Watch


Information G

overnance: too im


Figure 33: How do you think your organization’s spending on the following products and applications in the next 12 months will compare with what was actually spent in the last 12 months?

(N=255, net of spend more–spend less)

Growth indications are strong for data clean-up and migration tools, automated classification, and email management. Training is seen as a core investment and staff numbers are set to rise.

0% 10% 20% 30% 40% 50% 60%


Every few years


Mul�ple per year

10-500 emps

500-5,000 emps

5,000+ emps

-60% -40% -20% 0% 20% 40% 60%





Paper records

No

Yes

0% 10% 20% 30% 40%




80% 60% 40% 20% 0% 20% 40% 60% 80%










0% 5% 10% 15% 20% 25% 30% 35% 40%





Enterprise search











Industry

Watch


Information G

overnance: too im


Conclusion and RecommendationsInformation Governance as a discipline seems to be here to stay and with an increasing profile – probably for all the wrong reasons of security breaches, lost mobile devices, and email chaos. Most organizations have embraced the need for IT, Records Management, Compliance and Operations to work together around a common set of policies, in order to both secure and exploit corporate information.

However, in our survey we have found big gaps in information governance. Many organizations lack an IG committee with wide representation. Many of the IG policies that they produce are lacking in areas such as mobile content and external access. Many struggle to enforce their policies once they are created. This is nowhere more true than with emails, with nearly half of respondents admitting that their email governance is chaotic, and would not stand up to any sort of scrutiny. Even where suitable content systems are in place, many implementations still lack basic records management functionality such as retention management and legal hold.

Retention management, or more importantly, deletion management, is an important tool in managing high volumes of content and reducing storage requirements, as is trawling existing content to remove redundant, obsolete or trivial items (ROT). However, the biggest benefit from these auto-classification agents is to improve metadata and tagging, thereby improving search and increasing the business value of otherwise useless content. The same techniques of auto-classification can also assist with routing and filing of newly created or incoming content, improving user productivity, complying more consistently with IG rules, and setting retention periods from the outset.

Recommendationsn Create an information governance team including representatives from IT, Records Management,

Compliance, Legal, and Line of Business.

n Review the risks posed by the types of information that you hold should they be lost or exposed, and make senior management aware of the potential consequences of a breach, including those involving internal staff or caused by general negligence.

n Draft an information governance policy. Focus initial efforts on areas where the content is the most sensitive (e.g., HR records, customer records, IP), but also where there is least governance at present (e.g., email, shared drives, cloud file shares, mobile).

n Set retention periods for specific content types and audit your ECM system(s), records management system and email archive to ensure that they have retention management switched on and configured. Also check that procedures are in place for setting legal holds.

n Pay particular attention to your email management. Use value-based criteria to set deletion policies. Consider selective archiving using automation, and ensure that the archive is optimized for search, e-discovery and legal hold.

n Consider running automated metadata correction, de-duplication, and retention policy enforcement across all of your content systems in order to remove redundant, out-of-date and trivial content, and to improve search capabilities.

n If you have extensive image archives of scanned documents that are largely unsearchable, consider re-capturing them with modern OCR to create enhanced metadata and improve potential for analytics.

n Investigate day-forward automated classification, particularly for email, process archives and routine inbound content. Consider using automation to simplify user filing accuracy, and in effect, automate ongoing compliance.

http://twitter.com/?status=RT: %23AIIM survey: 41 percent describe email management in their org. as chaotic. http://bit.ly/1kV44Zu

Industry

Watch


Information G

overnance: too im


Appendix 1: Survey Demographics

Survey BackgroundThe survey was taken by 398 individual members of the AIIM community between September 04, 2015, and September 30, 2015 using a Web-based tool. Invitations to take the survey were sent via email to a selection of the 150,000 registered AIIM community members.

Organizational SizeSurvey respondents represent organizations of all sizes. Larger organizations over 5,000 employees represent 31%, with mid-sized organizations of 500 to 5,000 employees at 40%. Small-to-mid sized organizations with 10 to 500 employees constitute 29%. Respondents from organizations with less than 10 employees have been eliminated from the results, as have employees of ECM product or service providers, taking the total to 368 respondents.

Geography70% of the participants are based in North America, with 19% from Europe and 11% rest-of-world.

11-100 emps, 8%

101-500 emps, 21%

501-1,000 emps, 12%

1,001-5,000 emps, 28%

5,001-10,000 emps, 8%

over 10,000 emps, 23%

US, 39%

Canada, 31%

UK, Ireland, 7%

Mainland Europe, 12%

Australasia, 4%

Middle East, Africa, S.Africa,

3%

Central/ S.America, 2% Asia, Far East,

1%

Government & Public Services -

Local/ State, 21%

Government & Public Agencies -

Na�onal/ Interna�onal, 10%

Finance & Banking, 6%

Insurance, 6%

Energy, Oil & Gas, Mining, 11%

Educa�on, 7%

Manufacturing, Aerospace, Food,

Process, 6%

Non-Profit, Charity, 5%

Healthcare, 4%

Telecoms, Water, U�li�es, 4%

Retail, Transport, Real Estate, 3%

Legal and Professional Services, 3%

IT & High Tech -not ECM, 2%

Consultants, 2%

Engineering & Construc�on, 2%

Life Science, Pharmaceu�cal, 1%

Media, Entertainment, Publishing, 1% Document Services

Provider, 1%

Other, 5%

IT staff, 9%Head of IT, 3%

IT Consultant or Project

Manager, 8%

Records or IM staff, 36%

Head of records/

informa�on management,

24%

Compliance, Legal, 4%

Line-of-business exec., dept

head or process owner, 6%

Business Consultant, 3%

President, CEO, Managing

Director, 1%Other, 7%

11-100 emps, 8%

101-500 emps, 21%

501-1,000 emps, 12%

1,001-5,000 emps, 28%

5,001-10,000 emps, 8%

over 10,000 emps, 23%

US, 39%

Canada, 31%

UK, Ireland, 7%


Australasia, 4%


3%


1%


Local/ State, 21%




Insurance, 6%


Educa�on, 7%


Process, 6%


Healthcare, 4%





Consultants, 2%




Provider, 1%

Other, 5%



Manager, 8%


Head of records/


24%







Industry

Watch


Information G

overnance: too im


Industry SectorLocal and National Government together make up 31%, Finance, Banking and Insurance 12%, and Energy 11%. To avoid bias, suppliers of ECM products services have been excluded.

Job Roles20% of respondents are from IT, 60% have a records management, knowledge management or information management role, 4% legal or compliance, and 17% are line-of-business managers.

11-100 emps, 8%

101-500 emps, 21%

501-1,000 emps, 12%

1,001-5,000 emps, 28%

5,001-10,000 emps, 8%

over 10,000 emps, 23%

US, 39%

Canada, 31%

UK, Ireland, 7%


Australasia, 4%


3%


1%


Local/ State, 21%




Insurance, 6%


Educa�on, 7%


Process, 6%


Healthcare, 4%





Consultants, 2%




Provider, 1%

Other, 5%



Manager, 8%


Head of records/


24%







11-100 emps, 8%

101-500 emps, 21%

501-1,000 emps, 12%

1,001-5,000 emps, 28%

5,001-10,000 emps, 8%

over 10,000 emps, 23%

US, 39%

Canada, 31%

UK, Ireland, 7%


Australasia, 4%


3%


1%


Local/ State, 21%




Insurance, 6%


Educa�on, 7%


Process, 6%


Healthcare, 4%





Consultants, 2%




Provider, 1%

Other, 5%



Manager, 8%


Head of records/


24%







Industry

Watch


Information G

overnance: too im


Appendix 2: General Selective Comments

Do you have any general comments to make about your information governance and automated classification experiences? (Selective)

n Data management and governance gets high priority in our organization but content management zero, mainly because the data management issues are urgent and take up all resources and management attention.

n One of the biggest issues is getting the business to classify what are the important documents the business NEEDS for operating.

n More is needed for us to improve our IG. Currently, too manual, lacking the technology and knowledge to embrace electronic records management and IG.

n Not enough is done about IG in the corporate world and poorly informed and trained personnel seem to be responsible for designing and enforcing IG.

n Timely topic, we are just beginning the journey of information governance.

n I feel after this survey that we are moving forward.

n The organization is just waking up to the issues and opportunities. The next 12 months will be interesting!

n Never happen unless higher management gets interested.

n The lines between records, information and data are becoming more blurred, which leads to confusion and uncertainty.

n Never happen unless higher management gets interested.

Industry

Watch


Information G

overnance: too im


Underwritten in part by

Your business’s information is so important. But not being able to determine your information’s value or quantify its risk means your business could face serious legal fines, policy breaches, increase costs and more. At Hewlett Packard Enterprise, we think your data deserves better. And so does your business.

HPE Information Governance provides a portfolio of modular solutions that allow you to uncover insights and take more action with your data to reduce risk so that you can manage your information in accordance with policy and regulations. HPE empowers you to know what’s happening across your enterprise, allowing you to take more action and expose your organization to less risk, resulting in real impact on business.

Our solutions include:• File Analysis to cut costs by properly managing your legacy data• Records Management to optimize operational costs and meet compliance obligations• Information Archiving to mitigate regulatory risk with proactive management• eDiscovery to prepare for and react to legal matters faster• Backup and Recovery to avoid risk by preserving and protecting your growing data

www.hpe.com/software/infogov

About Hewlett Packard Enterprise

http://www.hpe.com/software/infogov

Industry

Watch


Information G

overnance: too im


Information Governance is one of the most misunderstood terms in the business of information management. It’s NOT just a fancy replacement for Records Management. Use these best practice resources to learn how to manage ALL types of information, not just records. And transform your information into assets and insights for competitive advantage.

AIIM Information Governance Resource Centre

www.aiim.org/Resource-Centers/Information-Governance

Industry

Watch


Information G

overnance: too im


AIIM (www.aiim.org) AIIM is the global community of information professionals. We provide the education, research and certification that information professionals need to manage and share information assets in an era of mobile, social, cloud and big data.© 2015AIIM AIIM Europe1100 Wayne Avenue, Suite 1100 Office 1, Broomhall Business Centre,Silver Spring, MD 20910 Broomhall Lane, Worcester, WR5 22NT, UK301.587.8202 +44 (0)1905 727600www.aiim.org www.aiim.eu

HPE Information Governance

Data & Analytics

Transcript of HPE Information Governance