1 / 57

e-Records State of the Art Bruce Miller e-Records Strategy and Business Development Executive

e-Records State of the Art Bruce Miller e-Records Strategy and Business Development Executive. Bring Recordkeeping To Your Business Solutions. e-Records State of the Art – SAA 2004. Market Assessment/Trends e-Records Fundamentals The New Model Compliance Implementation

finola
Télécharger la présentation

e-Records State of the Art Bruce Miller e-Records Strategy and Business Development Executive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. e-RecordsState of the ArtBruce Millere-Records Strategy and Business Development Executive

  2. Bring Recordkeeping To Your Business Solutions e-Records State of the Art – SAA 2004 • Market Assessment/Trends • e-Records Fundamentals • The New Model • Compliance • Implementation • Conclusions/Recommendations

  3. Records Management is now Critical

  4. Why Businesses are Now Buying e-Records • To stay out of legal trouble • Risk of Litigation/Embarrassment • Enron, Microsoft, DoD • To Prove Compliance with regulations • SEC, EPA, Privacy, HIPAA, etc. • Because they are forced to • Government Mandates • USA (DoD), Canada (RDIMS), UK (PRO), Australia (VERS), EU (MoREQ) have mandated e-Records • To Save $$$ • Downstream Cost Avoidance • Cost of litigation (discovery), cost of major mistakes

  5. e-Records as a Contribution to Market Requirements Mandated Govt. Standards Regulatory Compliance USA (5015.2) United Kingdom (PRO) Australia (VERS) Financial Svc (SEC) Pharma (21 CFR 11) HeathCare (HIPAA) e-Records e-Records • Doc Search • GUI • Privacy • Digital Rights • Security • Privacy • Digital Rights • Security • WORM Storage • Surveillance • Duplication • Email Capture • Search/Retrieve e-Records e-Records e-Records e-Records

  6. What You Need to Know About the Market • Avg. Acquisition size Approaching 10,000 users • Ability to scale up = key! • Significant Buyer Skepticism • Many failed pilots. • Poor user acceptance. • Deployment capability = key! • IT Managers, not Records Managers, = Buyer • Records people in support role only.

  7. Current Market Pressures • Meet US DoD Chapter 4 • Homeland Defense related opportunities • Meet UK National Archives 2002 • 2nd-largest worldwide market • Achieve High Performance • Business partners with large clients • Email storage and management • Requests from 3M – 10M transactions per day • Achieve Tighter Integration • With IBM Products (Content manager) • Easier/tighter 3rd-party apps • Overcome e-Records Skills Shortage • Serious inhibitor • Achieve High-Volume Classification • Email Storage/Management • SEC-Regulated customers

  8. Serious Skills Gap • Not enough people who know how to implement! • CIOs & CEOs do not understand RM • Records Managers do not understand e-records

  9. Bring Recordkeeping To Your Business Solutions e-Records State of the Art – SAA 2004 • Market Assessment/Trends • e-Records Fundamentals • The New Model • Compliance • Implementation • Conclusions/Recommendations

  10. The Solution – e-records • An e-Record is: • E-mail • Anything at the desktop • Deleting the right document at the right time (Retention and Disposition). • Destroy according to law/policy • e-Records puts the organization in control of the destruction. • Consists of (3) new capabilities: • Declare • Classify • Apply Life Cycle

  11. e-Records(3) Objectives • Declare (User) • Put a document under e-Records management control • Classify (User) • Assign a retention rule to the document • Automatic or Manual Classification • Apply LifeCycle (Records Administrator) • Apply LifeCycle rules to a declared document • Destroy or Transfer (out) a record

  12. Recordkeeping for End Users • Declare Electronic/Non-Electronic documents • Classify during Declaration Effort ??? Reward The 5-second Rule

  13. Declaring Electronic RecordsUser Reluctance • It’s “my” document • This is “too much work” • Let “Admin” do it! Declare that Document! “Filing a document into a records repository is an unnatural act” R. Medina, 2000

  14. DeclaringDocuments To Be Records

  15. Declaring a Document Host App e-Records

  16. Rule 1 Rule 3 Rule 1 Rule 5 Rule 8 Rule 8 File Plan Retention Schedule Classification Classifying a Document Retention Rule 1 Safety Doc. 1 Retention Rule 2 Inspections Retention Rule 3 Doc. 2 Retention Rule 4 Incidents Retention Rule 5 Finance Doc. 3 Retention Rule 6 Budgets Retention Rule 7 Doc. 4 Retention Rule 8 Audits Retention Rule 9 Doc. 5 Travel Retention Rule 10 Requests Retention Rule 11 Doc. 6 Retention Rule 12 Reports

  17. Laws Corporate Information Records Management Retention/Disposition Scheduling Structured File Plan Retention & Disposition Decisions Policies Regulations e-Records – A Fresh Approach

  18. Bring Recordkeeping To Your Business Solutions e-Records State of the Art – SAA 2004 • Market Assessment/Trends • e-Records Fundamentals • The New Model • Compliance • Implementation • Conclusions/Recommendations

  19. Traditional Records Software Integration Competing Repositories When/where to store records? Users Lose Their Records Declared records moved to records repository Cannot Find Records Must switch to records software to find declared records 3-Way Instability Change to any (3) causes failure RMA Integration Desktop App 3 RMA Repository MiddleWare App 2 Business App 1 Application Repository

  20. The New Model e-Records Engine • Declared Records Not Disturbed • No records software for users! • Preserve application security • No Recordkeeping Application Software • Nothing to install/maintain on desktops • Recordkeeping for ANY Desktop Application • No limitations Records Server - Desktop Declare/Classify Business Application Repository

  21. REPOSITORY REPOSITORY REPOSITORY REPOSITORY REPOSITORY REPOSITORY App 1 App 2 App 3 App 5 App 4 App 6 Declare/Classify Declare/Classify Declare/Classify Declare/Classify Declare/Classify Declare/Classify e-Records Server Enterprise e-Records Records Processes Records Administration Retention Schedule File Plan Metadata

  22. Bring Recordkeeping To Your Business Solutions e-Records State of the Art – SAA 2004 • Market Assessment/Trends • e-Records Fundamentals • The New Model • Compliance • Implementation • Conclusions/Recommendations

  23. Enforcement: Prosecutions and Penalties

  24. What does ROI Mean? Reduced Odds of Incarceration

  25. Common Compliance Misunderstandings • Records Management = Compliance • RM is just a foundation component of a compliance solution. • Retention Management = Records Management • They are vastly different! • Storage Subsystems are certified by SEC • SEC does not certify anything! • Storage Subsystems Offer Records Management • They do not (yet!).

  26. The Major Regulations Affecting Many Enterprises Many additional smaller, contributing regulations

  27. The Functionality/Capabilities RequiredEight Distinct Technologies • Records Management (e-records) • Controlled, process-driven Document Retention and Destruction • Content Management • Document Storage, high-performance search/retrieval, Version Management • Storage Management • Duplicate/triplicate, non-erasable, disaster recovery • Contextual metadata (index data) • BI/CPM • Business Intelligence/Corporate Performance Monitoring • Identify and report on key financial performance indicators • Supervision • Monitor/review/intercept trading correspondence (email/IM/other) • Email/IM Capture & Management • Intercept email/IM, store & review/retrieve • Collaboration • Sharing, production of audit review documents • Audit process controls • Digital Rights Management/Privacy • Digital Signatures/Authorization • Access/Rights Management

  28. Translating Requirements to Technology Email/IM Management Content Management Storage Management Rights Management Collaboration Supervision e-Records BI/CPM

  29. Supervision of Trading Non-Erasable Data Duplication e-Records ECM Email/IM Collection Two Foundation Technologies Sarbanes Oxley SEC/NASD Business Performance Management US DoD 5015.2 Audit Processes & Controls E-Records Document Collaboration Tools 21CFR11 HIPAA Rights Management Rights Management

  30. SEC/NASD Solutions • Do not yet meet recordkeeping Requirements • Fixed-Term Retention only • No event-Based retention, Legal Holds • Suitable for Transactions & Marketing …. The Commission believes that for record retention purposes under Rule 17a-4, the content of the electronic communication is determinative, and therefore broker-dealers must retain only those email and internet communications (including inter-office communications) which relate to the broker-dealer’s “business as such”. 62

  31. Fixed Term Retention vs Records Management

  32. Event-Driven Records in SEC/NASD Compliance

  33. Five Reasons SEC/NASD Needs RM • Handles Event-Based Retention • Legal Holds • Handles Changes in Regulations/Retentions • Legal Audit • Accommodates Paper Records 62

  34. Bring Recordkeeping To Your Business Solutions e-Records State of the Art – SAA 2004 • Market Assessment/Trends • e-Records Fundamentals • The New Model • Compliance • Implementation • Conclusions/Recommendations

  35. The Most Frightening Thing in e-Records • You are a records manager at CISCO (San Jose) • You have to meet FTC Regulations, SOX, others. • Your CIO has purchased e-records software • with year-end funds • The CIO has asked you; • “Tell me what we have to do to implement”

  36. Implementing e-Records • What do we have to achieve? • What is our approach?

  37. To Achieve Successful e-Records  • Declare/Classify • Across multiple applications, platforms, attitudes • Accurate, appropriate retention rule assignment • High Scalability • 10’s of thousands of users, <5 second e-records “experience” • Flexibility in the Records Model • Adapt to local customs/realities/conventions • Physical Records Management • Paper records handled efficiently, seamlessly    We Must Achieve All Four! 81

  38. You Have to Bring Together; Business Software User Attitudes Technical Platform Policies/Procedures To Outwit Your Users

  39. Mandates / Regulations A 3-Stage Approach to e-Records Success • Establish corporate policies based on the regulations that effect you • Translate these policies into specific business procedures • Apply the technologies to automate and control the business procedures

  40. For Successful Implementation • Make the e-Records process go away • Automate Declaration and Classification where possible • Integrate e-Records into your business • Make it part of existing business processes • Deploy it properly • Measure the Results and adapt • Train the Administrators and motivate the end users • Integrate it sensibly

  41. Three Stages of e-Records Implementation

  42. IBM’s e-Records Implementation MethodologyOverview Stage 1 • Build Supporting Organizational Structures • Build Corporate Awareness • Establish Underlying Corporate Policies • Enshrine the New Policies Stage 2 • Build/Strengthen RM Foundation • Develop Implementation Strategy/Plan • Map Business Processes Stage 3 • Implement RM Technology • Conduct the Initial Pilot • Enterprise Roll-out IBM Capability

  43. 1. Build Supporting Organizational Structures • Link IT to RM • Involve Legal Counsel, Corporate Compliance and Corporate Risk Management • Define mission, mandate, roles and responsibilities • Establish a Strong Project Team • IT, RM, Business Process People, Legal Counsel, Corporate Compliance and Corporate Risk Management

  44. 2. Build Corporate Awareness • Launch an education plan/strategy • Up (to management) Educate Management on importance of e-records • Across (to stakeholders) • Down (to end users) • Tie to business ethics training (when appropriate) • Build the business case (if required) • Tangibles • Intangibles

  45. 3. Establish Underlying Corporate Policies • Definition of a record. Official vs. Transitory records. When to Declare a record. (this will vary depending on the record and the business process) • Requirements of systems and processes that generate/store records, including quality and reliability of such systems • Email Policy (Usage and application of e-records) • Mainframe and Client / Server Applications and Database Policy • Policy’s strategic place and role within the greater organization’s policies/framework • Compliance, Privacy, legal, public’s right to information (FIOA) etc. • Implementation plan • Resources Required • File Plan and retention schedule • Access control (security) • Policy review/Audit process

  46. 4. Enshrine the New Policies • Communicate clearly from the top. This is really education. • Provide the policy to all stakeholders and everyone who has a role to play

  47. 5. Build/Strengthen RM Foundation • Creation of Update/Revise File Plan & Retention Plan • Use Skupsky’s Retention Method or other 3rd party retention method or consultation (if applicable) • Ensure adequate skills and resources (funding, people) • Conduct a Records Inventory (physical as well as electronic) • Establish Metadata requirements and standards (leverage existing corporate ones or industry standard ones)

  48. 6. Develop Implementation Strategy/Plan • Decide on relationship between ECM and RM • Why/When/How/Where to combine the two • Identify Target Pilot group • Define the Target Business Processes to records-enable • Set clear expectations, goals and objectives • Timeframe, Roles & Responsibilities

  49. 7. Map Business Processes • Clearly Define and map every target business process • Revise process to include e-records • Secure stakeholder agreement on all updated processes • (PRM only) Define & Map paper-based processes • Folder storage/retrieval/tracking • Box storage/retrieval/tracking

  50. 8. Implement RM Technology • Install/Configure • Bulk Load File Plan, Retention Schedule • (PRM Only) Bulk Load Boxes, Folders • (PRM Only) Define/build any required “custom” paper handling processes • Train Records Administrators • Establish operational Physical Records management (PRM) • Install, Configure any/all connectors/existing RMe’s • Design, build, test, deploy, audit, refine any new enablers

More Related