T2P Content Management, Records Management & E-Discovery News

Modern data backup and recovery system considerations

2009-11-09T15:10:04Z

In this book excerpt, Iearn about tape vs. disk storage, the difference between full versus incremental backup, and disaster recovery vs. backup.

Privacy, Security Laws Impede Health Data Sharing, Experts Say - iHealthBeat

2009-11-09T19:57:31Z

Privacy, Security Laws Impede Health Data Sharing, Experts Say
iHealthBeat
The Federal Information Security Management Act and HIPAA privacy rules make it difficult to share electronic health records among federal agencies and ...

P2P networks at the root of accidental disclosures, once again

2009-11-09T15:23:55Z

P2P file sharing networks aren’t seen very often on corporate PCs. At this point, most managers have implemented policy to prohibit their use, and admins have implemented technological measures to make sure employees aren’t putting them on their PCs. And that’s all well and good, but it’s not enough.

Do you leave your work at the office at the end of the day? Didn’t think so. Most companies have at least several people, if not the majority of employees, taking work home; and many have staff members telecommuting from home on a regular basis. This too, is a wonderful trend. I personally haven’t seen the inside of a cubicle in 18 years, and this trend is only going to increase. The office is fast becoming obsolete and unnecessary.

But those security measures, and the trend of working at home, work at cross purposes. Security measures in the office usually stop at the network, protecting access to files and applications and ensuring that PCs within the physical boundaries of the workplace are protected against attack. But today, physical boundaries are irrelevant.

We saw this last week when an ethics report from the US House of Representatives was accidentally leaked onto a public P2P file sharing network. The document was an internal file that listed several members of Congress who were being investigated for ethics violations.

There is an argument, which has some legitimacy, which says that ethics investigations should indeed be made public. Citizens have the right to know whether their elected representatives are crooks. But that argument is misplaced. The policy of the Ethics Committee is not to disclose those investigations unless there is a formal investigation, and at that point it would be made public. But that again is besides the point.

The point is, the House of Representatives used lax security rules, and needs to tighten them up. Whether the information should have been public or not doesn’t matter; the fact is that they screwed up from a security perspective by allowing something to be made public that they had not intended to be made public.

The Ethics Committee was quick to release a “not our fault” statement, saying that the leak wasn’t caused by their own information systems. But this is only a half-truth. The leak was in fact caused when a junior staffer took the file home and stored it on a home computer where P2P software was installed, and as such, the Committee argues that it wasn’t their systems—but in fact, it was their own lack of policy and oversight that caused it. Security policy once again must go beyond the borders of the enterprise and into every computer that touches the network. If a worker telecommutes, then the computer used for telecommuting—especially if sensitive documents are being worked on—must also comply with corporate policy. And that means no P2P file sharing applications on it.

Liked this post? Get more email management and administration related news from TheEmailAdmin.com!

P2P networks at the root of accidental disclosures, once again

US government fails to publish social networking guidelines as former US-CERT ... - SC Magazine UK

2009-11-05T13:00:35Z

US government fails to publish social networking guidelines as former US-CERT ...
SC Magazine UK
With regard to privacy and dealing with information control and access, Kwon claimed that this is a 'shared responsibility' of both the department and ...

2009 Business Social Media Benchmarking Study

2009-11-08T05:15:52Z

2009 Business Social Media Benchmarking Study "was designed to assess current trends in the use of social media in North...

FTI webinar: financial, transactional and operational databases in e-disclosure

2009-11-06T17:53:22Z

FTI Consulting are presenting a webinar on structured data on Thursday 19 November at 1300 GMT. The subject is perceived by some as too difficult to talk about, but it cannot be ignored. Elephants have provided a recurring theme throughout this blog. They are large, hard to get your arms around and difficult to describe to [...]

UK to Push for Law to Retain All Communications Data

2009-11-09T05:00:00Z

The U.K. government said Monday it plans to push for a law requiring service providers such as ISPs to retain data about instant messages, e-mail and other electronic communications.

Business use of Twitter, Facebook exploding

2009-11-09T20:11:00Z

A survey of 200 companies worldwide found that use of social networks like Facebook and Twitter for business use has exploded in recent months.

There Are 54 Email Archiving Vendors. How Do You Choose?

2009-11-02T18:40:44Z

Can you believe that there are 54 companies in the email archiving market? My product, InBoxer, of course. There are also names that you have heard of like Symantec EnterpriseVault, IBM Commonstore, Mimosa Systems Nearpoint, Google's Postini, Barracuda Networks, and so on.

It is so confusing, that it is hard to make sense of the differences.

So, I have taken a stab at discussing the critical issues in a new whitepaper entitled, "There Are 54 Email Archiving Vendors. How Do You Choose?" I am covering topics such as:

- Speed and accuracy of archive search
- Why Microsoft says stubs "should be avoided"
- How Microsoft Exchange 2010 archiving cuts storage costs
- Evaluating Exchange journaling versus MAPI or Exchange log files
- Importance of litigation hold techniques
- Legal reasons for real-time monitoring
- On-premises versus the cloud

I invite you to download it and to place your comments here. (I am sure that some competitors may want to express their point of view as well.) Please join in.

8 things that always worried you about legacy content, but you were afraid to ask about

2009-11-05T12:04:19Z

Since joining Vamosa in 2001, Nic has helped transform the company into a sector-defining software and solutions company specializing in the emerging area of Enterprise Content Governance (ECoG). Nic has led the expansion of Vamosa in the US, while continuing to work closely with the UK team on Vamosa's strategy and vision for the recently launched suite of products.

8 things that always worried you about legacy content, but you were afraid to ask about

1 -- Your content is probably not in the best shape.

One of the reasons why you are implementing your new ECM system is that you want your content to be better managed than it has been up until now! You will need some "tough love!" – you have to lay down the law. "Governance" is the watchword and it calls for the 4 Cs of content governance –content needs to be clean, it needs to be classified, it needs to be correct and it needs to be credible.

2 -- You probably have a lot more content than you need.

Most legacy content stores are littered with duplicate content; with content that is no longer relevant to your business or contributing to the cause. But how do you work out what’s "correct" and what isn’t? You need to do content discovery to identify duplicates (and near duplicates, or versions) of web pages, Office documents, PDFs and images. You then need to establish what stays and what goes. This act alone can reduce your content volumes by 40%-60%. The benefits are significant costs savings and collapsed project timescales.

3 -- No matter how shiny your new CMS is, your content can trash it.

Your favorite systems integrator -- or maybe your best project team -- have been tasked with building this crystal cathedral to corporate content. Look at the project plans: where is the work plan to find out where the legacy content is hiding, what it consists of and who is using it? More often than not it is pretty far down the priority list -- many times it is an afterthought. Some pretty huge ECM implementations have looked great on paper, but have failed to deliver because they have overlooked the content they have to manage.

4 -- Your content authors are human – and it shows!

The actual content may range in quality from A+ to an F. Plotted on a graph showing the content’s quality score against corporate, technical and compliance criteria your legacy content might be lucky to get a C+. But that is worrying: if your content gets a pass, but only just, how prepared would you be for a real "content crisis?" If you were hit by litigation, a product recall, or a corporate scandal, would your content hold up to scrutiny?

At times like these you will wish you had implemented the content governance model you just didn’t have time for in the project plan. Failing to cover content compliance (an establishing policy if you don’t have one) when looking at your legacy content is simply replicating your existing problems in your new system.

5 -- We can do this the hard way or the easy way.

Do you really know what you actually have out there? What is published, what is stored, and what is "invisible" because it can’t be found using the search engine? Similarly, how can you find out what is published and what is also being used, as opposed to just sitting there burning fossil fuels? Do you know what your existing metadata implementation covers (and more importantly what it doesn’t)?

Short answer: you really need to carry out a thorough and in-depth analysis of it all - content, storage, logs, metadata, information architecture, links – the whole nine yards. You can’t measure what you don’t know.

6 -- Where are the tactics and what is the strategy?

This is where it can get really interesting. If your IT or project guy comes to you and says "I know how to get this content into the new system – I want to build/buy a content migration tool," then you should start to prepare for that sinking feeling. Migration should be seen as being part of the governance thought process, not an excuse to acquire a "tool" to take content from one place and put it somewhere else. "Lift and shift" is the fastest route to replicating your current bad habits in your new system. Legacy content has to have new life breathed into it, and it has to be crafted to maximize the benefits afforded by the new system. Otherwise it’s back to business as usual, and in another two years time you will be looking to move your content again.

7 -- Don’t let the tail wag the dog - your legacy content can give you a great deal of insight into best practice.

In many instances, the old system can expose what you did right, and what you did wrong. Don’t rely on default values for your system configuration. Default values may be the easiest choice, but they can be storing up a whole heap of pain for the future. For example, it may seem very reasonable that your new ECM has a default value of 60 characters for the content description metatag. But will that suit you? What if half of your existing content has a description field greater than that? Do you truncate? Do you break the description at the complete whole word before you hit the maiximum? Do you ask your content owners what they want to do?

The answer is a quite simple “No” to the above – you need to use ALL of these values at a level that suits your needs. Sounds obvious? You would be amazed at the number of international companies that get caught out by simple concepts such as this.

8 -- You may have got away with it up until now, but that was probably just dumb luck!

Your public-facing content is your shop window to the world – the WHOLE world. You control it (you hope) and you have total responsibility for what it says – in good times and in bad. Your web sites and all of your documents are indexed and maintained for internal use – but when the lawyers call, you want to be prepared. Under the federal rules of civil procedure (FRCP), the discovery process is there to ensure that the parties are not subject to surprises. What is actually sitting inside your legacy content could be a ticking time bomb. So try to eliminate the surprises by ensuring that this legacy content gets transformed in such a way as to make you litigation-ready, and (hopefully) there won’t be any surprises!

-----

The following ECM implementation-related topics may also be of interest...

Considerations for High Availability Designs Used for Disaster Recovery

2009-11-03T13:39:11Z

With more focus being placed on rapid recovery times for disaster recovery (DR) operations, much of the design, strategy, and practice work done for DR in the past has shifted more toward the high availability (HA) concept. For many businesses, an “always on, 24/7/365″ concept is key, so a recovery time of 48 hours is simply too long, and a data loss of an entire week would be catastrophic and considered a definite disaster in its own right. So, availability is now king–how do we achieve it? See my article on Virtualization, Replication, Storage and High Availability for introductory concepts on replication and how storage requirements increase, and on the general ideas behind clusters and replication.

Many of you here are from a Microsoft Exchange and therefore a Windows Server environment. While much has changed in the capabilities for Windows server clustering, especially in the Exchange area, many of the core concepts are the same regardless of what the latest features and options are. For example, block-level replication across drives on a SAN solution such as EMC’s SRDF/CE option is specifically designed to assist in replication of Windows databases such as SQL and Exchange, but the block-level replication works in essentially the same manner as DRBD does on Linux.

Clustering conceptually is the same regardless of the platform or systems as well. Although that might seem to be heresy to those that are irrationally tied to one platform or the other, it’s true. It’s even more true for dealing with the considerations for multi-site clusters or geo-clusters. Round trip times and network latency limits tied to the speed of light for geographically distant systems can’t be ignored, regardless of the platform or application. Also, clustering solutions have to deal with defining fail-over and fail-back procedures, and the theory behind most of these solutions is the same. Nodes in a cluster communicate via a heartbeat, and there is often a tie-breaker or “witness” node present to assist in validating that the primary node in the cluster has failed. For multi-site or geo-clusters, this is especially important both in the design stage and in understanding the possible failure modes. If network communication is down between sites, but not to and from clients at a site, multi-site clusters may fail-over and present a “split brain” situation where each site’s believes it is the active one, that the other is down.

Does the likelihood of a network outage mean that we must change our expected recovery time to be greater than the acceptable down-time for the network listed in our network SLA? Probably? This is a key question. How long must communication between sites be down before the secondary site decides that the primary site is really down and takes over as active? Do you believe that having alternate paths for the heartbeat connection will solve this? Could that create an even greater problem? Let’s look at it:

Multi-path Communication for Multi-site Clusters
The servers will likely have a subnet spanning (cross-site VLAN) solution where their heartbeat network interfaces communicate. This network path therefore includes distinct network adapters (NICs), cabling, possibly separate switching, and may take a different path to and from the remote site. If the sites communicate via a traditional WAN link, but clients connect between sites or to each site via separate Internet facing routers or VPN concentrators, the client path to the remote site and its server(s) in the cluster may be very different. Consider already that client communication on the primary site with the active node(s) may fail, but the different network path for the hearbeat and quorum info may have the cluster in a state where it is healthy, but unreachable.

If the cluster fails over due to heartbeat communications failing, but when clients can still reach the primary site’s active servers, very strange problems can arise. Depending on how DNS is configured, and on how the cluster’s IP address is managed, clients might be directed to the secondary site based on the interruption of communications on the heartbeat network. In fact, the primary site is still active. Depending on the SAN or replication solution, one or the other of the sites will be writable with the data, while the other is just being replicated to. The load-balancing or DNS management needs to align with which cluster site is active. If the heartbeat network goes down and the cluster fails over to the secondary site, but clients are still directed to the primary site by a load balancer or DNS, that site likely won’t have access to the disk volumes since the SAN will have failed over to the secondary. If the replication solution still allows write access, the data between sites will be inconsistent. The cluster will think the secondary site is active, yet data has been written to the primary. Granted, if things are set up correctly this should not happen. But it can. Be warned.

Liked this post? Get more email management and administration related news from TheEmailAdmin.com!

Considerations for High Availability Designs Used for Disaster Recovery

Physical protection of passwords and sensitive information

2009-11-05T09:53:51Z

IT departments often take the time to be proactive (at least if they’re doing their jobs), and educate staff about using complex passwords, changing passwords frequently, avoiding phishing by not clicking on unknown email links and attachments, and all the other standard protections we know to take. But we sometimes forget that amidst all the technical precautions, we must also take physical precautions.

Passwords, PINs, and other sensitive information often comes in printed form before we commit them to memory. It may be in the form of a letter from a bank or a memo from the IT department, or it may even be a password that we wrote down on a piece of paper and stuck in a drawer. What happens to this paper? More often than not, it gets tossed into the waste bin, where it can be easily picked through by an opportunistic identity thief.

A recent survey showed that a surprising 79 percent of all businesses do not destroy sensitive information on paper that is being discarded or recycled. The UK-based survey showed that 64 percent of businesses have a clear policy on handling written documents with sensitive information, and 32 percent of employees admitted to discarding sensitive documents directly into the trash.

The survey, which was conducted as part of National Identity Fraud Prevention Week, says that identity fraud results in over £1.2 billion every year. Forty percent of the companies surveyed said they throw away information on customers, including home addresses, phone numbers, and even photocopies of passports, all of which can be used to perpetrate identity theft. Individuals are as vulnerable as businesses, and the report says that 44 percent of Britons still do not shred documents with sensitive information. And here’s a shocking statistic. The survey showed that half of all households threw away everything a criminal would need to perpetrate identity theft, and that 79 percent of all household waste had at least one item that could help a criminal.

The answer of course, is simple, non-technical and inexpensive. First, put a policy in place that says all documents with any personal information must be destroyed; and second, install paper shredders in convenient locations throughout the office.

Liked this post? Get more email management and administration related news from TheEmailAdmin.com!

Physical protection of passwords and sensitive information

Tips when making email archiving choices

2009-11-05T10:06:07Z

So you’re thinking of acquiring a new email archiving tool and need to craft an acquisition and implementation strategy. Here are some things you may want to consider.

Regulations, rules, requirements and product warranties can make buying archiving tools a minefield. By consulting with your corporate legal and compliance people, as well as your company’s business managers, you can get an idea about where those mines are buried. Moreover, you can use your efforts to educate yourself about what requirements must be met by your new tools to build support and acceptance among your legal and compliance people.

When garnering information from legal and business colleagues, it’s important not to lose sight of your role as a technology advocate. While it’s critical to know what your new archiving tools must do to meet compliance and warranty demands, it’s also crucial that those unschooled in the intricacies of storage management understand basic concepts, such as the distinction between backups and archiving and the hard and soft costs attached to storage.

Keep in mind that your new archiving tools need to do more that meet compliance requirements if they’re going to be accepted by your users. After all, you don’t want to trade one headache–jumping through compliance hoops–for another–a disgruntled user base that sees your new technology as an impediment to its doing its job.

The obvious way to get your users to buy in to a technology is to obtain one that’s as friendly as possible. When introducing a new system, many times “friendly” is just another word for familiar. A system that allows users to interact with something they’re familiar with–Lotus Notes, for instance, or Microsoft Outlook–will calm their anxiety about adopting something new.

Remote access to email archives has become increasingly important not only to road warriors but also to an organization’s rank and file who may be working from home as well as in the office. You should take that into consideration when evaluating new archiving tools. The last thing you want to happen after installing a new system is to have frustrated users creating caches on their office computers where they’re squirreling away copies of their emails because it’s the only way they can see their past messages when they’re away from the office.

Because every day there are reports of court cases decided on emails acquired through legal discovery, it’s easy to lose sight of the fact that anything electronically stored on a company’s computers is fair game for legal beagles. Moreover, regulators make no distinction between emails and unstructured data when they go hunting for information at a business. Unstructured data–data outside the email umbrella–can account for some 80 per cent of the bits and bytes stored on a company’s servers, personal computers and laptops. You need to take that into account when reviewing new archiving tools. They need to support archiving of multiple data types, such as instant messages, telephone logs and calendar items.

It’s also important when considering archival tools to consider how–once they’re in place– they will help you enforce system policies. For example, it’s crucial–although it won’t make you or your system popular–to avoid exceptions to archiving policies. There may be some political gain in giving in to a senior executive who wants his or her email account exempt from policy because he or she is disgruntled about the system’s purge cycle or is displeased with the way a system displays archived messages, but when the company gets embroiled in litigation and an opposing counsel starts raising questions about why policies weren’t followed, chances are you’ll be left hanging from a flag pole twisting in the wind alone.

Another policy you’ll want to implement is control of email stubs. You’ll want to trash stubs every 90 to 180 days. Retaining the stubs for too long can impact your system’s performance and the daily irritation of hearing a chorus of “Why is the system so slow?” wherever you go. Since not all archival products dump the stubs when files reach the end of their retention period, that’s a feature you may want to make sure is included in your new archival tool.

Finally, you’ll want to thoroughly vet how a potential archiving system will handle copies of local email files. These files are commonly stored in PST files for Microsoft Exchange and NSF for IBM Notes. Those files are scattered throughout your organization on users’ computers and can be a nightmare for your retention program. Not only is finding those files a horror show when an opponent’s lawyers appear on the doorstep during the discovery process but the information in them can be ticking time bombs. Some systems allow you to block the creation of such files, but if that’s done, you’ll want to make sure your archiving software can accommodate your users’ legitimate needs to access their historical emails.

Liked this post? Get more email management and administration related news from TheEmailAdmin.com!

Tips when making email archiving choices

Users misbehave, IT gets punished

2009-11-04T20:50:02Z

Another reason to take employee computer monitoring seriously: Lawyers say IT pros could be on the hook for employees’ online behavior.

Based on several state laws and court decisions, employers could have a duty to monitor Web use and tell police about employees who access child pornography, according to employment attorney Gina M. Smith.

So far, seven states have laws on the books requiring companies to report those crimes: Arkansas, Illinois, Missouri, North Carolina, Oklahoma, South Carolina and South Dakota. Failure to do so can result in jail time for IT pros.

Also, in 2005, a company was sued for negligence by the mother of a child pornography victim.

The plaintiff’s husband was arrested after posting inappropriate pictures of his step-daughter online. Apparently, the company monitored his Internet access and saw child pornography sites listed, but never did anything about it. The woman claimed the conduct would have stopped much earlier if the company had stepped in.

A New Jersey court decided in her favor, ruling that a company on notice that a law is being broken with its equipment has a duty to investigate and inform police (Cite: Doe v. XYC Corp.).

To avoid liability, Smith recommends companies:

Designate one person to be a point of contact with police if necessary
Tell all IT staffers about the legal risks and outline a formal report procedure, and
Let all employees know what they should do if they find someone committing a crime on compant-owned devices.

How Data Validation Will Make Your Life Easier

2009-10-30T14:00:24Z

As a clinician, you want to know if data being entered into the system is accurate, clean, correct and useful. Data validation often called “validation rules” or “check routines” are built into systems such as EHR systems. These rules check for correctness, meaningfulness, and security of data. For example, the system would automatically disallow or question a user trying to enter eligibility results into the patient’s address field. Validation rules may be automated because the software company uses a data dictionary, or data may be checked by an explicit application program validation logic. To participate in quality reporting, such as meaningful use, PQRI or ePrescribing reimbursement incentive programs, you want to know if the data extracted from the system will be accurate and relevant.

HIPAA’s Security Rule is as much about good business practices as it is about securing confidential patient information. Data integrity, one of the pillars of HIPAA’s Security Rule, contains overarching security themes that pose layered questions, such as, how does the system’s functionality allow you to know who has been in the system, what did the user do with the content after he or she accessed it, or did the system block a potential intruder who did not use the correct user ID and password?

When evaluating an EHR system, you want to ask how data validation functionalities work. So during the EHR due diligence, I would ask, “How does your EHR software enable the practitioner to generate quality measurement reports, (suggest you hold up the Meaningful Use Matrix), and how do we validate the data going into the system is accurate and placed in the correct fields?” As an EHR project manager, I request a data validation report on the third and fifth day of Go-Live week so that we can quickly catch and retrain data entry errors.

Searching for a Smart Social Media Strategy

2009-11-05T12:49:09Z

By Ari Kaplan
Special to the Legal Technology Blog

I spoke Nancy Fox, the founder of HubStreet, a professional networking site for lawyers, accountants and lenders (recently featured in Law Technology News). She is also the President of Fox Coaching Associates, a coaching and training organization that is focused on business development for lawyers and other service providers.

We discussed the genesis of HubStreet, which she describes as an online representation of the two-year-old MetroRoundTable networking organization targeted at complementary trusted advisors. Fox also remarked on the ways that legal professionals are using technology for business development, why social media is such a hot topic for lawyers and the best way to get started (including visits to law-related sites, such as JD Supra, Legally Minded and Legal OnRamp).

Listen our interview by clicking the button below.

*SPECIAL ANNOUNCEMENT*

FREE webinar - Thursday November 12, 2009 1:00pm-1:30pm EST - 5 Easy Ways to Use the Holiday Season to Raise Your Profile - Register here.

Ari L. Kaplan, Esq.
Ari Kaplan Advisors
(646) 641-0600

Follow Me on Twitter and Join My LinkedIn Group

Legal technology writer and author of the Amazon.com bestseller,The Opportunity Maker: Strategies for Inspiring Your Legal Career Through Creative Networking and Business Development(Thomson-West, 2008).

Blogging policies

2009-11-02T02:50:00Z

A set of policies, presented as checklists or guidelines for employees, explains typical rules for employees who use blogs or other social media: "The Disclosure Best Practices Toolkit is a draft...

Read more ...

The evolution of an Impact Calculator

2009-10-23T14:09:00Z

It’s a well known truism that it is easier to criticise something than it is to solve it. Certainly anyone who has heard me at any of a number of workshops and conferences over the past year or so ask questions of speakers regarding the evidence base for the ‘facts’ and figures they have quoted citing the alleged benefits to be realised through investing in records management will be aware that I have not shied away from the criticism side of things. Though I should, perhaps, add that these questions have always been asked not to try to trip up or embarrass the speaker concerned, but as part of a genuine attempt to understand whether the numbers concerned -: whether it be regarding how much time senior managers spend looking for information or how many copies of the same document exist in the same organisation - are (as I always hoped) based on sound, empirical evidence or (as I always feared) were as mythical as the ‘Coopers & Lybrand’ study that so many seem to reference. Regrettably, if not unpredictably, it seems as though the latter of these scenarios is more often than not the case – as demonstrated in more rigorous fashion by the literature review we published last month.

But as I said at the outset of this piece, lamenting the lack of any reliable, objective, empirical data demonstrating the quantifiable benefits of investing in records management is one thing. The real question facing us was: what to do about it?

After spending a little time wandering up and down blind alleys investigating (and quickly discounting) a ‘Time and Motion’ based approach to measurement we soon settled on a focus on the process as the basis for measurement. After all, records management is surely only ever a means to an end? We spend resources on it to improve how we run our organisations, to improve the service we offer to our stakeholders, to improve our standards of governance and accountability and to ensure we are legally compliant. Surely if we could find ways of measuring how effective a process is before we improve it and then again after we’ve improved it we should have some means of quantifying the impact we have made. Then take away the costs involved in making the change and an even more illuminating set of results emerge.

But what to measure? After all, if you were to automate a previously paper-based process you might expect to see a reduction in both time taken processing information and the space required to store records. We can’t know what it is that you want to measure so we leave it up to you to define what and how many metrics you want to include: be they square metres of storage space, pounds and pence, staff time or C02 emissions - the choice is yours.

A real turning point in the project came when we started to think about the role of RM in a process improvement. After all, there must be few occasions (if ever) when it can be asserted with confidence that records management alone is responsible for achieving an improvement. Indeed, how would we even define what is ‘records management’ in this context? To take our previous example, the introduction of an electronic workflow system to replace a previously manual process clearly has a strong RM influence but it’s also about a technology change. So should it defined as an improvement caused by a new system or RM or both?

The answer (eventually) was obvious. There would be no arbitrary distinction between what aspects of the process improvement RM was responsible for and which were due to other factors. Nor any attempt to classify what counts as RM in this context and what does not. Again we let the user decide. This wasn’t a question of ducking the issue, it was an acknowledgement that process improvements are complex and multifaceted and that individual organisational drivers may differ markedly. The consequence of this decision has been to develop a tool which not only better reflects the complexity of real life, but also broadens its potential scope enormously. Yes, you can measure the improvements realised as a result of RM according to however you choose to define ‘records management’ but equally you can apply the same focus to whatever other element of process improvement that your organisation happens to be interested in measuring the impact of, be that people, IT, equipment or the combination of them all.

All of a sudden we no longer have a tool which might help fill the current dearth of facts and figures regarding the impact of RM, but also a way of deconstructing and measuring process improvement across the board.

But in some ways the hard work still remains to be done. We are well aware that using the Impact Calculator is not a trivial task. In the spirit of ‘garbage in; garbage out’ you can only get reliable, detailed data out if you are prepared to gather raw data of a similar kind in the first place. That, I’m afraid, is down to you.

We are also happy to acknowledge the Impact Calculator as ‘work in progress’. We’re hopeful of funding some pilots studies within the UK HE sector soon and would be very interested to hear the experiences of all those who make use of the tool, wherever they be, so that we can incorporate any improvements into a Version 2 in the near future
.
Finally, I should like to pay credit to my colleague, Joanne, whose statistical skills, sound judgement and commitment to the project have all helped turn my rather sketchy and notional idea of just how such a tool might work into this finished and infinitely superior end product. Nice one.

So do please take the time to download the tool, make use of it and let us know how you get on (if you do post anything online about your experiences we would be grateful if you use the tag ‘impact-calc’ to enable us to track it).

Its available now at www.jiscinfonet.ac.uk/impact-calculator

CIO: Don't attempt BPM system without mapping process flows

2009-11-02T23:17:38Z

Successful BPM system implementations and process automation efforts begin with mapping process flows and fixing bad processes, our CIO columnist says. Learn more here.

Seven sins of live, online presentations

2009-11-05T05:34:13Z

When used correctly, live webinars offer a cost-effective way to converse with large numbers of trainees. This white paper presents seven critical but avoidable mistakes made by trainers when making live presentations.

T2P Content Management, Records Management & E-Discovery News

Modern data backup and recovery system considerations

Privacy, Security Laws Impede Health Data Sharing, Experts Say - iHealthBeat

P2P networks at the root of accidental disclosures, once again

US government fails to publish social networking guidelines as former US-CERT ... - SC Magazine UK

2009 Business Social Media Benchmarking Study

FTI webinar: financial, transactional and operational databases in e-disclosure

UK to Push for Law to Retain All Communications Data

Business use of Twitter, Facebook exploding

There Are 54 Email Archiving Vendors. How Do You Choose?

8 things that always worried you about legacy content, but you were afraid to ask about

Considerations for High Availability Designs Used for Disaster Recovery

Physical protection of passwords and sensitive information

Tips when making email archiving choices

Archiving tools need to be carefully vetted before they’re adopted

Users misbehave, IT gets punished

How Data Validation Will Make Your Life Easier

Searching for a Smart Social Media Strategy

Blogging policies

The evolution of an Impact Calculator

CIO: Don't attempt BPM system without mapping process flows

Seven sins of live, online presentations