IT quiz

IT 380

Electronic Document and

Record Management

Systems

Unit 5: Emerging Challenges to ERM

Information Governance

Instructor: Dr. Michelle Liu

Topics

▪ Challenges and opportunities ▪ Tools: cloud computing, social media

▪ Solution: information governance

2

Cloud Computing

▪ A shared resource that provides dynamic

access to computing services that may range

from raw computing power, to basic

infrastructure, to fully operational and

supported applications

▪ Provides for on-demand, modulated, shared

use of computing services

▪ Cloud computing-paradigm shift in IT

3

Federal Mandates Driving US

Agencies

4

Cloud Computing - Concerns

▪ Hacking, rogue intrusion, hijacking, and

unauthorized access

▪ Privacy- document and data breaches

▪ Information security risks, document and

data breaches

▪ Loss of IT control/custody issues

▪ Issues with multi-tenancy and technology

sharing

▪ Who are neighbors?

▪ Exit strategy (migration out)? 5

Cloud Computing-RM Concern ▪ Most cloud application providers do not offer

“real” records management functionality.

▪ Cloud application services may have

weakness related to supporting RM

functions: ▪ The inability to closely follow client RM retention

schedules (retention and deletion);

▪ The inability to enforce legal holds when

litigation is pending or anticipated

6

Social Media

▪ Web publish: ▪ Microblogging (Twitter, Plurk)

▪ Blogs (WordPress, Blogger)

▪ Wikis (wikispaces)

▪ Mashups(Google Maps)

▪ Social networking: ▪ Social networking tools: Facebook, LinkedIn

▪ Social bookmarking: Delicious, Digg

▪ Crowdsourcing: IdeaScale

▪ File sharing/storage ▪ Photo libraries: Flickr, Picasa

▪ Video sharing

▪ Storage: Google Docs

▪ Content management: Drupal 7

Social Media – in the Organization

▪ Social intelligence software (Alterian, Attensify,

Backtype, Netbase, Visible);

▪ Social marketing management (Shoutlet,

Syncapse, Context Optional, Virtue);

▪ Social promotion platforms (Offerpop,

Seesmic, Fanzila, Social Amp);

▪ Social publishing platforms (Hootsuite,

Hearsay, Socialware)

▪ Social referral (500Friends, Turnto)

▪ Social search and browsing (Aardvark,

StumbleUpon, Wink) 8

Social Media - Concerns

▪ Negative impact on company’s brand and

reputation that unscreened employees’

“posts” can have on external SM tools

▪ No clear distinctions between business and

personal use of social media

▪ Employees may be exposing information that

is not meant for public consumption

▪ Privacy and information security risks AGAIN

9

Social Media RM Concerns,

cont’d

▪ US SEC FRCP I Laws- consider social

media to be no different from other

electronically stored information (ESI) (need

to be managed/accessed with data retention

and disposition)

▪ Complex – SM includes metadata and

hyperlinks to external content

▪ U.S. corporations that utilize SM are

compelled to preserve those records,

including metadata and associated link

content 10

Litigation and E-Discovery

▪ Increased litigation, nature of doing business

▪ Data is evidence

▪ Execution of “Legal Holds” on corporate data

▪ What information do we have and where is it

located?

▪ Increase in costs associated with E-

Discovery

11

Obligation to Preserve

▪ Once an organization has notice or learns of

potential/foreseeable litigation, government

investigation or audit, it has a legal duty to

preserve all relevant information.

▪ There is absolutely no authority that would

allow for the intentional destruction of data

that are responsive to litigation or threatened

litigation. Spoliation

12

Summary: Challenges and Issues

▪ One of the greatest challenges facing the recordkeeping communities today

▪ Failing to manage, preserve and make available data:

▪ Undermines the foundation of good governance

▪ Exposes organizations to increased legal, financial and reputational risks

▪ Jeopardizes the integrity of the organization and erodes the confidence in evidential reliability of the data under the organization’s custody

Solution? Information Governance ▪ IG is a strategy! ▪ The policies, process, and technologies used to

management and control information throughout

the enterprise to meet internal business

requirements and external legal and compliance

demands. (AIIM)

▪ It is an all-encompassing term for how an

organization manages the totality of its

information.

▪ IG program: not a project but rather an

ongoing program

14

IG Program Stakeholders and

Sponsors

15

IG and Cloud Computing ▪ Utilizing cloud computing carries significant

security risks which can be offset by

establishing IG policies and IT preventive

measures so that the business benefits of

agility and reduced cost may be exploited.

▪ Carefully determine which types of

documents should be stored in the cloud. ▪ The most likely candidates: those that are

unlikely to pose a litigation risk

▪ Do not have long term retention requirements

▪ Shared for collaborative projects 16

IG and Social Media ▪ Social media content must be managed by

IG policies and monitored with controls that

ensure protection of critical information

assets and preservation of business records.

▪ An IG framework should incorporate SM

policy, controls, and operational guidelines

▪ Establish controls for acceptable use

▪ SM monitoring, compliance and archiving

tools

17