Measuring and Ensuring Success Information Lifecycle Governance Launching a High Impact Defensible Disposal Program in Your Organization Measuring and Ensuring Success
Barriers To Launching a Program: Lack of Funding, Lack of Operational Model Similar information governance starting point 78% cannot reliably dispose of data Common goal and approach 98% agree rigorous discovery and defensible disposal of information is a desired benefit and requisite outcome of information governance efforts B A P In search of a better Information Governance Program On leadership: 57% of respondents’ companies had information governance - leadership committees yet only 17% said right stakeholders were at the table On ownership: only 25% of companies said the IG ownership model works well today On process management: #1 barrier to achieving IG is managing the enormity of the effort to make the change 2 2
Overcoming Funding Barrier: Quantify Economic Benefits of Defensible Disposal We could spend $35m less next year and lower our run rate We could lower run rate $3m now and spend $24m less over 3 years We could free up $150m to drive revenue and profit
Strategy: ILG Policy and Process Integration Overcoming Operational Program Model Barrier: Establish a Strong Strategy and a Clear Execution Path P + Strategy: ILG Policy and Process Integration ILG Leadership and Execution Organization Focuses enterprise on ILG savings and risk reduction opportunity Drives charter, directive, resources and cross-functional accountability for ILG program. Metrics Align and engage enterprise stakeholders, focus progress toward process maturity targets, capacity requirements, goal achievement Process Capacity Improve and Integrate Processes, Consistently and Defensibly Dispose, Decommission. Automate processes, ensure transparency, provide capacity. Accelerated deployment to drive faster save. Asset Recovery Remove Excess Storage, Infrastructure Savings-prioritized recovery of infrastructure to drive P&L benefit LEADERSHIP EXECUTION LOWER LEGAL AND IT COSTS, REDUCED RISK
Defensible Disposal-Driven Cost and Risk Reduction Opportunity Operationalizing ILG Program is Only Possible with a Precise Path to Success Defensible Disposal-Driven Cost and Risk Reduction Opportunity Costs and Risks of ‘Keep Everything’ 5
1. People and Organization Defensible Disposal-Driven Cost and Risk Reduction Opportunity Costs and Risks of ‘Keep Everything’ 6
Governance Organizational Model: 4 Levels of Leadership, Program Structure Executive Committee: Validate Metrics, Objectives and roles and responsibilities as defined by Program Director and Senior Advisory Group Process and policy resolution Resources and capacity alignment Audit onset and cadence approval Senior Advisory Group: Identity delegates and working group participants in their respective organizations Process and policy definition Monitor process maturation and workstream results in the area Ensure capacity is aligned with program objectives Program Director and PMO: Drive execution on 15 core business processes based on business recommendations from function leaders and practice delegates Communication and training plan oversight Maturity assessment cadence and dependencies Establishes audit cadence and ratifies audit onset Reviews and ratifies implementation/maturation methodology Working Group Delegates & Leads: Audit onset timing Process implementation/maturation methodology Capacity and capability recommendations to line of business leadership and executive committee Communication and training in their domain
Metrics, Measurements and Communication Communication and Reporting Roles and Cadence
Defensible Disposal-Driven Cost and Risk Reduction Opportunity 2. Process Defensible Disposal-Driven Cost and Risk Reduction Opportunity Costs and Risks of ‘Keep Everything’ 9
16 Business Processes to be Enhanced and Instrumented
Enhancing and Instrumenting These 16 Processes Reduces Inherent Risk RISK ELEMENT Legal does not identify the right custodians. Actual, rogue or IT managed data sources are missed. IT or employees migrate, retire or modify data due to no hold visibility. Legal fails to follow through on information identified in custodian interview process. Collection failure from overlooked source, departing employee, incomplete prior collection inventory, communication and tracking errors. Unable to assemble, understand or defend the audit trail of discovery activities. Failures in record keeping and regulatory change management. IT ‘saves everything’ increases discoverable mass, complexity. IT disposes of data of value to the business or with legal obligation. Private customer data is exposed, theft, brand damage, or regulatory penalty occurs. Legal obligations for data are poorly understand and executed from miscommunication or lack of information. Systems are incapable of complying with information obligations IT lacks full facts on disposal of information so excess accumulates or data is lost Legacy data is poorly understood, overlooked in litigation, expensive or difficult to find and not reliably disposed Unable to reclaim or recover unused assets or allocate based on business need Unable to pass an audit on compliance with retention, preservation, protection and disposal policies Highest Risk M B C D N E J H I L G A Potential Impact P F K K J N O P M A B E H G C D F I O L Likelihood to Occur High risk Requires constant monitoring and review, immediate escalation on failure or impending failure. 50% likelihood Moderate risk Requires frequent monitoring to prevent and detect; costly to correct or mitigate. Between 10% -50% likelihood Low risk Does not require constant monitoring and is easy to prevent, detect, correct, defend. Less than 10% likelihood 11
Process Maturity Levels Target maturity level needed for defensible disposal, lower risk and cost 4 INTEGRATED, INSTRUMENTED ENTERPRISE PROCESSES People in the group use the same method Process is automated and facts are routinely incorporated in process Process is repeatable, consistent and reliable in dynamic enterprise Facts from adjacent stakeholders are routinely incorporated in process Process provides enterprise transparency Process dependencies and risks are systematically detected, communicated across processes 3 SILO’ED, CONSISTENT & INSTRUMENTED People in the group use the same method Process is automated Process facts are routinely incorporated in departmental process Process is repeatable, consistent Process and facts are isolated in department Typical maturity level today, cause of excess data, cost and risk 2 SILO’ED, MANUAL Facts are difficult to retrieve but available; isolated to dept People in the group use the same method Spreadsheets are stored in common place or in shared email 1 AD HOC, INCONSISTENT Inconsistent activity Informal or incomplete Facts isolated to an individual Can’t easily be compared, reconciled or monitored HIGH RISK, COST HIGH TRANSPARENCY & CONTROL
Measure the Current State to Develop a Path Forward The Current State May be Manual and Silo’ed Process 1: Ad Hoc, Manual 2: Manual Structure, Silo’ed 3: Instrumented, Silo’ed 4: Instrumented, Integrated A Employees on Legal Holds B Data on Legal Hold C Hold publication D Legal Interviews E Evidence Collection F Evidence Analysis & Cost Controls G Legal Record H Master Retention Schedule & Taxonomy I Departmental Information Practices J Privacy & Data Protection K Data Source Catalog & Stewardship L System Provisioning M Disposal & Decommissioning N Legacy Data Management O Storage Alignment P Audit
Defensible Disposal-Driven Cost and Risk Reduction Opportunity 3. Technology Defensible Disposal-Driven Cost and Risk Reduction Opportunity Costs and Risks of ‘Keep Everything’ 14
Process Capabilities & Requirements PROCESS TRANSPARENCY Unified Governance Transparency across stakeholder processes Common governance data model and enterprise map Linkage of duties, value to information assets and business processes Governance analytics CREATE, USE Optimal accessibility Communicate value and duration Tap governance liaisons Access valuable information more easily Analytics on volume/cost of information HOLD, DISCOVER Rigorous Discovery Robust, affirmative legal holds for people, records, and data Preserve in place automation where disposition occurs Efficient data analysis and collection Legal cost and risk analytics STORE, SECURE Efficient Storage Store and optimize by value Meet SLAs for structured and unstructed information access ILG execution capability and enablement (holds, retention, disposal, collection) for data Data hygiene and governance RETAIN, ARCHIVE Value-Based Taxonomy and regulatory requirements Business value inventory Reliable, executable retention schedules for records and information of value Archive during period of value only Information cost and risk analytics DISPOSE Defensible Disposal Catalog of information value and duty by asset Legacy data clean up, application retirement Procedures and capabilities for disposal by source Risk and cost dashboard for information portfolio 15
IBM Solution Systematically Links Obligations and Value to Assets to Address Root Cause, Lower Cost and Risk Information Department Systems Matter Hold Laws & Regs Retention Schedule DUTY VALUE ASSET LEGAL BUSINESS IT RECORDS Modernize eDiscovery Process Precise, reliable legal holds Assess evidence in place, collect less Lower legal risk, cost State Information Value Guidance on information utility Participate in volume reduction Align around value Optimize Information Volume Dispose and retire unnecessary data Optimize storage based on value Lower information cost Modernize Retention Process Address electronic information Executable schedules can be automated 16
IBM’s ILG Solution Links Records, Legal, the Business and IT to Enable Defensible Disposal Instrumentation and Execution Capabilities by Stakeholder RIM/Business - Records and Retention Management Legal - Rigorous eDiscovery Business/IT Value-Based Archiving IT - Governance and Disposal
Summary – Information Economics Drive ILG Programs Defensible Disposal-Driven Cost and Risk Reduction Opportunity Costs and Risks of ‘Keep Everything’ 18
IBM Has Strong Strategy and Clear Execution Path to Achieve the Risk and Cost Reduction Opportunities Policy and Process Integration Across Information Stakeholders Enables Disposal, Lowers Cost and Risk Strategy and Execution Drive Business Outcomes with Structure, Defined Processes, Metrics, Capacity & Accountability Governance Program Driving Savings and Risk Metrics Charter, directive and accountability for enterprise program. Savings achievement cadence and reporting. Program Office to Coordinate Stakeholders, Drive Benefit Achievement Ensures cross-silo engagement and progress toward maturity targets and financial objectives, change management Technology Provides Capacity to Improve and Integrate Processes, Consistently and Defensibly Dispose, Decommission Automates processes, ensures transparency, provides capacity. Accelerated deployment to drive faster save. Reclamation Removes Excess Storage, Infrastructure Savings-prioritized reclamation and recovery of infrastructure to drive P&L benefit STRATEGY EXECUTION >$300M enterprise value created over 3 years with lower legal and IT costs, reduced risk
Only IBM Provides Rigorous Compliance, Value-Based Archiving & Defensible Disposal Strategy, Software & Services 20
Learn More & Join the Conversation Compliance, Governance and Oversight Council Join the CGOC! Forum of over 1600 corporate legal, IT, records and information management professionals. CGOC conducts primary research, has dedicated working groups on challenging topics, and hosts meetings throughout the U.S. and Europe where practice leaders convene to discuss discovery, retention, privacy and governance. Mission: To provide executives the opportunity to benchmark and exchange case studies; its practice groups focus on discreet areas in preservation, retention, and information governance to deliver work products that help our members best approach the challenges in maintaining best-in-class programs. Online and in person events Regional and International summits Published materials
Additional Sessions Improving Information Economics with Information Lifecycle Governance Information Governance Programs - launching a high-impact defensible disposal program in your enterprise Modernizing eDiscovery and Hold Process - Reduce risks, increase transparency Modernizing Retention Program - Express Information Value Value-Based Archiving and Defensible Disposal - Dispose rather than store unnecessary data