Modernizing the Records and Retention Program to Express Business Value and Enable Defensible Disposal FOR INTERNAL USE ONLY

2 Agenda Information Growth and The Challenges to The Business Modernizing The RIM Program with IBM’s Solution To Reduce Organizational Risk and Cost, and Enable Defensible Disposal Only IBM Has the Technology, Strategy and Expertise to Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk

The Growth of Information is Overwhelming IT’s Ability to Dispose of Information Consistently and Defensibly High Risks & Mitigation Burden Governance processes have not matured to reflect volume, specifically how to:  Define and execute legal holds and data collection (A-G)  Apply retention schedules to all information (H-J)  Align storage and manage information based on specific legal obligations and business value [I]  Provision, decommission and dispose of data [L,M,N] This leads to excess data and cost as well as operational challenges that in turn contribute to risk:  Difficulty disposing of unnecessary data  Complexity in applying legal holds  Inefficiencies in data management and governance 16 governance processes impacted by high data volume such as managing a global taxonomy, creating departmental inventories, applying holds to systems, etc. Storage: Direct Procurement Costs in Millions 3

RIM And Business Processes Under Pressure, And The Risks Exposed 4

The Form of the Retention Schedule is Not Aligned with Disposition Practices 5 Thousands of legal matters a year Thousands employees subject to hold, but relying on IT to preserve data Notices sent to employees directly; records and IT not informed High legal (review) cost a function total information volume Covers regulated information and may not encompass business value – only 20% of all information Web site for employees and IT, reliance on employees to manage records No linkage to the system with the actual information Insufficient or un- auditable location for electronic records 800% or more data growth in 5 years – but budget needs to come down Unaware that legal risks and responsibilities have been shifted to it No physical link between legal obligations (holds), regulatory requirements (records, privacy), business value and servers or information Legal holds defined by employees involved Information Department Systems Matter Hold Laws & Regs Retention Schedule DUTY VALUE ASSET IT has most of the data organized by asset code -- but no visibility to legal duties or business value Schedules documented by record class Tracking laws on a spreadsheet 5

6 Agenda Information Growth and The Challenges to The Business Modernizing The RIM Program with IBM’s Solution To Reduce Organizational Risk and Cost, and Enable Defensible Disposal Only IBM Has the Technology, Strategy and Expertise to Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk

IBM’s ILG Solution helps Records, Legal, the Business Modernize Their Processes, Create Systematic Linkages and Enable Defensible Disposal From Process Transparency and Unified Governance….. To Instrumentation and Execution 7

Records & Retention Management Manage global taxonomy and retention schedules for all information Coordinate retention program across business units, records liaisons and legal more efficiently Manage records in disparate systems, in place, in a centralized manner Syndicate and enforce retention schedules on structured and unstructured records and information 8

Capabilities to Define & Sustain Executable Retention Schedules for Information & Achieve Consistent, Systematic Retention, Disposal 9 IT Optimize Information Volume Dispose and retire unnecessary data Optimize storage Lower total information cost BUSINESS State Information Value Guidance on information utility Participate in volume reduction Align around value RECORDS Modernize Retention Process Extend program to electronic information Disposition readiness and execution Lower legal risk, cost LEGAL Modernize eDiscovery Process Enterprise legal holds Assess evidence in place Lower legal risk, cost 9

Overview of Establishing an Executable Policy That Enables Disposal 1. Create an Execution-Ready Schedule 2. Complete Information Inventory 3. Syndicate Policy to Data Source A.How information is organized – Establish a global classification scheme and how long to keep records B.How information is stored and secured – Apply laws that dictate the duration and protection required for each class C.How local exceptions are managed – managing different jurisdiction exceptions Retention Schedule that includes non-records and reflects business value RESULT COMPONETS STEPS GET RETENTION SCHEDULE EXECUTION READY ADD BUSINESS VALUE TO SCHEDULE LINK POLICY TO DATA FOR AUTOMATED DISPOSAL OBJECTIVE A.How to get business value of information – Leverage org. structure and name liasons B.What is actually kept and how long it is needed – Complete business value information inventory  What we keep  What we actually call it  Where we put it  How long we need it Retention schedule that is tracked and maintained with version and audit history Policy linked to data source for defensible disposal A.How retention schedule is linked to data – Logical view of how policy by class is linked to data source B.Retention mapped to data source – View of policy to data source with legal holds layered in Enables Legal to Conduct Legal Holds for Information Enables IT to Manage Data Source by Obligation and Value 10

Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H] Manage Global Taxonomy & Schedules Efficiently Classify Information: Use a single, consistent taxonomy globally across records, business and IT Define Policies for Records: Define record classes and master retention schedules. Allow online change requests with automatic routing to policy owners. Track Changes and Defend Decisions: Track changes and version history to defend decisions. 11

Outcome: Company is able to comply and demonstrate compliance with actual records obligations [H]. Access, transport and use limitations are understood by employees with custody of the information [J]. Ensure Schedules Tie to Law Catalog laws: Catalog the laws that dictate both retention and privacy requirements along with policies for security in a shared law library. Apply laws to information to enable precise retention and privacy actions; Associate specific laws and regulations to specific classes and jurisdictions to retain less data more defensibly. 12

Outcome: Company is able to comply and demonstrate compliance with actual records obligations. Company manages single taxonomy and nomenclature across all records [H]. Manage Jurisdictional Exceptions to the Corporate Standards Manage jurisdictional exceptions to the corporate policies: Use the existing corporate taxonomy and records classification scheme. Apply the country code and the specific retention requirements. Apply retention and privacy laws by jurisdiction. 13

Establish Organizational Facts and Keep Information Current Capture organizational facts and track changes: Load organization feed from HR source systems to capture organizational facts. Build organizational history through periodic updates in support of change management. Assign responsibility: Assign liaisons to the record organization who will inventory departmental procedures. Delegate assignments through business unit leaders and managers. Assign specific application inventory to organizations: Apply system inventory to organization to facilitate information inventory gathering. Outcome: Foundational elements are established to support creation and maintenance of departmental information inventories [H,K,L]. 14

Outcome: The organization has a reliable “data map” by organization [I], which Legal can leverage to place data on hold [B]. Records and IT can determine where information and the container don’t support the same level of security [P]. Conduct Information Inventories, Define Business Value & Link to Location of Information to Enable IT Execution, Improve Holds Conduct streamlined inventories: Identify information organizations have, where they keep it, what they call it, the importance and duration of value to the business. Manage compliance risk: Track privacy obligations for information and the container to identify privacy risks. 15

Syndicate Retention Schedules Across Repositories in Lock Step with Legal and IT Outcome: Retention schedules can be consistently and systematically applied across the enterprise [G, L, M, N, O]. Automate retention schedule distribution: Syndicate retention schedules to records repositories, information archives (structured and unstructured), and other ECM repositories for in place execution. 16

Manage and Dispose of Records in a Secure Repository Outcome: Retention schedules can be consistently and systematically applied across the enterprise. IT can dispose e of information with confidence [G, L, M, N, O]. Declare records automatically: Ingest content automatically and manually from multiple sources – , file shares, SAP, etc. into a secure records repository. Dispose of records, reliably, defensibly: Dispose of records in accordance with the DOD 5015 industry standard. 17

18 Agenda Information Growth and The Challenges to The Business Modernizing The RIM Program with IBM’s Solution To Reduce Organizational Risk and Cost, and Enable Defensible Disposal Only IBM Has the Technology, Strategy and Expertise to Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk

Outcome: Legal can extend holds to information [B], and provide IT with precise instructions about what to preserve [G]. IT knows what they have to keep and what they can dispose [M]. Only IBM Enable Legal to Identify Potentially Relevant Information by Record Class and System for Precise Holds and Collections Legal can conduct precisely scoping activities to prevent under and over preservation Selecting record classes and data sources automatically adds record liaisons and the system steward(s) to list of custodians with potentially relevant information. 19

Outcome: IT can manage information based on record obligation, the business needs and legal[M, N]. Only IBM Enable IT to See Obligations by System and Across the Portfolio to Enable Defensible Disposal Data-source specific retention, management procedures and applicable legal hold overrides are automatically created for IT, tying obligations and value to assets. 20

Only IBM Provides Strategy, Technology and Expertise to Execute an ILG Program and Defensibly Dispose Information 21

22 Agenda Information Growth and The Challenges to The Business Modernizing The RIM Program with IBM’s Solution To Reduce Organizational Risk and Cost, and Enable Defensible Disposal Only IBM Has the Technology, Strategy and Expertise to Create Systematic Linkages between RIM, the Business, Legal and IT to Enable Disposal Instrumentation and Modernization of the RIM program enables all Stakeholder to Execute Governance Processes with Precision, Lowering Cost and Risk

Value-Based Archiving & Defensible Disposal  Archive to shrink storage, align cost to value  Dispose rather than store unnecessary data Extend and automate retention management  Include electronic data that has business value in addition to records for regulatory requirements  Automate retention schedules across all information to enable reliable, systematic disposal. Automate the legal holds and ediscovery process  Structure and automate legal holds process to lower risk, increase precision, enable disposal  Analyze in place to reduce unnecessary collection, processing and review Information Lifecycle Governance Program  Executive charter for enterprise initiative  Processes, capabilities and accountability to achieve cost and risk reduction benefits through Process improvements, expertise and technology: Estimated Risk or Mitigation Burden Reduction Run rate reduction and growth avoidance Run rate Storage Direct Procurement Costs IBM ILG Strategy Lowers Costs and Risks, Addresses Root Cause for Systemic Improvement 23

Next Steps: We Can Help You Validate The Potential Savings and How to Achieve Them

Learn More & Join the Conversation Compliance, Governance and Oversight Council Online and in person events Regional and International summits Published materials Join the CGOC! Forum of over 1600 corporate legal, IT, records and information management professionals. CGOC conducts primary research, has dedicated working groups on challenging topics, and hosts meetings throughout the U.S. and Europe where practice leaders convene to discuss discovery, retention, privacy and governance. Mission: To provide executives the opportunity to benchmark and exchange case studies; its practice groups focus on discreet areas in preservation, retention, and information governance to deliver work products that help our members best approach the challenges in maintaining best-in-class programs.

26 Additional Sessions Improving Information Economics with Information Lifecycle Governance Information Governance Programs - launching a high-impact defensible disposal program in your enterprise Modernizing eDiscovery and Hold Process - Reduce risks, increase transparency Modernizing Retention Program - Express Information Value Value-Based Archiving and Defensible Disposal - Dispose rather than store unnecessary data