Thursday, July 06, 2006

ARMA International 2004-Learning from Pre-Conference

ARMA International 2004
What I Learned at Pre-Conference
by Roger Winters, Chapter President (now Past President)

The 49th ARMA International Conference was held in Long Beach, California, in October of 2004. Having been honored as Chapter Member of the Year for 2003-2004, I was able to attend the conference in part thanks to scholarship resources from the Greater Seattle Chapter (see below). I was also able to attend the "Pre-Conference" thanks to chapter scholarship help.

Member of the Year Gets Help to Conference
Our chapter ensures that the Chapter Member of the Year (CMOY) has the opportunity to attend that year’s International Conference. We ask the CMOY to use any resources for attending that can be obtained from other sources, such as the person’s employer. As a speaker at the 2004 Conference, I received full registration at no cost; the Chapter covered lodging and transportation, and I covered meals and other costs out of pocket. This arrangement both rewards the CMOY for a job well done and provides the Chapter with an even better educated member and
leader.

In 2004, ARMA International held a “Pre-Conference,” providing two additional days of special presentations. I saw the track labeled “Electronic Records” and knew I wanted to be there. I applied to the chapter for scholarship help to cover the additional registration and lodging costs. The Board approved my request, provided I would share what I learned with the entire chapter. This article is to fulfill that promise. [NOTE: The original idea had been to include my writing about the 2004 pre-conference in the chapter's "Annual," but the length of the piece made that option prohibitive. We could not justify the cost of hard copy production of that many pages. --Roger]

ERM Systems: Requirements Definition

On Friday, October 1, 2004, I was privileged to hear a presentation by Richard Medina of Doculabs on defining requirements for an “ERM” (Electronic Records Management) system in the context of what leaders may be calling “ECM,” or Enterprise Content Management. Information Technology predominates in many companies, so the enterprise issues tend to set the context in which records management needs must be justified. Medina observed that IT may not feel a new system justified by a need arising from records management, such as Sarbanes-Oxley compliance.

Medina feels that Records Management is getting subsumed into Enterprise Content Management. He feels this is more than just an acronym war. He said we should always be wary of vendors or analysts who foist new acronyms upon us. As an example, he cited "Information Lifecycle Management," ILM. ILM is very new, so little is known about what it really means. However, ECM is by now a well developed term, he said. The appeal of an “enterprise” product is that it should be able to handle all of the ten or so types of information conveyances, methods of commenting, and so forth. ECM supports management of an organization's unstructured information, wherever that information exists. "Every definition has to have the word 'enterprise' in it, because that implies the ability to scale up and get complex," he observed.

Most organizations have buckets and applications all over the place, he said. The reality is they are probably not going to be brought together into one ECM or ERM bucket. We need tools that let us manage data from a distance, leaving data in their respective buckets, but managing the overall complexity. Most vendors, he said, are getting into repository services in a big way because it usually proves to be a big piece of a “management” strategy.

ECM is concerned with around ten types of content generated throughout the stages of Input, Management/Storage, and Output. Medina said this is all a kind of "animal husbandry:" shepherding business content through its lifecycle.

Medina reflected on what he expects to see as the trends as ECM continues to be developed. Here are some key points:

* product consolidation will continue
* there will be a convergence of ECM and BPM (Business Process Management) uniting workflow plus machine to machine processes, plus other things
* eventually vendors in this area will either be the big frameworks like IBM or Microsoft or will fit within one of them

Some of Medina’s presentation was very hard to follow. He engaged in a lengthy discussion of which company had bought which other company, leaving me lost for lack of market familiarity. When talking about the new “Information Lifecycle Management: (ILM),” he said it is catching on as “the proactive management of storage/archive that is business-centric, unified, policy-based, heterogeneous, and aligns storage resources with data value.” I found that description to be impressive sounding and almost meaningless.

To sum up, I gained from Medina some insight into a market level perspective that I don’t generally pay attention to. He anticipates an ongoing consolidation of systems to attempt to corral and manage all sorts of corporate information (including the unstructured kinds), not just formal records. Some key issues for business are risk reduction, email management, managing records remotely (without aggregating them), and finding systems that are scalable for the sake of continued growth. Some of the records management issues, like compliance with SOX, auto-classification, and other Records Management functionality, must be a part of the overall ECM strategy.

Medina noted that PDF is becoming more and more commonplace. He observed that in loan processing you can put all correspondence into one PDF file. (I’d note that more and more courts are relying on PDF to preserve the look and feel of paper as they convert to electronic filing and storage systems.) Medina said you can make PDF full text searchable but the problem is it is incomplete and inaccurate. A lot depends on the quality of the document and the indexing technology used. The indexing ingestion piece is problematic and has been harder than people thought. Adobe is coming up with PDF/A (archival) but the challenge is that it is inappropriate for processing. This flattens everything out, so you may have to keep things in two formats: the processing format and the archival format.

Medina shared some “lessons learned.”
* Integration efforts are underestimated; in general, 30% of IT costs go into integration
* Ingesting content into a new system is harder than you think, because you have to deal with cleanup, taxonomy, capture, indexing, and more
* User frustration levels are high because of the complexity of using ECM systems: it is important to maximize user participation and achievement of accuracy
* Effective enterprise-wide roll-outs are rare: it is best to excel at a small first implementation phase: “Plan big, implement small!”
* “Be excessively proactive.”
* Requirements are not mapped to vendor capability: there is no single clear vendor winner
* "Make sure you use your own documents and really put the vendors through the wringer."
* What you want for email management and other things are not what the vendors have in their products right now.

The Logic of Requirements
Medina observed that vendors tend to mix up business requirements and technical requirements. They fail to distinguish all the different types of requirements:

1. Business requirements – the business drivers

2. Resource requirements - costs, time, expertise, personnel

3. Application requirements - capabilities, features, functions desired or needed

4. Technology requirements - standards, architecture; performance, scalability, integration, reliability, and security

5. Vendor requirements - stability, strategy, support

The first tier of vendors want to go to customers who are wiling to buy all the features they're selling, e.g., IRM, whatever is “the latest.” Clients like government, who can't afford the latest and greatest, end up with the second tier of vendors who may not have quite the same ability to support the products, not quite as many highly skilled staff, and so forth. Understanding the market forces at play is important. Defining and defending your own requirements and understanding how they will be satisfied is the basic step on which the rest is based.

ARMA/AIIM Electronic Records Management: Issues and Solution
On October 2, 2004, Peter Herman, Executive Director and CIO of ARMA International, introduced the session, “Enterprise-wide ERM - A Case Study.” He said he was delighted that AIIM has collaborated with ARMA on this program about electronic records. The level of participation has exceeded expectations. The ARMA Pre-Conference was sold out.

Herman introduced Jayne Bellyk and Denise Allee, CRM, both of whom are with the Ford Motor Company. Since the company is sensitive about what information is provided publicly, some of their information is made up and some is real. No handout was provided with this session for the same reason.

They began saying that adding technology should be the last step to take, after you've put together all of the elements of the records management system you need, because technology reveals the gaps in what you have. The issues they faced in working with Ford Motor Company were the company’s scale, the diversity of information and e-records they have, the compliance framework in which they must operate, and the continuous challenges of competing in their industry.

Ford is 101 years old with 111 plants, and more than 300,000 employees. Besides cars, they manage lots of affiliates. Some records data of interest:

Email 6.6 million per day
Intranet 200,000 users per day
Over 3,000 applications
Over 800,000 unstructured records
and much more

They have to be creative in how they apply the fundamental rules of records management. Records can be very complex, for example, data in a 3-dimensional model representing a car includes all sorts of data including information to simulate a crash, etc., intended to improve the design.

Record creators and owners include engineers, designers, suppliers, marketers, financiers, assembly line workers, dealers, etc.

In 1995 a conscious restructuring of workflow and processes moved to use enterprise systems. They moved away from paper records to electronic. SOX caused another shift, further causing tolerance of risk at the top to decrease. Records Management now reports to Legal, and only secondarily to IT.

Key Concepts
"Information Management" – this is the coordination of management of all company information
"Records Management Program" is a subset of Information Management
Record-Keeping
Compliance
Record Lifecycle
Records Retention Requirements
Records/E-Records
Ownership
Data

"Records" are any action taken related to company business and recorded in any media whatever.

"Data" by itself is not a record and must be combined with other data to become a logical record.

"Compliance framework" is the foundation for a robust Records Management program. The framework is policy, directives, standards, and practices. It affects budgeting, planning, etc. Management support is required. This gives RM managers the authority to establish program requirements. They have a balance between centralized and decentralized controls.

Stakeholders at Ford include:
* RIM
* Business Function - ISO
* IT
* Legal
* Tax
* Data Security
* Auditors
* Internal Control

Policy Letters articulate high level expectations for everyone. Directives are then subject-specific, but remain high level. Standards are minimum criteria for compliance. ISO are standards overlaid for quality and environmental control. General Operating Procedures follow, then Automotive Procedures, which are specific interpretations of ISO requirements set forth in particular ways. Technical Guidelines are how-to-do documents. IT Compliance Reviews come next. The point was that they have a clear hierarchy of relationships in reporting to stakeholders.

An IM Policy Letter has these values:
1. Records are company property
2. Information is a strategic business asset
3. Accountability is assigned
4. Data quality is essential
5. Everyone is responsible

Information Management has three standards:
1. General RM
2. Information Security
3. Uniform Metadata (standardized terminology)

All policies are enforceable, which means they are auditable.

There is accountability for managing records. First, they assign accountability, communicate about it, and give people the tools to carry out their responsibilities. There are 180,000 people who are knowledge workers with desktops. They must individually attest their compliance.

The goal is to institutionalize the practice of RM to ensure genuine compliance. People should do it, ultimately without even thinking. This means good training that must be in a form that is easy to understand. Their training is global, in many languages, and they all must overcome technical obstacles.

The key to success, they said, is to make RM understandable. They have an Email help desk (global); learning modules; Web casts; net meetings; Web sites. They link mandatory training to compliance certification.

They advise to keep a FAQ because chances are that if one person has a question, someone else will come up with the same question and both should have the same answer.

Actively solicit opinions from the legal department, particularly when trying to update standards based on new laws or regulations.

Support other stakeholders in meeting their goals. For example, RM should be supporting litigation, privacy initiatives, and archives. Those stakeholders are then more likely to support RIM needs and requirements.

Automating Electronic Records Management Processes
They wanted to make this as invisible to users as they could so the records would remain readable, retrievable and understandable. This means planning to ensure records will last for the 30 to 40 years they need them.

Reusable code is used in all applications, so all systems can perform RM steps in the course of their normal operations.

Requiring capture of specified meta-data.
They have a uniform meta-data standard. They require that there be minimum data collected to support automated processes. This also generates an alternative search structure, too. Remember, meta-data is defined as information about objects.

It is necessary to use a controlled vocabulary, a closed list of predetermined data values that can be installed into pull down menus. Their Taxonomy is a hierarchical classification structure that can be used for indexing. They do electronic record association of data and processes in digital form.

Data quality comes from relying on standard meta-data. Data quality is compromised by inaccuracy in source data. They have dealt with this with two general tactics:

Tactic 1: Establish Controlled Vocabularies (CVs): This helps avoid inconsistency in human data entry. Drop-down menus limit the amount of "typing in." However, since this is daily work, your stakeholders need to be involved in agreeing on the consistent terms that will be used for specific things. (People tend to have their own variations in the terms and labels they use.) Creating and maintaining CVs requires a particular skills set.

Tactic 2: Create a (Perfect) Enterprise Taxonomy (one of the CVs): The best designs have retention periods built in to the labels assigned to records. You can use this to track ownership of records. Intellectual structure should be based on process and activity rather than subject, organization, and record type.

The taxonomies that are out there are in a paper paradigm. This reflects much of the challenge of recruiting professional records managers today: Most training is still based in the paper paradigm which is not really suitable for solving e-records problems. There is a misconception by management that RM/IM can be purchased as software.

Question Period
In Q&A, the speaker reiterated that the corporate policy at the highest level is that records and information shall be managed and that there will be compliance. This makes it easy for them to get people to pay attention to records management policies and practices. SOX is being used to strengthen such programs, too.

How do they get messages to the big global audience? Their e-culture supports it and they use technology to broadcast their messages. At Ford, you don't just pick up the phone, you get onto the intranet first to search the answers to your questions.

The ERM Market Space
Richard Villars
, Vice President, Storage Systems, spoke on October 1, 2004. He is the author of Ecommerce for Dummies. His area of focus is storage. He wants to give us perspective on the people who are trying to help us solve the RM problems, so we can understand more about what their lives and businesses are like. What are their solutions, sales strategies, and so forth?

Changing Market Landscapes
Content/records management products are undergoing consolidation. Storage is getting tiered
Email archiving has been a growth product, but little of this is suited for records management yet. People are recognizing this needs to come together and, indeed, the products are increasingly coming together. Records management software is the fastest growing software field here.

The IT community is typically the one buying the software. They are increasingly aware that records management is and has to be part of their content management responsibility. There has been a lot of "ambulance-chasing" compliance software, he noted. The amount of records moving to electronic is growing and it is just beginning. This is the most rapid and broad consolidation of companies and products today that he has seen in his 18 years in the IT field. There have been over 40 mergers and acquisitions in 2002-2003 in this field.

The world should be getting better. Companies are realizing that end customers need well integrated products that multiple users can use in a consistent and common way. However, there is a lot of marketing integration at first, before actual integration of the products is done. Natural partnerships can quickly become unnatural alliances. You can have companies who were bitter enemies coming together and having to work together now.

The shift in focus of the supplier community is to go away from processes toward selling you software. That is a better margin for them and could be better for us over time. Their ability to help us with our processes, however, will atrophy over time. This will also muddy the water on where the money for RM comes from. Vendors probably approach the IT people first, too.

Space being shipped going from 3 million terabytes in 2003 to almost 7 million terabytes in 2008. The move from paper to electronic is the primary driver for all of this growth. Dramatic growth in large companies has been in email and digital content. Those are the two drivers.

From the IT standpoint, they perceive that certain documents are stable, like physical documents, photos, scanned images, but others are seen as ephemeral, such as electronic documents, email, IM, Web sites, and databases. They consider the former "record-like" and the latter "content-like." We need to work against that prejudice.

Where does data come from?
Keeping the growing amount of fixed data - of which email is the poster child - is driving IT crazy. The primary file systems people use is their email. They store their files there. We don't need immediate response time to our emails. We need to be able to put it on media that is cheaper and less costly to run.

Fixed data - content-aware – we must assume it will be kept and can be in some other place. It needs to be mirrored and kept from being touched or changed. Response time doesn't need to be by the millisecond. We need more of a write once, read many data capability to verify that the data couldn't be changed.

Backup Information: Disc to Disc is rapid, almost instantaneous backups. The ideal is that you can recover to a given period of time. This is cycled through a 7-day run.

For the storage vendor:

The amount of capacity for them is growing rapidly
Storage prices are dropping at about 40% a year

“JABOD” used to be the storage strategy - "Just A Bunch Of Discs." Then came RAID. Hardware is continuing to get smarter. Today's storage devices have similar power to a given server.

They make their money by selling us value-added software. They need to find more and more things to have their core storage system do for the user. This is why records management is becoming more important, because the storage vendors see their systems as a good place to put the intelligence of content and records management.

The storage industry is a really nasty business. If you attach one company's storage to another's, they tell you it is all at risk. He said there is clearly tension among vendors as they begin to develop the next generation product.

"IT is now your closest companion; hopefully, becoming your closest friend." This changes who makes business decisions on what is bought.

Hierarchical storage management was created in the IBM mainframe world. Software would notice what is most actively used, ensuring that it gets moved to better storage that is less expensive.

What is ILM? "Information Lifecycle Management'
We are starting to get the definitions closer from the big vendors. Vendors are talking to IT managers when talking about ILM.

What is the “data-centric” view of email? IT managers worry about:
* How fast is the database growing?
* How fast is the number of users growing?
* What storage should each user have?
* What are response times, performance times, etc.?

Thank goodness for Microsoft and Exchange - it is keeping us all in business solving the problems and insecurities it causes us.

What are they not asking?
* Which email are business documents?
* How do we apply policies on correspondence with customers to email?
* How do we make sure email is fully deleted?
* How can a "records hold" be applied to email?
* How deal with it in discovery?
* How prevent non-business use of email?
* How can unauthorized duplication and distribution of corporate information through email be prevented?

IT suppliers finally figuring out that they need to think about this. The approach is to want to go out and buy some books and do it all themselves, not realizing there are records management people available in their organizations.

Compliance
This has been done by IT for two decades, but it is compliance relating to data use and integrity, not records management.

What are the common goals of compliance?

* Information and process integrity: Airtight processes that support control over information processing, thereby ensuring its integrity.

* Controlled Access: Manage access to or use of, specified information.

* Information retention: manage the indexing, retrieval and storage of information retained over time.

* Compliance software can either be a boat anchor or salvation. Balance and optimize risk mitigation, regulatory compliance processes, and expense.

* They can eliminate error-prone manual processes by automating business archiving and retention policies, so this becomes an advantage in that you can be more efficient and reduce staff.

* Is information retention just a requirement, or can it be turned into a business advantage? This will help get more money for these kinds of products if they can turn a requirement into a value.

What will happen?
People will go from tools and utilities to creating architecture and structures. There are two vendor groups: 1) those focusing on information access tools (for compliance people to check who's using what information) and 2) those who are focusing on common ways to organize and manage the information that needs to be available for doing compliance work.

Information access category versus information management category of vendors is what you're going to see in the market.

How do you keep companies and vendors honest?
Beware of supplier oversell - promising more than they can deliver. You must be willing to call their bluff, ask for proof they can do what they promise. Also, you must be sensitive to "stealth" migration strategies - where they're saying the future versions will work the way you need current versions to work. There is lots of room for misunderstanding.

The future will change existing sales relationships.

Don't let product breadth overwhelm policy setting and process.

Will RM and IT be selecting the same products to solve the problems? Both have to cooperate; you can't knock off one of them.

What typically happens in consolidation efforts is that the focus becomes bells and whistles in software. Having policies reflected in the software is hard work and it is not what comes off the shelf. The best software in the world is useless if you don't implement your rules with it. Do they understand your needs and requirements and know how to deploy it? That is the bottom line question.

Concluding observations by Roger Winters:

I have fleshed out these notes to try to make sense of them for those not able to attend these sessions. They do, I hope, demonstrate there was value in the pre-Conference ARMA-AIIM sponsored sessions in 2004. These speakers had a sense of the big picture and where things are going regarding electronic records. It was refreshing to hear of their experience and to be able to borrow from their successes.

DEAR READER: Do you know that you can comment on any posting on the Greater Seattle Chapter BLOG? That is an easy way for you to join in a dialog, raise questions, express opinions...be involved with others in information exchanges and learning. Click on "Comment" at the end of any message on which you'd like to leave your thoughts. (Click on the "Email" icon and you can email the posting anywhere you like.)