There was a time when, if you wanted to archive your records, you simply boxed up your paper files and delivered them to an archivist who labeled the box, made a note of the location, and placed it in a storage facility. Fast forward to 2006 and times have changed dramatically. Today, companies must deal with electronic records including emails, instant messaging histories, online documents, and so much more. The electronic nature of these records means they can be produced all that much faster, and the record-keeping challenge grows exponentially as a result.
Today, information is not organized in metal file cabinets but on network and local hard drives, notebook computers, PDAs, and a myriad of other electronic devices, even in web-based applications. Your company may have multiple offices in several countries spread out across the world, with a variety of computer systems and operating environments. What's more, in the age of acquisition and mergers, many companies find themselves not only trying to track the records on their own systems, but also facing the additional challenge of incorporating into the mix disparate systems from new companies, while at the same time trying to please a variety of constituencies including legal, IT, and end-user groups.
Confronted with mounting government mandates in the wake of major corporate scandals such as Enron and WorldCom, growing privacy concerns, and multiple litigation discovery requests, companies need to get a grip on their own information or deal with the consequences from regulators, lawyers, and other parties who need or want to see this information.
In the face of this dizzying mix of requirements, you may find your organization stumbling at the first step. How will you organize this information and decide what to keep and (just as importantly) what to throw out? Before you panic, realize there are companies that have successfully navigated this issue, proving that, with patience and a plan, you too can get control of your electronic records.
Origins of the Problem
Companies are feeling pressure to become more disciplined about electronic record keeping because of three factors: government regulation, litigation, and process requirements, according to John Mancini, president of the Association of Information and Image Management (AIIM). "Number one is government regulation like HIPAA, Sarbanes-Oxley, SEC Rule 17, and a whole litany of those kinds of government regulations that have document and record-retention requirements associated with them." On the legal side, Mancini says, employees have information squirreled away on network drives, local hard drives, email folders, and many other places—information that is for the most part uncontrolled by the organization. "That's the information that then becomes discoverable in a legal proceeding and could potentially prove problematic," he says.
Finally, companies need to have processes in place that are auditable, replicable, and efficient. "They just can't have all of this miscellaneous electronic information floating around that isn't managed in any kind of way that has any kind of integrity associated with it," Mancini says. He adds that most companies are certainly aware of this issue, but many have not yet begun to control their electronic information, even if they have the best of intentions to try to do just that.
What's more, says Al Griffin, director of product planning at Systemware, a company that sells records management solutions, there is an awful lot of data to deal with. He points out that a large organization may have as much as 5TB of data in email messages alone, representing a billion individual email messages. "In our industry, keeping up with 5TB of information is not that difficult. You can certainly have enough storage capacity to do that. The problem is how do you keep up with a billion individual records and understand what's contained in those individual records, so you can store them in an orderly fashion and be able to find one and retrieve it whenever you need it?" Griffin asks.
Understanding the Problem's Scope
To some extent, says Lubor Ptacek, director of product marketing at EMC, there is a fairly high awareness of the electronic records management problem, but it can be difficult to get customers from awareness to implementation. "Customers usually do understand at least at a high level what the problem really represents, but the devil is in the detail. When you get to the next level of detail, of technical implementation, that's where the customer really needs help from [vendors and consultants] about what it means and what the consequences are," Ptacek says.
Derek Gascon, senior director of archiving solutions at Hitachi Data Systems, sees companies struggling with these issues, especially with making the transition from managing paper records to managing electronic ones. "What we see going into [working with] customers is the sheer magnitude and complexity of the challenge of gaining control of their digital content, so they can manage it to address the regulatory compliance requirements. A lot has been done to maintain control over business records in paper form, but there is still a fairly significant challenge facing corporations today in controlling digital information and making sure it is effectively archived and managed based on regulatory requirements," he says.
There is a consultative aspect to any records management sale, says David Winkler, VP of marketing at Mobius, and his company often needs to help customers understand how to conduct an information inventory to learn where this information lies and what information, in order of priority, is most critical to them. "We find that a lot of time is spent consulting with customers, understanding their priorities from a business sense of urgency, but then we help map it to an architecture that can be fundamentally put in place that can then house all of their electronic information," he says.
To some extent, how seriously a company takes record keeping has to do with how much pressure they are feeling from regulators or litigators, says Mark Portu, VP of compliance solutions at Open Text Corporation. "Companies which have experienced a higher degree of pain from litigation or compliance, that have to meet real compliance guidelines and think of risk management as an operating mantra, are more likely to think about this comprehensively and look for a more comprehensive solution. That's oversimplification, but it's also accurate," says Portu.