March 24, 2021
Organizations across the world are required to manage their corporate information carefully. Whether this is storing contracts for a certain number of years or ensuring that personally identifiable information (PII) such as the date of birth of an employee is kept secure, information governance is vital in the modern world.
When implementing information governance, two key aspects typically come to the fore — records management and compliance. These two co-habiting topics have existed for many years but are increasingly under fire and struggling to cope in today’s digital environment. This blog looks at why records management compliance is so hard to achieve and how technology can help address the issues.
Records Management and Compliance
Records management (RM) is the practice of identifying and appropriately managing core business content according to the relevant rules and regulations that apply to the organization. This discipline defines how long certain types of content needs to be stored for, identifies such content, and then carefully and proactively manages it throughout its lifetime.
Compliance works in parallel to records management and ensures that RM policies are being followed and in line with law’s retention schedules. When a government entity audits an organization, compliance with the appropriate laws is one of the items that will be verified.
Challenges with Records Management Compliance
While sounding simple to achieve, there are numerous challenges with creating, executing, and maintaining a compliant records management operation.
Increasing volumes of content
According to AIIM, vast amounts of information are hitting organizations daily — and greater volumes are expected in the coming years.
This vast amount of incoming content adds to the information that an organization generates itself internally - creating a vast stockpile of documents for a records manager to work through, identify, classify, and potentially administer.
As if the content volume wasn’t challenging enough, within the organization, content is stored in numerous, disconnected systems throughout the enterprise. Some systems are obvious places for records managers to explore — sales, HR, and legal are all areas where a significant percentage of documents will need to be declared as records and carefully managed for several years. But what about email, filesystems, and project management tools? Each of these also potentially stores regulated content too.
Time to locate files
The volume of new content, and the multitude of systems to search through to find potential records, all adds up to a significant amount of time required to locate records. Most of this time, by default, is performed by humans in a mostly manual process — an expensive resource to remain compliant.
The regulatory landscape is continually changing, making the task of remaining compliant against all potential regulations such as PII, GDPR, and CCPA a challenging one. The need to stay aware and compliant with these dynamic regulations is not just nice to have — failure to comply will result in fines, business disruption, and likely significant negative PR.
RM and compliance cannot fail.
With all of these challenges, it may appear that compliance and records management are destined to fail. But they are too crucial to the business to be allowed to do so. Thankfully there is a potential solution — Federation.
Providing a single, central view with federation
When you talk to records managers and compliance guardians within organizations, they are generally cheery folk. They don’t lament the challenges they face — but stoically keep working to ensure the compliance and governance of the enterprise they work within.
However, talk to them about how technology can help, and many come back to a straightforward request. They want a single place to identify potential records, to declare retention policies, to oversee those records under management, and finally to destroy (or permanently archive) records at the end of their lifetime.
Until recently, this has been challenging — but two advanced technologies are coming together to solve this problem in an innovative manner. Federation is typically associated with searching, where it combines results from multiple system searches to deliver a single set of results. While searching across numerous systems helps reduce the time taken to identify records, it doesn’t however, reduce the time taken to apply retention policies — as the user still needs to enter the relevant “host” system to declare and manage the record.
Modern federation however, works differently. It combines federated search capabilities with document and records management functions directly applied to the search result set. For compliance and records managers, this creates a new concept — govern in place.
Govern in place allows users to not only identify documents that need to be declared as records from a single location, but then perform the declaration, apply retention policies, and manage the full lifecycle from that same user interface. This finally delivers the single solution that this group of users has been searching for (pun intended!) and offers several benefits:
- The silo effect is negated - treating all documents, from wherever they physically reside, in the same way.
- Increased document volume is not an issue — because the time taken at every stage of the process is reduced, increasing overall efficiency and the ability to manage more documents.
- It creates a platform for further automation — with a single, central place for all potential records to be found. This opens up the possibility to use AI- or ML-based tools to optimize automation of record identification and declaration further.
Managing compliance and records is often a thankless task. The level of diligence and care required to perform the activity correctly and continuously is significant — and not helped by the numerous challenges imposed by increasing content volumes and multiple systems to store that content.
But as we have seen, modern federation, combining search with govern in place capabilities is offering governance staff an opportunity to rid themselves of the shackles of legacy compliance challenges. By working from a central, single system to identify, declare, and manage record a modern records management team can be compliant, efficient, and fully in control at all times.