-->

NEW EVENT: KM & AI Summit 2025, March 17 - 19 in beautiful Scottsdale, Arizona. Register Now! 

RM For The Masses

Cheryl McKinnon: Very often, an organization will go to RFP driven by compliance pressures. But when it comes time for deployment, it will be spurred by productivity and efficiency gains. The end users recognize the value of contributing to a shared repository or being able to use structured workflow. The value comes from managing the day-to-day business content during its lifecycle, not just the end. That may have been the original motivation, but that’s not the pay-off in the end.

Compliance needs to be the natural result of doing good business. An organization that takes care of its intellectual property and manages its knowledge assets consistently in order to be profitable will have compliance as a natural outcome of those other efforts.

Krista Curtiss: Are there companies trying to avoid buying the insurance policy in hopes they don’t get sick? None of the customers who come to me! How exactly do you put the value of your reputation on a balance sheet? Any of this stuff will affect you far more than money if it goes south. It comes down to the ethics of the organization.

RM to the Rescue

Andy Moore: Sounds to me as though the role of the ‘records manager’ has reversed itself, from that of a cost-center at the end of the information cycle, to that of a driver for the positive, business-driving application of information for the top line.

Galina Datskovsky: The records manager role, especially in financial services organizations, HAS grown in stature tremendously. There’s a great recognition that these people should sit at the table with the C-level executives, that these are the people who keep us on track and on course.

But what has also changed is that the records manager now very often reports into the legal organization or the compliance organization. It used to report to facilities. That’s a huge change. And not only has the stature of the records manager risen, but so has the pay scale. Because of its importance.

Cheryl McKinnon: The most visionary customers we deal with—the ones that are deploying enterprise solutions for their content and records—have formal information governance programs in place. They publish them right on their websites. They have governance committees that report directly to the board of directors.

Marko Saarinen: The question is whether records management is on the top of minds of CEOs? No, we’re not there yet. But it depends on the organization, and on the industry it’s in. Financial services organizations have a longer tradition of compliance, and all sorts of reporting are part of doing business for them. But in manufacturing, for instance, this type of thinking is not ingrained there. Many manufacturers became ISO 9000 and 9001 compliant in the ‘90s primarily for marketing reasons... although I think there is great value in the specification. But that effort didn’t necessarily teach them the best practices and lessons for how to meet compliance initiatives.

Johannes Scholtes: Having your records under control is the core of how you run your business. Let’s say you have a contract with a customer or trading partner, and it has a deadline associated with it. If you hide that contract away and forget about it, you have a very unhappy customer. Or maybe you provide a software installation, but can’t provide easy access to the documentation. Once again, unhappy customer. Neither of these examples has anything to do with compliance, but they DO require a good record filing plan.

What About the Little Guy?

Andy Moore: Let’s switch gears for a minute. We’ve talked a lot about the ‘compliance officer’ and the ‘legal department.’ But the reality is that many small- to medium-sized businesses (SMBs, or as they say in the EU, ‘SMEs’) don’t have such creatures walking among them. What sorts of advice can we share with companies that want to (1.) comply with regs; and (2.) not lose their shirts in a litigation; or (3.) leverage records for their positive contributions... but just don’t have the resources?

Dave Campbell: In the SMB that doesn’t have the legal or compliance officer, IT has a pretty big challenge on their hands. In the event of a legal hold, IT is being forced to manually hand off data and produce data on CDs or DVDs, etc. While they’re doing that, they also have to establish chain of custody... Let’s face it, IT are not crime scene investigators. They don’t want to sit in court to defend their processes. They have day jobs, and this is an obstruction to their primary objective. The legal department can’t patch servers or de-bug applications, so why is IT faced with figuring out the company’s retention schedule, or documenting a chain of custody?

Krista Curtiss: It is a political thing, and touches on fiefdoms in the organization. As a result, sometimes it’s better to bring in a consultant who doesn’t have a vested interest in any of these areas... especially small companies that don’t have the skills in-house.

Marko Saarinen: SMBs spend a greater percentage of their budgets on compliance than big companies, mainly because they don’t take a holistic approach. They take on compliance in an ad hoc manner, addressing compliance requirements as they emerge and treating them with a ‘one-time’ or ‘just-in-time’ approach. This not only costs more, but also puts these SMBs in danger of failing to meet trading partner specifications. Keep in mind: trading partner requirements are also a form of compliance.

At the same time, SMBs tend to underfund compliance, according to Gartner by as much as 50%. These challenges are great, but they can be met by taking a more ‘big picture’ approach to compliance, decide which are the organizations’ most important compliance requirements and come up with an overall strategy to meet them. This will save SMBs money in the long term, and help them remain compliant in the near term.

Cheryl McKinnon: For any company—whether or not they have a compliance officer or a records department—the first thing they need to do is become aware of where their content resides. Where are their email servers and what’s on them? What kind of content repositories are there? What kind of fileshares are there? So the first thing is to take a look inward, and do a content inventory to know where critical business records reside, who created them, who owns them and where to find them if you need to put a hold on them quickly.

Krista Curtiss: Companies have been keeping records forever, for financial reasons, for customer relations reasons... now companies need to look at those records through both a compliance lens AND a functional lens.

Cheryl McKinnon: Ultimately, a successful deployment occurs in an organization that knows where content resides—who’s creating it, who’s using it, who’s distributing it, and ultimately who’s caretaking it when it reaches the end of its useful life. Any solid records program—one that can protect the company if there is a threat of non-compliance or litigation—must have solid and consistent user participation. If we’re not getting critical content contributors adding content to the repository and making sure the records group has access to their content, there will be gaps in the record and that is an area of risk.

KMWorld Covers
Free
for qualified subscribers
Subscribe Now Current Issue Past Issues