-->

Keep up with all of the essential KM news with a FREE subscription to KMWorld magazine. Find out more and subscribe today!

Risky Business
How “Avoiding Trouble” has Become “Risking Trouble”

"Governance has more to do with internal policies," Tom says, correctly. "If a ‘governance’ issue is breached, the SEC is not going to come crashing down the door. And your business is not likely to evaporate. The negative impact of an incorrect governance decision is more likely to be a bad customer experience, or lost profitability." These, he implies, are business situations that can be bad enough, sure, but not game-enders.

Tom looks mainly at the impact that a disaster—flood, fire, hurricane, whatever—can have on a business, and what steps should be taken to minimize the effect that such an occurrence can have on an organization.

"In a disaster recovery scenario," he says, "you’re always assessing what you can live with versus what you can’t live without. There are ‘recovery point objectives,’ where you have to figure out how far back in time you HAVE go in order for your business to survive—I can afford to lose a day’s worth of data, but I can’t afford to lose a week’s worth, for example."

He continues, "But in addition to recovery points, we also determine recovery time objectives... how rapidly do I need to be back on line? Will my business go bankrupt if I’m not back inside of an hour? Versus a couple of days?"

Even though that sounds spooky enough, Tom says that most of the customer engagements he’s familiar with have a more strategic, top-line impetus. "The vast majority of our customer opportunities do NOT begin with the disaster scenario in mind...although there are some. Most start from the question of how to handle and manage information better—distributed access, collaboration, imaging and workflow... we usually start from an information management point of view," he says.

"But then a subset of that comes up: ‘Oh, by the way, this is incredibly important information and it has to be available 24/7 and we’re willing to pay whatever it takes to accomplish that.’ I’d say in the case of big companies, the failover scenarios and disaster recovery issues get bolted onto a content management conversation about half the time."

I mention that this sounds sort of discontinuous, and a little bit schizophrenic. So who’s in charge?, I ask. Is information governance in the realm of the IT group, or is it left to someone with a more active interest in the content? "The IT people are doing the implementations, and they’re asking their ‘customers’ (internal customers, he means) what they need. Problem is: sometimes those ‘customers’ don’t know... it’s amazing how mushy some of this stuff is.

"But it’s the office of general counsel (OGC) who makes the ultimate decision, and tells IT where to focus its efforts. The OGC prioritizes, and performs triage. Most companies have more areas where they’re regulated and have to conform to than they can actually handle in parallel. They have to do their most high profile things first. And leave some for later.

"On the disaster recovery and business continuity side, there’s never a single ‘cop’ who says we need to take care of this," Tom continues. "Maybe there should be, but I’m not sure who that would be. Very often it’s the IT guys, being conscientious and doing their jobs correctly. More often it’s the person who owns the system from a user perspective; they’re the ones who know the consequences of data loss and down time. They’re driving requirements toward the IT guy."

So I ask Tom the same question I asked Dave earlier, and that is whether his customers consider all these preparatory investments more or less a cost sink—an unavoidable nuisance—and thus view them in the way we might in our personal lives view an insurance policy; a necessary cost with no identifiable return (unless something bad happens)? "Oh, absolutely," says Tom "People cut corners. How many people do you know who don’t back up their laptops? A lot of people do the ostrich thing... stick their head in the sand, cross their fingers and say ‘it’s not going to happen to me’?"

He goes on: "The people who start paying attention are first of all the smarter people—people who read the news—but they’re also the ones who have critical operations and recognize the cost of lost continuity. In the compliance scenario, it’s a similar group who understand the repercussions that can come from the external agencies, such as the SEC.

"There certainly is a lot of innate value in managing content properly, but very few people spend the money or invest the human resources to do so just to be ‘good information custodians,’" Tom says. "It’s almost always because they fear the repercussions of not doing so."

Avoiding the Quicksand
So, we’re sort of back where we started. The drive to manage organizational content is, on one hand, a strategic effort to improve processes, create competitive advantage and propel organizations to greatness. On the other hand, it’s also a good way not to get arrested or fall into a pool of quicksand. Do I have a good feel for which of those two motivators is winning out? Nope. Will you, when you’ve finished reading the following pages? I hope so, but don’t bet on it. Risk is risky business, and content is a difficult matter to pin down. I only hope that at the end of this white paper, you have learned some ways in which to justify proper controls and better governance inside YOUR organizations.  

KMWorld Covers
Free
for qualified subscribers
Subscribe Now Current Issue Past Issues