Friday, December 23, 2011

Inspired to come out of hibernation for THIS!

There was an article in the Washington Times today regarding the recent Presidential Memo calling for improving the manner in which digital records are being managed ( http://goo.gl/Gk88p ) and challenging those in Federal Agencies to address the current manner in which records are managed across the board to come up with recommendations for more effective and efficient methods. I don't know how long the link will remain live, but the article is/was here( http://goo.gl/PZma2 ) :

And here's a snip from the lead in to it:

HUMMEL AND KEMP: Today's digital documents are tomorrow's dinosaurs -
While the move from filing cabinets and paper to a form of digital preservation is important and necessary, it is much more complex than it sounds. The initiative, if it is not done right, could unintentionally be a hugely wasteful spending exercise, and vital information, records and assets could be lost forever.


Okay so this is gonna be long, so if you plan to read this, make sure you're comfortable, put a log on the fire, don your Snuggie, pour yourself a nice hot cup of coffee, cocoa, or a good stiff drink and read on...

An interesting article, some of it thought provoking, some of it sort of a 'sales pitch'. Turns out this technology they refer to "DOTS" (Digital Optical Technology System) is ACTUALLY a private for profit organization out of Florida... it isn't a "technology" at all.

The recent press has made many assertions that Truman led the way in the past to modernize record keeping, the fact is that Truman asked Hoover to lead an effort to investigate the current methods of managing and creating administrative records in the Federal Government and to head a Commission to recommend improvements. In part, that led to the formation of the GSA and establishment of NARA.... but I digress. I just find it interesting that the Presidential memo has got people rattling Truman's ghost and there hasn't been much said about what he did. Personally, I'd love to hear more.

So back to the article? One comment in the article I think we all agree with is: "The initiative, if it is not done right, could unintentionally be a hugely wasteful spending exercise, and vital information, records and assets could be lost forever."

However, I think we also all understand that there is no ill-will or intent to NOT DO THIS RIGHT... and one major piece of misinformation being tossed about is the intent of the memo was that all physical forms of records be digitized and subsequently discarded, and that henceforth ALL RECORDS would be managed electronically. NO ONE in the Federal Government, or even in most businesses is that ignorant.

There are some records that it makes absolutely NO SENSE to digitize and there are others that EVEN IF YOU DO digitize them (to make the content more readily accessible by multiple people in disparate locations simultaneously) you would NEVER discard the original source materials, you would simply index them with pointers to their locations and store them in optimal conditions to protect them permanently. DUH!!

So, the article goes on to state: "One of the challenges facing federal workers is that long before the complete set of records is digitized, those workers will be required to start making copies of the records they just created, a process called migration. Then, in a relatively short time, workers will need to make copies of those copies. It's a job never completed, constantly in a state of chaos and confusion, with danger of losing the very data that is supposed to be preserved."

Again, THE COMPLETE "set of records" will NOT be digitized. And yes, migration and sometimes conversion, is an ongoing process and needs to be planned for to avoid technological obsolescence and media degradation, but this is a known fact and a given requirement. Constant care and feeding of a digital repository is always going to be required to ensure persistent access to digital assets throughout their life cycle. Everybody here knows that, and a great number of the people being selected by Federal Agencies to respond to the challenges put forth in the President's memo do as well.

The article continues it's "the sky is falling" tone by further stating: "Traditional digital archiving, as it is understood today, is not secure for the long term. Current methods used, many of which the federal government will consider embracing as part of President Obama's initiative, are time-consuming, extremely unreliable, environmentally unfriendly and expensive."

"As it is understood today..." is ALL WE HAVE- it is clearly known that this is an ever changing world when it comes to technology- formats change, media changes, hardware and software used to access information changes constantly. The trick is first, keeping up with it and second, moving forward with it. And yes, the methods are time consuming and expensive- but I disagree they are "extremely unreliable and environmentally unfriendly".

What is the option? Bury our collective heads in the sand and wait around for someone to develop a fast, cheap, reliable, friendly solution to resolve this problem while the existing digital content continues to rot, decay and become inaccessible? Like the Moon Mission content? Past Census data? And who knows what else that has been lost and not identified as of yet. Enough of the analysis paralysis- the memo isn't calling for knee-jerk reactions, it's calling for Agencies to identify staff to address the issues NOW, and in the following 4 months, for them to begin addressing the challenges they face and concerns regarding existing regulations that keep them from being able to do this efficiently and effectively... and as we all know here as well, 120 days WILL NOT be long enough to develop the laundry list of roadblocks and 'challenges' facing Federal Agencies from complying with the recommendations in the memo.

The two largest hurdles we face are a lack of funding and a cultural change in management thinking about the effort required to change the methods by which records are managed. It was a sweeping change to embrace creating things electronically, including the adoption of email and social media forms, but it has been and may continue to be at a GLACIAL PACE that management comprehends the difficulty of putting the lid back on Pandora's Box. And part of how this will happen successfully will be to give consideration to deploying new technologies on a "day forward" basis and then developing plans to address how to deal with Legacy content- in both electronic and physical formats. The concept of consuming this entire elephant in one swallow is ludicrous... but to cage the herd and control that which is still being created is something do-able.

Now HERE'S where the article gets sales-y: "With sufficient magnification, DOTS enables digital files to be stored in an easily readable form for 100-plus years, even in conditions of benign neglect, guaranteeing readability as long as cameras and imaging devices are available. Because it's nonmagnetic, it's also immune from accidental erasure or an electromagnetic pulse."

This is laced with a true 'drink my KoolAid' flavor. The authors want to convince you there is ONE magic technology that exists that will give us the answer to all of our problems! Well, aside from the fact that they say 'digital' in here, when I read this (cameras and imaging devices, non-magnetic, immune from accidental erasure) the first thing that popped into my head was MICROFILM! Or even better yet, NORSAM! ( http://goo.gl/YSWqj ) But when you Google up the acronym and technology they speak of you find out it doesn't exist.. but the COMPANY does!! =) So I'm sure we know where this is going... buy OUR Snake Oil !

And here was one of my FAVORITE lines from the article: "No matter which solution is chosen, it must be one that does not require massive amounts of power and air conditioning, state-of-the-art computer technologies or extensive migration. The solution should not fuel worries about data degradation or failure."

Seriously? I mean SERIOUSLY? (as my good friend and RM colleague Randy Kahn might say) ARE YOU KIDDING ME? Naturally any technology adopted now will require the use of state-of-the-art technologies, because we have nothing from the future and undoubtedly it's going to require migration... we simply need to plan and budget both funds and time for it, and ensure it happens. THAT is how you gain persistent access to digital assets with the technologies that exist presently, and that's the paradigm in which decisions have to be made now.

I don't find any of this fueling worries, instead I find it a calming influence- the consideration that at the highest levels in Government SOMEONE finally understands the need to do something and wants to see us improve upon how we're doing it now.

Lastly, the article poses: "The potential reforms and improvements, while necessary, need to be built around embracing a solution more robust than paper but more reliable than the latest computer."

And I have to wonder what is this? Vaporware? Although one of my other colleagues, Steve Whitaker, doesn't embrace paper, it's pretty doggone robust and reliable, when properly protected... and if the content is indexed well, not too difficult to locate. AND many find it more reliable than the latest computer! But what is proposed here as a 'solution' is something that doesn't exist yet... and choosing something that doesn't exist, doesn't solve anything.

Larry
RIMMAN.LARRY@gmail.com

With that, I wish a Happy Merry Everything to everyone, may you all enjoy time with your families and loved ones and we can continue this (and other) discussions in the New Year.

Friday, February 26, 2010

The more things change...

...the more they stay the same. Not sure who originated this phrase, but if they got a nickel for every time it was used, they'd be wealthy.

I've noticed the constant acquisitions and rumors of even more acquisitions in the IT Services industry are continuing, and in many cases, resulting in dissatisfied customers who have no recourse other than to complain with their feet... and in some cases, they are so deeply invested THIS isn't even an option.

Two biggies- one in the not too distant past- Oracle's acquisition of Stellent and a very recent one, Iron Mountain's acquisition of Mimosa Systems. Clients of the two product lines will be impacted in different ways.

Stellent, a vendor whose primary product was a Content Management System (CMS) had clients who manage varying sizes of repositories of information in multiple formats, supported by an index and descriptive meta data related to each asset. The organizations using the products would have two options. One, to continue using it "as-is" (because Oracle has elected to no longer support the product) or to engage the services of a former Stellent employee as a Consultant to assist in providing whatever "life support" you may need. The other option is to agree to converting over to an Oracle product offering similar features, such as Universal Records Manager (URM) and either buying or negotiating terms for licensing, and then buying contracts for support of the new product.

The second option may be the best long term, but it is not without issues. While the systems offer similar features and functions, they are far from identical in structure. In fact, there are extensive efforts required to "normalize" data structures within the Stellent repositories prior to transferring them into the Oracle repositories, not to mention the need to build tables, rules, features, and more prior to things being similar. And there are different APIs and a look and feel that users will have to become familiar with... so training will have to be developed, delivered, and maintained for users.

Many of these efforts can involve high costs and few organizations knew at budget time in 2009 to plan for this in 2010 (and potentially into 2011)- and this is an impact vendors fail to consider or realize when they make these moves. If you have a system that meets your needs, and you've paid for license and support costs for a full year... how do you even consider migration and new costs?

The acquisition of Mimosa Systems, an e-mail management software application (NO, I will not call it an @rchiving $olution!)I think will prove to be an even greater concern for those currently using it. The firm who acquired them is offering XaaS hosting of e-mail on their servers offsite, and the move is thought to have been made primarily to strengthen this service offering.

But what happens to the tens of thousands of organizations who independently purchased, configured, and are running Mimosa in-house to assist in managing their e-mail repositories? What happens if like in so many other cases, they simply decide to crack open the shell of Mimosa and suck out all the tasty bits they wanted to strengthen their services and then leave the remainder of the product in the dirt? And even if they do keep the product complete, who will be offering support for the users? I don't see the motivation for the new owner to continue offering support for a service they'd rather sell to these same users...

Eventually, this trip down the rabbit hole of mergers, acquisitions and takeovers in the IT industry will stop... hopefully it will be long before we reach a state similar to that in Wall-E where Buy n Large (BnL) owns everything!

Tuesday, November 24, 2009

Is a year (to the day) long enough between posts?

I'd like to think so. =)

It's not like I've been hiding though, but I've been busy with the paying job, and posting and participating a lot on Internet Evolution recently.

There has been a lot going on in our profession over the past year- much of it related to social networking, cloud computing, SaaS (and other 'XaaS' models), privacy breaches, major data losses (can anyone say T-Mobile and Microsoft?) and of course electronic medical and health records issues. I don't think this is the time to break into song on any of these, but I promise I won't wait a year to get into any/all of these topics.

As the year draws to a close, many organizations will be in the process of dispositioning large volumes of records having met their assigned retention periods, and I'd urge you all to take this opportunity to "be green" and find out how the records are being destroyed- encourage your suppliers to recycle the shredded paper or the cardboard boxes at least.

And while you're taking the time to contact your suppliers, consider a site visit with a checklist of concerns and issues to ensure your organization's information assets are being properly protected. Ask to see the inspection report from the Fire Marshal (everyone is supposed to get one annually), and ask to see a copy of their emergency operations plan, and documentation from when it was last exercised... this is also supposed to happen annually. Take a walk through the warehouse, visually review their fire protection, exit doors, trash collection practices, where they store fuel for handling equipment and/or charge their equipment up. And if you have questions, ASK THEM... and follow-up with them in writing, requesting a written response.

Wishing everyone a Good Thanksgiving, I think I'll sign off for now...

Monday, November 24, 2008

E-Mail management should REALLY NOT be so confusing

It's been interesting watching some of the articles recently about the challenges of managing e-mail as if there is a need to manage every piece of it that exists. I've been writing about this topic for quite some time, and while I've also stated it isn't a simple task... it's nowhere NEAR as hard as some make it out to be! In fact, it's hard to believe there were 153K hits for the literal search of the phrase "managing email"

I think what's happened over time is a lot of misinformation from numerous sources, especially those that are urging organizations and individuals to "save everything" when there is NO REASON TO.

What is important is that every organization develop a policy for Records Management that clearly identifies what a "record" is for their organization. This should include elements such as:

- It documents an official decision or transaction
- It provides guidance to staff about what to do or how to do something
- It communicates a policy to others inside or outside your organization

Naturally, depending on the industry segment you operate in, there are other critical factors to consider based on who regulates what you do and what laws you operate under. Also, once a legal action is entered into or you become aware one MAY be pending, all documents (including e-mail) related to the matter must be retained until the matter is resolved.

But all this said, much can be done in the course of normal business to minimize the volume of e-mail any organization is required to manage, and most of this can be done by staff on receipt of the e-mail itself. FIRST... develop a policy and communicate to all employees the definition of a record for your organization. Follow the "KISS principle" when doing this, but make sure it's comprehensive. Make sure employees understand this applies to ALL information, but especially e-mail.

Next, direct employees to delete all e-mail that is NOT a record if it is received on the company system, as soon as practical. A Company's e-mail system is not intended for personal e-mail or other information that is not related to the 'business of the business', and while the occasional use of information systems is generally in keeping with most organizational policies, they are NOT designed to store or retain such information. Yep, this sounds harsh... but it will generally eliminate a good 40-50% of the volume of e-mail. If you include the non-business e-mail received from vendors, trade publications, internal messages of informational only value, this number will likely climb to 70-80% of the volume.

The next steps are more painful, and absent the existence of an Electronic Records Management System (ERMS) of some type, it is difficult to achieve success. The management of records is related to the content included in a record. That content and its value determine the length of retention required for the information.

All organizations should have a Records Retention Schedule (RRS) (a topic for an independent post) in place that suits their business needs and the laws, regulations and statutes that govern their industry segment. If an RRS exists, then it is much simpler to manage the 20-30% of e-mail that fits the definition of a record. Of the approaches used to accomplish this, the application of what are commonly known as "rule and role based" principles are among the most successful.

Rule and Role based retention practices involve an evaluation of the work being performed by various functional entities within an organization and comparing these against the records they routinely create and/or receive. This list of records is then compared tot he RRS to determine retention periods, which results in the development of a short list of retention periods for users to select from to assign to the records. After generation of records, or following review of those received, users select from this "pick list" to associate a retention period with the record prior to it being stored.

This is best done through an interface with an ERMS, but absent an official proper records management repository, the records can be stored on organizational servers that are routinely backed up to protect content form alteration of destruction prior to their assigned retention periods.

This is intended as a simple overview of one process that greatly reduces both the volume of e-mail being retained unnecessarily and the effort required to achieve compliance with legal and business needs for effective records management.

Wednesday, November 12, 2008

Got your head in the clouds (computing)?



But now they only block the sun
They rain and snow on ev'ryone
So many things I would have done
But clouds got in my way
I've looked at clouds from both sides now
From up and down, and still somehow
It's cloud illusions I recall
I really don't know clouds at all....


I think Joni Mitchell summed it up well when she said "I really don't know clouds at all".

There's been a lot of discussion about cloud computing, what it is, what it isn't and the benefits and concerns around it. Much of the discussion indicates that while it isn't a mature enough concept, a lot of organizations are charging forward and putting their information assets at risk in this environment. One of my most recent favorite articles made a brilliant observation.

The writer, Ed Sperling, stated "In all companies, cloud computing needs to be part of an overall security risk management equation. It's easier to figure out in newer companies, but the process is still the same. Still, cloud computing should never be viewed as simply a way to save money unless a company doesn't care about security or doesn't have anything to steal. And in that case, why is the company even in business?" And I think it's a valid point to raise.



Risk is a critical component to consider when it comes to the storage and management of information assets, the lifeblood of many organizations. You need them to make informed decisions and to perform the 'business of your business', and protecting them form exposure is critical to ensure you retain your competitive edge over others.

Examples have been given where this seems to be a more logical option for consideration for SMBs (small to medium businesses) or for start ups, as a means of cost avoidance of procuring a large hardware infrastructure and minimizing the cost exposure related to application purchases. But again, I question this... if you're a new business and attempting to gain a foothold in the marketplace, wouldn't you want to do everything possible to keep your information as 'close to the breast' as possible? And while there isn't extensive evidence of the risk associated with cloud storage, (we aren't hearing rampant stories of data exposure), even secure environments are being routinely hacked... so these environments are obviously much more prone to it.

I think the jury is still out on cloud... and I fear many may not like the final verdict when they eventually hear it.

Monday, October 27, 2008

Long time, no post

I guess I've been a baaaaaad blogger, letting this sit idle for such a long time. Not that I haven't had a lot to say, just been saying it elsewhere and trying to figure out if/how to focus my energies to one source.

So much to say, where to begin? Okay... the ARMA Conference in Las Vegas. I was finally allowed to attend, but the notice came so late the airfare for a 90 minute flight ended up being nearly $400- thankfully I had a round trip coupon, but WHAT a waste of a good R/T coupon that was destined to get me to New Orleans =(

The conference was well attended, 4600 total, about half that many full paid attendees. Lots of sessions both on the paid and free side (those in the exhibit hall from vendors; some with the assistance of RIMs or techxperts). Lots of sessions on e-mail management and compliance issues, many on gaining management support for RIM programs, marketing RIM, and implementing ERMS tools. (Nope, you'll NEVER hear them referred to as 'solutions' here) It sure would be nice if the handouts for the expo floor sessions were ALSO made available to attendees!

Efforts were made to relate the sessions to domains and levels called out in the ARMA RIM Competencies which I stand firmly behind as a great document to provide guidance for where you are and where you may want to go in your RIM career.... obligatory disclaimer here, as I worked to help develop this document for 3+ well spent long years. Unfortunately, I think the efforts fell a bit short of their goals.

Talking to numerous attendees, some of them first-timers, many felt the sessions had the following problems:

1) the description did not accurately match the content
2) the ratings were higher than the content presented
3) the domains were misstated- content didn't stay on track for domains

A number of attendees told me that after the first day, they adjusted their plans and went to higher rated sessions, and still didn't feel they were getting what they expected in all cases. But, as I explained to them, this is a work in progress and it should improve over the coming year... and I STRONGLY SUGGESTED to them that they provide some of their feedback to ARMAs EDC and education department. If no one tells them, nothing will change.

I'm torn between the old "tracks" and the new "competency based" arrangement of sessions- one thing I'd like to see greater consideration given to is adjusting things so sessions of a common nature and differing levels are placed against each other in the same time slots, instead of making attendees choose betweens similar level sessions in multiple domains. Fortunately, almost ALL of the sessions handouts were posted in advance this time, so you did get an opportunity to review them before attending and make some choices of where to spend your time. Too bad a lot of first time attendees weren't aware of this option.

Biggest complaint? MISERABLE DISTANCES to be traveled between the hotel and the conference center, and between the general session and the expo floor/sessions. For those of us who are mobility impaired, it was a real pain (lterally) to walk these distances.

Biggest compliment? Plenty of people in the hall to tell you where things were if you were having trouble finding them.

Biggest disappointment? ARMA is STILL not doing a good job of marketing the Poster Sessions. Having delivered on every year since Long Beach (except this year) many attendees still don't know what they are supposed to be or intended to offer, and where to find them. This year they were in a dimly lit hallway- probably the best layout thus far was in San Antonio, but even then, no one seemed to know what they were.

Major suggestion? Re-instate the prior year's practice of ensuring EVERY first time attendee get a ribbon, and seriously encourage all Leadership and "old-timers" to directly approach and engage these people. I personally tried to approach every one I saw and ask how their experience was going and if they needed help navigating the landscape. Most of them were grateful and said that no one else had spoken to them. =(

Given the non-trivial cost of attending this annual event (registration, airfare, lodging, ground transportation, meals and incidentals) it would be nice to see more done to make the experience an overall win-win. Employers are becoming more reluctant to spend money sending employees to 4-5 day events unless they have an understanding of the take-aways and benefits of attendance. For members, the networking opportunities are excellent and the chance to catch up with friends and colleagues makes it a worthwhile experience. Employers however, are looking for hard benefits to their bottom line... and while you can come away with benchmarking information and suggestions for improvements to practices, sometimes it's hard to show that direct cost-to-benefit ratio.

Thursday, September 11, 2008

Red Flag guidelines in effect Nov 1, 2008

The 2007 changes to FACTA go live in November; details can be found here.

The 2007 amendment to the Fair and Accurate Credit Transactions Act (FACTA) (15 USC 1681m(e)) directed the Federal Trade Commission and 5 other federal agencies to establish Guidelines for financial institutions and creditors (as defined) to develop and implement a WRITTEN Identity Theft Program for new and existing accounts.

"Creditor" as defined in the Guidelines includes lenders such as banks, finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.