Moving records management from a paper based strategy to a electronic strategy requires re-thinking what needs to be protected and where the threats to security exist.
The key is to stop focusing on the artifact (the document) and focus on the information that is important. Documents are just the storage media to move the information from person to person.
1. Increase records security
through process
Christopher Wynder, Ph.D
Director of Client Services
@ChrisW_thinkdox
chrisw@thinkdox.com
ThinkDox LLC.
2. Education has the third highest rate of
records breaches in 2014-2015
ThinkDox LLC.
These first two are symptoms of how
poor/slow adoption of technology has
been for records handling.
The last three are purely process
maturity. Suggesting that even if
adoption of EDRMs technology was
higher significant issues would still exist.
3. Effective ERM is service
driven:
It is embedded into normal work
processes
Provides time-savings to system
users
Aligns with organization strategy
and goals
4. Most records management procedures are based on “paper”
• Rigid
organization-
enforced
taxonomy.
• Retention
rules
• Disposition
workflow
• Audit of
deletion
schedules
Capture Organize Use
Archive or
retire
How it is
generated does
not matter in a
paper world. The
physical artifact
is “handed over”
Use is
controlled
via
ownership
of artifact.
5. Documents consist of information that is used
for particular business processes. There is no
requirement for documents to be maintained for
any period of time.
Records are a subclass of documents that
must be treated differently. Specifically, they
must be maintained in a format that can not be
changed for a specific length of time.
Processes produce both documents and records.
Users do not have “silo’ed” work days where they
handle just records or handle just documents.
9am
DATE
?
5pm
The average user’s day
ERP/CRM
ThinkDox LLC.
6. EIM as a strategy reduces risk of user confusion
Process and storage location alignment =
risk reduction
Before
R&DSales
CEO
HR
After R&DSales
CEO
A year later
Do we have any tape?
Someone needs to
organize this!
That looks great…but where do I
put my vacation request-is it HR or
department?
Do we have any tape?
I thought we organized
this?!
8. How people work has changed vastly
Capture Organize Use
Archive or
retire
Information
lifecycle
User
information
lifecycle
Generate Record Use
Forget or
storeOrganize Re-Organize
Envisioned
Starting
point
Actual
Starting
point
Forget or
store
9. Align user information and ECM lifecycles at key points in the process
Adoption and BRPs are linked together. Solve the users’ key needs and you’ll solve your compliance concerns
surrounding structured documents and records.
Capture Organize Use
Archive or
retire
ECM
lifecycle
User
information
lifecycle
Generate Record Use
Forget or
store
?
Organize Re-Organize
ECM works best when
the information is
organized at capture
The un-asked question-”How do
users get work done?”
This is key to how users
expect to find documents
Users lack the
tools to
appropriately
archive content
Re-use leads to lots
of local copies.
10. Move beyond just ERM to EIM
ThinkDox LLC.
ERM
Add
User ECM ERP or LMS
Student records
11. Focus on the user tools that solve user frustration with
their day-to-day activities.
How many
different
applications
are they
using
9am
DATE
?
5pm
How many times
are they breaking
compliance
ERP/CRM
how do users generate content-what
are the filetypes, what are the key
applications
where is the information from that
content being recorded? Office
documents, applications
what is the point of the content? Is
the information being shared? Is it for
revenue generation? Does it need to
be moved to other people?
....is the information source used
again. What do users really need,
what can you securely provide them.
G enerate
R ecord
O rganize
W hen
12. Account for GROW-th by accepting the organic nature of information
An architect plans the design of information, brings
structure to unstructured sources by enabling users to move
through a "journey“.
Requires existing user compliance and understanding of
information sources.
A gardener sets the parameters of access, provides a
single point of entry to user needs by understanding
that every user has multiple “journeys” that
encompass their job.
Requires access control to key information sources
to ensure user compliance.
13. Be the gardener: plant the seed, control the weeds, and nourish the environment
• Gardeners do not control growth they only
maximize the conditions for growth.
• What can you as an Information Gardener do:
◦provide appropriate access (the size of the
plot).
◦Set limits on where the seeds can grow
(users) and
◦provide within that plot the nutrients
(information) that seeds need.
• You cannot control the growth but you can limit
the unwanted growth. Growth on ECM is going to
be organic but you can limit the space provided.
14. 1. Can we manage
the
customization?
2. Can we gather
enough
information on
users
Start by defining what you want the system to do
IT
Competency
1. What are users going
to do IN system?
2. How embedded
should the system be
in our processes?
1. What can our ECM system do /
do we features should we be
prioritizing?
2. Do we have a taxonomy?
3. What is a disposition needs?
1
2
3
Information
Governance
Technology
readiness
17. School level
How do we move to better process
Board level
System of
interaction
System of
record
Access control
Findability
Archive
Ad hoc/
Fileshare
Holistic planning for information management
Infrastructure planning
Requirement gathering
Implementation
Integrated retention and
disposition schedules
Understanding trends in
content generation
Information
management strategy
Technological support for managing information
THINKDOX LLC.
18. Case study: Evaluating a broken process
Who
K- 8 School board in Mid-
west US.
Central IT administration
Charter schools have own
IT budget
Problem
Updating student records at
end of year is time-
consuming for both
teachers and central admin
Process “feels” unique for
each school to enter same
data
Complications
Some schools use Google
Apps.
Central Admin and many
schools are standardized on
Microsoft
Central use O365. Most
schools are migrating to
O365
THINKDOX LLC.
19. The reality is their “process” is actually 3 processes
1
2
3
Records change approval
Records change workflow
Records update capture
20. Optimizing each sub-process
1 Records change approval
Why is this happening outside the
system?
Do we care?
Risks?
Printing student records increases the number of
different places that regulated information is
stored.
Speed of process has led to paid overtime for
Admin staff constraining infrastructure upgrades.
Why:
Key approval is an “email guy” doesn’t want
to learn a new system.
It fits with the communication and template
locations that currently exist.
21. Addressing the “Why” – understand how each user works
Admin
Student
records
Facilities
management
User Journey of a Admin’s day
Check
information
Get
Approval
Confirm
Updates
Request
updates
Review
orders
Send
orders
Request
approval
Draft
orders
Analysis:
The nature of approvals is the real issue.
Facilities management is completely done through accounting
software. Has no ability to capture “wet signatures”
Approver wants to just send an email.
22. Identify the “most dangerous” user personas
What core users or departments are the most dependent on ECM or have roles that generate the most
content for ECM?
Go right to the source:
Where are the roadblocks in the process?
• Survey users about their activities.
• Compare the activities of people in
problem processes.
Where are the compliance issues?
Which group of users is the organization most
concerned with?
Non-compliance from user groups that
know better is often due to a lack of
support for BRPs
Use IT system data:
What does the log-in data tell us? Is there an AD role
that is under represented?
Users that are under-represented in access
logs are likely dissatisfied with ECM.
What department has the most complex site
organization?
Complex granular trees often result from
user groups copying and re-filing
information for new projects.
Search logs – are there commonly searched terms?
Searching for the same document is a sign
that users do not recall where documents
live.
23. Dealing with capture and re-capture problems
3 Records update capture
Why is this happening outside the system?
Do we care?
Risks?
Errors in data input cause problems for teachers
and administrators attempting to evaluate
educational plans.
Duplicated records is an serious issue for both
storage growth and audit controls
Why:
No one knows how to update documents in
the system.
Information is captured in a different system
then the records management system
24. Use of word templates and no required metadata “hides” documents from ERM
Collaboration
System of record
Access control
Templates
PDF generation strips
metadata and is not
linked to a form type in
Laserfiche
Admin kept copy
of template on
HD No one actually used
SharePoint for
version control
Template
IT had tied
metadata to
“live” copy
25. Move the whole process to form based approach
Capture
Organize
Use
Archive
or retire
26. Take advantage of the metadata system to connect records classification to both
information and process
Text
Date
List
Dynamic
“In progress”
Information
Folder
Information sorting
(Templates)
Process step identification
Tags
Confidential
Templates can be applied to
either folders or documents
Tags can convey
information or restrict
access
27. The brain uses two descriptors for recall. Take advantage of this to limit the number of
descriptors
• People vaguely recall the name of a
document
• People recall why they made or last used a
document
• People are hard wired to remember WHO
they:
◦Work with
◦Communicated with
◦Made the original
• The right two pieces of process
information will allow users to find the
right documents
Take advantage of how the brain works.
Weak recall
Weak recall
Strong recall
Object
Who
=
=
=
28. Describe the user journey based on how people work
Expand using descriptors that describe work
patterns
Facet Description Examples
Matter
Objects, typically
inanimate.
Desktops; Servers; Storage; Buildings.
Energy
Actions and Interactions.
“processes”.
Customer service; Quality control; Manufacturing;
Research; Accounts payable.
Space Locations, departments,
Human resources; APAC; Guatemala; Building
A2.
Time Hour, period, or duration Morning; Q3; Financial close; Winter; 2011.
29. Build out the descriptors based discrete tasks during the process
Client
size
Depart.
Budget
related
Location
Order
approvals
fulfillment
Initiative
Intranet ERP
Other
sources
Website
HR
structures
Remember our goal at the
beginning is to have enough
taxonomy to confidently allow
users to add content to ECM for
the purposes that the
organization has defined. The
taxonomy WILL need to updated
through a controlled process.
The key with “semantic search” is a
clear process for evaluating the
usage. The goal should be to have
these integrated into the controlled
vocabulary to replace unused
terms rather than create a shadow
metadata system
30. Categorize the non-records descriptors based on GROW fields
Contract
negotiations
Billing
Contracts
Secondary
office
Remote
CRM logs
Surveys
Direct
interaction
Location
financials
Call list
Daily
activities
Calendar
Hand-over
Workgroup
Potential
taxonomy
descriptors
(GROW)
These could
be the drop-
down terms
Wide
category
Remember this initial goal is about gaining control
over documents. The long term goal is a living set of
descriptors that mirror business practices.
These are probably too specific.
Additional personas will generalize
these further to make them usable.
31. Use process descriptions to enable both findability and security
Long lists of anything are a disaster for information collection
Marketing Joke: “What is the biggest state in the United
States?”
The Answer:
8x3
The human brain has a storage and sorting limit of eight items.
This means drop-down items 9 - ∞ will not be considered.
Keep your taxonomy to three levels of detail, each with about eight items. The taxonomy for a facet, therefore, can have 83 – or 512 –
items.
32. Define the complete view of what people do to extend content descriptors
Persona
Business Process
Users Workflow
New cases
Case
management
Check
schedule
Follow-up
Schedule
meeting
Check for
information
Review
previous
Monitor
action
Request
action
Review
reports
Service
Management
BPM
case
module
CRM
case #
Workflow
Confirm
by SMTP
Social Services
33. Refined the process maps with the actual information they need
DATE
CRM
Constituent
or Council
needs
Vacation
request
Agenda/
Budget
What information outside of their job description do users need to “get
work done”
DATE
DATE
DATE
How many of these
resources are up-to-
date?
34. Well-governed information is both protected and used.
• Start by determining how similar the key intra- and
inter-departmental information movement patterns
are. Do HR and corporate services speak the
same language.
• School boards with cloud based educational tools
e.g. GAFE, Office 365, D2L should evaluate the
processes and security of how information moves
into these systems.
• Move away from “E-documents” such as fillable
PDFs to dynamic forms and workflow. This is easier
to manage long term
• Don’t forget about social. School officials need to
have policy and process for when constituent
information and conversation moves beyond
community “engagement” to legally binding or
regulated action.
RegulationsOrganization-wide data
Similarities
Departmental
data
Key considerations for how to maximize the
use of your ECM
35. Thank you
Have questions or want a copy of the presentation:
Email me: chrisw@thinkdox.com
Don’t want to email me:
See our websites presentation page
http://thinkdox.com/news/presentations/
We are on twitter and LinkedIn
@Thinkdox
@ChrisW_thinkdox
https://www.linkedin.com/company/thinkdox-inc-
?trk=biz-companies-cym
Hinweis der Redaktion
Barely Repeatable Process:
education applications such as ERPs, CRMs and other data focused apps bring give a home to highly repeatable processes such as order processing, customer engagements. These are often mundane tasks that have the same starting, ending and order to the workflow.
These highly repeatable processes often surround highly regulated documents. Users understand the need for workflow and repeatability to reduce regulatory pain.
The problem becomes using these data sources as part of a users job-to be productive.
Any process that has high complexity, crosses information sources and needs to be communicated is rarely done the same way or the same order.
These barely repeatable processes are often ad hoc, multi-source, multi-person processes-building a document, diagnosing a patient, requesting time-off, building revenue projections.
For IT it is nearly impossible for us to understand what the users actually do to build ensure the tools work.