I recently attended AIIM 2014, the annual conference staged by the Association for Information and Image Management. As an attendee at this event (which included IT, business and records management professionals), I witnessed a growing awareness: forming a comprehensive information governance (IG) strategy can pay huge organizational dividends in the form of improved storage management, lower eDiscovery costs, better information privacy controls and reduced risk.
Implementing an information governance program is certainly not an easy task. It typically requires careful research, detailed planning and a comprehensive execution strategy. I’ve written about the planning phases of an IG program in other earlier posts (available on our blog ) but the focus of this article is on the execution phase of your governance strategy – and more specifically, enforcement. Enforcement itself can be a broad topic, but one of the primary tools available to help administer your governance rules is still the venerable policy.
Policies, as defined by the dictionary, are a set of plans or actions agreed upon by an organization. In simpler times, businesses could rely on written policies to determine how files, correspondence and other communications were handled – but today, the landscape is much more complex. In addition to the explosive growth of electronic communications, organizations must cope with extensive regulatory compliance mandates and the ever-present threat of litigation. Expecting to manage this tide of information using written policies alone is a prescription for disaster.
For more than a decade, Sherpa Software has been helping clients implement their written policies by developing automated tools that enforce policy parameters. During the course of that time we Sherpas have learned a lot about the characteristics of policy enforcement software. Here are a couple of tips to consider if you plan to search for policy automation solutions:
- Flexibility in a policy enforcement engine matters. Many clients focus on their ‘current’ requirement when evaluating solutions, but that approach can be short-sighted. Perhaps you only need to perform enforcement using age-based criteria today, but a year or two from now the ability to supplement that age-checking with additional options like keywords or regular expressions may be required as your policies evolve – therefore, look for more capability than you need today.
- The more content sources that a solution supports, the better. Investing in a policy tool for email may suit your current requirement, but what happens when legal extends the policy to include SharePoint, Yammer or some other content repository? Ask your vendors how flexible their offerings are, with regard to supporting multiple content sources.
Our team has a wealth of hands-on experience, helping clients formulate their information governance policies and implement enforcement strategies using electronic tools. We are about to launch the next version of our hosted information governance platform, Sherpa Altitude IG tm , which features a powerful policy enforcement engine that can be applied to a wide variety of electronic information sources. For more information about Sherpa Altitude IG tm or the policy consulting services we offer, please visit www.sherpasoftware.com.