Mind The Compliance Gap!

So why do people do Information Management (IM)?

Careful how you answer – as the answer may not be what you think!

What makes me say this? Well, we asked our global membership for their on-the-spot judgements about what their employers see as their role, responsibility and current contribution. We did this by an online survey of a subset of our 180,000 membership in January and February this year, via a project supported by our partners Iron Mountain, Kofax, Nitro, OpenText, Onbase, Precision Content and Systemware.

So what is the driver, or drivers, for Information Management in 2016? The answer came back loud and clear: the fears CEOs have around minimising risk and meeting key compliance KPIs.

Are we minimising corporate risk, or not?

The pressure is getting more intense – as when we asked the same question a year ago, that was set as the main priority by only 38% of our membership.

Now, only a year on, it’s up to 59% overall, and it’s the top issue for nearly half (44%) of mid-sized organisations.

It’s not a universal issue, as smaller organisations say cost savings and productivity improvements are more significant drivers for IM. But what’s worrisome is the big mis-match we found between what people say they are doing Information Management for – avoiding risk and keeping compliant – and how enterprises are doing it in practice.

First, we were told of a clear lack of linkage between IM – usually delivered by Enterprise Content Management (ECM) systems – and Information Governance. Data point here: under 20% of respondents confirm their organisations proactively align their IM/ECM system strategies with company-wide agreed IG policies, while 15% have IG policies that don’t drive decisions. Even worse, nearly one in three, 29%, put their hands up and admit they have zero IG policy.

The conclusion’s inescapable; boards are rightly concerned about corporate risk – but are not aligning their systems so that they can actually do that effectively.

But we have to inject an immediate warning here – as before embarking on upgrades and replacements to any IM platform to make up the ground here, organisations will need to address the lack of information governance policy as a priority, as this has to be the first step in minimising corporate risk. Let me show you why.

Only 25% have automated deletion in place

Based on this probe, half of organisations would struggle to defend questions about deleted emails or internal communications if challenged to do so in a court of law – not just around cloud filesharing (e.g. DropBox) and social (the company’s Twitter or Facebook work), but also their SharePoint and email stacks. And even in those teams that do have agreed IG policies, the same proportion, half, admit they are not auditing compliance – and 15% told us they routinely see them ignored.

What could be the main reason why? info glut, it turns out. Content ‘overload’ has been identified as a big headache by 24% of respondents, who told us they have no mechanism to limit stored content volumes. At the same time, while 47% have an IG policy that defines retention periods, more than half – 51% – still have to rely on manual deletion, with only 25% with automated deletion. A mere 7% are using specific analytics tools for data clean-up.

Other headline findings in our research you may be interested in is 87% of respondents told us they fear being swamped by cloud content, 75% worry that email management is still the ‘elephant in the room’ with Information Management – but in a note of possible optimism for thedmcollaborators community, 79% feel that they have plenty of scope for extending and enhancing their ECM/BPM/RM suites to meet these and other challenges.

Is it going to have to take one high-profile scandal to shake us out of IM complacency?

Summing up, I think this survey shows that the industry is in a state of flux – but more worryingly, too many organisations are adopting a ‘bury your head in the sand’ strategy.

Organisations know that they need to manage their content and information much better, and are aware of the gaps should they ever need to go to court – yet are not doing enough to address this.

I think the fear keeping more than one CEO awake at night right now – is that it’s going to take one almighty, horrible compliance case to change the picture here.

Bob Larrivee is Chief Analyst at AIIM, a global, non-profit organisation that provides independent research, education and certification programmes to information professionals and which has been an advocate and supporter of that sector for 70 years

Download the full study we carried out, Information Management: State of the Industry 2016 for free here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s