Presentation on theme: "Fully Compliant Cloud Based Repository Lessons along the way Mark Ellis, Electronic Records Management Consultant April 8th, 2014."— Presentation transcript:
Fully Compliant Cloud Based Repository Lessons along the way Mark Ellis, Electronic Records Management Consultant April 8th, 2014
Agenda Who I am Industry Statistics Records Management widgets 10 lessons I’ve learned along the way Where to start
Mark Ellis Who am I 20 years in an industry that generated the mountains of paper 5 years working on opposite side of the fence: The taste of the paperless office Trying to get rid of those same paper records Been lucky Some very successful ECM deployments Worked with talented people
Records Management Industry “Over 50% of organizations have either zero OR more than 3 content management systems implemented.” “More than 50% of organizations cited excess litigation costs or damages resulting from poor record keeping as the largest risk relating to information governance.” - AIIM Industry Watch, 2013 “More than 40% of organizations cited getting to grips with electronic records management the biggest cause for concern relating to information governance this year.” “60% of organizations still use network file shares as a primary records management solution.”
Records Management Widgets Achieving a compliant repository extends far beyond the technology.
Lesson #1: Team effort There is no single person with all the answers. Key Resources Solution’s Architects Legal and compliance experts Subject matter experts (internal) Business Analyst IT
Lesson #2: The Ideal ECM system Is one that you never ever have to touch and works well other systems.
Integration Many vendor do not honor API’s for ever. Our system is unusual in that since it start 17 years ago they have never abandoned and API call. Application Programming Interface's
Lesson #3: Scanning alone will not fix the problem Scanning Project are one piece in a large puzzle. The go forward process is key
Lesson #4: Compliance cannot be outsourced Technology is only a part of the overall solution.
Compliance Industry Leading Technology Highest Certifications Available Compliant – and Setting the Standards GOA IMT A000013 – Digitization Technical Requirements, & GOA IMT A000015 – Digitization Process CAN/CGSB-72.11-93 Canadian Government Standards Board Microfilm and Electronic Images as Documentary Evidence CAN/CGSB-72.34-2005 Canadian Government Standards Board Electronic Records as Documentary Evidence ANSI/AIIM/ARMA TR48-2004 Technical Report Framework for Integration of Electronic Document Management Systems and Electronic Records Management Systems AIIM TR31-1992 Technical Report Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems
Lesson #5: Multiple way to find items One Repository One Record Multiple ways
Lesson #6: Chain of custody Chain of Custody applies to both: Physical Records being converted Electronic records (eForms) Audit Trails
Lesson #7: When data is not data Metadata and Index data are not the same thing. It’s not the data that gets tested. It’s the entire system that gets tested.
Metadata Capture - Index Data VS. Metadata In order to meet CAN/CGSB Compliance West Canadian capture’s 160 different metadata fields (in addition to any index field values captured) Metadata Capture is The Automated Method of Documenting The Conversion Process From Paper to Electronic Records Provides Security and Audit Trails to The Process
Lesson #8: Not all vendors are equal Vendor’s need to prove they can, not just say can If a physical collection is not fully compliant the vendor is generally not the one that ends up dealing with the problem. Having a vendor provide CGSB/IMT compliant records does not mean they maintain their compliance ECM Repository vendor needs to understand compliance. This needs to go beyond the configuration. Needs to understand the entire system as a whole.
No Black Box - an example from an eForms workflow project The client here has the option: 1.Building there own forms 2.or get West Canadian to do it for them The client has the power not West Canadian
Lesson #9: Living in the Cloud All cloud based security is not equal. You will want to ensure you data is hosted in a T3+ facility. Location Is your data in Alberta or even Canada?
Data Center Tier Rating Chart Tier LevelRequirements 1 Single non-redundant distribution path serving the IT equipment Non-redundant capacity components Basic site infrastructure with expected availability of 99.671% 2 Meets or exceeds all Tier 1 requirements Redundant site infrastructure capacity components with expected availability of 99.741% 3 Meets or exceeds all Tier 1 and Tier 2 requirements Multiple independent distribution paths serving the IT equipment All IT equipment must be dual-powered and fully compatible with the topology of a site's architecture Concurrently maintainable site infrastructure with expected availability of at least 99.982% (Equals 1.5 Hours per Year) 4 Meets or exceeds all Tier 1, Tier 2 and Tier 3 requirements All cooling equipment is independently dual-powered, including chillers and heating, ventilating and air-conditioning (HVAC) systems Fault-tolerant site infrastructure with electrical power storage and distribution facilities with expected availability of 99.995% 19
Lesson #10: Understand the Business Process Tackle Process In Phases
Key to success: Planning Design Deploy Optimize Consult Shared Vision Defined Goals Increase efficiencies Drive Productivity Continuous Improvements Discover Solve Initial Pain Records Electronically Captured Secure Highly Accessible
ECM Solution: Question to ask? Is it mobile ready? Where is the data kept? Is it always in Alberta? What is the data center rating? Is it T3+? Are they compliant with SOC2 or greater? Do the eForms workflow need a client plug to work? Is there an extensive API guide? How long do you honor your API’s for?