Fully Compliant Cloud-Based Repository

Download Report

Transcript Fully Compliant Cloud-Based Repository

Fully Compliant Cloud Based Repository
Lessons along the way
Mark Ellis, Electronic Records
Management Consultant
April 8th, 2014
Agenda
• Who I am
• Industry Statistics
• Records Management
widgets
• 10 lessons I’ve learned
along the way
• Where to start
Mark Ellis
Who am I
• 20 years in an industry that
generated the mountains of paper
• 5 years working on opposite side of
the fence:
• The taste of the paperless office
• Trying to get rid of those same
paper records
• Been lucky
• Some very successful ECM
deployments
• Worked with talented people
Records Management Industry
“Over 50% of organizations have either zero OR more
than 3 content management systems implemented.”
“60% of organizations still use
network file shares as a primary
records management solution.”
“More than 50% of organizations cited
excess litigation costs or damages resulting
from poor record keeping as the largest risk
relating to information governance.”
“More than 40% of organizations cited getting to
grips with electronic records management the - AIIM Industry Watch, 2013
biggest cause for concern relating to information
governance this year.”
Records Management Widgets
Achieving a compliant repository extends far beyond the technology.
Lesson #1: Team effort
There is no single person with all the answers.
Key Resources
• Solution’s Architects
• Legal and compliance experts
• Subject matter experts (internal)
• Business Analyst
• IT
Lesson #2: The Ideal ECM system
Is one that you never ever have to touch and
works well other systems.
Integration
Application
Programming
Interface's
Many vendor do not
honor API’s for ever. Our
system is unusual in that
since it start 17 years
ago they have never
abandoned and API call.
Lesson #3: Scanning alone will not fix the problem
Scanning Project are one piece in a large puzzle.
The go forward process is key
Lesson #4: Compliance cannot be outsourced
Technology is only a part of the overall
solution.
Compliance
 Industry Leading Technology
 Highest Certifications Available
 Compliant – and Setting the Standards
• GOA IMT A000013 – Digitization Technical Requirements, &
GOA IMT A000015 – Digitization Process
• CAN/CGSB-72.11-93 Canadian Government Standards Board
Microfilm and Electronic Images as Documentary Evidence
• CAN/CGSB-72.34-2005 Canadian Government Standards Board
Electronic Records as Documentary Evidence
• ANSI/AIIM/ARMA TR48-2004 Technical Report Framework for
Integration of Electronic Document Management Systems and
Electronic Records Management Systems
• AIIM TR31-1992 Technical Report Performance Guideline for the
Legal Acceptance of Records Produced by Information
Technology Systems
Lesson #5: Multiple way to find items
One Repository
One Record
Multiple ways
Lesson #6: Chain of custody
Chain of Custody applies to both:
• Physical Records being converted
• Electronic records (eForms)
Audit Trails
Lesson #7: When data is not data
Metadata and Index data are not the
same thing.
It’s not the data that gets tested.
It’s the entire system that gets
tested.
Metadata Capture
- Index Data VS. Metadata
 Metadata Capture is The Automated Method of
Documenting The Conversion Process From Paper
to Electronic Records
 Provides Security and Audit Trails to The Process
In order to meet CAN/CGSB Compliance West
Canadian capture’s 160 different metadata
fields (in addition to any index field values
captured)
Lesson #8: Not all vendors are equal
Vendor’s need to prove they can, not just say can
• If a physical collection is not fully compliant the vendor is
generally not the one that ends up dealing with the problem.
• Having a vendor provide CGSB/IMT compliant records does not
mean they maintain their compliance
• ECM Repository vendor needs to understand compliance.
• This needs to go beyond the configuration.
• Needs to understand the entire system as a whole.
No Black Box
- an example from an eForms workflow project
The client here has the
option:
1. Building there own
forms
2. or get West
Canadian to do it for
them
The client has the
power not West
Canadian
Lesson #9: Living in the Cloud
All cloud based security is not
equal.
• You will want to ensure you data is
hosted in a T3+ facility.
Location
• Is your data in Alberta or even
Canada?
Data Center Tier Rating Chart
Tier Level

1



2



3




4

Requirements
Single non-redundant distribution path serving the IT equipment
Non-redundant capacity components
Basic site infrastructure with expected availability of 99.671%
Meets or exceeds all Tier 1 requirements
Redundant site infrastructure capacity components with expected availability of
99.741%
Meets or exceeds all Tier 1 and Tier 2 requirements
Multiple independent distribution paths serving the IT equipment
All IT equipment must be dual-powered and fully compatible with the topology of a
site's architecture
Concurrently maintainable site infrastructure with expected availability of at least
99.982% (Equals 1.5 Hours per Year)
Meets or exceeds all Tier 1, Tier 2 and Tier 3 requirements
All cooling equipment is independently dual-powered, including chillers and heating,
ventilating and air-conditioning (HVAC) systems
Fault-tolerant site infrastructure with electrical power storage and distribution facilities
with expected availability of 99.995%
19
Lesson #10: Understand the Business Process
Tackle Process In Phases
Key to success: Planning
Discover
 Consult
 Shared Vision
 Defined Goals
Design
 Solve Initial Pain
 Records
Electronically
Captured
 Secure
 Highly Accessible
Deploy
 Increase
efficiencies
 Drive
Productivity
Optimize
 Continuous
Improvements
ECM Solution: Question to ask?
• Is it mobile ready?
• Where is the data kept? Is it always in Alberta?
• What is the data center rating? Is it T3+? Are they compliant with
SOC2 or greater?
• Do the eForms workflow need a client plug to work?
• Is there an extensive API guide?
• How long do you honor your API’s for?
Thank you!
[email protected]