In talking with many customers and peers, I find that I repeatedly use the concept of a funnel to describe practical ways to overcome the challenges associated with classifying sometimes massive volumes of electronically stored information (ESI), and applying defensible policies for retention, security/privacy, eDiscovery and ultimately "defensible deletion". Please see slide 5 of the attached presentation. Download Funnel.ppt
The funnel is a logical metaphor because organizations are being tasked with managing huge amounts of electronic content, some which has tremendous value, but much of which is either junk or is being retained long past the time when it has any business, legal or referential value. Across all types of organizations, around the world, the goal is the same - how do I get to the important stuff at the bottom of the funnel?
Think of a funnel as representing the electronic information that enters your enterprise every day (for some organizations, this might be several million objects per day, across hundreds and hundreds of different applications and content types, and even for a relatively small organization, there is going to be a lot of content flying around the network at the speed of light, and then piling up unmanaged on drives and tapes).
The core challenge for companies is classification - how do I in a practical way put this information into logical categories so that reasonable policies can be applied (and so that the important information can be found efficiently)? As discussed in an earlier post (Aspirational Records Management Policies), if you merely declare that the existing records management manual, which was put into place for paper documents (and which often contains hundreds of records types), applies to the electronic content, the classification and policy goals of the official records program typically are not met. Given current systems, processes, the state of auto-classification technology, and the refusal of employees and organizations to allow efforts at RM to reduce productivity, the IT department is just not able to operationalize what end up being "aspirational records management policies".
Now picture a funnel divided into three (3) pieces. On the top (and often the largest part of the funnel) is information with little value (or even negative value) to the enterprise. The goal at the top of the funnel generally is to "filter" or get rid of this content as soon as practicable, provided that the effort associated with separating out this content is not greater than the efficiencies and risk reduction of getting rid of it sooner.
In the middle of the funnel is what I think of as "productivity" documents, or content that has referential value, but is NOT an official company record. Think of the emails, powerpoints etc that you might save in subfolders on your desktop every day. These are not likely to be identified as official records in the company records manual, but they do have value to individuals and small working teams. Importantly, at most companies, if you try to take those away from employees by setting across-the-board short email and file retention periods for non-records, often employees will not react well and they will come up with their own (uncontrolled) ways to save those documents (which may completely undercut the goals of the underlying policy). Conversely, it is important to note that despite the strong feelings of employees about the "need" to keep these types of productivity documents, at nearly every organization in the world, the reality is that when you examine actual utilization rates from an IT perspective, after 180 days, very few of these "productivity" documents are actually accessed. This lines up with the personal experiences of many - we set aside these documents every day, but how often do we really go back and use ones that are years old?
At the bottom of the funnel (and often the smallest overall volume of content) is a company's most important business and legal records, and increasingly, included in that category is content on "litigation hold" (in other words, the file that was not a record yesterday, ends up being treated like a record once it is determined to be potentially relevant to a legal matter). For the content at the bottom of the funnel, there is often a need to attach much greater security, content management and process discipline of true on-line records management. (I note that in earlier posts, there was some healthy back- and-forth and some may have been left with the impression that my view is that records management should be marginalized in favor of a small number of simplistic policies. That is not my view. My view is that records management has never been more important. That said, there is too much content to try to get employees to classify each and every object. Rather, you need to determine how to get to the bottom of the funnel and then apply the RM discipline where it belongs.)
The funnel model discussed above does not solve all the issues, and it is wildly oversimplified, but simple is good. I've found it to be a valuable starting place for a risk adjusted approach to setting policy. I'll plan to expand on some of these concepts in future posts, which will be more frequent than in the past. --Andy
