Enterprise Information Management Issues to Consider in the Convergence of eDiscovery and eCompliance
Karthik Kannan, VP of Marketing and Business Development at Kazeon, just published a very helpful article on SC Magazine's site discussing the convergence of eDiscovery and eCompliance. As you'd expect, it's a marketing and business development article, so let's get that out of the way early. But regardless of whichever technology and process solutions one may prefer, I found the following to be an excellent summary of the issues and requirements one is likely to encounter when addressing the litigation readiness, information management, and compliance challenges in many organizations:
Due to the confluence of legal and compliance regulations and IT management issues, the perfect ESI storm has emerged -- and with it, the confluence of both eDiscovery and eCompliance.
Looking forward, these features are necessary for any workable amalgamation of practical eDiscovery and eCompliance initiatives:
- Enterprise-class scalability and performance. An eDiscovery/eCompliance suite must be scalable to search across hundreds to thousands of terabytes of electronically stored information, as well as scale into the billions of documents, and have the performance to process that data to keep pace with today's information growth.
- Auto-discovery of data sources - An eDiscovery/eCompliance suite must have the capability to auto-discover informational sources anywhere on the network, since critical data may reside in the enterprise file, storage file server or a laptop in Shanghai.
- Holistic and Dynamic Organizational Information Map - Since network topology can change rapidly, having a dynamic and active continuous auto-discovery capability is critical for information indexing, internal investigations, litigation procedures and information capacity planning.
- Agent-less and agent information management - Organizations have enough critical data running on servers, laptops and desktops today. Having the option to run agent-less or agent searches is a critical capability. Agent-less search has a low impact on the IT infrastructure and is easier to deploy. Search with an agent takes longer to deploy, but can deliver effectively on active data sets.
- Robust search, analysis, and classification - Searching, analyzing and classifying information is a complex challenge. Having a strong analysis and auto-classification capability that can sort large data sets based on metadata, document content, file type, an so forth is necessary to accurately and quickly reduce the volume of data to a relevant and manageable set.
- Tagging - Automating the tagging of individual content or grouping content into relevant virtual categories with a robust policy-based engine enables administrators to simplify the review and reporting process by delivering a virtualized organizational information overview.
- Workflow management - After gaining insight into and classifying critical information, bring the "in the wild" data into the ECM platform for workflow management and preservation. With the ability to automate the move, copy, encrypt, and delete actions; an automated policy-based methodology accelerates the manual processes for processing all the enterprise data.
- Unified management - With billions of documents and petabytes of storage, corporations can easily be overwhelmed by the volume of data. A robust eDiscovery/eCompliance suite must have a unified management view across the entire network and the ECM platform, to simplify operational management.
- In-place record hold - Being able to tag and hold potential critical information at the source, i.e., server or laptop, is a capability that separates the efficient eDiscovery/eCompliance suite from an unusable one. It is not reasonable to move all potential critical data back to a repository before review. The in-place hold and review and subsequent collection process streamlines and accelerates the process.
- Enterprise-wide critical information capture - With 80 percent of a corporation's informational assets outside the control of the ECM platform, an eDiscovery/eCompliance suite will need to have the flexibility to identify, access, search, and review information which resides in databases, email archives, servers, email systems and storage systems across the entire network. With an automated workflow policy engine, capture and movement of critical information to the ECM repository can be accomplished on a daily, weekly or monthly basis.
Certainly some of the points are subject to debate. For instance, the decision of which information or types of information should be subject to in-place holds is often an interesting and sometimes even a pointed discussion around the table. Also, while the article doesn't directly mention e-mail archives, many of the above principles would certainly apply. Overall I found it a helpful list of topics and features to consider when attempting to address enterprise eDiscovery and eCompliance initiatives.
I think it's even more important to remember that capability lists like these are most helpful when taken in the context of building a comprehensive information management and compliance program. Supporting policies and processes must also be developed to address the specific legal, records management, compliance, IT, and end business unit and users' needs and responsibilities. The resulting solution needs to make sense in the context of that organization's unique circumstances. It's in this context that these are excellent items to discuss and from which we can draw valuable insight in shaping those solutions.