Information management initiatives – who should be in charge after all?

Posted by on March 12, 2012 No comments

In 2011 PMI and Forrester jointly published a report – “State of PMO”. Although the report was targeting specifically problems that Project Management Offices face, the interesting thing is that the findings are very much relevant to information management implementations. One of the measured factors in the study was the perception of value that PMO brings to organizations and its correlation to the organizational reporting lines. The surprising outcome of the report was that while organizations perceived the PMOs as of high value where they reported to CEO (38%) or CFO (36%), the approval rate dramatically dropped down when PMOs reported to CIO (22%) and VP IS/IT (15%).  This could lead to conclusion that the lines of business either:

  1. distrust IS/IT departments,
  2. perceive IS/IT as detached from the business and not addressing their real problems, or
  3. benefits from IT/IS initiatives are potentially intangible and/or never measured after projects are  completed

I do not have specific numbers for information management initiatives, but experience seems to confirm similar correlation. When information management projects are not driven by the business but rather by IT, they are often observed with distrust, little confidence and support. Indeed, some of the IT/IS information management initiatives focus on technology, with poor understanding of the business processes, goals and operations. If this is true, to improve the odds, they should be conceptualized and driven by the business groups rather than by IT.  Using Pareto principle, maybe 80% of focus should be on business transformation and knowledge management, and 20% on technology. Delivery should still reside within IS but the business should be firmly in the driver’s seat. The recent explosion in collaboration methods, are blurring the boundaries between the external and internal, business and social, stationary and mobile collaboration, bringing new opportunities and challenges. There is no doubt – the cloud computing is going to revolutionize the way how IS and IT departments work today. IT is becoming increasingly a commodity, and some jobs are quickly disappearing, although recent IDC study brought news that cloud services are going to generate 14 million new jobs by 2015. Too bad that they are going to be in some other, cheaper part of the world. This trend will also force redefinition of the role of the CIO – maybe putting ‘Information’ back into the title – changing the focus from the infrastructure and technology to identification, valuation, definition of metrics and the management of the information as any other enterprise asset. I believe that both – shifting of the responsibility for information management initiatives to the business, as well as recognizing that information is the asset will increase success rates of IM initiatives within organizations, leading to improved profits, reduced risks internally and better service to customers externally.

Implementation of Records Management in SharePoint 2010 is not trivial

Posted by on March 1, 2012 No comments

DecisionRecords management implementation in SharePoint is not a trivial thing. I wrote about this on couple of occasions in the past. Earlier this week there was an interesting presentation from ARMA, expanding on some of these topics.

First of all – SharePoint out-of-the-box implementation will provide only a partial and rather informal – records solution. Many people consider Department of Defense DoD 5015.2 records management requirements as an overkill. This might be true for most of non-governmental organizations, although ARMA identified that of 168 requirements in DoD 5015.2, at minimum 105 are considered as those that make system a robust records management application. SharePoint 2010 satisfies 72 of these requirements. That leaves gap of 33 requirements that needs to be addressed. There are two ways of doing this – getting SharePoint implementation customized or getting a third party add-ons to handle the records management. Both of the solutions have their own pros and cons related to costs, licensing, training and operational support requirements.

Among the issues that need to be addressed are:

–          Centralized file plan, linked to a retention schedule. I wrote about this earlier – this requires usage of records center rather than in-place records management.

–          Securing, management and maintenance of the file plan by the records managers. This includes securing top levels of the file plan hierarchy but with ability to allow delegated departmental records clerks to create and maintain third level of subject and case file folders.

–          Proper disposition process – SharePoint OOTB handles automatic deletions, but disposition process needs to be customized, including records qualification, reviews, approvals, cutoff times, and records state status updates

–          Distinction between the subject records and the case file records. The significant difference between the two is related to the above process, where the entire content of the Document Set in case file record must be disposed at the same time, preventing the users from destroying the record partially.

–          Centralized management of Information Management Policies in SharePoint, due to required security levels. Information Management Gallery is not enough, and this also impacts ability to implement in-place records management, where control of these policies and maintenance of the security becomes quickly impractical.

–          Ability to monitor ingestion of records, their classification status, and retention events. This includes bulk uploads and changes to records metadata. Even on document level it is currently a huge pain in SharePoint.

–          To manage the records across their lifecycle, proper metadata must be collected and updated along their way. The specific records related metadata needs to be defined and implemented during the rollout.

–          MS Outlook integration with ability to declare emails with their attachments as records, and ability to add records specific metadata.

In either case – customization of SharePoint or integration of third party add-ons requires lot of thought planning, and tough decisions making.

SharePoint – Records Center or In-Place Records Management?

Posted by on February 20, 2012 No comments

Folder - records managementSharePoint 2010 brought some new capabilities but at the same time challenged the implementation teams with making some tough decisions. One of them is – how to implement records management. In MOSS 2007 – it was simple; the only possibility to achieve the functionality was through setting up Records Center site. In this case, for the content to be declared as a record, it had to be moved to separate storage area. SharePoint 2010 now offers In-Place Records Management – content that was declared as the record stays where it was originally, but the additional information management policies need to be applied to make sure it is immutable. Which solution is better? Which one should be chosen?

As expected there is no simple answer to this question – it depends. But once the decision is made, the organization needs to live with its consequences. The way back is costly and time consuming, it makes reversing the course usually unfeasible. So what are the pros and cons of either solution? The list below captures some of the key differences and their potential impact. Please note that some of the functionality was split to reflect the fact that business users and records managers are often driven by conflicting requirements – ease of filing, access, finding information and ability to collaborate for business users and ability to restrict access, protection and enforcing retention rules for records managers.

Feature In-place Records Center Comment
Retention Implemented through information management policies by content type. It might provide more flexibility in getting the rules more granular but at the cost of maintenance complexity. Simple – once record is placed in its bucket, it inherits its retention rules. Most of business users are not concerned by the retention; this is of primary interest to records managers. However what needs to be taken into account, if implementing in-place records management, the records lifespan might be longer than the hosting site. This creates potential problems with records preservation when the site needs to be disposed. This could lead to tendency to keep obsolete sites live, exposing the organization to legal and regulatory risks, and increased storage costs.
Security/Accessibility No ability to restrict access to records, the record maintains the same visibility across its lifecycle The content visibility and the ability to see its existence in search results can be restricted This could be a concern for records of sensitive nature especially in areas of HR, and Legal departments, or in case of mergers and acquisitions.
Findability of information – business user perspective Excellent, since records reside within their context in their corresponding libraries and folders Might be poor, since same content types reside in the same buckets. This category addresses primarily needs of business users – to locate quickly and easily the information. Since in case of in-place implementation, records are preserved at their source, it is easy to locate the information through its context. In case of the Records Center implementation, the key success factors are related to good governance policies, their implementation, as well as rich and good quality metadata.
Findability of records / eDiscovery – records manager perspective Usually good, though the search needs to span multiple sites Good since all records are located in Records Center, but eDiscovery will require search in both sites and in Records Center In case of Records Center good quality of metadata is important. eDiscovery of records in Records Center is fairly straightforward and quick, however since eDiscovery covers any content – declared as records or non-declared, it will not eliminate need of searching across all locations.
Ease of records management Complex since records are spread across various sites, libraries and folders Easy since records reside in central location with common sets of rules Managing records declared in-place might become messy. Strict governance and control of granularity of information management policies is required. The governance must include cases how to handle records if their survivability exceeds the site lifespan, as well as defining of who can un-declare or supersede records per site. Auditing of the records management and records reporting becomes more complex.
Ease of site management Complex – since sites contain both mutable and immutable content Simple – sites contain only documents that are not yet declared as records, or stubs to Records Center content Sites with in-place records management become more difficult to manage due to differences in how records and transitory documents are handled. Strict governance is required.
Ability to audit records More complex Simple Ability to audit records in in-place implementation depends on each sites audit policies implementation. There are no out of the box compliance reports available. Strict governance is required.
Administrative security By site administrators By records managers In in-place implementation, site administrators have ability to manage both transitory documents and records. This might not be desirable in case of organization in heavily regulated industries, where single responsibility for preservation of records resides with records managers.
Storage Transitory documents and records reside on the same storage medium Scalability could be easily ensured by placing records on separate storage medium In-place implementation might lead to increased storage requirements for both documents that are being actively collaborated and records that might be rarely accessed. Performance issues, security and organizational disaster recovery requirements must be taken into account (this is not the same as simple backups).
Declaring of Document Sets as records Yes No Current version of SharePoint does not allow for declaring Document Sets as records in Records Center

 

So how to determine which one is more suitable for given organization? There are several factors that will ultimately influence the decision, like:

–          Company culture – strict or more relaxed

–          How heavily regulated is the industry

–          What are the legal, regulatory and statutory requirements

–          Existing processes for handling records – is there already dedicated staff to manage records?

–          Business continuity planning requirements

–          Existing business processes – are document sets best suitable in the organization (this is weak point however, as I am sure that Microsoft is going to come with solution for Document Sets handling soon)

–          Information growth rate and proliferation of sites and sites collections

Decision on the method of records management implementation should not be taken lightly as it will have long term impacts on costs, change management, user adoption, governance, sites and records management, compliance and others. There is no easy way back.

Where is that tap?

Posted by on February 13, 2012 No comments

Fortis records managementHere is the latest example of poor records keeping, and associated costs, as it happened last week in the area where I live – Ruptured Line not on maps: Fortis. In short – an excavator ruptured natural gas line, which resulted in evacuation of whole neighborhood, organizing and transporting residents to temporary locations, closed businesses, rerouting traffic, full presence of police, fire and rescue services. It took a while for Fortis – natural gas provider, to locate the leak and cut off the supply. Contractor was not at fault here – before digging, they checked with Fortis if there were any pipes in the area. After the fact, Fortis stated that the pipe was more than 40 years old and was not indicated on the map. I am afraid that in reality the pipe was on a map, as it was supplying gas to a building that does not exist anymore. Rather the problem was that Fortis was not able to locate the latest version of the map, and they based their excavations approval on outdated records.

The positive side of this event is that it should be fairly easy for Fortis to develop and approve business case for an improved records management system. One of the biggest problems facing implementation of information management projects is that they are always low priority, due to the intangibility of most of the benefits and risks. There is always something more important generating revenues. Documents and records management are mostly perceived as cost centers – until accidents like this happen. Fortunately in this case there was no further damage and nobody was injured. But definitely this is an opportunity to quantify the costs and risks in the business case and get the problem fixed. In this case – these will be the costs of the emergency services, evacuation, investigation, and problem rectifying and so on. Safety, Health and Environment risks will come on the top of priorities and let’s not forget about reputational risks – protecting the public trust, and the organization in litigation, would one follow. One door closes, another opens….

Is Email on its way out?

Posted by on February 3, 2012 No comments

Recently I read some predictions that the email is an idea of the past and eventually is going to vanish. Although I do not agree with this statement in its entirety, there is some merit in this way of thinking. Email might soon share the same fate as the phone (not to mention epistolography – does anybody still remembers the art of writing letters?). On a forefront of this new development is Atos – I think the first organization that officially banned the use of emails replacing them with more collaborative tools. They must know what they are doing after all this organization is pretty large with 42 offices around the world and 74,000 of employees. As a matter of fact, couple of years ago I worked for a company with over 25 offices across the world and the instant messenger was our primary contact tool. With rapid eruption of social networking technologies, the near real-time collaboration and the cloud platforms, the importance of emails is going to diminish. As Atos CEO said, on average their employees were getting 200 emails per day, from that only 10% was useful, and middle managers were spending 25% of their time searching for information. From my personal experience, this sounds right.

On the other hand the social technologies bring new challenges from point of view of information management – like for example – how to treat them as records, how to deal with their retention, how to retain the knowledge. The bigger challenge however is personal productivity, if everyone is chatting with everyone; then they have no time to do any work. This type of collaboration cannot be replacement for ability to store, search, find and use the information. So information management is becoming now even more important, before the big wave hits destroying the efficiency instead of enabling it, the workers must know where to find the information, and have easy access to it, rather than trying to find it by chatting. This is the point where the email has advantage, with tools like Outlook – the search is quite simple and it is easy to associate the content with its business context. The governance has a key role to play here, on one of our recent programs we implemented a policy to block 50% of time to focus on the work that was planned, including collaborating ‘within’ the teams, and devoting the rest of the time to coordination with other teams, planning, meetings, answering emails, administrative work and so on.

Overall, no doubt – while our world is changing dramatically when it comes to communication and collaboration, our information management strategy and governance needs to adjust accordingly.

Three things that annoy me in SharePoint

Posted by on January 31, 2012 No comments

No doubt about it, SharePoint is a good tool when it comes to document management and collaboration. However there is couple of problems that still do not make this product great. For example, when it comes to implementation of taxonomy and search, there are at least three things that require looking for some workarounds.

              1. Cannot delete custom content types.

Once you created a content type, that’s it, you are done – you won’t be able to delete it. Sure, there is a link in Site Settings to delete this content type; the only problem is that SharePoint will not allow you to do it. Instead, you are going to get messages that the content type is in use, even if you ensured that this content type was unlinked. There are some blog posts showing how to work around this problem, but all of them require running direct action queries on MS SQL content database. Obviously it is possible to be done, but not really feasible for production environment in most of organizations. To avoid this issue, implementation teams need to make sure that the taxonomy is tight on the paper, and then test with a pilot before production implementation.

2. Drop-off library works only with Document type items.

Drop-off library is a great concept, allowing for building set of rules that facilitate an automatic movement of documents to corresponding libraries, based on their content type. Unfortunately this works only on Document types, or your own custom types inherited from Document class. So if your customers would like to use it for images or audio files, they will have to move the files manually to their target locations. This could become confusing – for one type they can use drop off, for the others they cannot. So, when planning implementation, consider this during alignment of the end user processes, and if you still decide to benefit from this functionality, make sure that the change management team gives enough attention to it.

3. Lack of native support for indexing of PDF files.

PDF today became standard when a user wants to make document portable, light-weight and read-only. Unfortunately SharePoint 2010 indexing service currently does not support this type of files. There is couple of add-ons that could be installed, but they range in performance, quality and cost. I believe that this is such an important feature that it should be part of the out-of-the-box installation.

 Small things but make life more difficult – hopefully SharePoint 2012 will address them.

Classification or Search?

Posted by on January 22, 2012 No comments

Couple of days ago, there was an interesting post by Michael Schrage where he questioned need for information classification in today’s (mostly electronic) world. I often hear same opinion from people who rely primarily on MS Outlook for storage and search of their documents. Apart from the fact that it rubs the IT administrators and record managers wrong way, there is some merit in his way of thinking. People usually get what they want – the information could be easily found and is easily accessible.

But why it is like this and is it applicable to all documents? First of all, we live in a world where information governance lies somewhere on a continuum between total ‘anarchy’ – where all documents live unorganized in one place, and a ‘tyranny’ – where every document, from the moment it is created, is classified and tracked. One side of the spectrum could be considered as for free spirited, right brain people, the other one for left brainer bureaucrats or ‘Type As’ as Schrage describes them. But reality lies somewhere in between, each of us personally leans to smaller or larger degree to one or the other end of the spectrum. My personal believe is that for us personally and as it is for organizations, to be really productive and creative, we need to balance on the edge of the chaos and tyranny.  To Schrage’s point – people quite often waste their time classifying the information that does not have to be classified. But then why do we classify in the first place? There is couple of objectives. The first one is most obvious – to easily find information, and this is what Schrage is referring to.

Not long time ago, when the documents existed only in physical form – people invented classification to locate and to find information. A good example is Dewey’s Decimal Classification system used in the libraries. First you locate books based on the class and subject, once you found it, you use index to find information within it. Electronic documents moved the limits of such system further, giving new capabilities and opportunities to search.

In case of my personal account with MS Outlook or with Twitter, Schrage is right. The value of classification of my emails for purpose of search is low. Outlook is pretty good and flexible allowing me to locate needed information fairly quickly. But why is it like this? This happens primarily because MS Outlook captures all the needed metadata describing context of the email automatically, with me spending no time on this. Sender address, date sent, received, subject, and content are searchable. Additionally the email treads functionality makes things easier to dig in deeper into messages when needed. This works so well since I am intimately familiar with my emails, and can easily recollect and associate the information with its context. But this is not going to be the same case if I inherit mailbox from someone else. Although the search might help with narrowing the results, I will need more to figure out what the message is about, and if it corresponds to what I am looking for. So, as per Schrage point – this does work for my personal productivity, but it will not help in case of an organization where I have to collaborate.

So, although I agree that classification is not needed here, and as a matter of fact it could be even restrictive, the key to success is the metadata describing the content. In case of Outlook, as I already mentioned, some of it is captured automatically. In other cases, however the metadata needs to be added, to keep the context with the content. It could be manual, but this is what most of people perceive as a ‘waste’ activity. It could be automatic, and to some degree it is possible as with MS Office documents. However, there still be some metadata that only the author could decide, as it corresponds to his or her intentions. Additionally the metadata itself could have its own classification or hierarchy to be meaningful.

So search and findability are one of the objectives of the classification. Another one, and especially important in case of organizations, is the records classification. Records should be kept for periods of time prescribed in retention schedules, usually based on document type classification. So here the classification is not going to disappear.

In summary, I agree that importance of classification will be diminishing as the technology evolvs. The automatic classification will definitely be of help but it is not there yet today. As artificial intelligence tools will become more truly ‘intelligent’ and capability of the systems will increase to analyze the content of the data, the need for manual classification will be limited. But the real purpose behind the scenes will remain – the accuracy and completeness of the metadata. Tools like Google Search or SharePoint 2010 with FAST search engine are on right track to narrow the search scope and to mine the results. Ability to use enterprise keywords, with good search analytics will help with the findability. However the need for classification will not disappear, but it will become of limited importance to most of the users.

Legal, statutory and regulatory foundation for Information Management programs

Posted by on January 5, 2012 No comments

Any successful information management solution implementation requires establishing of a proper IM framework. Such framework will help with forming governance, setting up priorities, definition of constraints, and will give the overall direction to any future information programs.

The foundation of such framework is based on existing legal, statutory and regulatory requirements. Establishing of such basis, especially in larger organizations is not an easy task and requires involvement of several parties.  I made an attempt to capture some of these laws, standards and regulations used in the US and in Canada. This list is far from being exhaustive; every organization – depending on type of business – will have to establish their own baseline, which will include specific industry regulations.

United States:

Law, Statute, Regulation Short Description
Sarbanes-Oxley (SOX) 404 and 409 – Corporate and Auditing Accountability and Responsibility Act SOX deals with monitoring of creation and management of financial records, as well as disclosing of information about changes in the financial conditions or operations of the organization. It affects primarily publicly traded companies including accounting and security firms, auditors and brokers.
Health Insurance Portability and Accountability Act (HIPAA). HIPAA refers to protection of individually identifiable health information. It enforces that organizations handling such personal information notify the patients about their privacy policies.Organizations affected by this policy include health plans and health care providers.
Children’s Online Privacy Protection Act (COPPA) COPPA requires that online content providers, working with audiences that include children must use reasonable procedures to ensure that child’s parent is included in the process.
Department of Defense 5015.2 (DoD 5015.2) DOD 5015.2 identifies requirements based on operational, legal and legislative needs that records management solutions vendors must fulfill. It affects software vendors of electronic document and records management systems. Several government offices in the US require compliance with this standard, but also some other, larger organizations implementing information management systems, often use this standard during selection process. For this purpose, this standard is often used outside of the US.
Securities Exchange Act (Sec Rule 171-3 and 17a-4) SEC act outlines requirements for data retention, classification, and accessibility for organizations involved in financial securities trade.
Gramm-Leach Bliley Act The act is regulating handling and sharing of personal information, and disclosing of privacy policy to consumers. It primarily affects financial services organizations.
IRS Rev. Proc. 97-22 This guideline includes directives for taxpayers on maintenance of financial books and records using software applications.
Electronic Signatures in Global and National Commerce Act (ESIGN) This act regulates use of electronic records and signatures in commercial transactions.
Fair and Accurate Credit Transactions Act (FACTA) It allows consumers to request and obtain free credit report every 12 months. It also contains provisions to reduce identity theft and secure disposal of consumer information. The financial institutions are mainly affected by this act.
Fair Credit Reporting Act (FCRA) FCRA regulates the collection, distribution, and use of consumer information, including credit information. It affects consumer credit reporting organizations.
Freedom of Information Act (FOIA) It guarantees access to the full or partial previously unreleased information and documents controlled by the US government.
Government Paperwork Elimination Act (GPEA) This act requires federal agencies, where practicable, to use electronic forms, filing and signatures to conduct official business.
Occupational Safety and Health Act (OSHA) OSHA governs occupational health and safety in the private sector and federal government.
Uniform Electronic Transactions Act (UETA) The purpose of this act is to integrate the differing State laws in matter of retention of paper records, and the validity of electronic signatures. It supports the validity of electronic contracts.

 

Canada:

Law, Statute, Regulation Short Description
Personal Information Protection and Electronic Documents Act (PIPEDA) It governs how the private companies collect, use and disclose personal information in the course of conducting business.
Secure Electronic Signature Regulations (SOR/2005-30) These regulations stipulate how digital signatures are created and verified. It is related to Canada’s Evidence Act dealing with integrity and validity of electronic documents.
Access to Information Act Regulates access to the full or partial previously unreleased information and documents controlled by the Canadian government.
Privacy Act This act stipulates rules how the federal government must deal with personal information.
Limitations Act Limitations Act defines period of time during which legal proceedings maybe initiated, and thus influencing definitions of retention periods.
Ontario Bill 198 It provides regulations of securities issued in the province of Ontario. It roughly corresponds to Sarbanes-Oxley in the US.
Microfilm and Electronic Images as Documentary Evidence Standard This standard deals with microfilming and electronic image capture. It also describes process of establishing a program helping with ensuring document integrity, reliability and authenticity.
Electronic Records as Documentary Evidence Standard This standard delivers provisions to ensure that electronic information is trustworthy, reliable and authentic.

 

It is important to remember that the process of establishing such baseline requires deep involvement of legal department, and several business subject matter experts. Since the laws and regulations change from time to time, the organization should appoint a steward responsible for maintenance of the framework, and establish a governance model describing what to do, when such laws or regulations change.

SharePoint 2010 and Department of Defense

Posted by on December 22, 2011 No comments

As you might know, SharePoint 2010 does not have their records management solution certified with DoD 5015.2 standard. MOSS 2007 was certified, but with 2010 Microsoft decided not to go through the pains of getting their product tested and approved. There are multiple reasons behind this decision, but probably the most important is that certification requires substantial effort and time. Microsoft wants to focus on developing collaboration platform, leaving the more detailed compliance requirements to software partners.

But how important is this decision? In conversations with records management professionals I often hear the opinion- “who cares, DoD standard is military oriented with strict set of rules that most of organizations will never need”. They are right; probably most of organizations will never need that level of compliance. However, the point is somewhere else. The certification guarantees that the software product delivers all that the organization will ever need, and most probably delivers more – at least when it comes to the records management. The organization does not need to use all the features; however having such capabilities removes at least one of the concerns when selecting software product related to compliance.

For example – how executives in your organization would feel if they find out that SharePoint records management solution that you just implemented, does not guarantee irrecoverable destruction of records that passed their retention period? SharePoint out-of-the-box does not provide solution for expunging of records, after they are deleted. As you might know, there were several criminal cases where courts requested recovery of deleted files and specialized agencies were often successful in this task.  I am sure that some of the executives in government and large corporations would become quite nervous knowing that.

The bottom line is that SharePoint is a great solution for implementation of records management; however, the organizations need to take into account all the requirements across the organization. I mean all the requirements – not only those explicitly stated by records managers but also the implicit business needs. Some of these requirements will need to be fulfilled by adding additional, third party web parts or application services. This on the other hand, increases the total cost of ownership, so finding proper balance between requirements, planning and design is quite critical.

Lost cause in records management – convenience copies

Posted by on December 6, 2011 No comments

I found some interesting facts in recent poll by AIIM “Records Management Strategies – plotting the changes”. As many as 48% of respondents said that although they were concerned of leaving convenience copies of disposed records at the end of their retention period, they did not have a solution in place to address it. It sounds like a paradox, from one side organizations spend millions to implement enterprise content management systems, and on the other hand they leave on the table the key benefits from implementation of such systems and processes. In another, related question, respondents said that their strongest business drivers for ECM, were related to compliance with legislation and industry regulations (45% and 35%), reduction of storage costs (42%), sharing of knowledge (36%) and improvement of litigation performance and reduction of associated costs (35%).  By leaving the convenience copies unattended, all the above drivers are not being addressed, often deluding organisation that they achieved their key objectives. Even if the ‘official records’ are disposed, the organizations are still not compliant with laws and regulations, the storage costs are not reduced, eDiscovery costs will be high as all information will have to be searched, and often the business decisions will be based on outdated information. The missing last step in information management strategy implementation undermines the organizational efforts. This might not be surprising as over 35% of respondents cited lack of board/C level commitment and lack of cross-departmental agreement on how to manage electronic records, as the key obstacle to implement information management strategies.

The lesson learned from this is that groups responsible for implementation of information management within organizations need to work continuously on marketing of ECM and building strong business cases based on hard, measurable benefits. Even if this is done, after the implementation, there must be ongoing effort to accurately monitor the key performance indicators and success criteria. The outputs of these measurements should reinforce the marketing messages, helping in getting required support.