Forrester Research/ARMA International Survey:
RM Tech Deployment Still a Rough Road
A well-crafted records management (RM) program with supporting applications is critical to keeping an organization out of legal hot water. However, the road to successful implementation is rarely easy. In its third annual collaborative effort with ARMA International, Forrester’s recent survey of more than 300 technology and strategy decision makers responsible for records management shows that while enterprises report greater satisfaction with their records management applications than in our prior surveys, many continue to grapple with complexity, cost, low user adoption, and integration shortcomings.
Factors Driving RM Technology Adoption
Among important findings, 53% of records management stakeholders indicated that they expect to augment or deploy new records management products in 2012. While this represents a slight dip from last year’s survey, three factors stand out in continuing to drive strong adoption:
1. The need to address regulatory requirements and ease e-discovery pain
Successful records management programs support achieving regulatory requirements, information risk management goals, and broader information governance objectives. In Forrester’s Q2 2011 “Forrsights Security Survey,” 83% of enterprises reported regulatory compliance to be an “important” or “very important” initiative over the next 12 months. While records management has historic roots in facilitating compliance, organizations are increasingly seeking to ease complex and costly e-discovery responses with defensible disposition approaches enabled by solid records management programs.
2. The need to tackle a broader set of content and application types
Over the last several years, vendors and organizations have embarked on a journey to expand the scope of records management beyond physical records to a broader set of electronic assets. While applying records management controls on physical assets remains a critical use case, the transition to incorporating these controls over a wider array of content types and applications has been slow and bumpy. In 2012, however, about one-third of records management decision makers plan to integrate content management, e-mail, file shares, and collaboration systems with currently deployed records management applications.
3. The need to factor in the rapid rise of SharePoint
Enterprise adoption of SharePoint for content and collaboration is pervasive. In SharePoint 2010, Microsoft introduced significant records management advances and generated keen market interest. While the current offering includes improvements, it won't address all enterprise records management requirements. Partners can help address some functional gaps, but buyers need to do their homework, especially since few detailed public references for SharePoint 2010 records management use cases exist.
Amid this strong adoption, survey results illustrate that information risk professionals are increasingly satisfied with their records management applications. Up from only 49% in 2009, 58% of 2011 survey respondents indicated satisfaction with their current records management solutions (see Figure 1).
RM Program Challenges
While this small shift is encouraging, records managers also describe considerable challenges with their programs. Instead of technology application-specific woes, these frustrations focus primarily on concerns regarding the:
- Complexity and duration of deployments
- High cost
- E-discovery capabilities
- Strategic standing within the organization
Complex, Lengthy Deployments
Similar to last year’s survey, nearly two-thirds of records management stakeholders indicated that complex and lengthy deployments are a continual source of frustration.
One of the main factors contributing to this concern is that aligning RM with information technology (IT), legal, compliance, and business stakeholders remains a challenge for about one-half of records managers surveyed.
Not only can organizational fragmentation slow down and complicate RM deployments, absence of appropriate cross-functional linkages can also cause enterprise RM programs to fail. Ultimately, cross-role coordination is essential in capturing RM requirements, developing strong policies and procedures, working through technology issues, and promoting ongoing program governance objectives.
Survey data also reveals considerable policy complexity, with 16% of records managers reporting their organization has more than 150 distinct retention policies for records (see Figure 2).
Choice is good – but that’s a lot. It is simply not realistic to expect broad sets of employees to navigate extensive classification options while referring to records schedules that may weigh in at more than 100 pages. While automated approaches and effective outreach with records coordinators can help, Forrester recommends limiting the number of distinct retention policies and consolidating classification options to improve user adoption, limit classification inconsistencies, and ease deployment duration and complexity.
A third factor attributing to complexity and deployment duration concerns centers on legacy implementations. Historically, many organizations deployed records management applications focusing solely on physical assets. These systems simply weren’t designed to accommodate a broad range of electronically stored information (ESI) or to tackle rigorous e-discovery demands.
Today, information risk management professionals upgrading or introducing new records management applications expect precisely this functionality. In some cases, however, technical integration limitations across vendors or poorly linked supplier portfolios can complicate deployments. In others, navigating complex workflows (e.g., legal hold or detailed routing processes supporting particular business groups) or understanding implications of how the system might control additional types of ESI, such as e-mail, SAP data, or SharePoint, can bog down rollouts.
While developing appropriate process and technology integrations is time consuming and can be frustrating, rushing out a disjointed application with major missing links is a recipe for records management program headaches.
High Solution Costs, Budget Uncertainty
High solution costs also represent a major problem for today’s records managers. To this point, 60% perceive solution expense to be a challenging factor, while 11% of professionals planning purchases expect to spend more than $250,000 on new licenses (see Figure 3).
Information risk management professionals anticipating records management purchases in 2012 expect to source from a broad range of providers, including Autonomy, Archive Systems, EMC, Fabasoft, HP, Hyland, IBM, Iron Mountain, Laserfiche, Microsoft, Open Text, Oracle, and others. As a reflection of considerable variations and complexity in vendor pricing models, nearly one-fifth of records management decision makers planning purchases in 2012 haven’t yet determined which vendor they will use.
Beyond deployment and integration expenses, services costs supporting policy development, training, and ongoing records management program governance can add up quickly and may not be transparent to information professionals. For example, in developing retention policies, more than two-thirds of records managers work with their counterparts in legal, business management, IT, and compliance. While this cross-functional
collaboration is critical, capturing input must be carefully planned. Otherwise, hidden costs of disorganized meetings can rapidly escalate.
Information risk management professionals should work closely with their colleagues in procurement to:
- Navigate pricing
- Look for ways to gain leverage during the vendor negotiation process
- Develop a solid understanding of total expenditures
- Craft cost justification analyses
In line with findings over the past two years, the survey data shows that records managers continue to report painfully low confidence in their organization’s e-discovery capabilities. Only 18% of records management
stakeholders indicated they would be “very confident” that their organization could demonstrate their ESI is accurate, accessible, and trustworthy, if challenged (see Figure 4).
Behind this alarming low e-discovery confidence are a number of concerns around legal risk mitigation, including:
- Technology shortcomings, in the form of limited application integration, poor search, or insufficient controls
- Poorly designed or disjointed policies (e.g., linking retention management with legal hold)
- Deep divisions between major stakeholders (e.g., IT and legal)
Further, given typical strong backgrounds in compliance, records managers have a good perspective on risk posed by content controlled in managed repositories – but also understand that content “in the wild,” outside of the control of any type of managed repository, may present even greater concern.
Across the board, enterprises report challenges in working with a mix of disparate applications and policies during the e-discovery process. Deep integration across legal risk mitigation applications, often purchased from a variety of vendors, is rare. Given the application fragmentation typical in most enterprises today, getting a grab bag of physical records management applications, ECM systems, message archiving software, and assorted e-discovery tools to “talk” to each other from integrated policy and management perspectives is an elusive dream.
By recognizing application integration obstacles, information risk management professionals give strong weight to supplier e-discovery capabilities in considering provider options for records management. Contemplating potential records management applications in 2012, 79% of records management stakeholders perceive vendor capabilities to support collection, review, and other steps in the e-discovery process to be important.
Simply put, RM approaches incorporating defensible disposition practices can reduce the volume of content that organizations need to search in response to litigation or investigations, resulting in faster responses, lower costs, and reduced exposure. In contrast, organizations that lack effective RM programs face the prospect of growing digital landfills that can translate to slow, costly responses to e-discovery.
In addition to productivity implications, sifting through surging volumes and varieties of uncontrolled ESI poses considerable compliance and legal risk. The 2011 survey shows, however, only 45% of decision makers report that their current records management application supports legal hold natively or via packaged third-party integration. The remaining respondents state their application doesn’t support legal hold, they don’t know if it does, or they simply don’t use the included legal hold capability (see Figure 5).
Ad hoc, manual approaches invite inconsistency, increase potential for errors, and translate to greater legal exposure. However, leveraging integrated applications to streamline the legal hold process can go a long way in reducing e-discovery risk and costs.
Strategic Standing for RM
Effective records management programs help organizations meet compliance requirements, achieve information risk management goals, and address broader information governance objectives. However, as records management rarely supports direct revenue generation, most executives perceive it as an administrative cost center. Reflecting this organizational reality is the fact that records managers are rarely seen as strategic stakeholders.
The 2011 survey shows that 44% of records managers told Forrester they were not included in the IT strategic planning process, including requirements definitions and vendor selection (see Figure 6).
When compared to the past two years of survey results, this figure demonstrates that the strategic relevancy of the records management function has taken a slight dip. This is particularly disturbing in light of the rise in litigation and regulatory scrutiny since the Q3 2009 survey.
Just how much will a growing digital landfill cost an organization? In addition to reducing compliance risks, successful records management programs can deliver storage, e-discovery, and productivity gains. These estimated benefits can be tough to quantify, but should be an important element of the planning process. As organizations apply retention and disposition controls over a broader set of ESI and seek to synchronize e-discovery, records management, and archiving efforts, those that fail to include strategic input from records management functions face major hurdles.
Also attributing to the struggle with strategic standing is the fact that organizational reporting structures for records managers are all over the map (see Figure 7).
According to Forrester’s survey, records manager’s report to a variety of business, IT, executive offices, legal, and other teams. Despite diverse reporting lines, records managers (especially in organizations with mid to high legal risk profiles and large employee populations) report expanding collaboration with their counterparts in loosely structured and formalized cross-functional teams. With varying levels of formalization and executive backing, thought-leading enterprises are increasingly developing “information governance” or “information management” groups with active participation from records management, IT, legal, business, security, compliance, and other stakeholders and include key compliance and legal risk mitigation goals among their shared cross-functional objectives.
Tips to Reach a Positive Outcome
Navigating complex challenges and a rapidly changing market, today’s information risk management professionals will need to redouble their efforts in order to expand effective records management programs. But, a records manager can’t do it alone. Success will require extensive cross-functional collaboration, not to mention well-honed diplomatic and sales skills.
Clearly articulating compliance, legal, storage, and other RM benefits to a range of IT, legal, and other executives is a key first step. Records managers should also aim to inventory existing controls and information repositories, streamline retention management and legal hold policies, prioritize key content and application types, and link related applications and initiatives across the enterprise.
Download the complete PDF version here.
Brian Hill can be contacted at firstname.lastname@example.org.
September - October 2011