Homeland Security is snooping on Facebook, twitter, maybe even this Blog

Posted on February 16, 2012 by Bud

Fast Company had an interesting report today about the Department of Homeland Security social media monitoring project. Link can be found below.

While details are sketchy, and it is not clear what they are looking for, it is chilling to think that DHS is snooping, monitoring, and collecting data from our social media outlets. Even worse, if anything can be, the FBI is putting out a contact (RFP) for the same services so that they too can begin collecting a steady stream of info from us.

From the article, DHS “…appeared to be deliberately stonewalling Congress on the depth, ubiquity, goals, and technical capabilities of the agency’s social media surveillance. At other times, they appeared to be themselves unsure about their own project’s ultimate goals and uses.” (italics mine)

Now I am normally of the opinion that if you are not doing anything wrong, you should not be concerned – but I think this is a slippery slope and sets a powerful precedent for even more invasive “monitoring” of our private life. The DHS actually outsources this monitoring to a third-party non-governmental company – General Dynamics. I assume the FBI will also be outsourcing its surveillance to perhaps a different company.

Also, if the DHS security can do this, I’m quite certain that other countries, like China, can do the same – it may take a little more work but it may be entirely possible. Think of other countries monitoring our social media, establishing lists of people who work for targeted companies and data mining travel information, trends, keywords used repeatedly, and the inevitable “slip” that normally would have gone unnoticed but within the proper framework, the “slip” becomes meaningful.

For a company, I would think this is a wake up call to be careful about what is said in its social media avenues and to warn employees to be equally careful about posting their travel plans, creating blogs and responding to blogs as all of this can be gathered and put through a data analysis program to establish a profile of your company.

As an aside, I also read an article this week about people who travel to countries like China and Russia, They don’t take a laptop and if it is necessary, they take a special one that has been cleaned by IT and contains no data. Traveling laptops can never be connected to the corporate network. Also, speical clean phones are provided to the travelers and they don’t carry their own phones. One person said that if turns off his phone and removes the battery during meetings so it cannot be remotely turned on and if anyone “inspects” his phone for any reason, he destroys it.

It is hard to pinpoint why I am so upset about this…. except to say that once this door is opened it will be very hard to close and stop this type of intrusive monitoring.

http://bit.ly/x62w6n

or the full link is

http://www.fastcompany.com/1816814/department-of-homeland-security-explains-social-media-monitoring-project-to-congress?partner=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+fastcompany/headlines+(Fast+Company+Headlines)&utm_content=Google+Feedfetcher

Posted in Uncategorized | Tagged , , | Leave a comment

Cloud Connect Conference

Posted on February 14, 2012 by Bud

I am at the Cloud Connect conference today in Santa Clara (Monday – Thursday). This conference appears to be more oriented to the vendor providing cloud applications or a company that is thinking about moving their IT services to the Cloud. Not so much about the end-users/departments that want to consume cloud-based services.

 
Today were the tutorials and I attended the Cloud Crash Course given by Alistair Croll of Bitcurrent. Alistair had a number of interesting takes on cloud computing – one of them being that software as a service was not a true cloud computing environment as are IaaS or PaaS. Basically he thinks that to be a true cloud computing platform, the cloud environment must provide some type of computing capacity whether it be programming or computer services. Also, Alistair thinks that SaaS applications are, in a sense, a closed application that is very similar to being an ASP (application service provider) or a place in the Internet, like Wikipedia. Overall it was a good presentation and raised many points to think about.

 
The afternoon tutorial I attended was the Cloud Industry Summit, which was a series of presentations about the business aspects of delivering cloud services. If I can summarize the sessions: Cloud applications are not even close to realizing their full potential.
Tuesday – Thursday will be the general sessions and the vendor exhibits. Sessions include Cloud Economics, Cloud Computing Contracts, Building Private Clouds, and Seeing Beyond the Cloud. Vendors include Cisco, Citrix, GoGrid, Google, and others that are mostly providers of IaaS or PaaS services. One vendor in the content management area, other than Google, is Igloo Software. More information can be found at http://www.cloudconnectevent.com/santaclara/

Posted in Uncategorized | Tagged | Leave a comment

Records Management – is there any There, There?

Posted on January 29, 2012 by Bud

I recently had lunch with a friend who works at a Fortune 100 company. During the lunch, the subject of records management came up as I was telling him that I recently attended a SharePoint User’s group meeting and one of the presenters said his company does not have records management working in SharePoint. But, they use SharePoint to store their content – and this presenter is from a large respected university in the San Francisco Bay Area.

I asked my friend what his company did for RM and he said they also have SharePoint but don’t use Records Manager and really don’t have it together – in terms of addressing records management.

This jives with what I have seen in many companies, both large and small. I just finished a SharePoint project for a client who literally refused to consider records management. “We are not ready for that in terms of money or a retention schedule.” Yes, he knew what records management is all about and basically said no – I personally think it was all about money and the extra cost and time it would take to implement the system.

What cost and time? Well, they had a retention schedule that was 10+ years old, was purchased – not created, and they had no person assigned to RM activities. The cost to review and update the schedule could be a lot. Costs would include hiring additional consultants to update the schedule, interview and document current processes, etc. They also did not have any file plan so that would have to be created from scratch.

I also have worked in several county governments who do not have any records management capabilities – and interest. I was contacted by a county several years ago when they wanted to start using the RM module of the ECM system they had. Long story short, the RM module for the ECM system never paid for and therefore they could not actually use it until the license fees were paid and second, their retention schedule was over 15 years old and out of date with current documents and processes. This schedule was purchased not created.

I also asked this county how they were tracking the social networks that they were using such as Facebook, LinkedIn, Twitter, etc. and they response was they were not doing anything to track or manage those areas.

So on top of the normal ECM systems that we employ for our documents and content we are adding many new “outlets” for documents and other potential records via social media but we are not even close to closing the RM loop for these additional outlets let alone established in place systems.

My point is, is records management too expensive? Is the value of an effective RM plan so expensive as to outweigh any risk? As a CEO I may think something like, “Well, we have never been sued, and never failed an audit, and there is no reason to expect that we will in the near future. Place that against the cost of starting up a records management initiative, the cost of purchasing a system, and the cost of on-going expenses and…..I’ll leave if for the next guy.”

Posted in Cloud Computing, Document Management, Records Management | Tagged , , , , | 2 Comments

Is there an ROI in Your Cloud Strategy?

Posted on January 25, 2012 by Bud

Is a cloud-based collaboration system in your strategy but those pesky accounting people want an ROI study? A content information management (CIM) system may be more difficult to calculate the ROI due to a number of factors:

 
1. Many CIM systems being purchased are departmental systems that are considered supplemental to an existing system. If the CIM system is used to communicate with people outside of the corporate firewall (a typical example), the CIM may be replacing email or FTP services but those services are typically not discontinued because of the CIM. In this case, the CIM system is an additional cost to the company as an operating expense. There may be actual benefits and efficiencies to bringing in the CIM but it will be hard to quantify an ROI in terms of hard dollars if nothing is replaced.

 

2. While software and hardware are not being purchased for a CIM system, the company still maintains a computer room that services other on-premise applications. The new cloud system will most likely not affect or reduce the current computer room costs – based on one application. In fact, since the existing equipment is now doing less, the cost per transaction for ongoing business, for each server, will go up since the computer is not being fully utilized. However, there is what is called “cost avoidance,” which is a cost that is avoided by purchasing the new system. For example, if you were planning on a new document management system and were looking at an on-premise system, you may have to purchase new servers and additional storage and other computer room incidentals. By going with a CIM, you avoid those purchases, or costs, and these avoided costs can be used as part of the ROI calculation.

 
3. A typical CIM system is a fully realized system and there is typically no need for an IT person to customize and configure the product. In addition, the company that is selling the cloud system maintains its own “IT” department and therefore supports the product itself. However, since a typical company is not going to downsize the IT department for one or two cloud-based systems, the cost of the IT department continues and in fact, like server costs, will actually go up since IT is doing less work but still remains as a fixed cost.

 
4. In some cases, a cloud system will be or is the front-end to an existing legacy system so that none of the existing legacy system costs go away. And, as in the case of hardware utilization, the cost per transaction will increase because the legacy system is being used less but the owner is still paying full costs for licenses, version updates/upgrades, and maintenance. But, consider the cost of a primary on-premise document management system upgrade – for a large system, a major upgrade to a new version may cost in the 10s of thousands of dollars including the upgrade itself, the IT time spent performing the upgrade and the potential costs of vendor personal or hired contractors who guide you through the upgrade.

 
5. If your CIM system is a new addition to your company, i.e., not replacing a legacy system, and it will be used department-wide, for example as a document management system to replace your file share system, then you may be able to calculate an ROI using the traditional methods. First, calculate the current cost of doing business in the manual share-drive environment. Next calculate the cost savings by doing it with a CIM system. For the CIM system, you will need to define the cost of the system for a year (which may be number of users times the cost per user for 12 months).

 
6. Part of the reason for purchasing a CIM is that they offer a pay-as-you-go model – which means that your number of users may vary during the year as a project ramps up or down. This is unlike a traditional document management system in which you purchase a fixed number of “Seats” or license blocks for 50 or 100 users. It is not likely that the number of users will go down, but it is very likely the number of users will go up over time.

 
Given the above, the following are typical areas to consider when thinking ROI:

 
1. Hardware costs – will you save anything? Don’t forget servers and storage devices.
2. Maintenance for the hardware – will there be any savings here?
3. Legacy software licenses – can they be reduced (seats)?
4. Maintenance for the software – include both vendor support and your internal support costs
5. Facilities costs – can you lower the power, HVAC, building costs in any manner?
6. Productivity/efficiencies gained – are people who will use the new system more productive? In what ways?
7. Agile opportunity potential – are you able to respond faster, but cheaper, to opportunities that otherwise would have taken more development time and money?

 
These are only suggestions and pointers. Be creative and search for everything that will be affected by the new CIM system and if the CIM system will affect existing cost centers and productivity centers. Has anyone out in Bloglandia done an ROI for a CIM that they would want to share?

Posted in Uncategorized | Leave a comment

Defining Cloud Information Management (CIM) Systems

Posted on January 9, 2012 by Bud

Are you looking into cloud information management (CIM) systems and getting confused? Are social networking sites also document management sites? Is storing files in a cloud storage application collaboration or is it just a smart FTP site? What are the functional differences between cloud collaboration sites?

In order to define cloud-based service applications in terms of how they appear to be cloud collaboration applications, the following five types of applications are reviewed:

1. Simple storage and retrieval. This type of application offers the user the ability to store and retrieve files in a cloud-based storage area. It provides only basic functions, like login security, but does not offer any document management related functions such as version control, check in/out, workflow, etc. These sites may be called simple collaboration because you can share your site password with other users who can then upload or download documents.

Essentially, this is an easy to use cloud-based FTP-type site and can be considered basic file collaboration. For people who have no ability to freely share files within a company or from a company to people outside of the company, this works well, is very simple to set up and maintain, and is inexpensive (or free).
Just remember that once a password is shared, all participants can view, edit, delete and that there is, generally speaking, no individual folder/file security, no versioning of documents (once overwritten the original is gone), no auditing (who made that last change?), and no basic management controls.

Typically no IT is needed to operate the site.

2. Basic document management. This type of application offers the user content storage/retrieval as well as document management functionality such as the ability to create folders/subfolders, version control, check in/out, audit history, search, and other basic document management functions. This type of site allows the owner to assign security privileges such as edit or view only to users and security may be at the site, file folder, and document level. This type of site may be viewed as a light-weight document management system and may also offer integration with other applications via an API.

These sites are typically set up with standardized functions that are configurable by the owner but not customizable. For example, you may want an audit history of files for compliance purposes but if the site does not offer audit history, you can’t “customize” the site to have that function. Or if you want to “tag” folders/files with metadata to make them searchable, that may not be offered and you would not be able to search by metadata.

This type of site is easily set up, provisioned, and operated. It is built to be dead simple (hence the no customization), and will typically provide almost all of the functionality needed to do document collaboration. It should be considered an excellent value for the functionality offered.

Typically no IT is needed to operate the site but IT could provide such things as integrating company security applications, such as AD, into the site to facilitate group logins and permissioning.

3. Complex document management. This type of application offers all of the functions listed above and may also include the applications for content creation – these sites may include a word processor, spreadsheet creation, presentation creation, records management capabilities, a calendar function, an email function, more complex workflows, and other application functions that one would expect in a fully realized document management system. Once a user is logged into the site, everything needed for document creation and management is included and the user operates in a complete environment.

This type of site may also offer the ability to customize the site via scripts/programming in addition to integration with other applications via an API. But, because these sites are more complex, they are not as simple to operate as the first two types of sites.

IT is (typically) needed to set up and operate this type of site.

4. Functional applications with document storage. This type of application offers specific functional applications such as human resources (HR), enterprise resource planning (ERP), product management (PM), customer relationship management (CRM), and others. This type of application is built to provide the necessary functional requirements for the application, such as CRM, and may also provide the ability to upload documents into a storage area – typically related to a project or client account. However, these systems typically do not provide any document management capabilities – no version control, no check in/out, etc. They may provide simple workflows for the documents once they are associated with a project or a client’s file.

IT is not typically needed to set up and operate this type of site.

5. Social networking applications with document storage. This type of application offers the ability to provide social networking through establishing an individual home page, ability to tag or invite other users to your home page, the ability to establish communities of users, blogging, IM, etc. This type of applications may also offer the ability to store and share documents with other users but typically does not include any document management capabilities.

At its most basic operation, IT is not needed but when considering a company-wide implementation with cross departmental interactions, IT will be needed.

All of these sites do offer tremendous productivity to the user but there are potential issues for records management, governance, and compliance – not to mention files outside of the firewall and multiple internal applications/sites fragmenting a concerted document management strategy. While many of these types of sites do not require an IT presence, I suggest that IT be brought in to help review site security and to be aware of how the site is used and by whom.

Bud Porter-Roth
www.erms.com

Posted in Cloud Computing | Tagged , , , | Leave a comment

It’s 2012 – Prepare for the Cloud!

Posted on January 4, 2012 by Bud

Is 2012 the year to start thinking about moving part or all ECM functions into the cloud? I know the word “cloud” is beginning to (has?) be overexposed but nevertheless, cloud technologies offer great solutions today and even better solutions on the horizon. There are many cloud information management (CIM) systems that provide everything from simple storage to complete content management systems and it is probable that people in your company are already using CIM systems or other cloud applications for ERP, CRM, PM, calendaring, and of course, social networking.

So, make 2012 the year to prepare for and start using cloud information management systems. Below are five key areas and suggestions to help you get started.

1. Establish a Pilot System. Depending on your company size and type of business, cloud information management (CIM) systems everything from single departmental functional solutions to corporate-wide solutions. The key is to start small with one departmental group and grow that success before moving to another function or department. Pick a group of people that need to intensely collaborate with documents and other file types such as spreadsheets, presentations, PDFs, etc. This allows you to try out a CIM application and understand what it can and cannot do – what you like, what you don’t like, and what you would like. Let the group have access to and use a CIM system for a designed period of time – have them write a report on their experiences and make that report the template for future applications. If your users are involved and happy with the CIM system they will spread the word (see #5 below).

2. Plan for Security. Simply put, security is most likely better in a cloud application than it is at your office but many people have a difficult time believing that cloud security is up to the task. Passwords can be applied to both folders and files, strong passwords can be enforced, users can be designated as view or edit – in other words, CIM security is equal to your security in most cases. Many CIM systems encrypt the data on their servers and the data is encrypted during transit (uploads/downloads). Most CIM companies maintain SAS-70 certification at both their headquarters and their data centers – is your office and branch offices SAS-70 certified? Most CIM companies have real time backup and often have redundant backup sites – is your data backed up in real time to redundant servers? As part of your due diligence, make a list of all your current security policies and procedures and talk with your CIM provider, or several, and find out if there are any deltas between your security procedures and the CIM provider capabilities.

3. Plan for migration. Any size business from small to large will have a legacy of data and content that may need to be migrated to the CIM system. Currently (early 2012), many CIM companies do not have any programmatic migration methods and you may be faced with a manual migration of large numbers of folders/files/documents. If you have a shared drive with an extensive folder/subfolder/subfolder/etc. listing, it may be problematic to easily migrate that listing into a CIM system. If you have other systems, like FileNet, Documentum and Documentum eRoom, Lotus Notes, and other “legacy” systems, plan to document what you need to migrate and review this with your CIM provider. Note: there are vendors who provide migration programs and services but these are generally from XXX legacy system to SharePoint. If your CIM is SharePoint, search for SharePoint migration services. Make content migration one of your primary operational areas to review.

4. The Role of IT. Many, or most, CIM services are available as free downloads with paid upgrades or you can start with a paid account. Pricing is typically on a per users basis or a “group” deal that you negotiate with the CIM provider. Because of the ease of sign up, self-provisioning applications, ability of the user to add people to the site, and manage the account…IT is often left out of the process and for many companies, IT may not even know that a “user” has a CIM site. While the attraction of these CIM applications is the user friendliness and support, IT is also needed to ensure site security, logon authentication with existing security (for example if your company uses AD), and linking to in-house systems or to other cloud-based applications. You many also want to have IT review the contract and SLA of potential CIM companies.

5. Governance – Is Loosely Defined. There are probably as many definitions of governance as there are companies and consultants – the point is that governance is what your company makes it to be and each company will be different. The potential issue with CIM systems is that they make it so darn easy to set up a site and share information that quite often the horse is out of the barn before anyone knows it. To wit, any person within a company can sign up for a free CIM system and start sharing information with anyone that has an email address – and this can be done without any corporate knowledge or approval. All companies today should begin learning about cloud-based applications; begin having a company-wide dialogue about cloud computing; and begin to establish some basic governance around who can provision a site, who can use it, what it can be used for, and who should be involved in the decision-making process. And, all the other usual suspects – such as security, compliance, records management, and legal should be included in the discussion.

It will be an interesting year for cloud technology and what direction major legacy application providers will take. My thought is that the major ECM providers will (and some already have) begin to offer more cloud-based services. CIM providers will continue to build new functionality into their product. My un-technically based opinion is that legacy systems will lag in web-based functionality and CIM systems will increasingly become the “modern collaboration” frontend to your legacy systems. Eventually companies will find it is not economically feasible to support both systems and work will shift more and more to the CIM system.

Join me and Box.com on January 18 for the AIIM Wednesday webinar: Cloud Collaboration Strategies and Technologies. Register today:

http://www.aiim.org/events/webinars/20120118-webinar

Bud Porter-Roth

Posted in Cloud Computing | Tagged , , , | Leave a comment

The Near Term Future of Cloud Collaboration

Posted on December 6, 2011 by Bud

The news about cloud computing is astonishing – new companies are appearing almost daily, new services are being developed and offered, existing companies are quickly filling holes in their products, and new connections among cloud companies are being made.

But the most exciting news may be that users can actually self-provision all the services needed to run and operate a company with cloud-based applications – without an IT department and without a basic computer room.

All that is needed today is a laptop, a fast Internet connection, a credit card, and you can have the computer services outlined below – everything from accounting/ERP (NetSuite), HR (Workday), Project Management (Basecamp), Email (Gmail), CRM (Salesforce), Calendaring (Google Calendar), and several flavors of document management (Box.net, MS Office 365, GoogleDocs). In fact, given a little bit of work, there are companies that will connect Basecamp to NetSuite so that you can transfer project financial data between the two applications.

The Company of the Very Near Future

Worried about the lack of IT? Don’t be. There are even cloud-based IT services companies that you can bring in to manage your cloud environment and help you with any of those pesky IT related problems….but you may not need this because each cloud company has a support staff and site with robust on-line support and, since these types of sites are “configurable” offerings, there is not much that can go wrong. Configurable means that all of the basic choices you have are presented to you as options or selectable configurations. Box.net, for example, offers you the ability set security options, version options, and other options with a series of dropdown boxes and radio buttons. Most cloud-based applications operate this way – preset configurable options that the user can select.

The downside to a configurable solution is that the application parameters have been set by the vendor and you cannot “customize” the application yourself or add new attributes to an application. For example, let’s say you want to version documents as 1.0, 1.1, 1.2, 2.0, etc. and the application you are using only provides a version history of 1, 2, 3, etc. You will not be able to customize the application to meet your needs but you can make a product suggestion and try to have your suggestion implemented in the next product release.

The real benefit of having access to these diverse applications is that a company of any size can compete with larger companies and technology is no longer an issue. Today any startup can harness the computing power and capacity of any larger company – processing power, storage, development capabilities, communications reach – and is truly only limited by their own capabilities.

As to what is next for cloud companies – several trends are beginning to emerge:

1. Special applications are beginning to appear – much like an ERP application, companies are building records management applications, security applications, HR applications, ediscovery applications, and paper scanning applications, etc. There are future applications around governance and security that are also in the works. Expect to see more of these applications appear in the coming year.

2. Existing cloud applications will get better and better. Many of the applications we have today are still in development mode and the companies are learning what is needed by their customers and making changes to their products. What is so nice about the cloud applications is that you leave on Friday, come back on Monday and a new version of the application has been installed.

3. Cloud applications will begin talking with each other. For example, a company may use a paper scanning application to scan documents and once in a cloud repository, the documents may be OCRed by a cloud OCR service, indexed by another service, and a retention schedule applied by a third service. This may be one of the more exciting developments in the cloud industry and will certainly enhance document management capabilities.

4. Environments and Platforms are emerging. Some cloud services have developed a complete desktop environment including office productivity, calendaring, project management, social networking, etc. Once you log in to an application like this, there is no need to leave the application and it will become your regular desktop for work. The down side to this is that it is a very closed environment and doesn’t lend itself, yet, to all the tools that a power user may have on his/her desktop and use on a daily basis.

As usual, it is prudent to do your “due diligence” on any company that you may choose to use: Ensure that they are a financially sound company, putting as much into R&D as possible, and that they are responsive to customer needs – don’t hesitate to ask for and call references.

Posted in Cloud Computing | Tagged , , | Leave a comment

It’s the Users… An Old Story Repeated Many Times

Posted on July 30, 2011 by Bud

How many times have we talked and written about making the User the center of attention when implementing a new technology? In several recent engagements, I’ve found that the implemented system has largely failed not because of the system, but because of user rejection. Some examples:
One. An enterprise-wide system was purchased and implemented without any input or approval from the user community and, believe it or not, did not include the IT department (in fact, IT was kept at a distance during implementation by the system integrator). It was a pure power play by senior management. Now, many years later, the system has cost the company many many millions, the users still do not like the system but being forced to use it, have adapted to it, and after many years, the system is still not fully implemented. But keeping our focus on the real problem, the users feel disenfranchised, have developed and use many workarounds, and basically feel frustrated with the whole “thing”.
When we showed selected department managers and users three potential new systems, through extended all day demonstrations, they were in awe of the functionality of the new systems and flabbergasted at how un-user friendly and how inefficient their current system was compared to the systems demonstrated.
Even with a very positive ROI (payback 1 year), the user’s enthusiasm for the new systems demonstrated, and a promise of future connections not previously possible, the old system remains. While management would like to replace it, the old system has become so entrenched that it most likely will never be replaced. While senior management continues to ponder what to do, the system is being fixed bit by bit, extended bit by bit into new areas, and generally speaking, becoming an irreplaceable part of the company.
Lesson learned, this system will continue to cost the company three times more than a new system each year it operates (in millions), in addition to the extra work users due each day due to the system’s shortcomings.
Two. An enterprise-wide system was purchased and implemented without any input or approval from the user community and forced upon IT (by senior management) as the solution they had to implement (similar to number one above but with a twist). For reasons unknown, as I came into the project late, senior management made a command decision to purchase this product and dropped it on IT, who was completely unprepared. IT, for unknown reasons, completely ignored the user community and built a system that was presented to the users. The users completely rejected the system and forced IT to return to the drawing boards and, in addition, required IT to work with users to develop user-based requirements. This was painful to all parties involved but IT took the greatest hit when several IT managers were put out to pasture when the full extent of the failure became known.
The outcome is still being written but the users are beginning to adopt the new system and it looks like it may be successful after all. In addition, this company has learned an important lesson; the users must be part of the process in order for a project to be successful.
Three. An enterprise-wide system was purchased and implemented without any input or approval from the user community or IT (am I sensing a pattern here?). The system was purchased by senior management without review of other systems/technologies and built/customized/implemented without any user involvement. It was a “leave on Friday, new system on Monday” situation and needless to say, it didn’t work out of the box and after several years still doesn’t work. Actually it works, sort of, but nobody is happy with it.
The users literally dread using the system and have created many workarounds to get their work done. Many of the users do all of their work “off-line” (C-drive, flash drives, and now cloud-drives, etc.) and only access the system when they have a final document to upload.
In interviewing users, they all had a variation on the same theme, the system was implemented with consulting them, they were not given adequate training (even now), there was no governance provided on how to name files, and they didn’t like the user interface (“It is not how I work!”). Most felt that this system made them less productive and they long for the return of the shared drive.
I find it interesting that companies, like the ones above, have no idea of how hard they make it for the users to do their work. And, users being normal people, want to do a good job, be proud of their work, and want to feel appreciated at the end of the day.
While none of the three example companies have gone out of business because of the system failures, all three have spent significantly more money than planned, have caused problems that will take years to correct, and most importantly, have placed their users in a comprised position. In example number one, above, many users now feel twice burned because they were shown a better system, told the new system is coming, now so much time has passed that they know a new system will not happen.
The message is simple – don’t ignore your user base, actively include them as much as possible, ask them to be part of the process, and make them part of the overall feedback process.
Bud Porter-Roth
www.erms.com

Posted in Uncategorized | Leave a comment

PG&E Misses Key Deadline to Produce Records

Posted on June 7, 2011 by Bud

“Pacific Gas & Electric has acknowledged it will miss a key deadline by more than a year to produce documents on the history of weld problems over the past 55 years in its gas transmission system…In a regulatory filing Tuesday, the utility admitted it will be unable to meet the deadline because the job is far more difficult than it had realized and likely will not be completed until the end of 2012. It is seeking a stay of the deadline. “

In trying to explain the lack of records and its inability to produce records, PG&E stated that it “does not maintain a single type of record specifically pertaining to gas pipe weld failures or defects before or after use,” the utility said. Instead, the records are in various forms.” This is understandable in that records may be kept in paper forms such as inspection reports, structured data as in a database entry for a section of pipeline, and other data keeping systems that a large and complex company such as PG&E would have for keeping information on its pipelines.

However, the point that documents, records, and information are kept in many different places and in many different data formats,  is apparently not being made in a substantial manner as “Critics say the claims by the utility are absurd and should not be accepted by state regulators…”They should have been doing this all along – for the last 55 years they have ignored the requirements of good record keeping,” said state Assemblyman Jerry
Hill, D-San Mateo, whose district includes the San Bruno blast site…”It’s their job to have the records. To me, there is no excuse not to produce them. If you need the people to get this done, it’s their responsibility to get it done. They have ignored this, and now they got caught…Jim Hall, a former chairman of the National Transportation Safety Board, said the
filing makes it “obvious that they don’t have the information that they need to run a safe system.”

These are harsh words, perhaps spoken out of frustration. While I do not have any connection to PG&E and do not know their data systems, I am guessing that pulling and
displaying pipeline data may be similar to a request for all the information on a company employee. To do this, you would look to the HR system (both electronic and paper HR file), file shares maintained and/or accessed by the employee, the  email system, any other
systems that the employee accessed such as a SharePoint team site or a My Site page, etc. In other words, employee information is literally scattered around the company and there is no single “source document” that contains all the data about an employee.

Be that as it may, PG&E has now stated that they will not be able to provide all the requested records until December of 2012, which means that this issue will continue to be
a source of public commentary, debate, and discussion – and even more chances for public disclosure of new record keeping problems. By December of 2012, PG&E will have been working this issue for over 2 years – spending money and resources to clear up the documentation issues that have been a result of an explosion in September of 2010.

It may be a good time for all companies to review not just their RM policies and procedures but to rethink them from a strategic point of view:

As the amount of electronically stored information (ESI) grows within an organization, it becomes critical to document the location, accessibility and characteristics of that information for the purposes of risk management, litigation preparedness and ediscovery. The process by which organizations catalog their information is known as data mapping.

The above quote is from the heading of an AIIM article on Data Mapping ( http://www.aiim.org/infonomics/data-mapping-nuts-and-bolts.aspx ). In this particular case, PG&E may have lessened the impact of records issues and they may been better able to demonstrate the complex requirements for producing records by demonstrating via a data map where documents and data reside within their company. Data Mapping is defined, in the above article, as “A data map is a listing of the organization’s ESI by category, location, and custodian or steward, including how it is stored, its accessibility, and associated retention policies and procedures.”

It may be more important than ever for companies to get a handle on the where their data resides by beginning a data map of all systems that contain ESI as well as the paper based storage locations.

Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/06/01/MNTM1JOK7R.DTL#ixzz1OLdTXhxv

Bud Porter-Roth
www.erms.com

Posted in Uncategorized | Tagged , , , | Leave a comment

Redaction = ROI for Document Imaging Systems

Posted on May 25, 2011 by Bud

In talking with a potential client last week, the client was interested
in how ROI can be achieved and what other benefits can be realized through a
document imaging system implementation. I used the example below of a typical
paper-based information request (FOIA for government folks).

AS IS Process:

  1. Request comes in and clerk locates the appropriate documents in file room
    or off-site storage repository.
  2. Clerk makes photo copies of document package.
  3. Clerk, with black marker, manually redacts all appropriate information.
  4. Clerk makes photo copies of redacted copy (prevents seeing type bleed
    through).
  5. Clerk prepares envelope and documents for mailing.
  6. Clerk mails redacted copy to requestor.
  7. Clerk places first set of redacted copies in burn barrel.
  8. Clerk refiles original documents. (process repeated even if for same
    documents.)

TO BE Process:

  1. Request comes in and clerk searches for and locates documents electronically.
  2. Clerk runs redaction program. (original info not changed)
  3. Clerk reviews documents online
  4. Clerk emails documents to requestor.

In the above actual example, the number of steps has been cut in
half but the real story is that the time and cost to complete the TO BE scenario
is about 25% of the AS IS time and cost. Not only that, but we determined that
the system-based redaction of the documents was more accurate than the manual
process. Thus, we provided a better product at a lower cost.

Another example we talked about was a State agency that had over
one million paper documents in an archival repository and “citizens” made FOIA
requests for these documents. An AS IS process similar to the above process was
used but for the TO BE process, a vendor was selected to scan and OCR the documents
and when complete, the original paper documents were destroyed. Then, the
vendor ran a redaction program against the scanned documents and permanently redacted
the documents. The documents were then made available to the public via a full-text
search program and the people responsible for servicing these requests were reassigned
to other work. In this effort, the gains were that a paper repository was
eliminated, redaction permanently eliminated the PII, and the operation was
turned into a self-service operation with no additional resources needed from
the State to fulfill the requests. Again, redaction technology was able to
provide a better product at a lower cost.

These are real-world examples of not only the benefits/savings
of document imaging but how the technology literally changed how work was
accomplished in a company.

Bud Porter-Roth
www.erms.com

Posted in Uncategorized | Tagged , , , , | Leave a comment