Thursday, February 6, 2014

Retention Policy: ECM’s software solution vs. what is required


Scenario: you have hired a consultant who has experience in implementing an ECM software’s records management module. This consultant meets with various groups and gathers requirements with questions that pertain to the vendor’s out-of-box solution. The legal department is focused on complying with current laws and regulations around how long to keep their content. Many weeks have been spent on creating a folder structure that conforms to how the software works, that is, if a file is moved to that folder, a retention policy is applied, and the retention period starts. According to proven waterfall methodology, a pilot is executed and signed off on. During go live, there are issues with importing documents and the legal department can’t find their content.

So, what happened with the frozen situation?

First, just because an ECM suite has a product/module for sale that is named the buzzword you are trying to implement doesn’t mean that it actually helps automate the process or simplify the ongoing work involved. In many cases, the module is an “add-on” originally purchased from another company to fill in the ECM suite offering. This could mean that the solution solves issues of the companies who were involved with the pilot or beta of the product. It definitely is designed to meet many general requirements, but will miss 20% of yours, guaranteed.

Second, if the implementation analyst is a consultant, chances are good that something will get screwed up. A good technical assurance management is required to maintain a more balanced point of view, but most companies don’t have them. They may have review boards, but this is not the same as a person on the project who is directly responsible for successful implementation.

Third, if your company is implementing records management for the first time, or reviewing the retention policies in place, you might want to look at healthcare EMRs for reference. Hospitals have been working under HIPAA regulations for a long time. Their information management systems, AKA EMR systems, are all about taxonomies, access control, and retention. Chances are good that they currently keep all electric records indefinitely. This is not a bad policy because ways of organizing information change over time.

Fourth, as content/info management technology improves, overzealous records management implementations slow down upgrades, and changes in metadata and folder hierarchies become major headaches.

Five, personnel changes create havoc around migrating “ownership” of retained content. Does the system allow you to make user accounts “inactive”? If the owner is deleted, does the retention period get reset?

Six, as far as the pilot is concerned, it is typical for a consultant to run unit tests as a super user and for a power user to UAT the pilot. The actual Users are not mandatory participants which is the big mistake. They need to make the time during the pilot beyond executing test scripts in order to fully vet the implementation. The should expect many issues, if there aren't, there will be after go-live.

The bottom line is that retention policies are overrated. I believe the trend will be to simplify these implementations and make it easy to manage in the future not harder…