Mark Mandel, CRM, CIP, ERM m, BPM m, CDIA+ Records Management Solution Architect OpenText Public Sector Solutions BEST PRACTICE STRATEGIES NARA/OMB MANAGING

Mark Mandel, CRM, CIP, ERMm, BPMm, CDIA+Records Management Solution ArchitectOpenText Public Sector Solutions

BEST PRACTICE STRATEGIES NARA/OMB MANAGING GOVERNMENT RECORDS

MANAGEMENT DIRECTIVE

M-12-18 Deadlines

NARA/OMB M-12-18, the Managing Government Records

Directive, has the following key deadlines for federal

agencies:

• 2016 – all Email must be managed electronically in a

records management system – no more "print and file"

• 2019 – all permanent records must be delivered to NARA

in electronic format only

2

NARA Automation PlanThe NARA Automation Plan states,

“Although the Directive uses the term “records management” and this report inherits that language, NARA recognizes that well-conceived automation can improve the management of all government information for a wide range of information governance purposes. These include information security, privacy, eDiscovery, Freedom of Information Act (FOIA), and proactive disclosure of government information as part of open government and open data programs.

While records management is stressed here because of this report’s origin in the Directive, the greatest efficiencies and improvements in effectiveness will be achieved if agencies consider the automation of their information management in a holistic way.”

3

The Solution: Agency ECM Strategic Plan

• Implement an Agency-Wide Enterprise Content and Records Management System

• Manage All Records Policy with One Integrated Electronic Records Management System

• Single Unified Enterprise Repository • Disaster Recovery Infrastructure• Cloud or Virtual Services• Integration with Business Applications, E-mail, Office

Applications• Apply Governance to All Records – Content Lifecycle

Management

4

NARA/OMB Managing Government Records Directive“The current federal records management system is based on an outdated approach involving paper and filing cabinets. Today’s action will move the process into the digital age so the American public can have access to clear and accurate information about the decisions and actions of the Federal Government.” President Obama

Benefits:• Reduction in Cost Related to Storing and Filing Paper• Reduction in Cycle Times and Cost for Transactions• Increased Access to Information• Complete Audit Trail of Transactions• Compliance with FOIA, Privacy Act and eDiscovery• Unified Repository Reduces Information Silos• Supports PortfolioStat Model

5

Concept of Operations – Best Practices

• Records Management is Transparent to the End User• ECM – with embedded RM - is Integrated with Existing Applications

and Email• User Interface Best Suited to the End User

• SharePoint• Email• ECM• ERP• BPM• Business Application

• E-mail Journaling with Auto Classification• E-mail Treated as Another Document Type• Document Management with Versioning

6

Copyright © 1995-2007 Open Text Inc. All rights reserved. Slide 21

SharePoint

E-mail

ERP

Enterprise Storage and Cloud ServicesDisaster Recovery Infrastructure

Mobile

Fax/Copy

7

Record Centers

FOIA / Privacy Act E-Discovery

Federated Search Auto Classification

Social

5015.2BPM

IRS Email Under Scrutiny

8

VA Cancels Email Cloud Contract"The OIG wanted new contract language inserted into all VA cloud contracts designed to facilitate access and visibility into the system, preserve emails and increase the security rating under the Federal Information Security Management Act. There was pending guidance from NARA on records retention that would affect the disposition of email storage. It was determined that the necessary changes were out of scope with the … contract, and it was terminated."

9

There Are Many Approaches to Managing Email

• Different approaches serve the needs of different stakeholders in different ways

• It is important to understand the different approaches and their strengths vs. weaknesses

• A short-sighted approach that does not meet the needs of all stakeholders will likely need to replaced later on

10

Email RequirementsCompeting Priorities; Multiple Stakeholders

Requirement Stakeholder

Optimize production Email system IT

Consolidate multiple Email systems IT

Lower operational and storage costs IT

Provide oversight for compliance Legal

FOIA Legal

eDiscovery Legal

Email stored with business records as part of the audit trail of transactions

Business, Audit, RM

Capstone RM, Legal, Archivists

11

Email in the CloudThree levels of maturity

• Level 1 – Email in the Cloud, no Records Management

Requirement Stakeholder Meets Requirement

Optimize production Email system IT Yes

Consolidate multiple Email systems IT Yes

Lower operational and storage costs IT Yes

Provide oversight for compliance Legal No

FOIA Legal No

eDiscovery Legal No


Business, Audit, RM No

Capstone RM, Legal, Archivists No

12


• Level 2 – Email in the Cloud, with Email Archive and Records Management, but not integrated with ECM





Provide oversight for compliance Legal Yes

FOIA Legal Yes

eDiscovery Legal Yes


Business, Audit, RM No

Capstone RM, Legal, Archivists Yes

13


• Level 3 – Email in the Cloud, with integrated ECM





Provide oversight for compliance Legal Yes

FOIA Legal Yes

eDiscovery Legal Yes


Business, Audit, RM Yes

Capstone RM, Legal, Archivists Yes

14

Role Based Classification

Business Records

Auto ClassificationBig Bucket

Temporary RecordsAnd Transitory

Level 3 Email Pyramid

Enterprise Connect

Process Automation

ECM Repository

"Capstone"

Auto ClassificationTransitory Records

Permanent

Key Issues to Address in Your Email and ECM Solution

• Classification strategies to minimize user involvement in declaring records

• Managing growth of content to reduce storage costs• DoD 5015.02-STD

16

When adding a document to a folder that has classification inheritance enabled, all items in that folder inherit the same classification.

Add Document

17

Folder Classification Inheritance

Process Driven ClassificationDocuments can be classified as part of a business process

18

Role-based ClassificationDocuments can be classified according to the group to which the user belongs

19

Auto-ClassificationAutomatically classify high volume, low-touch records such as E-mail and file system content.

Step-by-step tuning guide and feedback

Transparent DefensibleBuilt-in statistical sampling and quality assurance

20

5015.02-STD Demystified• Baseline

• Chapter 2, Mandatory Requirements

• Chapter 5, Transfers

• Chapter 6, Non-Mandatory Features

• Classified - Chapter 3 is Management of Classified Records

• FOIA/PA - Chapter 4 is Managing Records for the Privacy Act and the Freedom of Information Act

The Joint Interoperability Test Command (JITC) provides a list of certified products.

DoD organizations may only purchase records management products that are on this list

21

5015.02-STDThis should be a requirement in your enterprise architecture.

Why?• It sets metadata standards for all records• It defines the best methodology for destruction of electronic

records at the end of their lifecycle• It provides a standard approach for transfer of records from one

agency to another, and for transfer from an agency to NARA• It defines requirements for classified records• It defines requirements for FOIA and Privacy Act solutions

This approach promotes consistency across all agencies and NARA

22

JITC RMA Register List of Certified Products under 5015.02-STD

23

My agency is being tasked with moving to digital recordkeeping, but it is an unfunded mandate. There is no budget for Records Management modernization. Where do I find the money?

• Even in these tough economic times, agencies are spending money in their IT budget

• Their top priorities include Records Management, but they don't call it that

• The key is to align your plans with your agency top IT priorities

24

What are the Priorities for Federal Agency IT Spending?

Key Requirements and Market DriversU.S. Federal Government

• Cloud First• Storage Costs• Cyber Security• Compliance (eDiscovery, FOIA, HIPAA, 5015.2)• Audit Readiness

Managing Government Records DirectiveA foundational element for meeting agency IT priorities

25

• Cloud First – Shared Services Strategy• Data Center Consolidation

Cloud FirstSteven Van Roekel, U.S. Chief Information Officer, Office of Management and Budget

"With information technology at the core of nearly everything the Federal Government does, we must use IT as a strategic asset and drive cost savings to pay for new and emerging technologies that can fundamentally improve the way government does business and delivers services to the American people…

We recently issued new guidance to help agencies manage their investment in IT and drive low-value spending into more innovative efforts. The initiative—known as PortfolioStat—focuses on improving agency portfolio management to better deliver what we purchase and build."

26

Only 4% of Web content is available via search engines like Google

The Public Web

Source: The Deep Web: Semantic Search Takes Innovation to New Depths

The Deep Web

The Deep Web

~96% of information is inside the firewall

80% of data is unstructured

Information is trapped in application silos

Content is doubling every 90 days

7.9 Zettabytes

Storage Costs

27

Federal Agencies Hacked• Red October• Anonymous• WikiLeaks• AntiSec

Cyber Security

28

Governance, Compliance and Risk

SEC 17a-4

HIPAA

Canadian ElectronicEvidence Act

DoD

Basel IICapital Accord

Electronic LedgerStorage Law

11 MEDIS-DC

VERS

AIPA

GDPdU & GoBS& DOMEA

NF Z 42-013

BSI PD5000

Financial Services Authority

MoReq 2010

ISO/PRFTR15081

Sarbanes-Oxley Act

Federal Rules ofCivil Procedure

FDA 21 CFR Part 11

ATIP

FOIA/Privacy Act

Compliance

29

DOD Financial Improvement and Audit Readiness (FIAR)

FIAR Plan priorities were established in August 2009 and require the Components to first focus on improving processes, controls, and systems supporting information most often used to manage the Department. This is the starting point for achieving the goal of obtaining auditable financial statements.

To achieve these objectives, the FIAR priorities are:

• Budgetary information• Mission critical asset information

The program objective is full audit readiness by 2016.

Audit Readiness

30

Cost Savings Examples• In 2010, Federal agencies spent nearly a half billion taxpayer dollars on

processing FOIA requests. Source: FOIA.gov.

• PortfolioStat could save or help the government avoid spending $2.5 billion over the next three years. In the first year alone, agencies saved or avoided spending $300 million.

• Cobell v. Salazar is a class-action lawsuit brought by Native American representatives against two departments of the United States government. The case was settled for $3.4 billion in 2009, with $1.4 billion going to the plaintiffs and $2 billion allocated to repurchase land and return it to communal tribal ownership.

• The Government Accountability Office said in January 2013 that it could not complete an audit of the federal government, pointing to serious problems with the Department of Defense.

31

BPM Example - Current Process Costs

32

Future Process Costs

Savings of $38,848.60 per transaction

33

A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan

1. Perform a Complete Records Inventory• Paper, Film, Digital• Content Sources, Storage Locations, Systems of Record• Develop volume counts, document all issues

2. Constitute a Steering Committee• Include top officials, including CFO, Legal, IT, Records Officers, FOIA,

Business Units• Sign Off on Records Schedule, Strategic Plan, Funding• Meet Quarterly

3. Update your Records Retention Schedule• Big Bucket, No More than 20 Record Series, 10 or less is optimal

34


4. Create Collaboration Site for All Things Records• Post events, policies, schedules, links to content, online

courses, FAQs, Progress Against Strategic Plan• Records Officer User Group to Meet Quarterly – include related

roles such as FOIA, Privacy, Security, Legal• Ongoing Training on Policies, Procedures, and Technology

5. Conduct Agency Wide Taxonomy Study• Develop Standardized Search and Index Criteria

6. Move File Shares to Document Management System, Place Under Version Control – Eliminate PST Files

35


7. Document Your ECM/RM Enterprise Architecture • Enterprise Content/Records Repository, DoD 5015.2 STD

• Enterprise Storage Architecture

• Content Capture and Ingestion

• E-Fax, E-Signature, E-Filing

• Records Policy – Content Lifecycle Management

• E-Discovery, FOIA, Full Text and Enterprise Search

• E-Mail Classification, E-Mail Archive

• IM, Social Media, Mobile

• Disaster Recovery Infrastructure

• Integrate with Existing Applications (ERP, HR, Case Management)

• Integrate the ECM/RM EA with the Agency EA

36

A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan8. Digitize Paper Records

• Scan Paper That is Frequently Accessed• Scan on Demand• Digital Copiers• Central Scan Centers• Outsource

37


9. Implement Agency Wide Document/Records Management System

9. Establish Central Repository

10. Basic Feature Set

11. Establish RM Policy

10. Integrate with Existing Systems• E-Mail• ERP• Case Management• Migrate Data From Other ECM Systems

38


11. Add Advanced Features• Workflow/BPM• E-Discovery• Auto Classification

12. Ensure Funding for Ongoing Operations, Backfile Scanning

13. Move Paper Based Processes to Constituent Self Service Using Electronic Forms

39

Strategic Plan Timeline

40

Key Take-AwaysGet started with your ROUG and Steering CommitteeInvolve the SAOStart your inventory if you have not alreadyStart your taxonomy study if you not have alreadyModernize your records scheduleGet funding by aligning your ECM solution requirements with agency IT

priorities – don't call it Records Management! PortfolioStat E-mail Management Cloud First Security Audit Lower Operations Cost

Make your enterprise architecture drive deployment decisions

41

MARK [email protected]

703-347-5944

mailto:[email protected]