[Community Manager’s note: Be sure to follow @AIIMcon and #AIIM13 for all the latest news and info about AIIM 2013.]
A preview of my session at AIIM13 follows; join me Thursday, March 21 at 12:00 PM, for a discussion about cloud governance. And, remember, governance doesn’t have to slow you down.
Cloud application governance – How to apply governance and compliance to public file share and file collaboration.
You are tired of dealing with the brand XX legacy document management system that was implemented ten years ago. You’re sick of waiting in the IT line to get your department upgraded/fixed/new features added - so you decide to use one of the many free cloud content management systems (CCMS). You may have even talked your manager into coughing up some budget for a paid subscription, which gives you more options and features.
Within an hour or so, you have eight users up and running. You move files into the project space, assign edit permissions (ok, everyone is an editor), and, within two hours, you invite two project consultants from outside the firewall to join.
Fast forward six months, and you have used your CCMS to manage a project. You have become so enamored with the software that you have expanded how it is used, and have created a personal file area to store and work on your own documents. This is really great – no more slow and cranky VPNs, no more flash drives, no waiting for IT, and no more emailing documents to yourself. And you have made good use of the mobile apps so you can see your files on your smartphone and/or tablet.
But one thing you forget to do is organize the file-naming conventions, folder structures, and taxonomy for the metadata. “Wow,” you say to yourself, “this is starting to look a lot like our shared drive – I can’t find anything anymore.” Search doesn’t help because everyone has different naming conventions; there is no real file folder organization to follow (well, in the beginning, the folders were organized, but as the project heated up….), and you are beginning to create “special” folders for finished work so you can at least find it (finished 1, finished 2, final 1, final 2).
And you just found out that an outside consultant has had access to one of the company proprietary file folders. That folder was originally a shared project folder but, in the heat of the project, someone started putting confidential/proprietary files into that folder to share with someone within your company, but outside your department. You can see by the audit log that the consultant accessed this info, and even if the consultant was under an NDA, those files should not have been exposed.
On top of all this, Legal has a question about the project for copyright and patent purposes and wants to review a certain set of historical and current documents, plus the access logs. You have no idea in which folder(s) all of these files reside.
Does this sound familiar? As we rush into using a CCMS, we often forget to do the basic governance tasks needed to prevent the above situation. Governance is often misunderstood, and, because it is seen as a work inhibitor, governance is “lightly” covered or ignored altogether.
My recommendations are:
-
Involve IT even if you are doing a “self-provisioning” of the site. Ask about using your company’s security polices and Active Directory (AD) to help set security/permission levels for your users.
-
Ask Legal about compliance and legal obligations (especially if you are self-provisioning). You may want to pass this by the records management people if they are not part of Legal.
-
Prior to “going live” and inviting other people to use the site, do some test runs setting up folders and uploading/downloading files. You need to understand the security settings available and configure the site to reflect your company’s policies.
-
Work on a basic folder naming convention and a basic taxonomy. Involve potential users and include, if you have one, the corporate taxonomy.
-
Be prepared to do some training on how the site operates and any governance policies that you want to share with your user community.
-
Plan for how to sunset the site when the project is finished. Some or all of the documents may be considered “records” and must be preserved as records someplace. This means that those documents must be migrated out of the CCMS to an on-premise application or an application that can store and manage records.
Don't miss out. AIIM 2012 sold out; be sure to reserve your spot at AIIM 2013 today.
#ElectronicRecordsManagement #Collaboration #InformationGovernance