Today, the flow of information is a critical factor in enabling an organization to meet its core business objectives. Strategic information flow is helping to drive competitive advantage in terms of reduced cycle times, lower operational costs and expanded revenue opportunities. Managing information assets now takes on greater importance than ever before. No longer is the issue handled solely within the information technology (IT) department; the CIO often must share decisions with the line of business owners as well as the corporate attorney and president/CEO. Moreover, the role of the CIO has become much more preventive than reactive in nature. With issues surrounding disaster recovery, regulatory compliance and corporate lawsuits, the CIO must prepare for a number of scenarios and have response mechanisms in place at all times.
Poor records management results in the risk of lost records, severe fines or even jail time. With the stakes high, the amount of organizational content spiraling ever upwards and the number of regulatory requirements growing every day, CIOs are always on the lookout for new and more cost-effective approaches to information management. An approach is needed that helps to meet information protection, availability and accessibility requirements within the confines of regulatory and legal compliance, while maximizing operational efficiency and strengthening business continuity.
The concept of strategic information administration is called information lifecycle management (ILM), and it is poised to help companies look at their information in a new way. ILM helps businesses manage information based on its changing value over time, while complying with regulatory requirements. It means mapping the value of information and the resources to manage it to the goals of the business all at the right time. ILM can help the organization balance considerations such as service level, recovery and retrieval objectives, and utilize its information systems in the most optimal manner. With an ILM approach, CIOs and business line managers can:
- Protect more information more affordably.
- Keep useful information available and accessible.
- Reduce the risk and cost of application upgrades and migration to new software and platforms.
- Reduce the cost of regulatory compliance.
- Match service levels and cost to information value.
- Lower the cost of archiving and preservation.
In the past, technology dictated how business operations were run, and an organization's applications were rarely interoperable. "Today, using an ILM methodology, CIOs and business line managers can state their needs to IT departments who can then implement the appropriate technologies to address these needs, as opposed to the storage or system administrators dictating to the business users what is possible," says Peter Gerr, senior research analyst for Enterprise Storage Group.
As part of an overall ILM strategy, information management provides a software layer that helps organizations better control their information assets through automation so they can better control the business. Additionally, with open information management software solutions supporting multiple hardware platforms, operating systems and applications businesses can leverage their existing investments and best-of-breed components.
Information management provides a method to organize information, enable easy retrieval for compliance and business needs, ensure information is protected and can be recovered quickly, keep applications running to improve business productivity and minimize downtime, and simplify management of storage components.
Content, E-Mails and Regulations
Business information comes in many forms, from customer data and patient files to accounting records, human resource files and e-mails the variety is unlimited. The amount of business information is growing exponentially; for instance, according to IDC, the number of e-mails worldwide is expected to grow to 35 billion daily by 2006. With a typical 1,000-user organization generating more than 3 terabytes of e-mail data annually, the CIO's information management burden weighs heavy. CIOs, CTOs, legal and IT departments, as well as business line managers across every industry are facing the growing challenge of compliance with more than 10,000 regulations in force in the U. S. alone.
In fact, according to an Enterprise Storage Group report on compliance (May 2003), industry and federal regulatory compliance offers an excellent example of the importance of understanding what it means to manage the lifecycle of information from its creation through a period of active use and then into a period of archival and long-term retention. Information can, and should, be deleted when it no longer has legal and business worth. Note that the value of each type of data changes the usefulness of information often diminishes as it travels through its lifecycle. Information of high value will likely garner high-performance storage, replication and backup. As its value declines, information can be moved to less expensive storage alternatives.
Using the information management framework, CIOs can be prepared to meet regulatory compliance requirements, protect information assets and enable their use in a more efficient and effective manner that instantly keeps costs down and maintains business continuity. Enterprises need to leverage their information assets for business growth, minimize risk and maximize operational efficiency.
Information Management Process
To get the most from the information management process, all parties must work together to get an overview of how the information is used, starting at the application level. As part of the information management process, IT, the CIO and key department heads come together to better understand how and how often different types of data will be used and whether or not the data is tied to regulations.
Once the value of the data is determined, requirements should be defined from the perspective of the stakeholders who derive value from specific information sets as well as the IT department. Requirements include budget, business process and access requirements, and service level objectives related to availability, recoverability and protection of the information (see Figure 1).
Figure 1: Open Software Solutions for Information Management
Questions information stakeholders should consider before selecting an information management solution include:
- Collect & Organize: In what formats does information exist today (paper, electronic files, print output)? In what formats will I collect information (images, e-mail, files, database, electronic forms, etc.), and how should it be indexed and cross-referenced?
- Access & Share: How will users access the data (through what interfaces), and who will have access to the data? Also, what are the requirements for sharing information within the organization and with external users?
- Monitor & Remedy: How should the application and data be monitored to ensure availability under the service level objectives? How can data and applications be restarted automatically when the infrastructure fails so that business can continue? How can data center and branch operations be recovered, rapidly, when entire sites lose power or experience other failures?
- Replicate & Mirror: Should data be centralized for lower-cost and higher-value management? Should this be done locally as well as remotely to aid in rapid recovery after failures? Is high availability of the application also necessary?
- Protect & Recover: Where and on what devices should information be stored? What operating systems and other systems are involved? How should information be protected and on what medium in order to meet backup windows and recovery-time objectives?
- Migrate/Archive/Delete: Based on the access requirements of the information, what needs to be stored on fast, high-functionality disk, and what can be moved to less expensive storage with slower response times? At what point does information lose its value to the organization? How should it be destroyed? What regulations and business concerns govern destruction or deletion of information? Should information be periodically migrated to newer media to prevent inadvertent loss?
- Services & Consulting: Who can I trust to offer an open application-focused approach, easy-to-manage products and industry-leading customer service? How can I minimize total cost of ownership (TCO) by leveraging my existing systems and working with the best- of-breed vendors?
Asking these questions will help business leaders get a better view of what business rules, storage solutions and information protection is needed to get the most use from their organization's data. The ultimate goal of every organization is to optimize costs and improve management effectiveness, leverage investments and meet compliance requirements. As such, IT managers need a comprehensive suite of information preservation and management solutions that can help take control of information systems.
The well-being of an enterprise or government agency often depends upon the ability to manage records effectively. The information management approach should drive the records management strategy. As information is created in myriad formats, it is captured and indexed, then stored, protected and made accessible. Subsequently, after its useful or legal life span, information can be disposed of. You cannot retain everything forever, nor do you want to that's where the information lifecycle comes into play. Proper disposition eases the burden by reducing storage volumes and limits risk pertaining to future legal liability.
Utilizing an information management approach, key information stakeholders might consider a solution comprised of the following components based on the application and associated value of the data:
- Local fast storage with software to manage high-speed backup and recovery to maintain a transactional database, with periodic snapshots taken to reduce the risk of data loss and to allow for backup without transaction interruption and recovery from disk when necessary.
- Software that enables archiving, search and monitoring for e-mail and instant messaging information. This would address the special retention requirements based on SEC and NASD regulations, which dictate that e-mail messages and attachments be archived for a period of several years in an easily accessible way.
- For contracts, a variety of storage hardware and software is needed to retain files for the life of the contract, at a minimum. Because contracts are rarely modified, they can be saved on lower- cost storage, but they must be made accessible to the contracts department on an on-demand basis.
- A secondary site with a copy of critical data that the company could switch to automatically in the event of disaster.
Organizations should look to software solutions that deliver information availability by monitoring the health and performance of applications and automating recovery from failures. Accessibility facilitates the use of enterprise applications and supports regulatory compliance and corporate retention policies. Information protection is achieved by providing comprehensive, centralized automated safeguards across heterogeneous environments and with cost-effective storage capabilities.
Driving Strategic Change
The information management approach is a holistic view that considers information as having a living and breathing existence with a beginning, middle and end. The approach should be used as a planning process, and each phase of the process needs to be evaluated for benefits to the organization on a per-application basis. Based on those benefits, technology for that phase may or may not need to be implemented, depending on the requirements.
In light of compliance requirements for companies and government agencies, and to cope with unique business needs, enterprises can implement appropriate practices that recognize that not all data is created equal. When adopting an information management approach, organizations seek effective data storage and management, cost- efficient operations and competitive advantage. Concurrently, this comprehensive strategy helps drive business continuance through information protection, availability and accessibility within the confines of regulatory and legal compliance.
Managing information from creation to deletion is a balancing act. It requires an understanding of the business value of data, application service level objectives and data recovery and retrieval time objectives. An information management approach can help businesses strike that balance and maximize efficient use of their information systems.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access