Fully Compliant Cloud Based Repository Lessons along the way

Fully Compliant Cloud Based Repository

Lessons along the way

Mark Ellis, Electronic Records Management Consultant April 8th, 2014

Agenda

•

Who I am

•

Industry Statistics

•

Records Management

widgets

•

10 lessons I’ve learned

along the way

Mark Ellis

Who am I

• 20 years in an industry that

generated the mountains of paper

• 5 years working on opposite side of the fence:

• The taste of the paperless office

• Trying to get rid of those same paper records

• Been lucky

• Some very successful ECM deployments

Records Management Industry

“Over 50% of organizations have either zero OR more than 3 content management systems implemented.”

“More than 50% of organizations cited

excess litigation costs or damages resulting from poor record keeping as the largest risk relating to information governance.”

- AIIM Industry Watch, 2013

“More than 40% of organizations cited getting to grips with electronic records management the biggest cause for concern relating to information

governance this year.” “60% of organizations still use network file shares as a primary records management solution.”

Records Management Widgets

Lesson #1: Team effort

There is no single person with all the answers

.

Key Resources

• Solution’s Architects

• Legal and compliance experts

• Subject matter experts (internal)

• Business Analyst

Lesson #2: The Ideal ECM system

Is one that you never ever have to touch and

Integration

Many vendor do not honor API’s for ever. Our system is unusual in that since it start 17 years ago they have never abandoned and API call.

Application

Programming

Interface's

Lesson #3: Scanning alone will not fix the problem

Scanning Project are one piece in a large puzzle.

Lesson #4: Compliance cannot be outsourced

Technology is only a part of the overall

solution.

Compliance

 Industry Leading Technology

 Highest Certifications Available

 Compliant – and Setting the Standards

• GOA IMT A000013 – Digitization Technical Requirements, &

GOA IMT A000015 – Digitization Process

• CAN/CGSB-72.11-93 Canadian Government Standards Board Microfilm and Electronic Images as Documentary Evidence

• CAN/CGSB-72.34-2005 Canadian Government Standards Board Electronic Records as Documentary Evidence

• ANSI/AIIM/ARMA TR48-2004 Technical Report Framework for Integration of Electronic Document Management Systems and Electronic Records Management Systems

• AIIM TR31-1992 Technical Report Performance Guideline for the Legal Acceptance of Records Produced by Information

Lesson #5: Multiple way to find items

One Repository

One Record

Lesson #6: Chain of custody

Chain of Custody applies to both:

• Physical Records being converted

• Electronic records (eForms)

Audit Trails

Lesson #7: When data is not data

Metadata and Index data are not the

same thing.

It’s not the data that gets tested.

It’s the entire system that gets

tested.

Metadata Capture

- Index Data VS. Metadata

In order to meet CAN/CGSB Compliance West Canadian capture’s 160 different metadata

fields (in addition to any index field values captured)

 Metadata Capture is The Automated Method of Documenting The Conversion Process From Paper to Electronic Records

Lesson #8: Not all vendors are equal

Vendor’s need to prove they can, not just say can

generally not the one that ends up dealing with the problem. • Having a vendor provide CGSB/IMT compliant records does not

mean they maintain their compliance

• ECM Repository vendor needs to understand compliance. • This needs to go beyond the configuration.

No Black Box

- an example from an eForms workflow project

The client here has the

option:

1. Building there own

forms

2. or get West

Canadian to do it for

them

The client has the

power not West

Canadian

Lesson #9: Living in the Cloud

All cloud based security is not

equal

• You will want to ensure you data is hosted in a T3+ facility.

Location

• Is your data in Alberta or even Canada?

Data Center Tier Rating Chart

Tier Level Requirements

1

 _{Single non-redundant distribution path serving the IT equipment}  _{Non-redundant capacity components}

 _{Basic site infrastructure with expected availability of 99.671%}

2

 _{Meets or exceeds all Tier 1 requirements}

 _{Redundant site infrastructure capacity components with expected availability of}

99.741%

3

 _{Meets or exceeds all Tier 1 and Tier 2 requirements}

 _{Multiple independent distribution paths serving the IT equipment}

 _{All IT equipment must be dual-powered and fully compatible with the topology of a}

site's architecture

 _{Concurrently maintainable site infrastructure with expected availability of at least}

99.982% (Equals 1.5 Hours per Year)

4

 _{Meets or exceeds all Tier 1, Tier 2 and Tier 3 requirements}

 _{All cooling equipment is independently dual-powered, including chillers and heating,}

ventilating and air-conditioning (HVAC) systems

 _{Fault-tolerant site infrastructure with electrical power storage and distribution facilities}

with expected availability of 99.995%

Lesson #10: Understand the Business Process

Key to success: Planning

Design _{Deploy Optimize}

 Consult  Shared Vision  Defined Goals  Increase efficiencies  Drive Productivity  Continuous Improvements Discover

 Solve Initial Pain

 Records

Electronically Captured

 Secure

ECM Solution: Question to ask?

• Is it mobile ready?

• Where is the data kept? Is it always in Alberta?

• What is the data center rating? Is it T3+? Are they compliant with SOC2 or greater?

• Do the eForms workflow need a client plug to work? • Is there an extensive API guide?

Thank you!