Information Management For Mid Market Enterprises

What is information management?
Information management in the mid market space and the mid enterprise space enabling an organisation to most effectively deliver it’s products and services to it’s clients and users so it’s seen as an IT function but in reality it’s a business function it’s knowing how an individual department will create, use, store, maintain the information in its remit, how that information is shared so its an all encompassing information flow throughout the organisation and it needs to be seen like that, it’s an iatrical part of the business process therefore developing an enterprise architecture without understanding the information flow and the information architecture you’re always going to be missing a critical piece.

Who is responsible for data?
Who’s responsible for data is often a very challenging question when you talk to most organisations, there’s often a gap between organisations understanding of paper records and understanding of IT and data on a disk. If you went to department and challenged them on the use of a document that’s kept in a filing cabinet they’d have a very clear understanding of what that document is for, who should have access to it and what should happen at the end of it’s life however with IT because we have these large disk systems we create files that are departmental in nature and because they store so much, there’s often less understanding of what they are storing so yes there’s bits in the business process that they do clearly understand but often they’d devolve themselves of the responsibilities of ownership and retention and where it’s stored and as millions and millions of pieces of data grows (data is growing at 120% per year) there’s less understanding and there’s more of a gap and it’s IT responsibility and the business knowledge in its care and the aim is to try and get those back together and have an asset management policy that links and flows throughout the organisation.

How do I define an information asset?
An information asset as with any business asset has to have value it’s also important to recognise that it’s a corporate asset and not an individual asset therefore they may be custodians of it, they may create it they may be responsible for it but unless it is shared and used by the business as a whole as a creation of wealth by that organisation it isn’t really an asset it’s actually a liability. Therefore we’ve got to consider does it cost more to create and retain this piece of information and is the information known to the rest of the organisation, we see an awful lot of repeat work being carried out by different departments there’s a lot of confusion over which piece of information is correct and if you don’t know what’s driving the decision because you’re using the wrong information that it’s actually a real liability to an organisation.

What are the key challenges of information management?
The main challenge of information management is making sure you’re joined across the organisation, you understand the work flow, you understand the business process that is generating that information so it is not one department’s responsibility it’s an organisational one, therefore if you’re not concerned about how your data is being backed up or you as an IT department are backing up data in groups without real knowledge of what’s sat there then you have an information management challenge to overcome, in this case I’d recommend engaging with your CEO and saying we need to have an asset information management policy document that makes it very clear what information is available, who’s responsible, what shouldn’t be created and that then will define privacy laws retention requirements under various regulations and you’re then mapping to a policy rather than mapping to an IT perception of what may or may not be required and it’s very common to fund IT departments backing things up and when challenge what the users need it for, why they need it, not so clear on why more a case of it being best practice, my recommendation would be to get an advocate to sit in with the departmental meeting and understand how and their challenges around information management and then it becomes end to end.

What is structured and unstructured data?
There are some schools of thought that believe that with enough money you can put structure into anything, in reality mid market organisations are not going to spend a great amount of money and time analyzing a word document to get something called the ultimate truth so in reality, unstructured data is the files, office documents, PDF’s, images that all reside on things like file systems where the content is open to interpretation either in its creation or in its reading so structured data tends to be more associated with data bases so there’s a very fixed rule that says a certain piece of information will always be in this field. You can have poorly written applications that make a nonsense of that statement and you still get confusion, however in reality when you’re looking at unstructured data you’re looking at those files that are irregular, so email for example is turned to semi structured because it has some code that is always the same now that may just be the words hello and goodbye because it’s a conversation and not really a document as such but keeping the two separate actually you’re missing the point of information management, information os stored across the business it can be unstructured but knowing the business truth, what is your master data, where is it stored and where should everyone go for that is key to understand. If you have unstructured data where there’s multiple versions of the truth that’s where confusion lies for the business.

What is Information Lifecycle Management (ILM)?
ILM or information lifecycle management is typically IT’s response to the growing storage pressure that they are seeing so at the 120% growth per annum there’s going to be a significant proportion of that data that is unused so with tools to analyse the system they can see what hasn’t been used for the last six month and move that down to a lower tier of storage by doing that however you are continuing the gap you have with the business unit you’re supporting. You don’t really know whether the information you’re moving down onto this lower tier should actually be kept by the organisation it’s important to understand that there are requirements to occasionally delete information and by continuing the amount of information that’s under a department’s remit if that continues to grow their ability to then know where their data is also challenged so you become more reliant on people’s memory of where things are rather than a clear policy of the business process, this is the workflow and this is the information that’s created from it my recommendation for any company that has that type if ILM system is it’s never going to be redundant it’s worth maintaining but reengage the business and say, this is the data that’s in care at the moment what should be here and evolve that system moving forwards so that it is correctly privatized, it isn’t in the big departmental bucket because there are different responsibilities within an organisation department and you can have and should have different document requirements to reflect that.

What is archive data?
Its important for IT departments to recognise what an archive is for it’s there to generate an image of a business at a particular point in time therefore many organisations that take a copy of the back up cycle out and put it in a safe for five years have missed the point because tying to store an image at that point in time is very complex you have to understand the application, you have to understand the data and where exactly it is and if you’re looking at unstructured data the person who created it may no longer be in the organisation so it’s important to go back and say why do I have an archive at that point you can go back and say ok, the image that I want is of this section of data if that can be independent of the application then you’re not tied down to maintaining old legacy systems you can actually view it in isolation for the auditors or regulators or whoever needs to see this, it’s an ongoing process but it isn’t a part of back ups it is it’s own separate process.

What is private data?
Data privacy is becoming more important as the IT world grows so it’s important to understand what constitutes private data. Private data is anything that can identify you as an individual so your surname on it’s own isn’t going to identify you but your surname with your address, your telephone number, credit card details, that type of thing is going to identify you and it’s going to put your information and who you are at risk. On top of that you’re going to have sensitive private data so information that would cause adverse distress if it was used inappropriately and by that sensitive information includes sexual orientation, your health, political or religious believes so all of these things need to be protected managed within an organisation but again it’s not in IT’s responsibility to manage the data protection it is a business process of which they are a part of.

What regulations apply to data?
There are potentially thousands of rules and regulations that apply to the data within your organisation which is why its key to engage with an industry specialist to understand the nuances in each individual industry. However some of the more common ones like the data protection act in the UK and the tax laws there are industry regulations such as MIFED or barzil two in the banking industry MOPE in the police PCIDSS which is the protection of credit card information in the retail sector so there’s lots of regulations so it’s important not to get stuck on one because your business unit you’re supporting will have a very good idea of what it’s roles and responsibilities are so engage with them and talk to them to find out what rules apply and if they don’t know it needs to be raised with your risk manager within your organisation because they definitely need an understanding of it because they’re managing your system within an industry and failure within an industry can lead to very bad press and often the ending of your business within that industry.

What are the principles of the Data Protection Act?
The data protection act is the UK’s implantation of EU law around the privacy of an individuals information so the most current information is available from information commissioners office however there are eight principles that guide your usage and retention of information and private information, is it lawful is first, is it for a purpose that is clearly deifned and understood by the end user, is it current, is it accurate, is it retained within the EU or are you shipping that data out to an organisation that may not have the same standards as the EU in which case you’ve got to be very clear on what the information is and how it’s being passed out making sure it’s only for the purpose and it’s recognised by the individual for the purpose by which it was given so if you’re providing information for a sale you understand how that’s being used if that system is then cloned and put into a test and development system and the end user isn’t really aware that that’s the purpose for him providing you with the information and also with outsourcing of test and development to off country then you run a real risk of exposing yourself to he data protection act because you’re retaining the private information within that clone but it no longer has the same restrictions and very often it is not secured adequately to the same level that your production system s and there’s real risk there of data loss and exposure to fines.

How do I privatise data and when do I use it?
With any data sharing it’s important to understand why that data is being shared, so with the correct information assets management policy you know that by passing the information onto another organisation the reason you’re doing that so by understanding why you’re doing that you can also then look at the document and say actually is this adequate for the purpose that we’re sharing or is there more information than I really need to share at that point you say to I redact the data if it’s a document so white out the relevant pieces of information that they may not need access to, if it’s a database then privatizing the information that basically ammonizes the individual still has the context of the database, they’re still able to test and do the development on that but it’s no longer going to identify any of the individuals and therefore it is private. So first of all you need to establish the reason then establish whether they need to see it in its original format if they don’t and then there’s a real value in ammonizing it. How you anatomize it is then a challenge if you encrypt the data so it’s scrabbled information very often in test and development you find that users concentrate on the scrabbled data as an error rather than focusing on the functionality that’s being built in so data ammonization and data privatization techniques that act at the record level keep consistency across the system as you present it out improves the user experience and actually makes testing more effective and you’re no longer worried about the privacy issues that it entails.

How do I determine the true cost of a growing data footprint?

Disk is cheap, it’s continuously said the cost of disk is coming down year after year however, with the growth of storage going up actually we’re on a pretty level field at the moment and we’re looking at issues around the growth of data isn’t in your storage footprint it’s in your ability to process that information so if it’s in a database then your growth storage footprint you’re probably processing the same amount of transactions you were a few years ago, hopefully your business has grown and you’ve got a few more there but generally speaking it’s about the same but in that data you’ve got a bunch of historic transactions that actually no one looks at anymore but in order for your application to work you have this bottle neck but in order for your application to work you have this bottleneck that the application needs to trawl through this table get the relevant information and that generates a lag in the system and that lag can identify itself as slow user response and to overcome that you end up putting more processes on the floor to drive the application but putting more application process on the floor you increase your database licensing costs and you increase your energy costs so it’s not just disk that’s costing you it’s the whole part of the infrastructure. By removing data from systems that have historic data only you can revitalize systems and make them improve performance so recognising that those costs exist and the knock on effect of a growing storage footprint is important for unstructured data the cost is less well clear because they’re small pieces of information, a small file here and small file there but when you end up with a thousand spread sheets per user that’s not good management you struggle to find the right information so your user is going to be less efficient at their job you may need to hire more people to have the same effect so a growing storage footprint is probably an indication that your management of your information through your organisation isn’t controlled so your storage aspect will be one cost, storage imprint, back up take, things like that but your business process should also be a concern to you if you have a growth issue.

How do I change information management practice?
The key thing to remember as an IT department assisting an organisation to change it’s information management policy you have to make the end user experience effectively easier it’s got to be not harder than before and preferably you’ll improve the experience for them and remove pain points from their process for example currently a lot of information shared by email has a lot of risk entailed because you have multiple copies you no longer have the single version multiple updates take place and you have the security risk of who has control of this document to the end point security is an issue, but at the moment email is an easy way to share information so by clicking on a document and adding it with a number of users that you wish to share that with its don’t and dusted and you’ve pushed it out to the organisation so how do you share information effectively and take away that policy problem, so one way would be to set up a team room or something like that where you end up controlling the document from a single point where everyone there can view that and this is going to become more critical as web 2.0 and collaboration improve and users expect to be able to get to information more rapidly, if it’s spread out throughout an organisation they are going to have issues so pull it back in and improve their experience and they’ll join you on your journey to improve their information management policies.

How do I generate an information map?
The first thing to realize is that this is not likely to be an automated process, whist there are tools that may assist you with the classification of information and the searching of information the understanding of a business process if it’s not already mapped out is a one to one experience with the department so I’d recommend getting some sticky notes and literally just mapping it out, who creates the information, who’s responsible for it, how does it flow between departments, what’s included in that and you get a very clear understanding that a lot of organisations take information out of spread sheets, they put them into word documents that are then processed into PDF and then stored especially if you’ve got three copies of the same piece of information. So by understanding that you can see what’s the critical piece that you need for archiving, you don’t need the spread sheet, you don’t need the word document the output is the piece and by putting the sticky notes around you can follow that through and you can also assist because IT departments have a very good understanding of the technology that’s available such as classification of the information so you may be able to add real value to an organisation, information comes in as a scan or an email and then there’s a manual process that they have to go through, there’s an automated process that IT could bring to that remove a level of information creation remove cost from the business improve it’s efficiency and then you move onto the next piece so it’s a case of generating the map, putting them on the walls follow it through and question.