October 7, 2016

10 Questions to Ask Before Buying an Information Governance Solution

4 minute read

Being tasked with putting together a plan for any type of information governance solution for your organization, whether addressing privacy, records management, eDiscovery or another concern can seem daunting. We understand the time it takes to search the internet, go to trade shows and comb through vendor marketing collateral. What really matters is the questions you need to ask after the proposals have been submitted and demonstrations completed. And, the answers should be clear, concise and compelling. Below are 10 answer to some of the all-important questions.

1. How does the solution manage information in varying locations (e.g. file shares, SharePoint, Email)?

Managing information thoroughly seems so logical, but it is one of the most commonly overlooked aspects of information governance or records management. Below are three primary approaches that vendors take:

  1. manage information in place utilizing current systems
  2. migrate information to one system that also serves as the management software
  3. migrate information to one system and use third party software to manage it.

A is an appealing approach because it is extremely flexible and can fit into nearly all future environments, systems and upgrades. Plus, it often is associated with higher user adoption because users continue with their current processes and retention/disposition is automated behind the scenes.

B often requires significant design, implementation and cost. Similarly, it often leaves information that resides outside the central repository unmanaged.

C is a similar approach to B, but it can potentially leverage current technology. Still, it has the shortcomings of requiring storage in specific locations and leaves other information unmanaged.

2. Are data migrations, upgrades or changes in the systems required now or in the near future?

It is important to understand what is required in terms of moving information from one location to another. The migration process can consume extensive time, cost and risk.

Further, when a system is upgraded, some software vendors need to adjust the file plan accordingly so it can be applied to records.

3. How does the solution account for litigation holds?

Clearly, there needs to be a mechanism to place information on hold. However, once the initial hold is created, it is vital that the solution automatically adds newly created information to an existing hold(s).

4. How does the solution affect end user processes?

An information governance solution is only as good as the adoption rate. End user adoption is directly affected by system changes, cumbersome processes and confusing instructions. Fully understand the process end users will need to adopt. New technology and/or processes may be needed. Yet, the new technology should not drive the new process. The new technology should complement the process.

5. Can the solution control access to sensitive information?

Increasingly important is the ability to govern access to sensitive information. The solution should be able to regulate access, identify locations, automatically protect and dispose of sensitive information appropriately.

6. Can records be locked, remaining immutable until disposition?

Some records should be kept unchanged during their lifecycle. Understand if this functionality exists and if information needs to be moved to a specific location to accomplish this goal.

7. What does the solution cost in total?

Obviously the solution has to fit into budgets. Take the time to understand the total cost of a solution. The total cost of ownership (TCO) could include software, hardware, third party systems, services (installation, configuration, assessments and migrations). When comparing multiple solutions, TCO can be tough to compare. Dig the vendors for true and total cost of their information governance solution.

8. Does the solution integrate with my other business systems?

Don’t ignore your other systems when designing your information governance practice. Each of these system is not only a potential location for redundant, obsolete and trivial information (ROT), they could also be the key to triggering the right actions to determine security, privacy or retention policies.

9. What is the time and resource commitment to implement, support, maintain and upgrade?

The time spent on designing, implementing and maintaining a records management solution is time away from other areas. With that in mind, fully understand how a new solution impacts time commitment.

Time is money. Not only does the time commitment equal opportunity cost, it can equal actual hard, quantifiable dollars when being charged by a vendor. Know what to expect before committing to an overly complicated project.

10. Does the solution create custom reports, audit trails and defensible disposition documentation?

A solution with plenty of customization options can be handy because future reporting needs may change and it is difficult to know how. Regulations may alter the way you want to track or execute records management and disposition. If called into question, the assurance of sound documentation outlining the retention/disposition process can be critical.

Receive News Updates As Soon As They Happen