A Message from President Gene Stakhov, CRM, CDIA+
Fellow Chapter Members and Friends,
As I head into the home stretch of my final term as President of ARMA Metro NYC, I can’t help but reflect on the challenges we’ve met, the changes we’ve endured and the lessons we’ve learned - as a chapter, an association, and an industry.
I’ve written and spoken before about how I see us living in times of renaissance; about how I believe we are compelled to be creative, flexible and forward-thinking in our approach to Information Governance; about how we have a solemn responsibility to get it right.
I believe our flagship annual conference, reinvented and rebranded in 2020 as CONFIRM.NYC, hits all these marks in the areas of educational focus, speaker and partnership caliber. From robotics and artificial intelligence to case law, to the economic valuation of information, we have covered the key areas that are shaped by the confluence of ideas that make this such an exciting time to be involved in the field of Information Governance.
As one of the largest chapters of ARMA International, ARMA Metro NYC’s vision is to be the leading ARMA chapter, regional authority and best resource for information management and governance professionals in the Metropolitan New York City area. We intend to realize this vision by continuing to build out CONFIRM.NYC to its fullest potential as a world-class event.
CONFIRM.NYC - and in fact, the Chapter itself - exists and stays operational because of the incredible efforts of our all-volunteer Board of Directors, committee and task force members. It truly takes a village to run an association chapter of this size. I would like to recognizing the work of my friends and colleagues in helping me see us through a turbulent climate. I would also like to remind our members that Chapter elections are coming up, with key positions being decided. Volunteering affords you tremendous opportunities in professional development, networking and new friendships that you would simply not get an opportunity to experience otherwise. If you are interested in running for a Board of Directors position, please send a note to our Nominating/Elections Committee Chair, Mary Sherwin at email@example.com.
Issue 2 | Volume 51 | Winter 2020
Dedicated to providing RIM and IG Professionals with opportunities to advance their professional development
Inside This Issue
Chapter News Page 2
Professional Development Opportunities
Chapter Member Achievements
Featured Article: Managing Information Assets in a Complex IG World (Part 2) Page 3
Confirm.NYC Conference Page 5
Featured Video: CONFIRM.NYC Page 6
Board of Directors and Chapter Page 7
Welcome New Members!
Professional Development Opportunities
The Conference for Information and Records Management (CONFIRM.NYC)
Join your fellow records and information management professionals for a day of education, networking and vendor exhibits
NY Executive Center, NYC
Association of Certified E-Discovery Specialists (ACEDS)
Learn about E-Discovery developments from nationally recognized experts!
National e-Discovery Leadership Institute, Kansas City, MO
The 28th annual MER Conference is a 2-½ day immersive event focused on the LEGAL, TECHNICAL and OPERATIONAL aspects of Information Governance and management of electronic records in an ever-changing environment.
Chicago Marriott Downtown Magnificent Mile
For many information governance professionals faced with assessing and mitigating regulatory compliance risks, the first step is justifying the need to build new processes, purchasing tools, and hiring more people. Often, a senior sponsor is critical to socializing the need to design and implement a program for identifying and managing information assets.
Building the business case
Work with your sponsor to build a business case for improving information asset management that identifies risks, potential negative outcomes, and opportunities for the organization. Risks can be anything from general statements such as “we don’t know if GDPR or CCPA currently, or potentially, apply to us,” to very specific statements such as “we have personal information stored on 25,000 customers scattered across electronic information systems, email, and hard-copy.”
Once you identify the risks, build a plan that identifies the required resources, a proposed schedule, and expected outcomes to address the risks and opportunities presented by new regulations. The next step is to find the funding to execute your plan — regulation-specific funding available, or there may be tactical or strategic initiatives which you can tap into.
How to find information – People and machines
Identifying all the pieces of the puzzle requires a combination of human and computing resources.
Building the extended team
Successful information governance requires the combined effort of IG, IT and line of business users. Find individuals or groups within your organization that have current and historical knowledge of information assets, systems and processes, and add them to your team to capitalize on their knowledge and relationships. Build partnerships and hire consultants as needed to define the information asset inventory and the processes required to support it.
Putting technology to work
Once you have your team, put the computers to work. Working with IT, determine what your organization already knows about where information is stored, and what tools are currently used to gather and maintain that information.
You may find that information is gathered informally and/or irregularly through the use of tools with esoteric names like “PowerShell” or “Security and Compliance Center,” and maintained through the use of spreadsheets spread shared via email. Or you may find that there is a sophisticated information tracking apparatus managed and maintained by a change management group incorporating IT, lines of business, and back-office functions.
Whatever the case, identify what is currently tracked and how it is tracked, and identify the gaps between current practices and the requirements your organization must meet for regulatory compliance. Filling the gaps may require new tools, new processes, and new people (or new responsibilities for existing people).
The human perspective
From a process perspective, interviews and surveys are just as effective as they’ve always been at discovering information.In the case of today’s information environment, interview and survey questions and topics must cover a broad array of topics, from high-level discussion of business processes to detailed technical questions regarding email management, data structures, disaster recovery, data integration and transformation, data visualization and numerous other topics.
Capitalize on the knowledge and experience of your project team to understand and target your company’s specific information environment. Socialize your information gathering tools and processes to key stakeholders to refine them prior to performing large-scale interviews or surveys.
Making mountains into molehills (Part 2):
Managing information assets in a complex IG world
By Jeff Pierantozzi, InOutsource
Where to find information and how to map it
Information used to be written or printed on paper and placed in a manila folder in your file cabinet. It may still be there, but it also lives in a multitude of other places. To find it all, you’ll need understanding and insight from a cross-functional team with knowledge of business operations, information systems, physical and cyber security, recordkeeping, and other disciplines specific to your company and industry.
A systematic approach
To get things moving, consider starting with the most visible information and moving to successfully more niche data sources:
Highly visible information repositories
Big enterprise systems – Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Document management system, Records management, Learning management systems, Human Resources Information systems, Accounting systems, Large transactional systems
Communication systems – Email, video conferencing, instant messaging, web meetings
Collaboration systems - SharePoint, Slack, Trello
File storage systems - Desktops, laptops
Cloud-based storage – OneDrive, Google Drive, Box, DropBox
Less visible information repositories
Network storage – “shared drives”
Proprietary internal systems
Spreadsheets and Access databases
Vendor solutions tailored to specific workflow within department
Customized collaboration sites (e.g., SharePoint)
Hard-copy stored onsite
“Shadow” information repositories
Spreadsheets, documents, Access databases containing extracts from larger systems
Legacy email stored in offline files (e.g., PST files)
Company email stored in personal email accounts or on personal devices
Legacy applications maintained by departments “just-in-case”
Legacy information stored/archived to removable media
Niche/obscure information repositories
Transactional system, data integration, and other application logs
Backups / disaster recovery
Secure file sharing servers
Storage on remote access platforms used by third-parties and vendors
Change management / help desk ticketing systems
Hard-copy stored offsite
Storage on fax machines, copiers, multi-function devices, barcode scanners, and other devices
Physical access/badge/other logs
As you identify and gather data on information repositories, you will undoubtedly find that locating one repository may lead to a system owner or system custodian that identifies another one-off repository used for a once-a-year business process. This human component of the data gathering process should not be discounted or ignored, as it can be a keep component to finding information repositories that are all but invisible, but may pose a significant risk to information loss or misuse.
Profiling information repositories: More is better
Once you’ve located an information repository, understanding the information that it contains is the primary goal, but gathering as much data and context as possible should be a secondary goal. At a minimum, strive to understand where the repository is located (on-prem, cloud, hybrid), who manages the repository, the age of the repository, how information is added to, viewed, and removed from the repository, and who has access to the repository.The greater the context and metadata related to the repository equates to greater accuracy in assessing and mitigating the risk associated to the repository. If the repository is a single flash drive maintained by a lead engineer, the risk associated with the repository may be high, as flash drives can go missing easily. The context for handling that risk differs greatly if the flash drive contains proprietary schematics for your market-leading widget as opposed to pictures from the company picnic.
The information map: Here today, gone tomorrow — and how to keep up
Because of the speed with which information repositories are acquired, evolve and become obsolete, maintaining an information map requires a flexible system for storing metadata and contextual information on each repository, as well as specific tasks focused on maintain the information map within IT, business line, and IG business processes.
The system may be as simple website and database for tracking repository metadata, but should be flexible to allow adding new data points, and must also have strong access controls, as information repository metadata can be highly sensitive.
To maintain the system, individuals within business lines, IG, and IT should be tasked with updating the repository on a regular basis. These tasks may be embedded in larger, existing business processes, such as change management processes performed by IT or disposition reviews conducted by IG. Additionally, ongoing review and audit of the metadata for each repository should be performed to ensure that any changes are identified, assessed and managed appropriately.
Building and managing an information map of an organization’s information repositories is a complex and evolving challenge. It requires senior support, cooperation of numerous groups across the organization, and lots of sweat equity running down all of the places information is hiding in systems, devices and file cabinets. The reward for finding all of the information in your organization is to then find a way to keep your knowledge of your organization’s information assets up-to-date through new tools and tasks. The ultimate reward, however, is the ability to understand and manage information assets in a proactive fashion to maximize the value of information while minimizing the risk of information corruption, loss, or misuse.
About the Author
Jeff Pierantozzi, CRM, PMP, is an information governance and data analytics consultant at InOutsource, a consulting firm specializing in law firm information management. He has over 20 years of experience working with large consulting firms providing services to Fortune 500 companies in various industries including energy, transportation, media and hospitality, as well as government entities and investment organizations such as private equity firms and hedge funds. A frequent speaker on information governance topics, Jeff also serves as an adjunct professor of software engineering at Rowan University. Jeff has a B.S. in Computer Science from Drexel University.
Bill Saffady and John C. Montaña, J.D., FIIM, FAI
On the Benefits of Attending CONFIRM.NYC
Left to right, Gene Stakhov, CRM, CDIA+ (President); Glenn Fischer, IGP (Exec. Vice President); Mary Sherwin, CRM, IGP, CIPP-US (Immediate Past President), Jennifer Best, CRM (VP- Marketing and Social Media); David Smythe (VP- Professional Development)
Left to right, Rishi Maharaj (VP- Events & Special Projects); Andrew Corridore (VP- Membership); Stephen Cohen (VP- Information Technology); Alex Geroev (VP- Sponsorship); and Derick Arthur (VP- Treasurer). Unpictured:
ARMA Metro NYC Board of Directors
Jennie Catherine Dubin-Rhodin (Secretary)
exchange is a publication of the ARMA Metropolitan New York City Chapter, Inc. (ARMA Metro NYC), P.O. Box 740, Grand Central Station, New York, New York 10163. The publication provides a wide range of content. An annual digital subscription to exchange is included as a benefit of membership. Opinions and suggestions of the authors do not necessarily reflect the opinion or policy of ARMA Metro NYC or ARMA International. Additionally, acceptance of advertising does not constitute official endorsement of the product or service.
For more information about exchange, please contact Editor-in-Chief Jennifer A. Best at firstname.lastname@example.org.
About the ARMA Metro NYC Chapter
ARMA Metro NYC is a local Chapter of ARMA International, a not-for-profit community of professionals in the information management and information governance industry that provides educational resources and networking opportunities.
The Chapter supports its members through educational seminars, events, an annual educational conference, and its publication exchange. Its members are RIM and IG Professionals, as well as individuals who work in related fields, such as technology and law.