Archive

Posts Tagged ‘BPM’

IOS – A comet of Jurassic proportions

Every so often, an idea comes along that stops you in your tracks.

Innovation is happening at the speed of light all around us but most of of the time it consists only of incremental, evolutionary thinking, which takes us a little bit further in the same direction we were going all along. We have become fairly blazé about innovation.

And then you spot something that makes you sit up, pay attention, change direction, and re-think everything. I had one of these moments a few weeks back.

The name “EpyDoc” will probably mean nothing to most of you. Even looking at their existing website I would have dismissed it as a second or third-rate Document Management wannabe. Yet, EpyDoc is launching a new concept in April, that potentially re-defines the whole Data / Content / Information / Process Management industry, as we know it today. You know what happens when you mix comets and dinosaurs? It is that revolutionary.

I have lost track of the number of times over the years that I’ve moaned about the constraints that our current infrastructure is imposing on us:

  • The arbitrary segregation of structured and unstructured information [here]
  • The inherent synergy of Content and Process management [here]
  • The content granularity that stops at the file level [here]
  • The security models that protect the container rather than the information [here]
  • The lack of governance and lifecycle management of all information, not just records [here]
  • The impossibility of defining and predicting information value [here]

…etc. The list goes on. EpyDoc’s “Information Operating System” (a grand, but totally appropriate title), seeks to remove all of these barriers by re-thinking the way we manage information today. Not in small incremental steps, but in a giant leap.

Their approach is so fundamentally different, that I would not do it credit by trying to summarise it here. And if I’m honest, I am still discovering more details behind it. But if you are interested in having a taste on what the future of information management might look like in 5-10 years, I would urge you to read this 10-segment blog set which sets the scene, and let me know your thoughts.

And if, while you are reading through, you are, like me, sceptical about the applicability or commercial viability of this approach, I will leave you with a quote that I saw this morning on the tube:

“The horse is here to stay but the automobile is only a novelty – a fad”
(President of the Michigan Savings Bank, 1903)

 

P.S. Before my pedant friends start correcting me: I know that dinosaurs became extinct at the end of the Cretaceous period, not the Jurassic… 😉

3 steps to a Compliance Strategy – As valid now, as ever!

3Steps Compliance StrategySome of my old FileNet friends reading this article will smile… I realised today to my surprise, that it’s over 11 years ago that this simple concept was first articulated, and went on to form the basis of our compliance messaging, transitioned into IBM after the acquisition, and was presented in many conferences and briefings. The result of a quick brainstorm before a breakfast briefing for Bearingpoint, at an off-site annual kick-off session, the picture on the left is a scan from my original notebook where it first appeared, in January 2004. I have evidence of this still being included in presentations as late as 2011. In the world of PowerPoint slides, does that make it a classic?

Now, it may be an old message, but it is as valid today as it ever was. And since I’ve never written about it in this blog I thought it was worth re-introducing it to a whole new audience.

What does a company need to do, to be compliant?

There are three very fundamental and very explicit stages for an organisation to achieve a “compliant” status. These apply equally to every vertical industry, be it Banking, Insurance, Telco, Retail, Pharmaceutical, etc. And they also apply equally, if “compliance” refers to regulatory compliance in a Nuclear plant, financial compliance, or Health & Safety at a local school.

Step 1 – The Present: Become compliant

What do you need to do today, to comply with the rules and meet the regulations? What changes in procedure, what risk controls, what equipment checks, what training? This stage includes designing and implementing everything that a company needs to put in place, to be able to certify that today, it is compliant with each regulation the law currently subjects it to. Implementing this stage requires the company to (a) identify and understand which regulations are relevant and what they are expecting (b) identify possible areas and processes where the company is at a risk of not compliant with the regulations, and (c) implementing any changes necessary to remove those compliance risks.

Step 2 – The Future: Remain compliant

This is the part that is often forgotten, and ends up costing organisations millions in fines: Looking at the future. Becoming compliant is not enough, it’s just the first step. As an organisation, you need to ensure that compliance is sustained consistently in the future. That every system, every procedure and every employee remains within the controls and guidelines specified by the legal regulations or the company policies. At a manual level, this involves regular training for employees and regular testing of all the various controls and devices implemented in Step 2. The best way to implement Step 2 however, is automation. Putting in place systems and processes that not only monitor the company’s compliance, but that enforce it. The less a company relies on individual employees to maintain compliance the less likely it is to fall foul of compliance breaches through human error. Automation reduces training requirements, reduces management overheads, and it reduces wasting operational cycles for testing and reporting.

Step 3 – The Past: Demonstrate compliance

The final part of the process is looking at compliance retrospectively: Are you able to go back to a specific point in time, and demonstrate to a regulator, and auditor, or even a customer, that you operated compliantly. Are you able to shoe what decisions were made, what policies were in force, who made the decisions and what information they had available to them to support that decision? This is all about Records Management and audit trails. It’s about maintaining evidence of your compliance that is complete, accurate and irrefutable. Preparing for that retrospective compliance review in the future, should be a core part of the design of any compliance system implemented today.

So the meme Become – Remain – Demonstrate (or even “AchieveSustain – Prove”, as the alternative version that our U.S. marketing folk seemed to favour) summarises the three key steps that you need to remember about structuring a compliance programme. If you are faced with a new regulation, new management, or even a new mandate to create or replace IT systems for compliance, use these three steps to validate if your compliance strategy is complete or not.

ECM is dead. Long live ECM…

December 2, 2013 7 comments

It’s Autumn. The trees are losing their leaves, the nights are getting longer, it’s getting cold and grey and generally miserable. It’s also the time for the annual lament of the Enterprise Content Management industry and ECM… the name that refuses to die!

At least once a year, ECM industry pundits go all depressed and introspect and predict, once again, that our industry is too wide, too narrow, too complex, too simplified, too diverse or too boring and dying or not dying or dead and buried. Once again this year, Laurence Hart (aka Pie), Marko Sillanpää, Daniel Antion, John Mancini and, undoubtedly, several other esteemed colleagues, with a collective experience of several hundred years of ECM on their backs, will try (and fail) to reconcile and rationalize the semantics of one of the most diverse sectors in the software industry.

You will find many interesting points and universal truths about ECM if you follow the links to these articles above. Some I agree with wholeheartedly, some I would take with a pinch of salt.

But let me assure you, concerned reader, that the ECM industry is not going anywhere, the name will not change and we will again be lamenting its demise, next Autumn!

There is a fundamental reason why this industry is so robust and so perplexing: This is not a single industry, or even a single coherent portfolio of products. It’s a complex amalgamation of technologies that co-exist and complement each other, with the only common denominator being an affinity for managing “stuff” that does not fit in a traditional relational database. And every time one of these technologies grows out of favour, another new discipline joins the fold: Documents and emails and archives and repositories and processes and cases and records and images and retention and search and analytics and ETL and media and social and collaboration and folksonomies and cloud, and, and, and… The list, and its history, is long. The reason this whole hotchpotch will continue to be called Enterprise Content Management, is that we don’t have a better collective noun that even vaguely begins to describe what these functions do for the business. And finally, more and more of the market (you know, the real people out there, not us ECM petrolheads…) are starting to recognise the term, however vague, inappropriate and irrational it may be to the purists among us.

And there is one more reason: Content Management is not a technology, it’s an operational discipline. Organisations will manage content with or without ECM products. It’s just faster, cheaper and more consistent if they use tools.

As I said, if you have an academic interest in this ECM industry, the articles above are definitely worth reading. For my part, I would like to add one more thought into that mix:

The word “Enterprise” in “ECM” has been the source of much debate. And whilst I agree with Laurence that originally some of the vendors attempted to promote the idea of a single centralised ECM repository for the whole enterprise, that idea was quickly abandoned in the early ’00s as generally a bad idea. Anyone who has tried to deploy this approach in a real world environment, can give you a dozen reasons why it’s really, really a very naïve idea.

Nevertheless, Content Management has always been, and will always be “Enterprise”, in the sense that it very rarely works as a simple departmental solution. There is very little value in doing that, especially when you combine it with process management, which adds the most value when crossing inter-departmental boundaries. It is also “Enterprise” in the sense that as a platform it can support both vertical and horizontal applications across most parts of an organisation. Finally, there are certain applications of ECM, that can only be deployed as “Enterprise” tools: It would be madness to design Records Management, eMail archiving, eDiscovery or Social collaboration solutions, on a department by department basis. There is no point!

That’s why, in my opinion at least, the term ECM will live for a long time yet… Long Live ECM!

A clouded view of Records and Auto-Classification

When you see Lawrence Hart (@piewords), Christian Walker (@chris_p_walker) and Cheryl McKinnon (@CherylMcKinnon) involved in a debate on Records Management, you know it’s time to pay attention! 🙂

This morning, I was reading Lawrence’s blog titled “Does Records Management Give Content Management a Bad Name?”, which picks on one of the points in Cheryl’s article “It’s a Digital-First World: Five Trends Reshaping Records Management As You Know It”, with some very insightful comments added by Christian.  I started leaving a comment under Lawrence’s blog (which I will still do, pointing back to this) but there are too many points I wanted to add to the debate and it was becoming too long…

So, here is my take:

First of all, I want to move away from the myth that RM is a single requirement. Organisations look to RM tools as the digital equivalent to a Swiss Army Knife, to address multiple requirements:

  • Classification – Often, the RM repository is the only definitive Information Management taxonomy managed by the organisation. Ironically, it mostly reflects the taxonomy needed by retention management, not by the operational side of the business. Trying to design a taxonomy that serves both masters, leads to the huge granularity issues that Lawrence refers to.
  • Declaration – A conscious decision to determine what is a business record and what is not. This is where both the workflow integration and the auto-classification have a role to play, and where in an ideal world we should try to remove the onus of that decision from the hands of the end-user. More on that point later…
  • Retention management – This is the information governance side of the house. The need to preserve the records for the duration that they must legally be retained, move them to the most cost-effective storage medium based on their business value, and actively dispose of them when there is no regulatory or legal reason to retain them any longer.
  • Security & auditability – RM systems are expected to be a “safe pair of hands”. In the old world of paper records management, once you entrusted your important and valuable documents to the records department, you knew that they were safe. They would be preserved and looked after until you ask for them. Digital RM is no different: It needs to provide a safe-haven for important information, guaranteeing its integrity, security, authenticity and availability. Supported by a full audit trail that can withstand legal scrutiny.

Auto-categorisation or auto-classification, relates to both the first and the second of these requirements: Classification (using linguistic, lexical and semantical analysis to identify what type of document it is, and where it should fit into the taxonomy) and Declaration (deciding if this is a business document worthy of declaration as a record). Auto-classification is not new, it’s been available both as a standalone product  and integrated within email and records capture systems for several years. But its adoption has been slow, not for technological reasons, but because culturally both compliance and legal departments are reluctant to accept that a machine can be good enough to be allowed to make this type of decisions. And even thought numerous studies have proven that machine-based classification can be far more accurate and consistent than a room full of paralegals reading each document, it will take a while before the cultural barriers are lifted. Ironically, much of the recent resurgence and acceptance of auto-classification is coming from the legal field itself, where the “assisted review” or “predictive coding” (just a form of auto-classification to you and me) wars between eDiscovery vendors, have brought the technology to the fore, with judges finally endorsing its credibility [Magistrate Judge Peck in Moore v. Publicis Groupe & MSL Group, 287 F.R.D. 182 (S.D.N.Y.2012), approving use of predictive coding in a case involving over 3 million e-mails.].

The point that Christian Walker is making in his comments however is very important: Auto-classification can help but it is not the only, or even the primary, mechanism available for Auto-Declaration. They are not the same thing. To take the records declaration process away from the end-user, requires more than understanding the type of document and its place in a hierarchical taxonomy. It needs the business context around the document, and that comes from the process. A simple example to illustrate this would be a document with a pricing quotation. Auto-classification can identify what it is, but not if it has been sent to a client or formed part of a contract negotiation. It’s that latter contextual fact that makes it a business record. Auto-Declaration from within a line-of-business application, or a process management system is easy: You already know what the document is (whether it has been received externally, or created as part of the process), you know who it relates to (client id, case, process) and you know what stage in its lifecycle it is at (draft, approved, negotiated, signed, etc.). These give enough definitive context to be able to accurately identify and declare a record, without the need to involve the users or resort to auto-classification or any other heuristic decision. That’s assuming, of course, that there is an integration between the LoB/process and the RM system, to allow that declaration to take place automatically.

The next point I want to pick up is the issue of Cloud. I think cloud is a red herring to this conversation. Cloud should be an architecture/infrastructure and procurement/licensing decision, not a functional one. Most large ECM/RM vendors can offer similar functionality hosted on- and off-premises, and offer SaaS payment terms rather than perpetual licensing. The cloud conversation around RM however, comes to its own sticky mess where you start looking at guaranteeing location-specific storage (critical issue for a lot of European data protection and privacy regulation) and when you start looking at the integration between on-premise and off-premise systems (as in the examples of auto-declaration above). I don’t believe that auto-classification is a significant factor in the cloud decision making process.

Finally, I wanted to bring another element to this discussion. There is another RM disruptive trend that is not explicit in Cheryl’s article (but it fits under point #1) and it addresses the third RM requirement above: “In-place” Retention Management. If you extract the retention schedule management from the RM tool and architect it at a higher logical level, then retention and disposition can be orchestrated across multiple RM repositories, applications, collaboration environments and even file systems, without the need to relocate the content into a dedicated traditional RM environment. It’s early days (and probably a step too far, culturally, for most RM practitioners) but the huge volumes of currently unmanaged information are becoming a key driver for this approach. We had some interesting discussions at the IRMS conference this year (triggered partly because of IBM’s recent acquisition of StoredIQ, into their Information Lifecycle Governance portfolio) and James Lappin (@JamesLappin) covered the concept in his recent blog here: The Mechanics on Manage-In-Place Records Management Tools. Well worth a read…

So to summarise my points: RM is a composite requirement; Auto-Categorisation is useful and is starting to become legitimate. But even though it can participate, it should not be confused with Auto-Declaration of records;  “Cloud” is not a functional decision, it’s an architectural and commercial one.

Tweet Jam Tarts – Revisited…

(c) dadcando.com

Last Thursday I participated in another exciting ECM Tweetjam (if you don’t know what a Tweetjam is read it here) organised by @bduhon (long suffering editor of AIIM’s publications and curator of @AIIMCommunity). I had missed the announcements, but stumbled upon a tweet message from a friend, just in time, so I jumped in.

The usual suspects participated in the discussion. Virtually all vocal participants were from the vendor community, but that is not surprising given AIIM’s make up as an organisation. Also not surprising, since the people who have opinions to share on ECM tend to be the ones that have been around this industry for a while and have seen the good, the bad and the extremely ugly (I’m talking about ECM projects here, before anyone gets offended!)

Even though you can use any twitter client to participate in a tweetjam, TweetChat was the preferred tool of the day. It just keeps everything focused and flowing but even with the best tool for the job, it’s difficult to keep up. At the peak of the discussion there were between 5-10 tweets in every 5-second refresh cycle. No chance of reading all of them, never mind responding. Bryant did his best to streamline the flow by numbering the questions but, inevitably, the limitation of 140 characters and the multiple threads of conversations/retweets/comments on each question meant that it was fairly chaotic at times. That’s not a bad thing in a tweetjam! It shows that the participants are passionate about the topic and that it’s not scripted. I’ve been in other tweetjams before, where it was obvious that the only participants were marketers with a very specific message to convey. Those tweetjams are boring!

For those interested in stats: In an hour – 977 tweets, 82 twitterers, potentially reaching 42,500 people…

It’s worth remembering though, that for every person active in a tweetjam conversation, there are several others that just listen in, monitoring the hashtag and looking for pearls of wisdom. And there were several in the session.

So, what ECM pearls did we pick up in the Jam? Here are some…

  • The never-ending saga of “is ECM the right name for what we do?” continues
  • BPM is a fundamental part of ECM, as confirmed again by OpenText acquisition
  • ECM is relevant to small organisations as much as it is to large ones
  • SharePoint is here and offers basic ECM, if implemented correctly, but there are some ‘evil’ implementations out there.
  • Operational efficiency is “sexy”… According to some at least.
  • Some of us are too old and have been in ECM for far too long…

You can read Bryant’s more detailed blog about the #ecmjam here, but I must say it was fun!

OMG! ECM is OCD for LOB!

We are obsessed! It dawned on me the other day, when I was trying to write up a requirements questionnaire for a client who is implementing an archiving system.

When I say “we”, I mean the ECM professionals. You need to have a good deal of OCD (Obsessive Compulsive Disorder) to be in the ECM business. Whether we are records managers, archivists, consultants, document managers or process designers.

We love things being neat. We love organising information. We obsess about making sure that everything is captured and has a place to go. We love our folders and hierarchies and fileplans. We put labels on everything: We tag and categorise, and add metadata. And then we make lists, and lists of lists, to be able to find stuff. We need rules to abide by, and ideally we like to make the rules ourselves. And we like things that repeat and work the same way every time. We want to know who is who and we are paranoid about security, in case someone sees something they shouldn’t. We need things to be predictable and under control and we don’t like exceptions.

Doesn’t that sound like OCD to you? Come on, admit it. I dare you to try and convince me otherwise…

Now, is that a bad thing? No, not necessarily. The business and to a certain degree the law, needs this kind of rigour and precision. Vast amounts of information would be forever lost at the bottom of the sock drawer, if we didn’t organise things properly. Decisions would take a lot longer and any kind of auditability and transparency would be questionable. The get-on-your-bike-and-see-where-it-takes-you approach does not work in business. Correct? Well, maybe…

ECM is on a collision course. The world of tight controls and neat labels fundamentally contradicts the free Enterprise 2.0 spirit of collaboration and social media. Blogs, wikis, Twitter and Googlewave are there to allow everyone to jump in and do their bit. In real-time. There are very few imposed rules. The blending of personal opinion and work interaction is encouraged. Traditional barriers and organisational structures (from the department to the whole corporation or even across industries) are torn down in favour of exchanging ideas and learning from each other. We don’t have to preserve everything. It’s OK for information to end up in a heap, where analytics can find insights that traditional ECM discipline couldn’t. It’s OK for large communities of common interest – very much like Open Source software – to contribute, correct, expand and share knowledge for the benefit of the common good. It’s OK to have ad-hoc processes that define themselves reactively, based on contextual priorities instead of prescribed recipe.

All of this seemingly anarchic chaos, is revolutionising information management and knowledge sharing. But it has also created a lot of anxiety for most of us OCD types, who still think in terms of folders and hierarchies, and metadata and labels and disposition dates. Will there be a new generation of “free-style” ECM to cater for this? Will we end up with two Information management disciplines – “tightly managed” and “freeflow”? Will the legal and regulatory systems move with the times or shut their eyes pretending the change is not happening? Only time will tell…

But next time you are thinking of architecting an ECM environment, don’t assume that your neat little boxes and clearly labelled compartments will be there forever. They will not!

BPM and ECM: The war that never was!

Today I read a very well written and entertaining post from Adam Deane, titled “BPM and ECM – The War Begins”

Unfortunately it’s the “Dad’s Army” (aka the vendors…) view of the war. In the real world (Line-of-business) ECM and BPM have made peace years ago and for the last 20 years there have been very few ECM implementations without process elements, and vice-verse, very few BPM implementations that don’t involve documents, forms, images, or other forms of interaction with the knowledge workers and the customers. The only “pure-play” BPM solutions that don’t involve elements of ECM are straight-through-processing and application integration projects.

The “war” Adam is describing is a SuperMarket war:  Inevitably you need to eat both protein and fruit… Will you buy your ECM and BPM rations from IBM, Oracle, EMC, Microsoft, your local FairTrade Co-op (is that Alfresco?) Or will you support the local economy by shopping at the smaller local pure-play traders buying separately from the butcher’s, the baker’s and the greengrocer’s?

As a consumer, it’s always good to have a choice! 🙂

George

%d bloggers like this: