Commit to information lifecycle management to bolster compliance

Blogs and Articles

Information Lifecycle Management (ILM) recognises that the value of information changes over time and that this shift affects how it is best managed. The benefits of this approach are significant and include improved access to records, cost savings and improved workflow efficiencies. Importantly ILM also delivers consistent and tighter compliance across all media and devices, even when a record changes custodians, is put in a box or moved to tape media.

2 September 20217 mins
Two people looking at laptop
Information Lifecycle Management (ILM) recognises that the value of information changes over time and that this shift affects how it is best managed. The benefits of this approach are significant and include improved access to records, cost savings and improved workflow efficiencies. Importantly ILM also delivers consistent and tighter compliance across all media and devices, even when a record changes custodians, is put in a box or moved to tape media.

This information management practice manages compliance and mitigates the financial and reputation risk associated with issues such as failed audits or inadvertent disclosures of sensitive information.

While many organisations expect to adopt ILM, some fundamental issues challenge implementation.

Human error accounts for more than 60% of financial losses from accidental breaches (PwC Report*). When it comes to information compliance, your people are the first line of defence. The traditional organisational model where IT owns the systems and a separate records and information management (RIM) team deals with the information and records, can compromise this defence. It can create many “accountability” black holes, an issue whenever compliance is a major concern. For an ILM program to be successful all stakeholders need to be working together to achieve common goals.

The required cross-business co-operation and transparency is not going to happen without strong executive sponsorship. This is where an investment in compliance training pays enormous dividends. Well-trained people at all levels of the organisation who promote compliance and security best practice will mobilise the ILM initiative. If senior leaders commit to managing information securely, others will follow.

Compliance training can also encourage security-friendly behaviours in daily routines. Small but simple changes such as clear desk policies, secure offsite records storage, an auditable chain-of-custody, communication programs and data sharing beyond IT, can make a big difference.

The changing nature of records is another issue. Not too long ago paper records were the norm. Many retention and discovery processes do not acknowledge that this has changed dramatically. Electronic information now drives most business activities and information lies on PCs, servers, backup tapes, mobile devices, USBs and more.

An information audit is the first step to ILM. It determines what information exists where. It can clearly define both paper and digital formats and define what to keep and for how long. It will drive changes to policies and procedures to manage information securely from creation to destruction. Importantly, ILM embraces the understanding that policies and processes will be routinely updated to ensure ongoing compliance in the ever-evolving regulatory landscape.