Records and information management getting it right from the start

What is Information Lifecycle Management

Like any commodity, information has a natural lifecycle from when it is created or acquired, through its use and management, and ultimately to when its value is so diminished that it should be destroyed.

In a nutshell, information lifecycle management (ILM) is all about what you should be doing at each step of this process — making the right decisions to keep the right information in the right place for the right amount of time.

The ultimate goal of ILM is to help you craft a plan for classifying and retaining content. This plan helps determine how information is managed, stored, retrieved and maintained and governs disposition and destruction or permanent retention. The plan will help you meet the goal of getting the greatest value, at the lowest cost, all while meeting legal and regulatory obligations and operational needs.

Adopting ILM principles in your business will help ensure that information is accessible, protected and put to good use, and that information with little or no value is safely and defensively destroyed.

This graphic provides a simplified view of ILM showing its four stages — create, use, store, destroy — as well as the key steps/impacts this has for the following:

• Applying a risk/value metric
• Classifying and retaining content
• Workflows and processes
• Digitisation
• Data access
• Business continuity and sustainability

Applying a risk/value metric

The challenges of managing information are different depending on the industry in which the company operates and whether it's publicly traded or privately owned. A financial services company has different needs and legal requirements than a construction company or a retailer.

But while the challenges are different, all companies share this reality: nearly every business today is managing more information than ever before. And the amount is increasing at a much faster rate than even the boldest predictions.

You’re probably devoting more office space to storing records, buying more hard drives (and perhaps worrying if they might fail) and/or signing up for growing amounts of cloud storage.

Having the right amount of storage space is the most common metric businesses apply when thinking about information management. But it shouldn’t be the only one. You also need to factor in value and risk, which includes:

• The value of the information you are holding
• The risk you incur by doing so (or not doing so)

That value/risk evaluation is at the core of the ILM approach. Not all information has the same value:

• Some information is so essential to your business that if it was suddenly lost or became unavailable, you might not be able to function. This may include information related to accounting, orders and inventory, personnel, payroll, customers and business licenses.
• Some information has value because when compared over time it provides important insights. For example, information from invoices can help organisations identify projects that were the most profitable at the end of each year.
• Some information has value because someone outside the organisation believes it has value, such as regulatory agencies, the IRS and lending institutions and investors.
• Records that contain personally identifiable information (PII) are an example of information that if not handled correctly could lead to fines, costly litigation and brand damage.

ILM provides you with a framework for classifying your information — to define the value of retaining it and the risks associated with both storing and/or disposing of it prematurely or incorrectly.

Assigning risk and value to information essentially comes down to a records audit. Look at the records you maintain — accounting, corporate documents, customer records, personnel files, tax records and so on — and ask the following questions:

What’s the value of maintaining all of this information?

• Is it essential to running your business?
• Do you need it for customer service?
• Do you need it for tax, regulatory or legal compliance?