DOCUMENTmedia.com | fall.15
LET THERE BE GOVERNANCE
IS A SURVIVOR IN THE CUSTOMER ENGAGEMENT AGE
THE MATURITY OF VENDOR RISK MANAGEMENT
DRIVE INFORMATION SECURITY FROM AN
INFORMATION BY DIANE CARLISLE Page 20
volume 22 issue 3
Survivor 24 The Print in the world of smart customer engagement
By Terry Frazier
One Size Fits All 20 Not Drive information security from an information governance strategy By Diane Carlisle
05 What’s New 06 Masthead 08 Editor’s View 10 Contributors
Paperless Push: 12 The Setting Realistic
facebook.com/ DOCUMENTmedia twitter.com/ DOCUMENTmedia linkedin.com/ company/document-media
By Bob Larrivee
Expectations By Matt Swain
Analytics: 14 Predictive A Game-Changer for the Imaging Industry By Edward Crowley
The 16 E-Billing: Importance of
the People Said, 28 And “Let there be governance!”
By Richard Rosen
Don’t 18 Organizations Change; People
Do: The Key to Electronic Document Management By Joao Penha-Lopes
Maturity of Vendor 32 The Risk Management Organizations must accelerate their efforts By Rocco Grillo and Gary Roboff
Whatâ&#x20AC;&#x2122;s New Advancing the Future of Communications: 5 Trends From the Foundation Up
Miracle on Document Street: Solution Providers Need to Think About Collaboration and Integration
By Scott Draeger www.documentmedia.com/Main/articles/ Advancing-the-Future-of-Communications-5Trends-Fr-1666.aspx
By Paul Abdool www.documentmedia.com/Main/articles/ Miracle-on-Document-Street-SolutionProviders-Need-1670.aspx
Beyond Hammers and Nails: Software Is Now About What It Delivers in the Real World By Matt Mullen www.documentmedia.com/Main/articles/BeyondHammers-and-Nails-Software-Is-Now-AboutWha-1668.aspx
Why the Inefficiencies, Challenges and Risks of Using Shared Network Drives and Email for ECM Is Unacceptable
By George Dunn www.documentmedia.com/Main/articles/ Why-the-Inefficiencies-Challenges-andRisks-of-Usi-1669.aspx
Big Data and Digital Marketing: Itâ&#x20AC;&#x2122;s About the Business in the Engagement Age By Gerald Edwards www.documentmedia.com/Main/articles/ Big-Data-and-Digital-Marketing-Its-Aboutthe-Busin-1667.aspx
The Importance of Becoming a Digitally Mature Company By Nick Romano www.documentmedia.com/Main/articles/TheImportance-of-Becoming-a-Digitally-MatureComp-1664.aspx
The Importance of Building Collaborative Ecosystems By Dave Smith www.documentmedia.com/Main/articles/ The-Importance-of-Building-CollaborativeEcosystem-1665.aspx
Look for Enterprise Search, Analytics and These ECM Leaders for Your Transactional Content By Allison Lloyd www.documentmedia.com/Main/articles/ Look-for-Enterprise-Search-Analytics-andThese-ECM-1662.aspx
audience development manager marketing creative director
[ email@example.com ]
Diane Carlisle Edward Crowley Terry Frazier Rocco Grillo Bob Larrivee Joao Penha-Lopes Gary Roboff Richard Rosen Matt Swain Ken Waddell
[ firstname.lastname@example.org ] [ 608.442.5064 ]
DOCUMENT Strategy Media (ISSN 1081-4078) is published on a daily basis via its online portal and produces special print editions by RB Publishing Inc., 2901 International Lane, Madison, WI 53704-3128. All material in this magazine is copyrighted ÂŠ 2015 by RB Publishing Inc. All rights reserved. Nothing may be reproduced in whole or in part without written permission from the publisher. Any correspondence sent to DOCUMENT Strategy Media, RB Publishing Inc. or its staff becomes the property of RB Publishing Inc. The articles in this magazine represent the views of the authors and not those of RB Publishing Inc. or DOCUMENT Strategy Media. RB Publishing Inc. and/or DOCUMENT Strategy Media expressly disclaim any liability for the products or services sold or otherwise endorsed by advertisers or authors included in this magazine. SUBSCRIPTIONS: DOCUMENT Strategy Media is the essential publication for executives, directors and managers involved with enterprise document, content and information strategies. Free to qualified recipients; subscribe at www.documentmedia.com/subscribe. REPRINTS: For high-quality reprints, please contact our exclusive reprint provider, ReprintPros, 949-702-5390, www.ReprintPros.com.
Rachel Chapman [ email@example.com ]
Cierra Bauer Kelli Cooke
2901 International Drive Madison WI 53704-3128 p: 608-241-8777 f: 608-241-8666 email: firstname.lastname@example.org
MOST SOCIAL ARTICLES
MOST READ ON DOCUMENTMEDIA.COM How Digital and Personalization Spawned a New Era in Document Outsourcing www.documentmedia.com/Main/articles/How-Digital-andPersonalization-Spawned-a-New-Era-1631.aspx
MOST TWEETED Overcome Digital Disruption: Focus on People and Outcomes www.documentmedia.com/Main/contentlibrary/Overcome-Digital-Disruption-Focus-onPeople-and-Ou-1654.aspx
MOST READ ON FACEBOOK Print and Document Management: How Mature is Your Organization? www.documentmedia.com/Main/articles/Print-andDocument-Management-How-Mature-is-Your-O-1501.aspx
MOST READ ON LINKEDIN 9 Real-Life Obstacles to Electronic Document Management Implementation www.documentmedia.com/Main/articles/9RealLife-Obstacles-to-Electronic-DocumentManage-1658.aspx
IN A MIXED BAG OF PRIORITIES, CUSTOMER EXPERIENCE WILL GET YOU THE FURTHEST @DOCUMENTmedia
by Allison Lloyd
s you might have noticed, this issue represents the sometimes-contentious marriage of two worlds—print and digital. While they’re not necessarily the yin to each other’s yang, it seems, for now at least, they will have to live with each other. So, where does that leave you? Since 2008, organizations have settled into a cost-cutting approach, powering the push towards electronic adoption as never before. Evolving customer demands and disruptive technologies as well have left an impression on organizations that can’t keep up—business agility seems like a “do or die” proposition these days. Yet, is the market changing right before our eyes again, or is it that it has never been a one-option strategy? IDC reports that in their early projections of two industry segments, there is “significant growth in the number of companies producing most, or all, of their customer communications in print.” When I originally read IDC Research Director Terry Frazier’s report (see page 24), it made me raise my eyebrows. Now, make no mistake, your digital transformation strategies and your ability to change quickly in the face of disruptive technologies is a competitive differentiator. However, as Mr. Frazier points out, “Companies now appear more focused on giving the customer what he or she wants rather than simply cutting costs.” Therein lies the real takeaway. True and effective customer experiences and the relationships we maintain with our customers is not one size fits all—and neither should your strategy, no matter if it’s digital transformation, information governance or customer communications. Point in case, Matt Swain, a director for InfoTrends, reports (see page 12) that paperless adoption has stalled, but organizations continue to have aggressive adoption goals. Why is there such a gap in the reality of where we are and where organizations want to be? The fact is that we cannot approach the problem with the same strategy as if it’s “business as usual.” According to Mr. Swain, “Achieving significant growth in adoption rates for delivery of transactional communications will require transformative approaches to the business problem.” Yes, yes it will.
However, as we all know, some of the biggest hurdles to true transformation are culture and change management. Unless you are the chief executive officer reading this, pushing change upwards can be a losing battle. So, what can you do then? When you are thinking about your strategy or program, can you articulate exactly what the business impacts will be? One of the biggest questions I hear all the time is, “How can we get high-level sponsorship?” One of the most important things to think about is the company’s priorities. Think outside of your current strategy and really evaluate if you know whether your proposal meets a practical business objective. There are a lot of competing strategies within an organization, but the one that really targets the end goal is the one that will prove its worth. These days, it’s about the customer experience—it’s a proven fact that it is tied directly to your profit margins. I have talked about organizational alignment in the past, but what this boils down to is how you communicate across the stakeholders in the various departments and how you tie these elements to meet your customer experiences will be the launching pad for success. I always love to talk to my readers on how they are transforming, so reach out and let me know how you are approaching these strategies. Until next time,
Experience Graph Expo in Comfort and Unburden Yourself Jack Welch, former CEO of General Electric, once said, “An organization’s ability to learn, and translate that learning into action rapidly, is the ultimate competitive advantage.” This summer, Compart North America decided to take a step back and talk to our customers to learn what we could about what keeps them up at night: about their pain points, their needs and their wish lists. You guys have a tough job. We want to hear from you what will make your job easier. If we can do that and turn the knowledge into action, we know that we will do just fine. One of the key venues for this project is Graph Expo. We decided to go to Graph Expo this year without a prepared sales pitch, without canned demonstrations and without a dog and pony show to get attention. Instead we are providing a comfortable space that people in the industry could relax in and, if they want, tell us about their organization. So come to booth 554 and sit on our big couch and relax. If you want to talk, fine. If not, we won’t bother you. We have a big couch and big chairs and even foot massagers to soothe your tired feet. In this way, we hope to learn more about what is going on in the document and content output industry. The next phase will be to swiftly translate that learning into action. That is something we look forward to doing in the autumn and new year. If you want to stay up to date please look for us on LinkedIn, Twitter or Facebook. Early returns indicate that data conversion continues to be a trial for organizations, especially those that acquired or merged with other organizations and/or brought in new equipment or databases. Another culprit is poorly written data, especially written code that doesn’t conform to standards. Yet another has to do with PDF/UA, which is going to put a great deal of stress on some key verticals in the coming year. For those who are unaware, PDF “universal accessibility” is the idea that everyone should be equally able to independently access and use the information contained within a PDF document. This applies in particular to people with disabilities and those with other difficulties.
We will talk more about PDF/UA in the near future—check out my posts on LinkedIn. For now we are still learning. Come to booth 554 and experience Compart in Comfort. Talk to us. We won’t pitch you anything—we are still in the learning stage. We respect your perspective and want to hear it. We’ll all be better off.
Diane Carlisle Ms. Carlisle, CRM, has over 30 years of experience in records and information management. Her specialties are records management strategy development and the creation/use of international and national standards. She is the executive director of content for ARMA International and was formerly the director of professional resources, where she established the Standards Development Program and provided expertise for educational products. She is a frequent speaker and author on records and information management topics.
Terry Frazier Mr. Frazier is a research director within IDCâ&#x20AC;&#x2122;s Document Solutions research group. He is responsible for the Smart Customer Engagement practice as well as written research in managed print and document services and document outsourcing. Mr. Frazier has more than 25 years of experience in operations, process and technology management, market research and competitive analysis. Prior to joining IDC, Mr. Frazier spent 14 years as a management consultant for a variety of Fortune 1000 companies.
Bob Larrivee Mr. Larrivee is vice president of market intelligence at AIIM and is an internationally recognized subject matter expert and thought leader with over 30 years of experience in the fields of information and process management. He is an avid techie with a focus on process improvement and the application of advanced technologies to enhance and automate business operations.
Rocco Grillo Mr. Grillo is a managing director with Protiviti, a global consulting firm. He leads Protivitiâ&#x20AC;&#x2122;s Incident Response and Forensics practice. He has more than 20 years of experience serving companies in a broad range of industries, is a Certified Information Security Systems Professional and also is a co-founder of the IT Policy Compliance Group.
By Matt Swain
he Postal Service delivered around 14 billion bills to Americans last year, representing more than 75% of all household bills sent (the rest were delivered electronically). Conversely, when it came time to pay these bills, only 33% of household bill payments were returned through the Postal Service. While bill payment by mail has steadily declined in recent years, why have we not witnessed the same effect to the bill delivery market? Since the late 1990s, InfoTrends has been monitoring the shift from
paper to electronic delivery of transactional communications, which include bills, statements, legal notices and other critical messages. We conduct an annual survey of 250 businesses and 2,000 consumers in the United States to understand the changing market dynamics. This year, the average paperless delivery rate reported by businesses for bills and statements was 24%. What makes this statistic particularly interesting is that it is the same percentage reported in 2013, whereas the average in 2014 was 26% paperless. While we do not expect that there was actually
a decline in paperless adoption yearover-year (since the two percent difference is within the margin of error for a survey of that size), these results certainly speak to minimal growth. Despite this apparent lack of growth, business respondents repeatedly overestimate growth in paperless delivery for the following year. What is curious in their approach is that these same respondents (who missed their adoption targets) are falling right back into aggressive expectations for growth next year. Did their compliance concerns change? Has their interpretation of regulations
Setting realistic expectations
within their industry changed? Are they improving the workflow and customer experience to make it easier on their customers? These three reasons for missed adoption targets—one, they had compliance concerns (37%); two, they are restricted by regulations in their industries (33%); and three, it’s not easy enough for their customers to switch to paperless delivery (25%)—were also the top responses last year. That tells me that these responses may serve as a crutch for businesses that want to have it both ways—they want to drive significant growth in paperless delivery adoption
next year but want to have the fallback of deflecting blame when employing the same strategy, which they have used for the past five years, yields little progress. With more than half of the businesses we surveyed this year saying that postage rate hikes would create more pressure to increase paperless delivery, it will be important for businesses to temper their growth expectations—absent a transformational approach. While reducing print and mail spend is a primary driver for businesses to push customers toward paperless delivery, consumers are not driven by the same incentives. Our consumer research focuses on Americans with household access to the Internet— where online bill presentment and payment is an option—and only 10% of our respondents said that they access none (zero percent) of their bills or statements online. Yet, only nine percent of our respondents say that they are completely paperless for the bills and statements they access online. This leaves a significant population in the middle that receives the paper document but also have electronic access. We call these consumers “double dippers.” When we ask these respondents why they continue to embrace the paper version, their top responses are tied as to why they value paper. Notably, consumers want the hard copy for their records, and they also note that the paper bill serves as their reminder to pay. Lesser reasons for not parting with print and mail included that providers don’t offer the option (21%), consumer inertia relative to taking the action to go paperless (15%) and lastly—one of the top reasons that businesses cited—that the providers are not making it easy enough to stop receiving paper (10%). Clearly, there remains a disconnect between senders and recipients, and the solution is not to make it easier for customers to sign up to go paperless. Achieving significant growth in adoption rates for delivery of transactional communications will require transformative approaches to the business problem. How will you transform your approach
5 Approaches for Adoption of Paperless Delivery Charging customers to receive paper versions of their bills and statements by mail.
Defaulting new customers and double dippers to paperless delivery and have them instead take action to opt back in for paper versions.
Offering incentives (loyalty points, special pricing) for customers who go paperless.
Expanding electronic document retention policies so customers can review more history.
Embracing the consolidation model, where transactional communications are delivered to your customers via bank bill pay or other non-bank.
to increasing paperless delivery? In the meantime, you might want to re-evaluate your expectations for paperless delivery adoption growth in 2016. O
MATT SWAIN is a director for InfoTrends. For more information about InfoTrends’ transactional communications & payments advisory service and associated research, please email email@example.com. DOCUMENTmedia.com fall.2015
A GAME-CHANGER FOR THE IMAGING INDUSTRY
redictive analytics is the big â&#x20AC;&#x153;buzzwordâ&#x20AC;? in much of the industry today, and the imaging market is no exception. While still profitable, our margins are under pressure on almost all fronts. Customers increasingly see less differentiation in hardware, and as a result, competitors are more often using price as a weapon. Supplies still have strong margins, but they are also under pressure from remanufacturers and new, aggressive pricing models. A third, but no less critical, dynamic affecting margins is the increasing pressure on basic managed print service (MPS) engagements to compete on price, as more firms claim MPS capabilities.
BY EDWARD CROWLEY
The key opportunity in our market is to drive increased profitability, with increased efficiency and decreased costs. One of the key ways to reduce costs is to move from a reactive form of decision-making to predictive decision-making. A great example of this is service management. Today, we build a service organization based on historical data on failure rates for devices and by using our commitments for service-line agreements in the field. When a device fails, we dispatch a technician to fix it. The next day, we may dispatch the same technician to the same building to fix another machine. We react to device and supply failures.
What Is Predictive Analytics?
1 2 3 4
Predictive analytics is about moving from a reactive mode to a proactive mode.
Predictive analytics presents strong potential to drive revenue in a profit margin-pressured industry.
Predictive analytics is more than a basic linear model, SPSS analysis or algorithm. Itâ&#x20AC;&#x2122;s a combination of tools that take data and turn it into decision-making insights.
Tools are important, but it is not just about tools. Itâ&#x20AC;&#x2122;s about the skills and staffing in order to use these tools to drive impactful outcomes.
Now, in the same scenario with predictive analytics, we would have been able to anticipate both device failures by analyzing usage data, environmental impact and metrics on failure occurrence. Instead of making two service calls, we could deploy the technician to proactively fix both devices, before failure. Furthermore, with consistent analysis of parts usage and installed base, we could forecast what parts will be needed and stock the service vans accordingly. Predictive analytics uses multiple data sources (both structured and unstructured) to analyze individual device data in order to predict future events, such as device failures. It is already having a big impact on many industries, most notably automotive, energy production and jet propulsion. In these industries, firms are seeing downtime reductions of up to 45%, breakdowns being reduced by up to 75% and maintenance costs being reduced by as much as 25%. Notice these are all production and delivery cost savings. Usually when I ask firms how they are using predictive analytics, they reference someone working on customer retention, targeting or other revenue drivers, which are all good. However, we feel the greatest, and most immediate, impact is available from cost savings on manufacturing and fulfillment. Predictive analytics is powerful, with the potential to radically impact the industry, but it is difficult to implement correctly. Engaging in predictive analytics means more than just having a basic SPSS or SAS software license. We encourage those evaluating implementing predictive analytics solutions to think about the factors that contribute to a successful engagement, such as industry knowledge requirements, data management practices and team alignment. O
EDWARD CROWLEY is the president and CEO of Photizo Group, a global consulting and market intelligence firm and an imaging partner of IBM predictive analytics. For more information on using predictive analytics, visit www.photizogroup.com/ predictive-analytics.
c h a rd R o s i R en
E-BILLING The importance of cash flow
ecently, Striata, a global customer communications specialist in secure document delivery, electronic communications and e-marketing solutions, reported on the impact of e-billing on recurring payments and cash flow. They found that one of their utility customers saw a 36% growth in recurring payments overall from August 2014 through April 2015, after enabling enrollment for recurring payments directly from the attached e-bill. This also resulted in nearly 10% of their clients turning on recurring payments through the e-bill directly. Why is this so important? Because the lowest cost-to-service customer is one that uses e-billing, pays automatically and uses self-service options when available, but that’s only half of the story. Why? These three areas for real savings do not take into account the cash flow benefits of e-billing and recurring payments. Most of us are focused on reducing print and postage costs. The boss sets a budget, and then, it’s up to the operational manager to find a way to meet that budget. Often, there is less money to service more customers—a real challenge. E-billing and e-delivery of documents is one way to help meet the required budget decrease. Saving four dollars or more per customer per year (just in the monthly billing costs) by converting a
customer from a paper bill to an e-bill can add up fast to big dollars. Now, let’s also take it a step further and look at the benefits from your treasury department’s viewpoint, where everything is about cash and cash flow. Companies run on cash. Cash pays your vendors, your salaries and the shareholders/owners. If companies can speed up cash by reducing receivables and days sales outstanding, the result is a healthier, more prosperous company. A $100 million company with 50 days of receivables on the books is looking at a $270,000 reduction in account receivables for each day saved. Since a threeto five-day improvement is not atypical when switching from paper to e-billing, a one-million-dollar reduction in receivables is not out of the question. That’s cash that can be used to reduce debt, take advantage of vendor discounts and pay salaries on time. The benefits of e-billing to a company are clear: reduced cost, improved customer service and better cash flow. Now, all we need are ways to get more customers to make the switch. O
RICHARD ROSEN is the chief executive officer of The RH Rosen Group, a firm that provides solutions to help businesses improve processes and customer communications. Contact him at RichR@RHRosenGroup.com.
CHANGE; THE KEY TO ELECTRONIC DOCUMENT MANAGEMENT
rganizations are like a human body: They are dependent on the health of individual organs (departments), which are, in turn, dependent on their own specialized cells (staff). At the end of the day, the performance of the organization is entirely dependent on the commitment and professionalism of its staff. Introducing an electronic document management (EDM) solution is one of the most challenging goals, since it does, in fact, turn every rock over throughout the organization—it is not just another software solution. People are afraid of change for different reasons. Some will assume that the change is intended to eliminate their jobs. Others will believe that if something goes wrong with the new solution, the organization will blame them for whatever reason. Even top management may not be too keen on managing this
PEOP kind of change, often because they don’t want the hassle of involving staff with the new solution either due to their lack of knowledge or their weak leadership. When facing the implementation of EDM, the typical path for the staff’s feelings is the following: (1) denial, (2) anger, (3) confusion, (4) depression, (5) acceptance and (6) restored confidence. Denial is the first reaction. It is a survival type of response, such as, “Nope, not for me.” Anger comes in the second step when people, mainly those who should have been involved at the project level, are facing the fact that, like it or not, they will have to use EDM. Confusion comes from the lack of references and correlation between people’s individual jobs and the functionalities of the EDM solution. Depression is the rock-bottom state of consciousness for those that were not properly supported during the previous stages on the individual benefits of EDM—a transient state but, surely, a very unpleasant one.
Acceptance only begins to appear when it is clear that EDM brings satisfactory answers to the age-old “What’s in it for me?” question. Restored confidence is assured when people are faced with the fact that EDM will improve their professional output—or whatever is the core business of their function in the organization. If their core business output is improved, then recognition is improved, and it is a win-win situation. It is quite common that the average organization does not really understand EDM or, at least, has no clue about the real gain possibilities embedded in the concept. So, one never needs something that one does not know exists. This is a very slippery ground because some staff members that should know about EDM in order to guide their own organizations are not “strong” enough to recognize their lack of knowledge and do not act in order to get that knowledge. Therefore, the decision of “shared folders will do
TION DON’T TIONS
BY JOAO PENHA-LOPES
the job,” or “we will use email to push documents,” or “we already have everything in PDF” will prevent EDM in the organization. This decision is not due to an objective assessment of the needs but only due to a lack of knowledge that someone is desperately trying to hide. EDM allows for savings—a lot of savings—more specifically, financial savings. Who is the party interested in this? The owner of the money. Most of the times, this “owner” is either very far away or very high on the corporate ladder to get involved with decisions concerning EDM. Hence, these decisions are left to middle management, who are happily living their professional lives. The last thing they want is to rock the boat either by requiring or suggesting a new investment, upsetting staff and other middle managers with the EDM solution or even by assuming that they are putting their necks out if something goes wrong even for a tiny bit. EDM is a must-have in the organization
for any money owner as far as he/she can be directly faced with the benefits. Even in a situation where there is a good understanding of EDM and a green light to go ahead, there are a number of factors that still depend on the proficiency and objectivity of staff in order to allow for cost-versus-risk optimization of the solution found. For example, let’s look at the technological factors that have to do with open source versus proprietary software. Open source software is not free; their licenses are, but it is the total cost of ownership (TCO) that matters. An EDM solution will include the cost of the licenses but will also include much more than that, such as consultancy, configuration of whatever tool to the specific requisites of the organization, integration with other tools, training, documentation—well, the works. The TCO must then be compared with the existing internal costs and lack of revenue in order to have a clear decision on what solution to implement. Last,
but not least, is the legal stuff. The legal department must research the solution in order to define what can or can’t be done when using EDM to minimize the risks associated with any legal action and the definition of policies, such as retention and destruction. EDM implementation is not a trivial software implementation. In fact, I would say it is not a software implementation at all. It is a new perspective on how to manage an organization where software is one of the tools needed, but people’s adjustments and input from a lot of organizational departments are the other tools required as well. O
JOAO PENHA-LOPES specializes in document management since 1998. He is an ARMA collaborator for publications and professionally acts as an advisor on critical information flows mostly for private corporations. Follow him on Twitter @JoaoPL1000. DOCUMENTmedia.com fall.2015
OT ONE SIZE
FITS ALL Drive information security from an information governance strategy
By Diane Carlisle
IF you read the news headlines, you know that gaps persist in the way many organizations deal with information security. Often, the gaps are due to an information security program that relies on a one-size-fits-all approach to information risk management, and these organizations rely on information technology (IT) to manage the program, which consists of using tools designed to prevent outsiders from penetrating the internal systems. Information security requires more than a tool, though; it requires a multi-disciplinary approach to implementing processes and methods that protect information from a variety of internal and external threats. An effective solution can be found in establishing an information governance (IG) framework that will drive all information security practices. IG is a collaborative approach that helps ensure that information is treated as an asset, leveraged for business purposes, protected in compliance with all internal and external rules and regulations and disposed of according to a legally defensible retention plan. ARMA International defines IG as “a strategic framework composed of standards, processes, roles and metrics that hold organizations and individuals accountable to create, organize, secure, maintain, use and dispose of information in ways that align with and contribute to the organization’s goals.” EVERY CYBER VILLAIN wants something different. Some are in organized crime groups that hack systems through stealth or brute force attacks to get sensitive personally identifiable information. Others conduct phishing campaigns that target intellectual property, and still others focus on disrupting a website or damaging an organization’s
reputation. Each of these threats requires its own means of protection, because each attacks a different vulnerability. Organizations lacking a strategic IG framework are prone to responding to attacks directly and solely with technology solutions. However, taking such a tactical approach of establishing a moat and high walls is not enough, since this type of solution may not thwart inside misuse of information, internal cyber espionage or miscellaneous errors. An information security program must ultimately be driven by an IG strategy. You must first understand where your organization’s content resides, how it is used and how it is managed throughout its life cycle. You cannot protect what you cannot identify. Further, you cannot prioritize the protection of certain content if you don’t understand how often it’s duplicated, how easily it gets scattered and where it might end up—perhaps on a mobile device, a thumb drive or an employee’s personal email account. Taking a one-size-fits-all approach is typically inefficient as well. For example, is information security money well spent when the same method of high-level security is used to protect, say, engineering schemes and marketing brochures? Since this is a question the IT team members may have little interest in or feel little urgency to answer, it must be addressed properly through an enterprise-wide IG program. None of this is to suggest that IT doesn’t want optimal security for the organization’s information. It’s just that the scope of IT’s perspective may be limited to the IT function. For instance, IT can respond to a business unit request to allow an individual access to a certain sensitive system, but when that individual no longer has a business requirement for such access—say, if a human resources manager moves to the marketing team—IT may not know that or think of the implications of such a move. Under an enterprise IG strategy, the business units would know to notify IT of the changing access requirements for that person. All information is not to be treated equally and neither should all threats to it. A proper IG approach to information security will engage multiple departments to safeguard information according to its business value and protection requirements. O
DIANE CARLISLE is the executive director of content for ARMA International, the professional association and the global authority on records and information management (RIM) and thought leader in information governance. For more information, visit www.arma.org.
Benefiting From Information Governance
Information governance helps to establish and steward the activities for a variety of business technology functions, including: Planning and implementing technologies (e.g., an enterprise content management system)
Developing effective data structures Developing business processes and identifying their owners
Collaborating internally and externally Coordinating with information technology to help align business needs with the technology infrastructure Applying best practices to drive improvements
THE SURVIVOR Print in the world of smart customer engagement By Terry Frazier
FOR the past 12 months, Dr. Joe Webb, director of WhatTheyThink’s Economics and Research Center, has been detailing a significant uptick in commercial printing shipments over year-ago numbers. In his most recent analysis for June 2015, he noted a +5.3% over June 2014—the most significant increase since 2010. At IDC, we are seeing indications of a similar trend in customer communication management (CCM). Early research in two market segments has projected significant growth in the number of companies producing most, or all, of their customer communications in print. In addition, the drive to reduce costs by suppressing print seems to have peaked, as companies now appear more focused on giving the customer what he or she wants rather than simply cutting costs. In the coming months, we will be looking at additional industry segments to see if this trend holds across multiple industries, but for now, we can develop a few hypotheses about what is happening. Beginning in earnest with the economic downturn in 2008, companies focused extensively on cutting costs, and reducing print and mail expense was seen as a comparatively simple and straightforward place to make progress. The promise, at the time, of digital media channels was that customers could switch off their paper bills, statements and random notifications by agreeing to accept digital communications. A variety of industry studies, some of which I participated in, catalogued and documented this effort. Firms had aggressive goals for digital adoption, often ranging from 50% to 75%, or more, of their customers, but what ultimately occurred was quite a bit less, with most firms settling in at somewhere between 30% and 40% adoption.
It turned out there was a lot of variation in what customers wanted. Not all of them wanted everything in a digital form, and not all of them stayed with digital options for the long term. There was a lot of churn, and most companies had a very limited, or no, way of tracking how many customers reverted to print. It also turned out that “digital channels” meant different things to different people, and the broader digital landscape became much more varied and complicated. Managing who wanted what, through what channel was a challenge few companies could overcome without significant investment in infrastructure to analyze and manage preferences. There are other issues—such as the slow rate of change in regulatory regimes, some recovery in economic conditions and improved corporate performance—that also had an impact and de-emphasized the cost-saving driver. Today, we seem to be at a point where firms have decided that making everything available everywhere is the simplest approach. While use of digital distribution is still on the rise, so is the use of paper. In our research, the number
The other hypothesis is that lumping demographic groups together by age and assuming that younger generations will unilaterally forego paper may not be realistic. It may well be more about specific types of communications rather than the age of the customer.
of firms distributing customer communications via multiple, simultaneous channels is also trending upward. This indicates that, at least for now, digital media is no longer cannibalizing print but, instead, is supplementing it. The other hypothesis is that lumping demographic groups together by age and assuming that younger generations will unilaterally forego paper may not be realistic. It may well be more about specific types of communications rather than the age of the customer. Certainly, younger generations can be generalized as more digitally savvy, but there is still a significant usability burden with digital documents in some circumstances. Printed documents seem to have some lasting utility when money is involved, such as in paying bills. When documents need to be transferred to, or used by, some other party, paper remains the ultimate universal format.
Then, there is the convenience factor. Young people are highly mobile, which often means they don’t have printers. When they need a document in paper, it’s often a hassle to find one. It’s simpler to leave that burden on whatever company they are dealing with and just get the paper in the mail. Even if they never use it, the redundancy has no obvious cost. The Internet of things (IoT), evolving mobile printing infrastructure and as-yet-undiscovered digital mechanisms may someday reduce or eliminate the need for printed communications. Today, we seem to have reached a stasis. The drive to reduce print costs seems to be subsiding, and the variation in customer preferences seems to be driving a true multi-channel distribution approach on the part of businesses. All of these are just hypotheses. Our upcoming research will help us validate whether these are truly long-term trends or just temporary anomalies. I’m looking forward to what we find. O
TERRY FRAZIER is a research director within IDC’s document solutions research group. For more information, visit www.idc.com.
AND THE PEOPLE SAID, “LET THERE BE GOVERNANCE!” BY BOB LARRIVEE
I In this multi-dimensional world of business information, where information is created, captured, accessed, shared and managed globally, there is potential for chaos. By chaos, I mean lost or missing information, information that is inaccessible, information that is not findable—well, you get the picture. There are numerous ways information chaos can make its presence felt. It is in these times when people will complain, seek other means of working with information and begin to chant, “We have to do a better job of controlling this!” What they are saying is, “Let there be governance.” Information governance (IG) is made up of a combination of people, policy,
process and technology. Corporate policies for managing records and protecting information may be included as part of an overall information management strategy or they may stand alone within an information governance policy. AIIM research, from its Industry Watch Report titled “Information Governance – records, risks and retention in the litigation age,” shows that many organizations are working to achieve a uniform policy across the enterprise; yet, progress varies. Fifteen percent of respondents indicate they have some level of a governance policy in place, and 33% have indicated they are working on a corporate-wide view of governance. Progress is being made on the formulation of IG policies that can be applied across the enterprise with a key driver of preventing escalating legal and compliance costs. Nonalignment of policies for records as a whole is an issue, and even where an IG policy exists, non-enforcement is a problem. This is particularly true when it comes to dealing
with records that are beyond their retention period. There is considerable interest in automated classification mechanisms for use both at the time of record declaration and as a way to improve the metadata of existing content. This approach not only improves searchability and findability but also helps to exploit retention periods as a way to decrease storage volumes. Email management is still a major concern and is one of the key areas for the application of automated classification and retention management when addressing governance over multi-channel input mechanisms. Look to your existing policies and seek to align them with your operational requirements. Develop an up-todate IG policy that is supported across the enterprise, and if you do not have one, kick off a project to create one. IG is the responsibility of all employees, not just something for the records management or compliance departments. Set up an IG committee with representation from all areas of the
Information governance is the responsibility of all employees to protect and properly manage corporate knowledge assets.
How is your organization dealing with information governance policies?
We are working hard to achieve a corporate-wide view
We have a policy, but it’s largely unreferenced and unaudited It’s very variable across different departments
% 16% business. If you are not sure where to begin, seek professional assistance and expertise. The need for IG is a reality that has not been appreciated nor its importance realized for years. IG is one of those areas viewed as someone else’s responsibility, like records managers, when in reality, it is the responsibility of all employees to protect and properly manage corporate knowledge assets.
It’s in place, it’s important and it’s communicated and enforced We have little in the way of official policy, just accepted practice
15% While it is good to see a focus on IG and hear that many organizations are moving in a direction where IG becomes part of the overall information management environment, it is the combination of people, policy, process and technology that will get them there. A policy needs to be developed, processes designed to support the policy, people trained on both policy and adherence and technology implemented to minimize the potential of risk.
Nobody takes much interest We rely on our ECM/RM systems and firewalls for governance
Good governance is good business. Getting the organization focused and mobilized on establishing and maintaining sound governance practices is important. Efficiency, productivity, security and risk management all fall under the realm of IG. Frustration, risk, inefficiency and productivity loss can result from poor IG. Answer the call of the people. Let there be governance! O
BOB LARRIVEE is vice president of market intelligence at AIIM and is an internationally recognized subject matter expert and thought leader with over 30 years of experience in the fields of information and process management. Follow him on Twitter @BobLarrivee.
THE MATURITY OF MANAGEMENT
ORGANIZATIONS MUST ACCELERATE THEIR EFFORTS
BY ROCCO GRILLO AND GARY ROBOFF fall.2015 DOCUMENTmedia.com
he results of Protiviti’s 2015 “Vendor Risk Management Benchmark Study,” conducted in partnership with the Shared Assessments Program, can be viewed as cause for optimism—or concern, depending on one’s view of the world. From a “glass is half empty” perspective, it appears that third-party risk management programs may be stagnating. This year’s survey respondents rated their overall maturity in most of our vendor risk management categories to be virtually identical to levels reported in our 2014 results for the same areas.
From 2009 to 2014, the number of cybersecurity incidents increased at an average annual rate of 66%. The time for progress and improvements in vendor risk management capabilities is now.
For those who favor the “glass is half full” point of view, these changes may reflect increased knowledge among survey respondents who have gained a greater understanding of vendor risk over the past year. This could be due to a number of high-profile data breaches involving vendors as well as the release of new regulatory guidance over the past two years, including the NIST Cybersecurity Framework. In addition, while organizations are striving to make improvements, they also are more accurately assessing the maturity and capabilities of their vendor risk management programs. The prevailing mindset for this view is that organizations have a better understanding of the nature of vendor risks and what is required to avoid and mitigate these threats and, thus, are rating their vendor risk management capabilities accordingly. Furthermore, there is greater momentum for building stronger vendor risk management programs, as these issues are increasingly becoming a part of the agenda for boards of directors, especially as it relates to loss or exposure of sensitive data through cyberattacks and other compromises. Boards are seeking assurances from management that vendor risk is being assessed, managed and monitored appropriately. Regardless of one’s perspective, the 2015 survey findings are crystal clear on
a crucial point: There is still a lot of vendor risk management work to be done. The increasing frequency and disconcerting magnitude of cyberattacks (one of the most troubling vendor risks) over the past 12 months, along with a spate of recent and forthcoming regulatory actions, require vendor risk management programs to take a significant leap forward. This change, as a number of regulatory bodies insist, involves fundamental alterations to strategies, processes, organizational cultures and individual mindsets. Iterative improvements—something many organizations may view to be adequate steps—may no longer be sufficient. On this count, our
most notable findings are instructive because they point to the types and magnitude of changes that are needed. There is one final noteworthy insight that also affects how third-party risk is viewed and managed. The number and intensity of vendor risks—and cybersecurity threats, in particular—are increasing. From 2009 to 2014, the number of cybersecurity incidents increased at an average annual rate of 66% (according to PwC research). In other words, whether you perceive the glass to be half-empty or half-full, the glass is growing at an accelerated rate. Even the more optimistic assessments of the current state of vendor
risk management indicate that significant improvements may be needed. The time for progress and improvements in vendor risk management capabilities is now, particularly when considering that cyberattacks and other security incidents are very likely to continue increasing. O
ROCCO GRILLO is a managing director with Protiviti and leader of the firm’s incident response and forensics practice. Gary Roboff is a senior advisor to the Santa Fe Group and Shared Assessments Program. For more information, visit www.sharedassessments.org and www.protiviti.com.
The State of Vendor Risk Management
VENDOR RISK MANAGEMENT PROGRAMS REQUIRE MORE SUBSTANTIVE ADVANCES
CYBERSECURITY THREATS ARE A PROMINENT CHALLENGE
The overall maturity rating for program governance in this year’s survey (2.8 on a five-point scale) should serve as a warning sign of the need for deeper changes that reach into organizational culture and behavior. This mandate is evident in recent regulatory pronouncements. Regulatory agencies in the financial services industry, most notably the US Office of the Comptroller of the Currency, have asserted that “average” risk management will no longer suffice. Instead, financial institutions must enact the mind shifts, organizational culture work and behavioral changes needed to satisfy the “Getting to Strong” regulatory mantra.
Cybersecurity threats are clearly on the minds of risk managers, information technology (IT) functions and regulators. High-profile data breaches, often involving millions of customer records and personally identifiable information, are being reported with greater frequency. The Federal Financial Institutions Examination Council recently issued a cybersecurity self-assessment tool. Strengthening cybersecurity is a top priority among chief information officers within companies of all sizes and also is judged by board members and C-suite executives to be among the top risks organizations are facing this year. A critical element to fortifying cybersecurity defenses is addressing third-party risk with regard to data and other IT and business processes that vendors are managing.
VENDOR RISK MANAGEMENT PROGRAMS WITHIN FINANCIAL SERVICES ORGANIZATIONS ARE MORE MATURE COMPARED TO COMPANIES IN INSURANCE, HEALTHCARE AND OTHER INDUSTRIES The financial services industry, which was the first to establish a Coordinating Council for Critical Infrastructure Protection and Homeland Security in response to the Presidential Decision Directive, remains ahead of other industries with regard to their vendor risk management programs. The insurance and healthcare industries—each of which operate under their own high-powered regulatory microscopes— continue to lag behind financial services organizations in fortifying their vendor risk management capabilities.
ROUNDTABLE ARMA 2015
Tuesday, October 6, 2015 at 2:30pm-3:30pm Gaylord National Harbor, Washington DC
A SEAT AT THE TABLE Getting Strategic & Winning Executive Buy-In for Information Management & Governance
Hosted by ALLISON LLOYD | Editor, DOCUMENT Strategy Moderated by JOE SHEPLEY | Vice President and Practice Leader, Doculabs
O B R U 3T REAL
THEY DON’T CALL IT SWEET HOME CHICAGO FOR NOTHING! DOCUMENT Strategy Forum ’16 is going back to where it all began at the Hyatt Regency O’Hare, May 10-12. Mark your calendars and start planning now!
2015 BUZZ AT TENDEE...
Wow, what a conference! I wish I could have come for the whole thing—lots of great sessions.”
Thank you for everything Joel, it was an amazing event for us.”
DAN GUINAN — INFORMATION ENGINEER TRAVELERS INSURANCE
The show is great. Instead of these folks being spread out across various shows, it’s great to have them in one place!”
VERA IORDANOVA — DIRECTOR OF MARKETING ITEXT SOFTWARE
Great event! Great environment, and well planned agenda.” MICHAEL GAUDINO — PRESIDENT PROCONVERSIONS CORPORATION
ANDY KELLER — IT TECHNICAL ARCHITECT USAA
INTERESTED IN PARTICIPATING? The collaboration and networking acquired at DSF is stellar!” RYAN M. ZILM NEWFIELD EXPLORATION COMPANY
Interested in Sponsoring or Exhibiting at the industry’s first and only Peer-Driven, Peer-Reviewed and Peer-Produced conference dedicated to the professionals charged with delivering superior customer experiences, please email firstname.lastname@example.org or call 203.378.4991 x201.