We all know that the information in our businesses must be kept for different periods of time. Whether this relates to setting appointments, confirming orders or detailing contractual agreements, each element of data has a value to the organisation for a particular duration.
This value and time are also dependent on business practices. For example, financial data used for reporting purposes is often kept for seven years, details on the lease of a building would be kept for the duration of the lease and longer, whilst personal data can be kept for as long as is needed for the purpose. These timeframes are usually longer than the immediate operational memory span of each and every one of us. Yet, to mitigate any risks, sometime in the future, we must show that our organisations are operating effectively, meeting sound and prudent management practices.
Archive data is key to the business; it can track what has occurred and either support or help to resolve any unforeseen issues that arise in the future. The way the information is gathered, secured, stored, retrieved and then destroyed is a challenge which all companies have to address. However, by its very nature, the data will not be needed every day. This means that the storage and retrieval costs need to be low.
Historically, this resulted in paper records being boxed or microfilmed and kept in a safe, yet inexpensive location. With the growth of digital records, transactions, documents, files and databases, the need to archive relevant data must be carefully considered. Empowering users to decide which emails to keep and which to delete may not be an optimal policy. Keeping full backups as archives is a cumbersome approach, especially when it comes to recovering the information.
Content Management Systems are shaping the processes
The application of content management systems is assisting users to define types and classes of transactions and data which they can then archive. Defining the policies and procedures is the role of each and every organisation. After all, it is up to the business to decide what risks it may be exposed to and how it will protect itself against these.
The repository for these archives needs to support a range of features:
Audit trail of when and how the transaction entered the system. This can be extended to log who has accessed the archives, how frequently the information is accessed, and equally importantly, when the data is deleted.
Securing the information so that it cannot be stolen or misused. This will need to include access controls, network security and encryption policies.
Policies on how the metadata is maintained; this also describes the presentation of the data.
Tiered storage so that low priority information can be kept on media such as tape while higher access requirements can be serviced from disk.
Data protection routines so that the information can be maintained securely in case of system failure or disaster.
Including all information assets
Output from databases, applications and email systems needs to be taken into account. As always, the way forward is to address each business process one at a time, consider the risk, compliance and governance issues so that a clearly understood set of policies and practices can be deployed.
With archive data that must span many years, consideration must be given to how this will be migrated onto new systems and technologies, and, if necessary, how the information is retrieved and interpreted. If the data is application dependent, is there operational software that can read the data? These are all components of policies and practices that must be embedded into an archive strategy.
Cost is naturally a consideration. But this must also be considered against the risk of not having critical information assets available, some time in the future, as might be required to support management decisions, legal or compliant directives.
Using ILM as a way forward
Information lifecycle management (ILM) offers a sound framework by which archived data can be managed. The disciplines set out within an ILM strategy will enable to best identify the data to be archived, where it will be located, how long it will be kept for and when it will be deleted.
Employing a strategy that clearly sets out how data is protected, where it will be stored across a distributed or tiered architecture will deliver rules of information governance that can encompass todays situation and deliver a migration path to meet evolving business practices, with a consistent set of policies.
Hamish E Macarthur, Macarthur Stroud International, Tel: 020 8240 6000