ECM Integrators … Should They Be Vendor Neutral Any More?

I am taking a one-week break from the 4 step governance approach to comment on a related topic.

An ECM consulting firm I hold in high regard (name withheld) recently published an article justifying a vendor neutral ECM consulting / system integrator strategy.  As I read this article, it struck me as a very 1980s point of view.  Back when the vendor landscape had hundred’s firms and the technology was less mature, this may have been an enlightened perspective and strategy.  In this article, the firm laid out all the reasons why their vendor neutral strategy made sense but failed to point out the reasons why it no longer makes sense.

I’ll focus on a single reason … access to information and certifications.  Having access to essential information is critical to successful ECM solution delivery and value creation. 

Let me explain … I would imagine any vendor is willing to make a certain level of information available to any consulting or system integration firm that inquires.  In the case of IBM, that information is limited to what is publicly available (as you might expect).  Firms that have “official” relationships with IBM are entitled to another level of information, much of which is confidential and not publicly available for obvious reasons.  IBM partners are entitled to, and depend on (to deliver customer value), access to detailed product plans, training materials and most importantly product and solution certifications.

Customers tell us they only want to deal with certified partners.  They insist on partners having access to the latest plans and technical info … and they prefer those integrators who have invested in skilled and certified personnel to ensure high quality and high value solutions.  When deployments become problematic, or fail, it almost always is due to lack of knowledge or skill by the integrating firm.  This might seem obvious but it happens.

I know this particular firm protects itself against scenarios of this nature somehow, but I still fail to see how any “vender neutral” firm can provide proper guidance to any customer without access to critical information such as detailed product plans, technical resources and most importantly … product and solution certifications.  What do they do … make it up? guess?

Of course you can still make “vendor neutral” recommendations IF you partner with the ECM vendors you make recommendations about.  That way, you have access to information, tools and resources and an informed point of view.

It might seem harsh but from where I sit, what was once enlightened is no longer so.  The consulting firms and integrators that deliver true value to customers have access to the latest information and are certified on the solutions they recommend and deliver. 

I loved the 80s but times have changed … the market and vendors have consolidated … technologies are much more mature … it’s time to move on.  Whether your vendor is IBM, or any of the other viable ECM vendors, only use certified consultants amd system integrators.

Step 1 – Can You Trust Your Repository?

The 4 steps to enable ECM to participate in information governance starts with choosing the right repository.  In short, Trusted Information needs to reside in trusted environments.  In the case of content, this means Trusted Content Repositories.  By definition, if you can’t trust the environment, you can’t trust the information itself.  Imagine building an application that delivers critical information (including documents or images) only to have an end-user delete the underlying files.  This can easily happen if your reference documents live on file systems or in improperly governed environments.  Unlike structured applications and databases, the users have a large majority of the control over content storage environments.  Imagine an end-user decommissioning a SharePoint team room only to have applications “break” that need to access the content that was residing in the now missing environment.  This can happen when important content is stored on file systems, wikis and other systems with inadequate governance and security controls.  Critical content must be stored in Trusted Content Repositories.

Some Key Actions to Take:

  • Evaluate your candidate content repositories to determine viability for use as a repository of record or Trusted Content Repository (TCR)
  • Designate Trusted Content Repositories for use in essential applications and only store critical content in TCRs.
  • Update operational practices to increase confidence and assurance of trusted information including a Trusted Content strategy supported by TCRs.

But how de we define what a Trusted Content Repository (TCR) is?  The following are characteristics of TCRs:

 Performance, Scalability and HA/DR

  • Support for billions of objects and thousands of users across the enterprise.
  • Support for SLA levels of disaster recovery and business continuity.

Preservation and Lineage Capabilities

  • Confident and assured immutability of content, structure, lineage and context over time.

Interoperability and Extensibility

  • Support for industry leading RDBMSs, application servers and operating systems.
  • Open and robust APIs including support for CMIS.

Content Capabilities

  • Basic ECM capabilities including versioning, meta data management, classification, content based retrieval, content transformation, etc.

Repository Governance

  • Deployments can be managed and controlled to protect against information supply chain breakdowns.

Information Lifecycle Governance

  • Support for all lifecycle events and processes including eDiscovery and records disposition.

Security, Access and Monitoring

  • Controls to promote access to authorized users and controls to prevent unauthorized access.
  • Auditing and monitoring for all related activities.

Physical Capabilities

  • Ability to support references to physical objects and entities.

Federation and Replication

  • Federation capabilities to provide a common meta data catalog across multiple repositories.

Business Process Management

  • Integrated business process management.

Events Based Architecture

  • Internal and external event support with trigger and subscription model.

All of these capaabilities are required to enable content participation to meet Information Governance requirement.  Next we’ll explore what it takes to create and maintain trusted content. In the mean time, do you agree with these characteristics?

A 4 Step Model for Trusted Content

Continuing in my recent theme of information governance and trusted information including enterprise content … we know that unstructured information (or enterprise content) is inherently different and requires a slightly different approach within the traditional data/information governance context.  Organizations need to take 4 key steps to include the unstructured side of things:

  1. Identify and designate trusted ECM Repositories of record
  2. Create, control and maintain trusted content
  3. Consume, leverage and exploit trusted information
  4. Govern the information lifecycle including archiving, recording and preserving information and evidence of transactions, processes and events

Why these 4 items? … imagine that you are the General Counsel of a publicly traded firm who is the defendant in a major lawsuit. What if …

  • You can’t find the information you are obligated, under court order, to produce?
  • You can find the information … and it actually exonerates you … but it can’t be trusted as an accurate representation of the facts (spoliation) and can’t / won’t be admitted as evidence.

How can you prove you behaved in a compliant and/or lawful manner if you can’t use your own information to defend yourself because it isn’t trustworthy?

This is just one example that illustrates the 4 necessary steps to enable ECM to participate in information governance initiatives.  Do you agree with all 4 steps?  Next week, we’ll go into more detail starting with the importance of choosing the right ECM repository.

What Happens When We Fail to Govern Content?

In my last posting I discussed the need for Trusted Information. Continuing in that theme … I am going to focus on the need for trust and governance in Enterprise Content Management (ECM).  Industry estimates claim that 80-85% of an organization’s stored information typically is unstructured data (or content).  I’ve always thought of this in simple terms.  Data tells me the who, what, where and when.  Content tells me the how and why. Together they represent the full business context of information.

As an ECM guy, I tend to think about Content first and I recently spent time thinking about what happens when we don’t have trust or governance in ECM.

When content is stored in the wrong place …

A large design firm needs to access legacy design documents that could be: forgotten on file shares, reside in abandoned team rooms, are needed after employees leave, lost in the shuffle of mergers and acquisitions, or are inadvertently deleted during storage clean-up, despite legal and regulatory requirements to control and retain.  This creates information risk and requires tedious re-creation across teams before design development can continue, among other challenges.

When the wrong content is considered trustworthy and is consumed …

A large distributor has multiple versions of contracts and supplier agreements that are disorganized and the business fails to use a contract addendum that materially changes the terms and conditions.  This may result in customer and partner dissatisfaction, causing disputes and costly litigation, disruption of key deliveries, a flurry of customer complaints, stopped “in process” orders and lower sales, among other challenges.

When content is not governed over its lifetime …

Maintenance records on an interstate pipeline are destroyed or misplaced and are not available to investigators after an accident.  This forces government regulators to suspend operations causing production, delays at refineries, higher costs to consumers and potential shortages to vital industries, among other challenges.

A large chemical manufacturer fails to destroy content and records in accordance with their corporate retention policy and are now burdened with the high cost of managing storage and eDiscovery with no visibility into what to destroy and when.  This requires them to continually manage and review information they shouldn’t even have, causing higher storage and other operational costs and more legal risk, among other potential challenges.

What scenarios come to mind for you when we fail to govern our information properly?