The 4 steps to enable ECM to participate in information governance starts with choosing the right repository. In short, Trusted Information needs to reside in trusted environments. In the case of content, this means Trusted Content Repositories. By definition, if you can’t trust the environment, you can’t trust the information itself. Imagine building an application that delivers critical information (including documents or images) only to have an end-user delete the underlying files. This can easily happen if your reference documents live on file systems or in improperly governed environments. Unlike structured applications and databases, the users have a large majority of the control over content storage environments. Imagine an end-user decommissioning a SharePoint team room only to have applications “break” that need to access the content that was residing in the now missing environment. This can happen when important content is stored on file systems, wikis and other systems with inadequate governance and security controls. Critical content must be stored in Trusted Content Repositories.
Some Key Actions to Take:
- Evaluate your candidate content repositories to determine viability for use as a repository of record or Trusted Content Repository (TCR)
- Designate Trusted Content Repositories for use in essential applications and only store critical content in TCRs.
- Update operational practices to increase confidence and assurance of trusted information including a Trusted Content strategy supported by TCRs.
But how de we define what a Trusted Content Repository (TCR) is? The following are characteristics of TCRs:
Performance, Scalability and HA/DR
- Support for billions of objects and thousands of users across the enterprise.
- Support for SLA levels of disaster recovery and business continuity.
Preservation and Lineage Capabilities
- Confident and assured immutability of content, structure, lineage and context over time.
Interoperability and Extensibility
- Support for industry leading RDBMSs, application servers and operating systems.
- Open and robust APIs including support for CMIS.
- Basic ECM capabilities including versioning, meta data management, classification, content based retrieval, content transformation, etc.
- Deployments can be managed and controlled to protect against information supply chain breakdowns.
Information Lifecycle Governance
- Support for all lifecycle events and processes including eDiscovery and records disposition.
Security, Access and Monitoring
- Controls to promote access to authorized users and controls to prevent unauthorized access.
- Auditing and monitoring for all related activities.
- Ability to support references to physical objects and entities.
Federation and Replication
- Federation capabilities to provide a common meta data catalog across multiple repositories.
Business Process Management
- Integrated business process management.
Events Based Architecture
- Internal and external event support with trigger and subscription model.
All of these capaabilities are required to enable content participation to meet Information Governance requirement. Next we’ll explore what it takes to create and maintain trusted content. In the mean time, do you agree with these characteristics?