From ECM to EIM: the need for control

canstockphoto27605501Enterprise content management (ECM) has long been necessary for organisations in highly regulated industries.  From SoftSolutions through to Documentum and OpenText, companies have implemented systems that control the flow and access of information within their business.

However, the problem is that these products tend to be used purely to manage a small subset of an organisation’s content.  Most organisations wait until an information asset has gone through some of the early stages of its lifecycle before it is entered into the system.  This may be based on reasons of cost (per-seat licencing for ECM systems tends to be high) or process: if an ECM system has been put in place to manage a single set of processes, such as those required for Federal Drug Administration (FDA) in the pharmaceutical or Civil Aviation Authority (CAA) in the aviation industries.

Whatever the reason, putting only a subset of information into a system is dangerous.  When an individual carries out a search across the system, they will (unsurprisingly) only get returned what is in that system. If they are then going to make a decision on what is returned, they could be missing out on pertinent information that is still outside the system: documents that are still in the early stages of their lifecycle.

These early-stage documents will be the ones that contain information that is most up-to-date, as they are the ones that are still being worked on.  These could therefore carry the information that can make or break the quality of the decision. Increasingly, such documents may not even be stored within the direct control of the organisation – they may be held in the cloud using services such as Dropbox or Box; they may be elsewhere in the chain of suppliers and customers the organisation is dealing with.  As these assets are not in the ECM system, they are less controlled – access rights are not managed; information flows are not monitored and controlled.

Rather than converging on a system that fully manages information, organisations seem to be struggling to control the divergence of information types and locations – and this can be damaging.

A rethink of ECM that moves thorough to an enterprise information management (EIM) system is required.  EIM is approach where information is captured as close to the point of creation as possible and managed all the way through its complete lifecycle to secure archiving or disposal.

Based around an underpinning of metadata, large amounts of information can be controlled.  Rather than pull all the documents themselves together into a massive, binary large object (BLOb) database, these files can be left where they are and only the metadata needs to be managed.  Such a metadata system will be a fraction the size of the overall information, plus it can be mirrored and replicated across the overall technology platform, providing high availability for searching and retrieving single items from the information asset base.

Through these means, all information sources can be included, so enhancing an organisation’s governance, risk and compliance capabilities.  It makes decision-making more complete and accurate, enabling an organisation to be more competitive.  It also provides better capabilities for collaboration around content, as single sources of original information combined with versioning and change management can be managed through the metadata.

In the first of a series of short reports on the subject, Quocirca looks in more depth as to how an organisation needs to readdress its needs around information management in the light of increasingly diverse information assets and growing GRC constraints.  The report is available for download here.