How do you calculate the Return On Investment (ROI) as it pertains to information governance? On the one hand, this may not even be the right question. As our CTO Bassam Zarkout recently asked members of the Detroit ARMA Chapter, “Would you ask what the ROI is for your fire safety systems? How is risk mitigation associated with your records management program any different?”
Nevertheless, executives often require demonstrable ROI before they sign off on the organizational commitment information governance requires. Many of the key benefits of deploying an information governance platform are intangible:
- Operational efficiencies from secure, rapid information access, and from automating record lifecycle actions
- Assured compliance with applicable laws and regulations
- Improved e-discovery processes
The problem is that applying hard dollar values to these benefits requires that customers clearly understand costs underlying their current state of affairs. Do you have that kind of visibility into your records management processes and the costs associated with those? How much does an e-discovery request cost? What are the administrative costs incurred by manual tasks related to record disposition, migration, or enforcing security and privacy controls?
Some costs are relatively well understood. Let’s take a look at two of them today, and how they might comprise part of the information governance business case.
I am not a storage expert. If I were to pretend otherwise, this would become immediately evident to those of you who are. But I know enough to marvel at the amazing calisthenics IT Executives and Administrators must perform in order to meet demands imposed upon them by business and legal entities. First, IT must overcome the assumption that storage is cheap. This is partially true, insofar as storage devices are concerned: the cost of this hardware is indeed falling. The cost of administering those devices, however, is not. At the most basic level, consider the environmental costs… machines need space and consume power to operate without melting. On top of those costs, IT executives must hire people to perform periodic backups, transfer archives between storage media, and respond to requests to produce archived information as required by litigation and normal business activities. Business owners and legal teams (who, let’s face it, should know better) demand that IT retain information indefinitely… “Yes, I know we have a retention schedule, but ignore it for now, and keep these records, just in case!” The volume of information is increasing exponentially, and with it, the costs associated with all this stuff (technical term) that must be stored. These demands could be easily met if IT budgets were increasing in lockstep with these demands. This isn't 1997... they aren’t.
And so I marvel at the creativity of the IT Executives I meet. To keep systems healthy and functional, within the constraints imposed by budgets, Service Level Agreements, and regulatory obligations, IT leaders must reshuffle projects and priorities, as they and their teams are asked to do more with less. As economists are wont to say, this is not sustainable. At some point, those deferred projects must begin. That SAP upgrade, CRM Rollout, or mainframe migration isn’t going to wait forever. And at that point, companies who haven't will have to take a second look at storage.
Every IT Executive I have met knows exactly what their storage costs are, mainly because they are constantly having to make the case to increase their annual storage spend. They can easily match those costs with the potential savings incurred simply by adhering to the retention schedule that is already in place. “X Petabytes of information could be disposed today, multiplied by $ dollars per petabyte per year.” Add the rolling future savings of planned disposition activities (dashboards are a wonderful source of this kind of information), and you’ve got yourself a compelling ROI right off the bat. Policy-based storage tier transfers can bring additional savings, as content is migrated from fast, expensive Tier 1 storage to cheaper tiers.
To be sure, most of this is not new. What IS revolutionary, however, is the notion that the storage lifecycle of records (just like privacy and security lifecycles, in addition to the disposition period of the record) should be part of an overall information governance policy, and enforced as such. It won’t be long before IT Executives are going to be very, very interested in Information Governance, as the key means for reducing storage costs. In fact, many already are.
How long has it been since your retention schedule was refreshed? How did that go?
A significant majority of the customers I talk to tell me that the process of updating the retention schedule is so painful, they put it off for as long as they can. Once every two years is common... I have heard up to 5 years between updates. When they explain to me what they do, I understand why they procrastinate. A typical process could include some or all of the following:
- Field surveys completed by business owners, legal, and records managers, providing feedback on policy and allowing them to formally register change requests
- A review of relevant statutes, industry guidelines, and internal standards for records management
- Redesigned business processes, to account for the manual enforcement activities required by the retention schedule
- Accounting for acquired entities, who perhaps brought their own retention schedule that must now be incorporated
- Approvals from legal, risk, compliance, privacy, security, records management, IT, and / or business executives (a group that we would call an Information Governance Steering committee... but hold that thought)
That’s a full time job by itself! Which is exactly the problem… all the people involved in this conversation have “Day Jobs”, as it were… they have higher priorities, and are often (usually? always?) reticent to set those aside and get involved in this process. For this reason, outside consultants are often hired to review and update the retention schedule, usually for significant sums of money.
What if, instead of bringing in consultants to review and update the retention schedule, companies had a collaboration platform used by their Information Governance Steering Committee? (Still holding that thought? We’ve got a webinar coming up that walks through the role of a IG Steering Committee, and how to charter one if you haven’t already.) There are a number of significant and compelling benefits to this approach… but since we’re talking ROI today, let’s focus on the dollar savings. Instead of making wholesale changes to the entire policy every 2 or 3 years, a policy collaboration environment like RSD GLASS Mosaic allows members of the steering committee to continuously and incrementally refine policy as needed. Since Mosaic policies are both human- and machine-readable, socialization and automatic enforcement of the policy changes can begin immediately, regardless of where the information resides.
Policy change need not be the painful, expensive process most companies undertake today. The savings derived from migrating from a monolithic change management process to an incremental one should absolutely be included in an ROI calculation.