Here are 8 of the most important things your archive should do, whether you are considering an on-prem or cloud-based solution. You should weight these according to your situation but it‘s a great starter checklist. The most important high level requirements for enterprise document archiving are:
1. Scalability and Performance
2. Accessibility and Availability
3. Security and Protection
4. Retention and Integrity
7. Low Vendor and Product Risk
8. Your Specialized Requirements
Let’s address each briefly in turn.
1. Scalability and performance. The archive should handle the volumes of ingestion within the time windows you need to provide your business with access to relevant documents when you need them within your business processes. In addition, the archive should provide reasonable response times for document search and retrieval, and the solution should have the ability to perform ingestion and archive functions without negatively impacting overall system performance for users.
2. Accessibility and availability. The archive should provide a mechanism for authorized users to search for and retrieve documents. In addition, the archive should provide the ability for certain external users to retrieve documents, such as e-presentment for customers or agents. This requirement is very important – not just for the obvious reasons that you want to get the right information to the right (authorized) persons at the right time – but because messing this up will sink your hopes for using the archive for defensible disposal. If you don’t provide fast (enough), reliable access to documents, your users will defect and squirrel away their emails , social media objects, and other items. And not only will you be unable to implement a defensible purge strategy – you’ll also have the very difficult challenge of winning the defectors back once you lost them.
3. Security and protection. The archive should have the ability to restrict access to documents, such as for documents that are private, confidential, privileged, secret, or essential to business continuity. This may include requirements for encryption of stored content. Some vendors are getting sophisticated about this, providing double blind key architectures, with keys held only by the customer for enhanced data privacy and security in the cloud.
4. Retention and integrity. This is obvious – but the archive should be able to retain documents for defined periods of time, taking into account legal, regulatory, fiscal, operational, and historical requirements. In addition, the archive should provide a suitable guarantee of authenticity. And finally, (if this applies to you) the archive should provide the ability to retain information on an unalterable storage platform when needed (e.g. WORM storage for SEC 17a-4 compliance).
5. Disposition. The complement of ensured retention is defensible disposition: the archive should support purging when your documents hit their defined retention periods — and these should be both time- and event-based. As you may know, event-based retention periods are much more complex than time-based retention periods. It’s worth briefly discussing what you should do about such complexity.
When you start doing electronic records management — even with a more sophisticated ECM or RM system – you’ll find that you’ll need to dramatically simplify your retention schedule if it’s going to work. This is often a 10-fold reduction — from insane 2000 series schedules to 200 or fewer. Then really try do reduce the event-based triggers. One best practice is to combine related time and event-based triggers and associate them with a long term event. You will be retaining some records longer than you would in an ideal world, but you’ll get the job done.
With archives all this advice applies – and even more so when you start out. Start with big general categories and then ratchet up the granularity. In addition, the archive should support a formal approval process before purging, and it should support override of purging in cases where documents are under legal hold. Finally, the archive should enable authorized staff to periodically review and potentially modify retention periods.
6. Integration. The archive should have a standards-based architecture and open API that allows integration with other systems or middleware components, including existing legacy systems in use at your company. Cloud-based archiving may provide you with two challenges with respect to integration that you should be aware of. First, you have to figure out how you’re going to integrate with the off-prem archive. And second, if you are going with a service provider, the archive technology under the hood may not be visible to you. You should definitely dig into it and see what they’re using – it’s a big deal for most of the requirements I’ve discussed, like scalability.
7. Low vendor and product risk. In the archiving space – more specifically in the on-prem corner rather than cloud-based corner of the archiving vendor space — there’s a lot of what we call vendor and product risk: many of the vendors are from an older era and are clinging to what they know without sufficient footprint to support product development. Many started with one kind of archiving – like mainframe output – and have spread to others (like all types of content, or e-discovery, or social content) but they aren’t particularly good at it.
8. Your Specialized Requirements. You will probably insert additional more specialized requirements, such as compliance supervision (e.g. for financial services), advanced e-discovery, focus on particular file types (IM, Groupwise, video, web page archiving, salesforce.com), etc.