MemorableURL.com

There seems to be some confusion in the world of federated records management about what exactly is being federated. There are 2 distinct use cases what you might want to consider:

1) Federating just the records/retention policies. The use case here would be where you would manage the master policies in one system - the master policy management system. Each remote system looks at the master policy management system to get the policy information or the master policy management system pushes the policies out to each remote system . In this model, each remote system applies its own policies locally, it is just the policy information that is federated. Note: In this model you do not have centralized view/management of the records, just the polices.

2) Federating the application of retention etc. to the actual objects in the remote systems in place. This is the classic federated records management model that I discuss in this blog. I have just written a 2000 word overview of this use case as an article for one of the ECM magazines which I can send to you if you email me.

Use case #1 is typically less invasive that #2 and does give you a lot of benefits - it is not much easier to set up that #2 though! However, just knowing where the policies exist is useful; let's assume that a regulation changes and you have to find all objects in the enterprise that have that policy applied to it. Use case #1 would at least let you know where the policies exist even though you cannot actually manage it centrally. 

I started writing a lengthy and concise overview of federated records management and the assurance component. It grew and grew in to a 2000 word overview. That's the good news, the bad news is that it was so good that marketing stole it from me and would like to have it published in one of the records management or document management magazines. Even with my massive blog readership I think that the audience size of a magazine might be just a little better so I agreed!

Here's the deal, if you want the 2000 word description then just email me and I'll forward it over to you. It is way too long for the blog anyway.

Here's a 350 word explanation of the premise behind Assured Federated Records Management. I am working on a longer, more explicit description.

The promise of federated records management is the ability to manage all of the records in your enterprise from within a single system, BUT, Federated Records Management solutions are destined to fail for one primary reason…

In a federated environment the master records system needs to make content in the remote systems immutable. In 95% of cases, the remote systems do not support the ability for an external system to make their content immutable, in fact most of them do not even understand the concept of immutability – take the ubiquitous file system for example. The net result is that while the master records system thinks it has made the remote content immutable there is often nothing to stop a privileged user from changing or deleting that content – without your knowledge. You are potentially losing records and you have no way of knowing that it happened – the courts are very unsympathetic if a company cannot show that they are retaining records across all systems.

The “FRM Assurance Integrity” engine accepts these inherent problems as being unavoidable. The engine runs as a background process and periodically checks the integrity of the objects in the remote systems. It is able to tell whether the remote content has been changed or deleted and notify the appropriate parties. How does this knowledge help us? We get a chance to discover and deal with the root cause – was it the intentional destruction of records, a rogue process or an over zealous system admin? We can then stop the problem re-occurring and restore records from backup if necessary. More importantly we have a rolling audit trail that shows auditors or the courts that our federated systems are working correctly.

An additional benefit of the integrity assurance engine is the ability to use not just technology for your federated records solution; you can also use manual processes. You can now use training and change control processes to stop people from changing records in systems and then reply on the assurance engine to monitor adherence to those policies.

I've had a couple of questions about why I don't talk about assured federated records management in the book. I guess there are two parts to that question - the first might be "What is assured federated records management?" and the second would be why it is not in the book.

Let me address the latter question first. Although I did indeed invent the integrity assurance engine before I finished the book I did not have the provisional patent application filed. In North America you cannot talk about something publicly before the patent application is filed so I had to hold off.

So what is assured federated RM? Well, that's a longer answer so I'll start writing that one right now and post it as soon as possible.

BTW - As a reminder, the book is available to purchase directly from me, with free shipping at...

https://shop.nevertalkwhenyoucannod.com/displayProductDocument.hg?productId=1&categoryId=1