They say it takes a village to raise a child. According to one industry observer, it takes all aspects of an enterprise to manage data properly.
Jim Geis is director of systems, solutions and services at Forsythe Solutions Group Inc., a tech advisory firm in Skokie, Ill. He says companies must involve multiple departments, from legal, to HR and IT, when devising information life-cycle policies.
“Your legal department needs to be involved to help you figure out the rules, the laws and how your information should be treated,” he advises. “The business units, the application owners and the users need to be involved because they understand the value of the data. Is it revenue generating? Is it internal? HR needs to be involved because you’re going to write policies around the treatment of information, and unfortunately policies sometimes get broken and disciplinary action must be taken. Everyone needs to be involved in this process.”
Geis says the village-based document management process may be cumbersome, but it ensures the company in question has all of its bases covered.
“There’s a huge overlap between information policy, security policy and business continuity policy. They’re almost interchangeable, and in some cases should be written in the same document.”
Is that feasible? “In some situations, yes,” Geis says, explaining that if your firm has a regulatory obligation to recover data within a certain time frame, it’s easier to meet that requirement with a single policy outlining service level expectations, whose responsibility it is, and what the general guidelines are.
Geis says it’s particularly important to involve the legal department.
One Forsyth client implementing an archival and retrieval system was advised to create a document management group, which outlines policies and guidelines for handling paper-based information.
That helped the company figure out when to delete files, where files should be stored and other document management details even before bringing in the technology. Policies in hand, the group transported the established procedures to the electronic system.
Geis advises companies to classify data to aid the data management process, although he notes that few firms do outside of business continuity projects. “Part of disaster recovery planning is deciding which data you recover first, which is the most important to getting the business up and running. Is it mission-critical or disposable? Is it public information or is it private information?”
Geis says it’s important to have the policies in place first, especially when dealing with a new concept like information life-cycle management (ILM). “The industry is still refining what ILM is. We’re advising customers to take care of what they can now, in the absence of maturity in the market.”
ILM means using different storage system “tiers” for different kinds of data. Older, generally less useful information might be stored for a short time on inexpensive tape media, while newer, soon-to-be-needed info might reside on more expensive disk arrays.
ILM could become a popular concept among large enterprises, Geis says.
“Companies that have terabytes and terabytes of information are going to benefit more from having a couple of tiers of storage.”