Organizations are now in an environment where most information is electronic and in many organizations, responding to a document request becomes a stressful, tedious and costly project. By using records and information management best practices, organizations will be in a position to be proactive, rather than reactive, when such requests are received.
ARMA International’s Generally Accepted Recordkeeping Principles® (GARP®) and its associated Information Governance Maturity Model (Maturity Model) are two tools that an organization can use to develop a reasonable, good faith program to properly manage all information, from creation through disposition. To do this, however, organizations have to commit to the proper governance of all content, not just the tactical management.
I interviewed Melissa Dederer, CRM, Associate Director of Records Management at Purdue Pharma, to get a deeper understanding of GARP and its associated Maturity Model to find out how to be better prepared (proactive) rather than running around (reactive) when the request for information is received.
Amber Scorah: Can you explain in some detail what ARMA International’s Generally Accepted Recordkeeping Principles(GARP) and its associated Information Governance Maturity Model (Maturity Model) are, and how they help with eDiscovery?
Melissa Dederer: GARP was developed by ARMA International (the authority on managing records and information) in 2009. It was based on international standards (e.g., ISO 15489), U.S. federal court case law, national standards and best practices. GARP complements the Electronic Discovery Reference Model (EDRM) as it is not just a step in eDiscovery – it is an ongoing process managed by best practices that can be applied to issues pertaining to the creation, use and disposition of all information, regardless of format.
GARP consists of eight (8) principles (Accountability, Transparency, Integrity, Protection, Compliance, Availability, Retention and Disposition) and is designed to facilitate an organization’s ability to comply with legislation and regulations and improve business operations. The Maturity Model was launched in 2010 and defines the characteristics of recordkeeping programs at various levels of maturity (Sub-standard, In Development, Essential, Proactive and Transformational). Think of the Maturity Model as the tool to use in evaluating your recordkeeping practices and as a tool to help you visualize and determine your desired state of maturity – at what level of maturity is your organization – and where do you want to be?
Amber Scorah: What does proper governance of all content, as opposed to just tactical management, involve?
Melissa Dederer: The difference has to do with strategy versus management. Having records and information management policies and procedures in place is tactical management. Proper governance of all content, that is, “Information Governance,” is strategic. As such, for an organization to govern its information, it must elevate its vision and decision-making to the corporate level. This will allow for assessing an organization’s information as to the value it provides the organization as well as what risk it may pose.
Information governance provides the opportunity to weigh all value and risk from the perspectives of records management, IT, Legal, Finance, line of business, etc. An organization will end up with an appropriate, customized conclusion about how mature it is and how mature it wants to be. The organization can then choose its “management tactics” to implement its strategic information governance goals. By utilizing proper governance and management of all content, eDiscovery efforts will be both less tedious and stressful.
Amber Scorah: How can using GARP and its associated Maturity Model help an organization be better prepared (proactive) rather than running around (reactive) when a request for information is received?
Melissa Dederer: GARP and its Maturity Model are specifically designed to provide a framework to better prepare your organization for just about any legal situation, and it is designed to be used by any size organization, whether public or private. By following best practices, an organization will be able to maintain their information in a manner that will comply with laws and regulations as well as meeting their business needs [i.e., keeping what needs to be kept (in an organized manner) and disposing of information that is eligible for disposition].
GARP and its Maturity Model will assist an organization in determining how well they are managing their information in an internal benchmarking sense, but perhaps even more importantly, it can serve as your information governance improvement framework as well – highlighting the characteristics of your desired state of maturity and the critical path you need to take to achieve it.
Amber Scorah: What lessons learned from using GARP can you pass on to other organizations?
Melissa Dederer: Do your organization a favor and conduct a GARP assessment on your organization’s information governance practices. If tackling the entire organization in one pass is not a realistic goal, then select a key department (or two or three) and do a GARP assessment at the department level. I can guarantee you that you will uncover gaps and opportunities for improvement you had not previously identified. Once an assessment is done (at any level), you can take your findings to the C-Level suite, and then discuss the results with them.
For example, if you are at Level 1 (Sub-Standard) for Availability – which, remember, is the principle dealing with ensuring the business has ready access to the information it needs to drive revenue/meet its mission – you may want to discuss the need for funding for an electronic records management system to ensure the right people have access to the right information at the right time, to get the best decision made or to simply get the job done. This will not only help the organization (department) overall, it will also help with the eDiscovery process.
Amber Scorah: Any other advice on developing a good eDiscovery strategy?
Melissa Dederer: Litigation readiness is a natural by-product of doing good information governance. In order to do good information governance, an organization needs a cross-functional perspective on how information is managed – in the normal course of business as well as during litigation or investigation. When the rubber hits the road, the fact is, eDiscovery personnel cannot (and should not) develop an eDiscovery strategy alone.
If you haven’t done so already, schedule a meeting with records management (and IT) – get them involved, include them in your discussions about how to prepare and respond to requests as well as future planning strategies. Your eDiscovery strategy should include proper records and information management. Information management is not just a step in eDiscovery but it is an on-going process that is managed utilizing best practices. Properly managed information = less information to cull through = less information to produce = less time to review = lower costs overall.
Melissa Dederer is a speaker at the IQPC eDiscovery for Pharma, Biotech and Medical Device Industries Summit. For more information visit www.e-discoverypharma.com.