- PDF: Delivered by email usually within 4 to 8 UK business hours.
- PRINT/CD-ROM: Despatched within 1 to 2 working days.
Document and Records Management
Controlling Information Risk and Aiding Compliance
- Product Code:BUT00012
- Publication Date:June 2008
- Publisher:Butler Group
- Product Type: Report
Document and Records Management Controlling Information Risk and Aiding Compliance
Many early Document and Records Management (DRM) deployments were rolled out at the departmental level as point solutions to address a single issue. Now these organisations are extending their deployments enterprisewide to address compliance requirements or to deliver an integrated information management strategy.
Butler Group last published a Report on DRM in February 2005. Although in many ways the core DRM technology has not changed to a large extent, we felt that the time was right to revisit the topic, as the circumstances in which organisations are implementing DRM have evolved. Many of the problems faced by organisations have changed in the past three years. At the time of writing the original Report, the take-up of DRM was still relatively low and organisations were interested in what benefits the technology could provide. Now, however, we are in the second wave of DRM.
According to research from Datamonitor, Enterprise Content Management (ECM) has a market penetration of over 80%, with more than 40% of organisations planning to invest in new ECM systems or expand their solutions in the next two years.This means that many organisations that have already implemented DRM are considering deploying a different product, either because the first implementation was less than successful and did not provide the business benefits expected, or because their requirements have evolved and their current solution can no longer address their needs. There are also organisations that initially deployed DRM as a point solution to address a single issue, often within a single area of the business, which now wish to roll out DRM solutions enterprise-wide in order to meet compliance requirements or provide an integrated information management capability. Therefore, what organisations require now is a more practical look at how to achieve a successful DRM implementation and how to apply some of the supporting DRM technologies, and this Report covers these areas.
One of the reasons cited for an initial DRM implementation being less than successful is that organisations, particularly those in the public sector, were panicked into buying DRM for compliance purposes. This resulted in insufficient planning being undertaken to ensure that these organisations were able to derive business benefit from their chosen DRM solution. We believe that organisations must now look beyond the requirements of compliance when considering the implementation of DRM, to also consider how they can derive business benefit from the solution - an implementation to address compliance alone cannot succeed. If organisations are foresighted and look beyond compliance, to plan the implementation so that it provides business benefits - for example, by enabling users to save all unstructured information into a central repository from where it can be accessed and shared - they will also derive cost efficiencies.
The other major reason that implementations fail is that organisations do not define their objectives before the implementation. They realise that there are business benefits to be gained from DRM, but have not clearly defined their requirements or how the potential benefits can map to their business strategy. The objectives are the cornerstone of a DRM implementation and organisations must define them clearly or again the implementation will fail. Despite an increase in the number of regulations and legislation to which organisations must adhere, compliance is still low on the agenda for many and litigation risk continues to be a more important driver in the UK and Europe. Better manageability of unstructured information is also a determining factor in the decision to implement DRM. It is our belief that Return On Investment (ROI) can be achieved and therefore DRM justified on the savings that can be made through the better management of information alone, although it is often difficult for business managers to justify the required budget on these grounds.
However, not knowing what information an organisation has is a huge potential risk. There is a danger of contentious information that, were it to get into the public domain, would be damaging for the organisation. Norwich Union discovered this to its cost when it was forced to make an out-of-court settlement of UK450,000 after it was found that some of its employees had been sending defamatory e-mails about one of its competitors and the company was unable to locate the e-mails - they had been deleted. In other legal cases Morgan Stanley has also been fined over an inability to locate e-mails or even to be able to state whether the requested e-mails still exist. The size of the fines that are now being levied on organisations for a failure to locate information, or in some cases be able to state whether information exists, would more than cover the cost of implementing a DRM solution with the associated services that are generally required.
In terms of technology the major issue for organisations is how DRM can address their particular needs, and which type of solution will provide the closest fit. For organisations that are document-centric creating most of their documents internally with little requirement for integration with other repositories, an Electronic Document and Records Management (EDRM) system may be sufficient. This generally provides workflows that support the lifecycle of a document, including its declaration as a record, but does not provide extensive integrations with other applications. However, organisations that import (rather than create) a high percentage of their documents have a need to integrate with structured data as well as unstructured information sources, and require complex document-centric processes, an ECM platform with DRM capabilities will generally be better suited. In terms of technology there is often little to differentiate vendors in each of the two categories.
The majority of the major EDRM vendors were The National Archives (TNA) 2002 certified and number public sector bodies amongst their customer bases. Their products are therefore geared towards serving organisations in document-centric, regulated industries. In terms of DRM functionality, there is also little to choose between the leading ECM vendors. They too have a focus on certification. Not all of them achieved TNA 2002 approval, although most are certified by the Department of Defense (DoD) in the USA. The areas in which these vendors differentiate themselves are in broader ECM functions such as Business Process Management (BPM), digital rights management, scanning and imaging, digital asset management, e-mail archiving, and output management. These additional capabilities of the ECM vendors are reflected in the price of the platforms, although some of the additional features are offered as optional modules. Organisations therefore need to carefully consider what type of product to deploy, and must take into account future requirements rather than simply current needs. Regardless of the type of DRM system organisations implement, a potential issue that they all face is that of the long-term retention of information. Whilst most organisations now recognise the need to carry out a hardware refresh periodically, they are also faced with the problems of file format obsolescence and there are currently a number of new file formats being developed for long-term retention.
One of the more contentious areas of Records Management (RM) currently is the debate between integrated RM and in-place or federated RM. Whilst Butler Group regards an integrated approach to be more secure, we recognise that there are circumstances when this is not appropriate and federated RM is the only feasible option. In these circumstances organisations need to pay particular attention to the security of the records that are maintained in their native repositories.
Take-up of DRM has greatly increased over the last couple of years with, according to figures from Datamonitor, traditional Document Management (DM) technologies representing 63% of the market, with non-traditional ECM technologies such as enterprise search, portals, content integration, and Information Lifecycle Management accounting for the remaining 37%. Estimates from Datamonitor predict that the ECM market will grow from US$1.6 billion in 2006 to US$3.5 billion by 2012, which means that there is still plenty to play for by the ECM vendors, and in Butler Group's opinion this is one of the major reasons for vendors outside the ECM market moving into this lucrative area. The DRM vendor landscape has changed considerably since the last Butler Group Report was published in 2005. At that time most of the ECM vendors were still independent, with only Documentum having been acquired by EMC. However, over the past two years acquisitions have accelerated. FileNet was acquired by IBM, Open Text bought Hummingbird, and Oracle finally entered the ECM market through its acquisition of Stellent.
During the writing of this Report, it was announced that HP was to acquire TOWER Software subject to shareholder approval, although as the biggest three shareholders who hold 90% of the shares are in favour of the deal it is likely to go ahead. The addition of TOWER Technology's TRIM Context to the HP portfolio is an excellent move for HP. TRIM already forms part of HP's Integrated Archiving Platform (IAP), and the acquisition will enable HP to develop and expand the TOWER platform and provide the company with an immediate share of the ECM market.
The EDRM market has also changed with the entrance of Autonomy through its acquisition of Meridio. The earlier acquisition of ZANTAZ provides Autonomy with the opportunity to build an extremely powerful portfolio through the combination of Meridio with Autonomy's search capabilities, the ZANTAZ archiving solution, and ZANTAZ e-discovery product. Butler Group expects there to be further consolidation in the market. There are only three major ECM vendors that remain independent: Open Text; Interwoven; and Vignette. Of these three vendors we feel that there will be considerable interest in Open Text from the major Enterprise Resource Planning (ERP) vendors, which could result in a bidding war. There are also other large infrastructure vendors that may wish to move into this market. In addition there is a growing open source presence in the ECM and DRM markets through vendors such as Alfresco and Nuxeo.
Over the coming years the DRM market will continue to evolve. The presence of Microsoft Office SharePoint Services (MOSS), which is Microsoft's entry into the DRM market, will introduce the idea of DRM to a wider audience, which in turn will benefit vendors with more scalable solutions as the requirements of smaller companies grow beyond the capabilities of MOSS. There is still much to be played for in the DRM market, which will see additional large infrastructure vendors exploiting this lucrative space. This ensures that it will continue to be an exciting area to observe. Butler Group Market Lifecycle Positions Butler Group's vendor ranking and assessment model groups suppliers into Shortlist, Consider, and Explore categories, and shows the predicted progress through the three major phases of Early Adopter, Market Adoption, and Market Maturity. Within each group vendors are listed alphabetically.
- Contents - June 2008
- Section 1: Management Summary
- 1.1 Management Summary
- Section 2: Introduction and Business Perspective
- 2.1 Report Introduction and Objectives
- 2.2 Establishing the Business Need for Document and Records Management
- 2.3 Business Drivers for Document and Records Management
- 2.4 Compliance and Litigation Issues
- 2.5 Generic DRM Issues
- Section 3: Design and Considerations
- 3.1 Architecture Options
- 3.2 Classification, Taxonomies, and Indexing
- 3.3 Search
- 3.4 Compliance and Discovery
- 3.5 BPM and Workflow Within DRM
- 3.6 Taking an Integration and Solutions Approach to DRM
- 3.7 Collaboration in DRM
- 3.8 Security
- 3.9 Managing Records for Long-term Retention
- 3.10 Auditing in DRM
- Section 4: Implementation and Optimisation Strategies
- 4.1 Standards and Certification to Consider
- 4.2 Skills and Services
- 4.3 Best Practices in DRM
- 4.4 Building Solutions for Records Management
- 4.5 Managing Physical Records
- 4.6 Butler Group DRM Model
- 4.7 Butler Group Implementation Model
- 4.8 Case Studies
- Section 5: Market Perspective and Vendor Comparisons
- 5.1 Market Analysis
- 5.2 Market Drivers
- 5.3 Future Perspective
- 5.4 Vendor Analysis
- Section 6: 6.1 Butler Group Document and Records Management Features Matrix
- 6.2 Butler Group Document and Records Management Product Capability Diagrams
- 6.3 Butler Group Document and Records Management Market Lifecycle Ratings
- Section 7: Technology Audits
- Datum International - KnowledgeWorker
- EMC - Documentum 6
- IBM - IBM Content Manager, FileNet P8
- Interwoven - Interwoven Worksite (v8.3) and RecordsManager (v5.1)
- Microsoft - Microsoft Office SharePoint Server 2007 for DRM
- Morse plc - Wisdom Product Suite (version 7)
- Objective Corporation - Objective (version 7)
- Open Text - Open Text Records Management Portfolio
- TOWER Software - TRIM Context
- Vignette - Vignette Records Manager 7.2
- Section 8: Vendor and Product Profiles
- 80-20 Software
- Active Navigation
- Alliance Group
- Autonomy ZANTAZ
- Section 8: Vendor and Product Profiles (continued)
- Fabasoft AG
- Fujitsu Software Corporation
- Hyland Software
- IMR UK
- Iron Mountain
- Just Systems
- Section 9: Glossary