The answer is a cross-functional information lifecycle governance (ILG) program that uses a joint-stakeholder model to establish
new lines of communication and new processes between the legal, records, research, business, and IT functions in order to
facilitate the regular and automatic defensible disposal of data that has no legal, regulatory, research, or business value.
The Compliance, Governance, and Oversight Council, a community of thought leaders on ILG and defensible disposal, recently
published the "Information Lifecycle Governance Leader Reference Guide," a detailed exploration of the justifications, strategies,
and processes critical to creating an ILG program. Among the key findings in the reference guide are the following defensible
disposal best practices.
Start with the right people. No cross-functional effort in a large organization can succeed without broad and deep support from executives and managers.
Establish an executive committee that includes, at a minimum, the CIO, CFO, general counsel, and privacy officer. Develop
a senior advisory group composed of line-of-business leaders to provide the necessary staff and support. A program office
also needs to be staffed to drive and measure progress toward goals and to direct the efforts of a working group that develops
the specific processes.
Create a framework for unifying processes. Develop a strategy for unifying the disparate and siloed processes and practices in legal, records, research, business,
and IT. The information governance reference model, developed by EDRM (edrm.net/), provides a framework for defining a unified governance approach to information and underscores the importance of linking
information duties and value to the data assets that IT stores and manages. This linkage is critical to ensuring availability
of valuable information, reducing risk, and enabling disposal of unnecessary information. The reference guide also provides
a maturity model for the 16 specific processes required to lower cost and risk and institutionalize defensible disposal, value-based
archiving and retention, and rigorous e-discovery.
Translate strategy into tactics and goals into results. Establish clear connections between business objectives, the processes and actions required to achieve them, the capacity
to execute those actions, and the measurement needed for accountability. The need for clarity cannot be overstated. Without
clear business goals, processes, and metrics, it is impossible to evaluate whether the organization has put in place the capacity
and capability of executing the required processes.
Implement the right technology. Maintaining a defensible disposal program requires the right technology and tools to automate legal holds, retention of records,
de-duplication, and the proper tiering and disposing of data that no longer has value. Storage virtualization should automate
the freeing up of the capacity made possible by routine disposal. And there must also be a shared data source catalog across
all the stakeholder organizations.
Measure success. Insist on constant and consistent measurement and reporting. Use the defensible disposal program's cost and risk reduction
goals and timeline to create executive dashboards and management reports, but don't measure performance without also measuring
the operational capacity. Ongoing capacity planning and monitoring are critical to avoiding the possibility that resource
issues will undermine results, a very real possibility in cross-functional projects.
Audit the program. Once you have institutionalized defensible disposal in your organization, internal audit should report on process failures,
help identify failure causes, and ensure organizational accountability for fixing any issues. The criteria used for auditing
should be designed into the program from the start.
Defensible disposal can create tremendous value for pharmaceutical companies by substantially improving information economics
and aligning information stakeholders across legal, records, research, business, and IT to lower systemic risks. By driving
cross-functional change from disparate, siloed practices to a joint-stakeholder model, a defensible disposal program can drive
cost and risk out of business operations and lead to greater financial performance.
Lorrie Luellig is Of Counsel at Ryley Carlock & Applewhite, PC Information Governance (RCA-IG) and a Faculty Member at the Compliance, Governance
and Oversight Counsel (CGOC). She can be reached at firstname.lastname@example.org