Defensible Data Disposal - Pharmaceutical Executive


Defensible Data Disposal

Pharmaceutical Executive

Defensible disposal

The answer is a cross-functional information lifecycle governance (ILG) program that uses a joint-stakeholder model to establish new lines of communication and new processes between the legal, records, research, business, and IT functions in order to facilitate the regular and automatic defensible disposal of data that has no legal, regulatory, research, or business value.

The Compliance, Governance, and Oversight Council, a community of thought leaders on ILG and defensible disposal, recently published the "Information Lifecycle Governance Leader Reference Guide," a detailed exploration of the justifications, strategies, and processes critical to creating an ILG program. Among the key findings in the reference guide are the following defensible disposal best practices.

Start with the right people. No cross-functional effort in a large organization can succeed without broad and deep support from executives and managers. Establish an executive committee that includes, at a minimum, the CIO, CFO, general counsel, and privacy officer. Develop a senior advisory group composed of line-of-business leaders to provide the necessary staff and support. A program office also needs to be staffed to drive and measure progress toward goals and to direct the efforts of a working group that develops the specific processes.

Create a framework for unifying processes. Develop a strategy for unifying the disparate and siloed processes and practices in legal, records, research, business, and IT. The information governance reference model, developed by EDRM (, provides a framework for defining a unified governance approach to information and underscores the importance of linking information duties and value to the data assets that IT stores and manages. This linkage is critical to ensuring availability of valuable information, reducing risk, and enabling disposal of unnecessary information. The reference guide also provides a maturity model for the 16 specific processes required to lower cost and risk and institutionalize defensible disposal, value-based archiving and retention, and rigorous e-discovery.

Translate strategy into tactics and goals into results. Establish clear connections between business objectives, the processes and actions required to achieve them, the capacity to execute those actions, and the measurement needed for accountability. The need for clarity cannot be overstated. Without clear business goals, processes, and metrics, it is impossible to evaluate whether the organization has put in place the capacity and capability of executing the required processes.

Implement the right technology. Maintaining a defensible disposal program requires the right technology and tools to automate legal holds, retention of records, de-duplication, and the proper tiering and disposing of data that no longer has value. Storage virtualization should automate the freeing up of the capacity made possible by routine disposal. And there must also be a shared data source catalog across all the stakeholder organizations.

Measure success. Insist on constant and consistent measurement and reporting. Use the defensible disposal program's cost and risk reduction goals and timeline to create executive dashboards and management reports, but don't measure performance without also measuring the operational capacity. Ongoing capacity planning and monitoring are critical to avoiding the possibility that resource issues will undermine results, a very real possibility in cross-functional projects.

Audit the program. Once you have institutionalized defensible disposal in your organization, internal audit should report on process failures, help identify failure causes, and ensure organizational accountability for fixing any issues. The criteria used for auditing should be designed into the program from the start.

Moving forward

Defensible disposal can create tremendous value for pharmaceutical companies by substantially improving information economics and aligning information stakeholders across legal, records, research, business, and IT to lower systemic risks. By driving cross-functional change from disparate, siloed practices to a joint-stakeholder model, a defensible disposal program can drive cost and risk out of business operations and lead to greater financial performance.

Lorrie Luellig is Of Counsel at Ryley Carlock & Applewhite, PC Information Governance (RCA-IG) and a Faculty Member at the Compliance, Governance and Oversight Counsel (CGOC). She can be reached at


blog comments powered by Disqus

Source: Pharmaceutical Executive,
Click here