HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Information Governance Maturity in Financial Services
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Key Regulatory Changes• Record Keeping in Dodd Frank and EMIR
Multi - Jurisdictional Regulatory Requirement• FINRA (Financial Industries Regulatory Authority), SEC (Securities & Exchange
Commission), CFTC (Commodities & Futures Trading Commission), BoE (Bank of England)
Past Legal or Regulatory Issues or Fines• Data Protection, Collusion, Corruption, Harassment, Insider Trading, Money Laundering,
80+ others
Reputational or Event Risk• Keep out of the headlines
Intellectual Property (IP) or Non-Public Info (MNPI) Leaks
Cost Containment• Storage
• Discovery
Typical Information Goverance Drivers in Banking
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
Risk & Cost Impact Increasing Year on Year
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
Example Regulation - Dodd Frank Background
• Regulations under Dodd Frank introduced new requirements for reporting and record keeping of Swaps and Derivatives related content
• Generally require that relevant records be duplicated and retained for 5 years following termination, execution, or expiration a contract
• Includes all of the information that is associated with execution of an agreement, and provide basis for economic terms of a deal
• Retain records according to specific regulatory requirements for immutability and third-party access within 24 / 36 / 72 hours
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
HP Autonomy’s Information Governance Solution
Business Analytics
Search & Collaboration
Information Governance
Legal Hold & eDiscovery
Deal ReconstructionSupervision
IBM CMODSymantec
EVEMC Centera
NICEOther
Sources File Shares
Social Media Video Audio Email Texts TransactionalData
IT/OT Search Engine ImagesDocumentsMobile
HPBi-directional Connector Framework
RainStor
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
Information Governance Defined
HP Autonomy Information Governance
A portfolio of modular solutions that help organisations access and understand human and computer-generated information without bias to repository or location, organise and control this data with a centralised policy engine, and intelligently manage and take action upon this data in accordance with business, legal/compliance, and data management objectives.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
Unaware:unmanaged
Aware:formative
Aware:developing
Aware:competent
Stages of Competency
• Vital records at risk
• Non-compliance
• Duplication of work
• High storage and e-discovery costs
• No authoritative versions
• No info sharing
• Uncontrolled retention
• Decisions based on incomplete info
• Incomplete chain of custody
• No recognisable business context
• Poor information security
• Duplication of work
• High e-discovery cost
• No authoritative versions
• No sharing of information
• Poor retention
• Decisions based on incomplete information
• Incomplete chain of custody
• No recognisable business context
• Poor information security
• Duplication of work
• No authoritative versions
• Minimal sharing of information
• Decisions based on incomplete information
• No recognisable business context
• Poor information security
• Cost of manual capture
• Distributed silos of records
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
Stages of Competency – ARMA GARP Maturity Model
• There is no clear definition of the records that the organisation is obligated to keep
• Records and other business documentation are not systematically managed according to records management principles
• Business groups define this to the best of their ability based upon their interpretation of rules and regulations
• There is no central oversight and/or consistently defensible position
• There is no defined or understood process for imposing ‘holds’
Sub Standard In Development Essential Proactive Transformational
• The organisation has identified the rules and regulations that govern its business
• The organisation has introduced some compliance policies and recordkeeping practices around them
• The policies are not complete
• There is no apparent or well defined accountability for compliance
• There is a hold process, but it is not well integrated with the organisations information and discovery processes
• The organisation has identified all relevant compliance laws and regulations
• Record creation and capture are systematically carried out in accordance with record management principles
• The organisation has a strong code of business conduct which is integrated into its overall information governance structure and record keeping policies
• Compliance and the records that demonstrate it are highly valued and measurable
• The hold process is integrated into the organisations information management and discovery processes for the “most critical” systems
• The organisation has defined specific goals related to compliance
• The organisation has implemented systems to capture and protect records
• Records are linked with the metadata used to demonstrate and measure compliance
• Employees are trained appropriately and audits are conducted regularly
• Records of the audits and training are available for review
• Lack of compliance is remedied through implementation of defined corrective actions
• The hold process is well managed with defined roles and a repeatable process that is integrated into the organisationsinformation management and discovery processes
• The importance of compliance and the role of records and information in it are clearly recognised at the senior management and board levels
• Auditing and continuous improvement processes are well established and monitored by senior management
• The roles and processes for information management and discovery are integration
• The organisations stated goals related to compliance have been met
• The organisation suffers few or no adverse consequences based on information governance and compliance failures
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
ARMA – Generally Accepted Recordskeeping Principles
Accountability
Transparency
Integrity
Protection
Compliance
Availability
Retention
Disposition
A senior executive (or person of comparable authority) oversees the recordkeeping program and delegates program responsibility to appropriate individuals. The organisation adopts policies and procedures to guide personnel and ensure the program can be audited.
The processes and activities of an organisation’s recordkeeping program are documented in a manner that is open and verifiable and is available to all personnel and interested parties.
A recordkeeping program shall be constructed so the records and information generated or managed by or for the organisation have a reasonable and suitable guarantee of authenticity and reliability.
A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret or essential to business continuity.
The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organisation’spolicies.
An organisation shall maintain records in a manner that ensures timely, efficient and accurate retrieval of needed information.
An organisation shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.
An organisation shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws and the organisation’s policies.
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Our Value Proposition
Enterprise Retention Management
Global policy and metadata management
Manage in Place
Single Pane of Glass View
Robust Out of Box Functionality
Manage in Place
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
HP Autonomy Information Governance Framework
Ensure Retention & Disposition
HP Information Governance
A platform approach for effectively managing all information, enterprise-wide, in accordance with corporate policy and business goals
Gain Full Understanding
Automate Policy Application
Prepare & Respond: legal &
regulatory
Store & Manage in Place
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
HP Information Governance Solution Stack
HP Records Manager
Complete RM Lifecycle
ControlPointFile Analytics,
Policy Management
HP e-Discovery
Complete discovery lifecycle
management
HP Legal HoldEnd-to-end legal hold
Structured Data Manager
Structured content archiving
HP Information Governance Application Architecture
Core Application Logic
CFS
Intelligent Data Operating Layer
Connectors
Enterprise Repositories
Indexing Services
Connection Services
The Power of the Platform
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
HP Information Governance Logical Architecture
Connector Framework
Enrich metaName lookupsSpeech to text
OCR
IM Voice
HP ControlPoint-
Classification
HP RM-
Records Management
HP StructuredData Manager
Compliance Front Office Compliance
Files
Persist
ReviewManagepolicy
Report
Unstructured
Applications
Scan/Fax
Structured
WORM / Disk
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
Making retention an enterprise reality
HP Information Governance Process Flow
• Allows organizations to identify “dark data:
• Understand its meaning and significant
• Classify and categorizeControl
• Treat related information consistently
• Apply policy to content typeApply Policy
• Make management decisions on access, availability, location and disposition
• Complete audit trailTake Action
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
ControlPoint is an application that provides a user interface and an ‘engine’ for:
HP ControlPoint Introduction
Configuring the classification of files
Reviewing the results of classifications
Configuring and applying policies that take actions, ‘about’ files that it manages
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
HP Records Manager Introduction
HP Records Manager
Interactive Document Management
SharePoint Governance
ControlPoint Auto-Declare In-Place Management
SAP ArchiveLink
AIO Structured Records
Physical Records
COM/.NET SDK Services API
Custom Solutions
ControlPoint Legacy Data Cleanup
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
HP Structured Data Manager Introduction
Reduce data footprint &
storage costs
Enhance operational efficiency
Retire outdated applications
Subset & Masking for Test
Improve search and eDiscovery
SDM
Customized Solutions
Groovy SDK
Application Integrations
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
In Place Management
Content repositories
Content repositories Know what
information you have
Know where the information is
located
Know your information is
protected
Know the information is
managed appropriately
IDO
L Co
nn
ect
or
Fra
mew
ork
Manage in Place
• Content Creation
• Business Processes
• Collaboration
• Projects
• Events
ControlPoint
HP Records Manager
Index, Analyze, Auto-Classify
De
clare
Retain and manage active information where it provides the best business value
HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
Information Governance Functionality
Policy Management Content Collection Source Repositories
Con
nec
tor
Fram
ewo
rk S
erve
r
OnDemand
FileShares
RainStor
SEV
SharePoint
Exchange
HP RM
• No additional content store
• Metadata Management
• Retention
• Search
• ILM
• Approval routing
• Legal Hold Mgmt and Support
• Notification and alerts
• Reporting
• Audit
CP
• Indexing Services
• MIP
• Collect Insert
• Delete/Remove
• Hold/Release
• Hold
• Synchronize
• View
• Audit
Basic
Available
Custom
Enterprise Retention Management
Copyright © 2013 HP Autonomy. All rights reserved. Other trademarks are registered trademarks and the properties of their respective owners.
Craig Adams, EMEA Sales Director – Information GovernanceCraig Adams, EMEA Sales Director – Information Governance
Email: [email protected] [email protected]
Mobile: +44 7717 850527
LinkedIn: www.linkedin.com/in/craigadamsuk