You or your boss have decided to move your records management processing to the Cloud, that is, to a Cloud based records management solution.

Typical Scenario

Currently, you run a legacy records management system on old servers somewhere in the computer room. You are aware that the records management software you are running is old and out of date and no longer supported. You also suspect that the server and operating system and databases software are similarly old and out of date. You also have no confidence in the backups and don’t think your server is included in any Disaster Recovery Plan.

The boss recently attended a risk management seminar and came back full of enthusiasm and focussed on minimizing processing risks. Yours records management system was identified as a big risk because you are responsible for 1.5TB of company data, documents and emails going back 20 years. The boss delegated to you and said, “Get it done!” Where do you start?

You could just call up a selection of records management software vendors and ask them to provide quotations but without prior research and preparation on your part, what you receive back will not be apples to apples. Each vendor will see the problem differently and you will spend a lot of time trying to answer a plethora of often confusing questions. There will be no clear conclusions and it will be difficult to make a selection of vendor or even know what you will end up with.

Take Advantage of the Opportunity

Alternatively, as you have already decided that a new software solution is required, it is a great time to re-evaluate everything you hold and everything you do. This is the time to cull and to modernize and improve all of your business processes. Please don’t, under any circumstances, be convinced by anyone to try to transfer your in-house mess to the Cloud, that would-be anathema.

Instead, plan on instructing the vendors on how you want to go forward, not on how you process now. Do your research and culling and modernizing and produce a report before you call in the vendors.

Cull and Simplify

The first job is to research exactly what you have in your database and associated physical files both in-house and at offsite record centres. You are going to need help from someone who is still an expert in your legacy system and you are going to need help from IT when trying to analyse the contents of your database. Nevertheless, get the help you need and then produce a list of all holdings, both physical and electronic. Do your best to find out exactly what is being held by offsite storage companies.

This isn’t thankless work because if you do your job well there is the very real potential of saving your company a lot of money in both floor space and offsite storage costs. Let’s be a hero.

Use your retention schedule and obtain management decisions to cull as much as possible, both electronic and physical. If in doubt, lean towards “throw it out” rather than “let’s hold on to it just in case.” If you haven’t had cause to reference something in 7 plus years, it is extremely unlikely that you ever will so, as you walk around the filing areas, repeat this mantra under your breath, “If in doubt, throw it out!”

Now look at your business processes, how old and manual and inefficient are they? For example, do end users have to fill in forms and submit them to records when trying to find something or can they just login and find it in seconds?

Please avoid the “we do it this way because we have always done it this way” syndrome. Be brave, be innovative, think outside the square; this is your time to shine! Sit down with users and ask them how they would like the new system to work. There are three magic questions you can always use to solicit the answers you need.

1       “What are we doing now that you think we shouldn’t be doing?”

2       “What aren’t we doing now that you think we should be doing?”

3       “What are we doing now that you think we can do better?”

Document your new business processes.

Produce a report

We aren’t talking about a magnum opus, all we need is a short, concise report that lists all the holdings after culling as well as your ‘new’ required business processes also suitably culled and modernized.

As we are going to provide this report to vendors to begin the quoting process we also need to include information on your operational and security requirements. You will need help here but it doesn’t really matter if your report isn’t 100% accurate, at least for now. What you are primarily interested in is getting an apples to apples response from your chosen vendors. If it later turns out that you need 60 users not 50 users or 3TB of storage rather than 2TB of storage or an average half second response time as opposed to a 1 second response you can easily get the vendors to adjust their quotes.

In other words, don’t agonize over whether or not your report is perfect (it can never be anyway) just make sure it is logical and makes sense and reflects your needs at a point in time.  You are guessing about what future usage and processing needs will be anyway because lots of things will change when the new records system is rolled out.

What to look out for

The following is a guideline, not an exhaustive or complete list. It should be a subset of your requirements.

• Make sure the vendors understand that your data needs to be stored in the country you nominate.
• Make sure that the records management software includes the functionality you require. Try not to be too prescriptive, leave room for the vendor to tell you how they would solve your problem with its unique solution. Be cautious about ‘optional’ features that may or may not be in your implementation.
• Make sure the contract includes the vendor capturing and importing all your data and documents in agreed formats.
• Make sure your system is fully redundant. Obviously, the safer it is and the more redundancy you have the higher the cost. It’s a trade-off, argue with your masters for the highest possible level of redundancy.
• Get commitments of support that meet your needs.
• Get commitments on planned and unplanned downtime that meet your needs.
• Get commitments on backups that meet your needs.
• Get commitments on bandwidth and response time that meet your needs. Remember that there are two connections to worry about; your company’s connection to the Internet and the data centre’s connection to the Internet. Be aware of possible bottlenecks.
• Get commitments on data centre redundancy. What happens if their internet connection fails or their power fails?
• Make sure that your data is as secure as possible. Ask them what international and government standards they meet on data security.
• Make sure that you are able to dynamically grow or shrink your requirements; it is a foolish person who thinks he/she can accurately predict the future.
• Make sure that there is an out clause in your contract; look carefully at any termination clauses. You want an ongoing assurance of service but you do not want to be locked in and you do not want to have to pay unfair or unreasonable penalties if you terminate.
• Make sure that there are sensible clauses to handle disputation.
• Make sure that your data always remains your property. Don’t allow the vendor to exercise any lien on your data in the future. Your data should always be your property and you should always have access to it no matter the circumstances.
• Make sure that you clearly understand and agree with the billing algorithm; if it appears too complex then it is too complex. Please don’t give your accountant anything that will be a nightmare to reconcile every month. Don’t sign until you know exactly what your monthly subscription cost is going to be.

References

And finally, as always, ask for references. Other people have been down this road and it behoves you to learn from their experiences. Don’t just call them, go and visit them and spend time asking for their opinion. Use your 3 magic questions again.

1       “What did you do (moving to the Cloud) that you now think you should have done differently?”

2       “What did you do that you now think you shouldn’t have done?”

3       “What didn’t you do that you now know you should have done?”

Then it should just be a matter of selecting a vendor, agreeing a project plan and making it happen. If you have done your homework, it will be far easier than expected.

 Good luck.

The greatest knowledge-loss disaster I can think of was the destruction of the great library of Alexandria by fire around 642 AD. This was the world’s largest and most complete store of knowledge at the time and it was almost totally destroyed. It would take over a thousand years for mankind to rediscover and regain the knowledge that went up in smoke and to this day we still don’t think we have recovered or re-discovered a lot of what was lost. It was an unmitigated disaster for mankind because nearly all of Alexandria’s records were flammable and most were irreplaceable.

By contrast, we still have far older records from ancient peoples like the Egyptians of five-thousand years ago because they carved their records in stone, a far more durable material.

How durable and protected are your vital records?

I mentioned vital records because disaster recovery is really all about protecting your vital records.  If you are a business a vital record is any record without which your business could not run. For the rest of us a vital record is irreplaceable knowledge or memories. I bet the first thing you grab when fire or flood threatens your home is the family photo album or, in this day and age, the home computer or iPad or backup drive.

In 1996 I presented a paper to the records management society titled “Using technology as a surrogate for managing and capturing vital paper based records.” The technology references are now both quaint and out-of-date but the message is still valid. You need to use the most appropriate technology and processes to protect your vital records.

Interestingly, the challenges today are far greater than they were in 1996 because of the ubiquitous ‘Cloud’.  If you are using Google Docs or Office 365 or even Apple iCloud who do you think is protecting your vital records? Have you heard the term ‘outage’? Would you leave your children with a stranger, especially a stranger who doesn’t even tell you the physical location of your children? A stranger who is liable to say, “Sorry, it appears that your children are missing but under our agreement I accept no liability.” Have you ever read the standard terms and conditions of your Cloud provider? What are your rights if your vital records just disappear? Where are your children right now?

Some challenges are surprisingly no different because we are still producing a large proportion of our vital records in paper. Apart from its major flaws of being highly flammable and subject to water damage paper is in fact an excellent medium for the long term preservation of vital records because we don’t need technology to read it; we may say paper is technology agnostic.

By contrast, all forms of electronic or optical storage are strictly technology dependent. What good is that ten year old DAT tape if you no longer have the Pentium compute, SCSI card, cable and Windows 95 drivers to read it? Have you moved your vital records to new technology lately?

And now to the old bugbear (a persistent problem or source of annoyance), a backup is not disaster recovery. If your IT manager tells you that you are OK because he takes backups you should smack him with your heaviest notebook, (not the iPad, the iPad is too light and definitely not with the Samsung tablet, it is too fragile).

I have written about what disaster recovery really involves and described our disaster recovery services so I won’t repeat it here, I have just provided the link so you can read at your leisure.

Suffice to say, the objective of any disaster recovery process is to ensure that you can keep running your business or life with only a minimal disruption regardless of the type or scale of the disaster.

I am willing to bet that ninety-percent of homes and businesses are unprepared and cannot in any way guarantee that they could continue to run their business or home after a major disaster.

We don’t need to look as far back as 642 AD and the Alexandria Library fire for pertinent examples. How about the tsunami in Japan in 2011? Over 200,000 homes totally destroyed and countless business premises wiped from the face of the earth. Tsunamis, earthquakes, floods, fire and wars are all very real dangers no matter where you live.

However, it isn’t just natural disasters you need to be wary of. A recent study published by EMC Corporation offers a look at how companies in Japan and Asia Pacific deal with disaster recovery. According to the study, the top three causes of data loss and downtime are hardware failure (60%), data corruption (47%), and loss of power (44%).

The study also goes on to analyse how companies are managing backups and concludes, “For all the differences inherent to how countries in the Asia Pacific region deal with their data, there is at least one similarity with the rest of the world: Companies are faced with an increasing amount of data to move within the same backup windows. Many businesses in the region, though, still rely on tape backup systems (38%) or CD-ROMs (38%). On this front, the study found that many businesses (53%) have plans to migrate from tape to a faster medium in order to improve the efficiencies of their data backup and recovery.”

It concludes by estimating where backups are actually stored, “The predominant response is to store offsite data at another company-owned location within the same country (58%), which is followed by at a “third-party site” within the same country.”

I certainly wouldn’t be relying on tape as my only recovery medium and neither would I be relying on data and systems stored at the same site or at an employee’s house. Duplication and separation are the two key principles together with proven and regularly tested processes.

I recently spoke to an IT manager who wasn’t sure what his backup (we didn’t get to disaster recovery) processes were. That was bad enough but when he found out it seemed that they took a full backup once a month and then incremental backups every day and he had not tested the recovery process in years. I sincerely hope that he has somewhere to run and hide when and if his company ever suffers a disaster.

In a nutshell, disaster recovery is all about being able to get up and running again in as short a time as possible even if your building burns to the ground. That in fact is the acid test of any disaster recovery plan. That is, ask your IT manager, “If this building burns down Thursday explain to me how we will be up and operating again on Friday morning.”

If his answer doesn’t fill you with confidence then you do not have a disaster recovery plan.