Author: Karl Melrose

Thinker about how to think about information governance, economics, security, risk, technology and incentives. Out to solve every optimising problem, out to make sure my thinking gets better, every day. Information Governance, Management and Records Management at informationgovernance.blog. Random thoughts at karlmelrose.blog

Getting adoption – is training the wrong approach?

Karl MelroseLeave a comment

A finding in a research article I read recently was that people with poor technology skills are more likely to immediately read a message when notified of it, than people with good technology skills.

This is interesting because our default position with new systems, is to train, and to assume that a large part of adoption comes down to training.

The paper provided some evidence that we may have this backwards.

If people with better skills are less likely to use a system immediately, and thus (we can assume) less likely overall, is training the wrong thing to focus on?

A previous article I wrote about the research which includes a link to it can be found here.

Sentencing is the competency every organisation needs in a post-privacy legislation, breach reporting world.

Karl MelroseLeave a comment

Sentencing of records is the act of making and applying a decision about their long term handling.

Simply put, it’s about when to destroy them.

While most organisations are amazingly efficient keepers of information, very few outside of government are efficient destroyers of information.

When it’s done well, records that you capture are sentenced by the act of capturing them. This is called sentencing on creation. It means that the process will be largely automatic, and include destruction when the record reaches it’s end of life.

When it’s done badly, a vast trove of data and information will need to be classified and sentenced after the fact. It’s expensive, the chance for error is high, and the trove is what every hacker on earth is hoping they’ll find when they breach your organisation. Then there’s the chance that you’ll destroy information that legislation says you need to keep.

Sentencing is the discipline that every organisation needs to understand in a post privacy legislation, breach reporting world.

If your organisation has a great Records Manager, chances are that you’re already on your way there. If not – now is probably a good time to go and find one.

Records Managers – do you know how long a compliance inspection takes you?

Karl MelroseLeave a comment

18 months ago, I had a chat to a regulation expert in local government. 

He explained how he thought about the work that he did.

It came down to this:

  1. We know that it takes 6 hours to complete an audit.
  2. We know that we need to do a certain number each year.
  3. We’ve asked for a budget that lets us do slightly more than that.

3 months ago, his council won an award for effectiveness in the area that he regulates.

I thought that they’re questions worth asking about Records practice:

  1. How long does a compliance audit take?
  2. How much time does the remediation/training etc. take?
  3. How many are you likely to need to do?
  4. How much budget do you need to do that?

The quality of Records that your organisation is producing probably depends heavily on whether you’re getting the funding you need for audit.

Great Records Management is largely about composition.

Karl MelroseLeave a comment

When your auditors turn up, they will ask you for your records, because your records are evidence of compliance.

Records are almost always many pieces of information, proving compliance means that you need to show all of them.

This makes records management as much a composition challenge, as it is a capture challenge.

Mostly, organisations don’t fail audit because the information isn’t present somewhere in their organisation. They fail audit because they can’t find and compose that information into a complete record under time pressure.

Great records programs solve this challenge ahead of time, and present a complete record.

Then audit is easy.

Why are we ignoring the cheapest and most powerful tool in the record keeping by stealth arsenal?

Karl MelroseLeave a comment

This post is really about asking for help resolving a conundrum that I’ve been wrestling with recently.

I have significant belief in workflow.

Simply put, I think it’s the simplest, cheapest (because almost everyone owns it already) and most powerful tool for record keeping by stealth.

I believe this because I think that the route to failure in record keeping is to try and get everyone to come to a records management system.

To me, the real challenge of records is “how to put record keeping in the critical path”.

This is something that workflow does amazingly well.

Create a workflow, make it the “how” work gets delivered and done, and people will come to it because it’s now in the critical path and “how we do things here”.

I’ve come to the conclusion that my reasoning here must be flawed. I’d estimate that about 1 in 10 organisations that I talk to who own workflow actually use it.

So what am I missing? Why isn’t it being used?

If you are one of the rare organisations using it, if you’re adding more workflows all the time, and you’ve got great penetration and buy in, I’d love to know how you got there, and understand what you learned along the way. I’m sure everyone else would love to know too.

”Record keeping by stealth”, and the two approaches to making it work.

Karl MelroseLeave a comment

Record keeping by stealth is an approach that attempts to move the burden of record keeping from people to software, or impose it in a way that is not noticeable to the user.

The concept recognises that there is an inverse relationship between the level of record keeping compliance, and the amount of effort that compliance imposes on the user.

Simply, if it’s high effort, people will do less of it.

This makes it logical to try and drive the required effort to zero – because theoretically that would get you have 100% compliance.

There are generally two approaches –

  1. Process based capture – embed record capture into a workflow or process management tool.
  2. Use tools that scan unstructured data stores for content before machine classifying them and providing a policy implementation engine.

Generally speaking, process based capture is well proven. It generally involves users adding information to the system that they do the bulk of their work so the burden feels very low.

There are only two real problems with this approach –

  1. It’s impractical to implement a process management tool for every process.
  2. Most process management tools aren’t compliant with record keeping standards – although this is generally dealt with through integration to a system that is.

The second approach (tools that scan unstructured data stores for content and machine classify them) has less volume of usage, but has advanced significantly over the last ten years and is in active use.

Almost all problems encountered in this approach come down to the use of machine classification. While it has advanced, and has in many cases been proven more accurate than human classification (exceptions definitely exist – blurry images is a common one), it does require careful set-up and tuning. The general approach now is to use machine learning approaches that are trained using pre-classified documents.

Record keeping by stealth is a useful concept for anyone engaged in trying to get a large complex organisation to keep records, particularly if it doesn’t have an embedded information governance culture. Whether its techniques are used or not, everyone can benefit from remembering the relationship between effort and compliance, and working actively to adopt approaches that minimise effort involved.

The actual problem that record keeping has to solve.

Karl MelroseLeave a comment

Is that the driver for the completion of work isn’t record keeping.

The driver for the completion of work is either customers, or co-workers, or managers.

Record keeping, when left to be done manually, is always a deviation from the critical path to getting stuff done.

So the problem that record keeping has to solve isn’t “how do we make everyone great record keepers”, it’s “how do we put record keeping in the critical path”.

When it’s in the critical path, it gets done – because it’s the only option.

Crazy idea to get 100% record adoption.

Karl MelroseLeave a comment

Take away outlook.

That sounds crazy, but wherever I go, email is the number one way to ignore records management and information governance, because it’s totally uncontrolled by design.

People ignore record systems because they can, and they can because of email.

All workers really need is a way to move the information they’re working with to the next person in the process. Email is the simplest, lowest friction way of doing that.

For most people, email is how they do their work. It gets emailed to them, they do their work, and then they email it to the next person. Hard copies fulfil the same basic idea. At no point in that process do they need to put anything in a record keeping system.

If you take away the ability to email and print, how do people move their work around?

They have to put it in a system that moves it around.

If the system is a records system, you’ve got it.

(Incidentally, this is a lot of what digital looks like when done well)

The problem for the image of the Records Management profession is Information Management (and the internet).

Karl MelroseLeave a comment

I think Records Management has an image problem.

I think this is because the average employee of a major organisation doesn’t understand it, so they don’t respect it, or know to ask for it even when the desperately need it.

In most cases I think they confuse Records with Information, and in most organisations have very little idea what each is fundamentally designed to do.

I think this is causing two problems for Records Management as a profession –

  1. Poor perception of records management and the value it provides in organisations that have made an investment in it.
  2. Failure to understand what Records Management can deliver in organisations that haven’t made an investment in it.

I think the source of the problem is easy to understand. From a non-technical outsiders view, Records and Information Management largely look the same.

They both have heavy investments in technology and they are both responsible for large volumes of information.

These same outsiders have also been convinced that it’s all the new oil. When they go to records, they expect that they’ll have a new oil information commodity experience. This causes a gap between what someone gets when they go to records, and what they expect to get, and I think that does an immense amount of harm to the Records Management brand.

I think the perception problem is caused by a lack of clear identity for Records Management in the broader community. I also think it has been exacerbated by the tendency to put Records and Information together when they have different aims and skill sets (which isn’t to say people can’t have and do both).

The longer Records Management continues without a clear brand and understanding, the longer I believe that the Records Management profession will be under-appreciated, and relatively unknown in some industries that desperately need it (Banking, Aged Care and Mental Health Care spring to mind).

One clear sign that your records program isn’t working.

Karl MelroseLeave a comment

Is no destruction.

Comfort with destroying records is a symbol of trust.

Trust that the records program is good, that it was implemented well, and that people are doing what they are supposed to do – so the records are correct.

When trust is high, destruction is easy, and it gets done.

When destruction is hard, it’s because trust is low.

So people don’t do it.