I am not sure I have any good way to say what I am about to say. And in fact, I am so trepidatious that I have to couch my commentary in verbiage subterfuge. I am not spineless, but just don’t want to create a bunch of enemies with my cohort. So here goes. I am certain you will get my point even if I hide the true identities of the offending parties to protect the innocent and/or guilty.
Assume for a moment that an international information association, decided that the industry and more specifically companies needed a way to assess if they had a mature information management program. So the organization got a bunch of their folks together to develop criteria by which they should evaluate if their program was good enough to pass muster. And let’s say after much talking and thinking they settled on an information management Maturity Model and related criteria.
Recently, a client of ours had us look at their self-assessment of their information management program using one such Maturity Model Best Practice self-assessment tool. (The client is now considering having us perform a new Gap Assessment). It is one of my favorite clients and it’s a great company that does so much right. So when I reviewed their self-assessment, I was stupefied. They used the information management’s organizations Maturity Model criteria and concluded they were seriously substandard. I totally disagreed with most of the conclusions of the assessment. I am not going to lay out why I think the various criteria are flawed in total, but let me give you an example to make my point. One of the criteria by which this company evaluated itself according to the self-assessment was information “integrity”. Based upon how the assessment MADE the client answer the questions, they got a flunking grade. I told my client given what I knew about their business processes and IT framework, that on the information integrity scale I would give them a Rhodes Scholar type grade—at least an “A”. SO why such a disconnect?
I get the whole thing about “one man’s hot is another man’s cold” but this is not about perception. It is about the criteria and maturing the process and still utterly failing even if what you have done is at least good enough. From my humble perspective, the evaluative criteria are aspirational, not functionally helpful, impracticable and may sell your company unfairly down the river. BOOM! I believe it sets up companies to fail that use the self-assessment, on criteria that are not really central to success. Every organization would be flagging miserably if put under the assessment’s microscope. And that’s just not the way it should be.
Which bring me to the PG&E San Bruno disaster and how industry “best practices” evaluations can be helpful at fixing failings and can also provide the basis for regulators to whack companies for failing to properly manage records, among other things. The tragedy was horrible. The loss of life and property is unthinkable. And the company may have had records management failings. But look close enough at any company and most organizations fail miserably. See the report at the following link. http://www.cpuc.ca.gov/NR/rdonlyres/23513DF5-28CB-425B-BAE4-0151981F0779/0/CPSD_Recordkeeping_OII_Report_Final.PDF
There are lots of information management industry standards, best practices, evaluations from all sorts of organizations. There is some terrific guidance and there are some downright damaging unattainable “best practices”. I’m sure all comes into being with great intentions. But massaged, manipulated and maneuvered by lawyers and a good company begins to smell dirty.
We developed a methodology called “Information Management Compliance” for evaluating the “goodness” of your Information Governance Program which has been used by so many companies. I borrowed the criteria from the Federal Sentencing Guidelines, which help judges evaluate what is good corporate behavior. I figured if the court will evaluate your company by the criteria, that you should build your program according to the criteria. (This is also the topic of “Information Nation-Seven Keys to Information Management Compliance”, See also http://www.arma.org/bookstore/files/Kahn.pdf.
Look close enough at any company’s information management practices and you will find flaws. Lawyers are in the business of exploiting flaws. I don’t need to give them material to work with that isn’t even real. So companies, evaluate carefully, document thoughtfully and pick criteria by which you evaluate circumspectly. Just saying.
Randolph Kahn, ESQ.