A couple of blog posts ago I outlined a four-step methodology to implementing defensible disposition. As I said then, the problem for organizations today is over-retention, and, for most of them, this is a big nut to crack—hundreds of terabytes’ or even several petabytes’ worth.
To recap, this methodology has four specific steps, best embedded in a larger, ECM-type program and project methodology. The four pieces of the methodology are:
- The Defensible Disposition Policy
- The Technology Plan
- The Assessment Plan
- The Disposition Plan
In this post, I’ll focus on the last two pieces: the Assessment Plan and the Disposition Plan.
- Develop Your Assessment Plan
The Assessment Plan specifies which information and systems you’re investigating and the particular processing rules you’re going to use. The first step in developing the Assessment Plan is to do the legwork and get a good picture of where all the information is, what repositories it’s in, and anything else you can learn about it that will help you create the rules (described below) and a plan of attack. This may take several days or weeks. You then create processing rules, based on the different types of file attributes. There are three categories of attributes that can be used to determine what a file is:
- Environmental attributes around the file (e.g. file location, ownership)
- File attributes about the file (e.g. file type, age, author)
- Content attributes within the file (e.g. keywords, character strings, word proximity, word density)
Note that I’m not using terms like "metadata" and the other terms vendors use when they talk about analytics and classification. We find them confusing. Instead, we focus on environmental attributes around the file, file-level attributes about the file, and content attributes within the file. You should then combine these attributes and create sets of rules that machines can use to sort files, and to flag as exceptions those that need human attention.
Start with the simplest rules in which you have the most confidence. Then do multiple passes through the pile, each time using more complex rules on a pile that’s getting successively smaller and smaller. The assessment results after multiple passes will show you how much of the pile is unnecessary “junk” that can be purged, how much is records, how much is high-value non-records, and how much just couldn’t be identified. This last piece may be large (we often see piles that are 40 to 50 percent of the original pile of files).
- Develop Your Disposition Plan
The disposition plan evaluates your assessment results against your defensible disposition policy and lays out a roadmap for disposing of the various kinds of files you found. It includes an analysis of the financial implications of your various disposition options in the overall evaluation for the disposition roadmap. (For example, it extrapolates what you’d save if you purged this particular bucket and started a 3-year retention clock on that bucket, versus first cleaning up duplicate files wherever they lie, versus focusing all your efforts on an aggressive day-forward effort that would leave most of the pile in place, but would significantly stem the flow of new files onto the pile.)
Then you start executing the disposition plan. This may require one or more FTEs managing the purges and cleanup over months, or possibly even years. And finally, as you go through your first disposition cycle, you’ll probably want to refine your defensible disposition policy, now that you’ve got a much more realistic picture regarding the real cost impacts of every action you take, and, more generally, what actions are reasonable.