Jonathan Colohan, sales consultant at IT infrastructure provider CSA Waverley asks can data really be managed from cradle to grave? Should all companies have ILM policies?

Organisations have long regarded their stores of data as one of their most valuable assets.  The implications of data use determine whether an organisation functions efficiently and effectively or whether they fall under scrutiny of the data watchdogs.

It is for this very reason that data does need to be managed through its full lifecycle and Information Lifecycle Management (ILM) policies can systematically achieve this – running one effectively is another matter entirely.

Any organisation dealing with data in one form or another is at the mercy of the Information Commissioner’s Office, which ensures that compliance in terms of the use, handling and retention of data is met.  Through the updated Data Protection Act, stringent guidelines are in place to protect personal information throughout its lifecycle.  However, new regulations that have been added to the Act require organisations to retain and control information for longer periods of time.  This, in turn, places either a greater emphasis on the ability of an organisation to successfully manage data from cradle to grave or face the quite daunting implications any inefficiency holds.

The challenge for organisations is to understand the following key points; how their data evolves, determine how it grows, monitor how its usage changes over time and consequently how long it should survive for.  Through these key understandings a comprehensive ILM approach can be adopted.  This sets in stone the process and management objectives of any information and associated data from its conception, storage and use, right through to determining when it can be justified as obsolete and consequently disposed of.

A key factor when employing an ILM policy is not to implement one just for the sake of it.  Its guardian-like purpose ensures that strict guidelines are understood and adhered to throughout an organisation rather than data being processed and used on an employee’s own terms.  But planning and communication to staff are key to ILM success.  Without due care and attention, an ILM policy and its process can have a disruptive effect on an organisation leaving data in a predicament, as well as the organisation incurring unnecessary and unwanted costs with the extra administration needed to alleviate a poorly executed ILM plan and system.

Today there are two additional objectives IT Managers are trying to meet - store vast quantities of data, for the lowest possible cost and meet the new regulatory requirements for data retention and protection.  An ILM policy can help achieve these goals through outlining key factors needed in the successful management of data.

The functionality of an ILM policy should address the creation and receipt of data, which deals with data from its point of origination such as correspondence, forms, reports, images, computer input and output.

From there, the boundaries for distribution and use of data should be outlined managed whether it is external or internal once data has been created. 

Importantly, the maintenance of data is a prominent aspect in any ILM policy as this is an area where many organisations can fall short.  Data needs to be filed or stored in order to maintain its useful existence within an organisation and should be set out in a predetermined sequence.  Maintenance also deals with the transferring of information, allowing users access in order to respond to requests.  The data is tracked through a variety of processes to ensure it is returned and subsequently made available to other users who may require access.  A path management application, either as a component of ILM software or working in conjunction with it, makes it possible to retrieve any data stored by keeping track of where everything else is in the storage cycle.

Lastly, the disposition of data needs to be addressed.  Once an assigned retention period has been met, data will need to be disposed of in order to protect its credibility.  Retention periods are based on the creation of an organisation-specific retention schedule, based on research of the regulatory, statutory and legal requirements for management of information.  

An ILM policy is not a necessity for an organisation dealing with data but can minimalise any of the issues involved in working with it.  Due to the structured approach ILM policies can bring, the lifecycle of data has a higher percentage of being managed effectively and securely from cradle to grave.  Human error always has ways of intervening in the process; however, with a policy in place, those who do not adhere to its structure or wander outside of its boundaries can be dealt the necessary sanctions.  With stricter government regulations now also in place the onus to successfully manage the lifecycle of data is high.  Organisations will always have to wrestle with outside interference, human error and increased levels of data, however, a proactive approach to adopting an ILM policy can clearly add considerable value to data protection, retention and disposition.