Skip to content

Shared Drive Remediation: Step 2 Define Remediation Execution Process

I want to dig a little deeper into what is involved in Step 2 of the Shared Drive Remediation process… the Definition of the Remediation Execution Process.
File Remediation Process
Once the remediation policies have been defined (rules about what defines various classes of Information Assets and what actions to take on them), the next step is to define in detail the actual remediation process from an execution point of view:

ActivityDescriptionNotes
Survey and Inventory File SharesIdentify and generate an inventory of the File Shares within the organizationThe foundation of the Map
Estimate Data VolumesAssess the volume of content located within the various File SharesGuesstimate?
Identify business nature of contentIdentify the business nature of the content within each File Share
Define final state each File Shares

Determine the desired final state of each of the File Shares (or groups of them):

  • Move off-line
  • Decommission
  • Continue to use for legacy content
  • Limit use to new content only
Take into account the overall Digital transformation and IT strategy of the organization
Define batch-based remediation process

Define a batch-based remediation execution process:

  • Define discrete batches
  • Define batch groups
  • Define exception handling procedure
Provision File Analytics solution needed for File Shares remediation work

Assess infrastructure requirements for the File Analytics solution and provision the infrastructure:

  • Servers
  • Database
  • Audit trail
  • Dashboards
Prioritize processing of batches

Prioritize the processing of batches and batch groups:

  • Budget considerations
  • Risk considerations (Risk Matrix)
  • Legal considerations
  • Value considerations
  • Timeline and deadline considerations
  • Compelling events considerations
Example: Abandoned File Shares for Completed Projects or File Shares of Departed Employees.
Define exception handling

Define what constitutes an exception to the processing rules and how these exceptions are handled:

  • Apply policy/rule that is the safe choice
  • Move to separate track for handling by a human
Example, missing metadata element that is deemed to be mandatory for classifying a record
Define monitoring and reporting

Define monitoring and reporting framework:

  • Who to report to? Dashboard?
  • What information include in report?
  • Who to send notifications to and what are the thresholds?
Define a RACI modelDefine a RACI model for remediation work to be performed.RACI = Responsible, Accountable, Consulted, Informed
Obtain internal approvals

Obtain the necessary internal approvals for the policies as well as the start of remediation work:

  • BOD (in some cases)
  • Legal
  • Business
  • IT
  • Risk

As stated previously, dealing with ESI is not necessarily part of the File Shares Remediation process. HOWEVER, it is a step that MUST precede any actual execution of remediation work.
Coming up next I will explore the definition of ROT content and the issues involved in it.
Check out the full series to get caught up and subscribe to our newsletter to keep up to date on all our content.