The Ugly Truth Behind Compliance and Records Management

Yesterday, Joe Shepley wrote an incredible post on the simple fact that No One Cares about Compliance. While an overstatement, it is true. When it comes time to invest the money, organizations don’t care.

Sure, everyone sees the need, but they don’t do it. It is too hard, too expensive, and prone to failure. There are too many project with a better promise of success. If those things weren’t true, everyone would be compliant and conferences like ARMA would be celebrations of success, not spent drowning sorrows in beer.

Yesterday, Joe shared some realities from his time in the field. I’m going to do the same.

Reality in the Field

Most of my compliance projects have been for the U.S. Federal Government. Directives come out of the National Archive and Records Administration (NARA) all the time dictating that agencies create Records Management programs. Do you know how many successful electronic Records Management projects I have seen fully deployed?


I know that there are some isolated incidents of success, but that is far from the norm. What typically happens is that they try Records Management in phase 1 and the project fails OR they decide to do it in phase 2, which is cancelled.

I once worked on a Records Management project for an international consulting firm. It was a Documentum project. We got it setup on AIX, synced all the users, worked out all the performance tricks to make sure that content could readily be accessible worldwide. Then it stopped, and failed. Why?

Because the head of Records for the organizations spent a ton of money creating a complex Records Plan that was too complex for users. The project tanked and a new person was brought in to head the project.

It is too hard to do Records Management “right”. Heck, it is almost too hard these days to do it at all.

Candy AND Aspirin

Cheryl McKinnon is, at times, brilliant. She wrote a post several years ago discussing the need for features that people want versus features that organizations need. Termed Candy and Aspirin, it essentially states that systems sold as Aspirin don’t appeal to people. People want Candy and don’t seem to get motivated to buy Aspirin unless the pain is unbearable.

Even then, imagine if you had to give shots to three parts of your body to fix a headache. You’d decide to suffer through a lot more headaches, wouldn’t you?

When I have to give my dog medicine, he rejects it. If I cover it in peanut butter, I have to watch my fingers. The medicine is not only invisible, it takes no additional effort to consume.

Slide 10To solve the compliance problem, which isn’t going away, we need to cover our medicine with candy. A nice chocolate coating perhaps. Good features with necessary medicine built into the foundation, invisible to the end user.

Start at 30%

What do we do? How do we not only make normal Content Management projects successful, but the ones with Compliance concerns? How do we go from 0% of our requirements deployed to 30% to 80%? When can we be sure enough about success on phase 1 that we not only get approval readily but are confident that sentencing compliance to phase 2 isn’t a death sentence?

We start with the Candy. We make it easier. Sure, everyone WANTS collaboration but too many organizations don’t make collaboration easy.

So let’s make Collaboration easy. Then, we add the compliance behind the scenes, not in front. We make it easy, cheap, and a natural addition to the services.

Then maybe people will care.

5 thoughts on “The Ugly Truth Behind Compliance and Records Management

  1. When Microsoft first started pitching SharePoint as an ECM solution I remember having a discussion with one of their PMs and asking why they had not focused on automating the metadata management of the product for easier compliance catorgization. He said that their approach was to make SharePoint “desirable to use”; they imagined that users would see so much value in consuming well categorized content that they’d feel driven to categorize all of their own content…for the good of all! (Relying on altruism is probably not a good product strategy IMHO!) They saw SharePoint as being the Hershey Park of ECM I guess.

    I don’t work for an ECM vendor but I do use SharePoint on a day to day basis and I can tell you that there isn’t enough sugar coating in the world to make the bitterest pill taste like candy…

    Good luck with 30% Pie…feels like a stretch goal to me!


    • The key is getting the front part, “the candy” working much better to improve adoption. Then we slowly sneak in the medicine underneath. If the Candy isn’t very good, then it begins to be indistinguishable from medicine.

      As for 30%, I’d say that Box and Dropbox are really close to that. Before you laugh, the desktop sync, the APIs, and what they are doing on the security/scaling requirements is a heavy chunk of too many RFPs.


  2. Once again kudos for the article and pointing to Joe and Cheryl. There are some differences between government and business as we don’t have NARA giving out across the board direction. Enough that we have individuals who think they should.

    I’ve always been troubled by the line of all the things you must do with your records and the end user who doesn’t conform will be damned, etc., etc., and damn the company etc., etc.. Record managers, attorneys, etc. who come up with rules and reasons forget what end users do. The create a doc, hit save as, name it and are done. Then on to the next task in trying to do their part to make the company profitable. That is what they were hired to do and anger builds when you take time away from it by giving them a eight or ten step process for the doc.

    Folks do understand that company records are an asset and need to be managed. Between investigations, lawsuits, complaints, theft and more they do get it. But there is only so much FTE time available and the core work must get done so find ways to make it simple.

    We have tens of thousand of laptops will all sorts of record copies and drafts that have to go at some point. Traditional RIM would want you to create a great file plan, (wail about the exposure) ID the various retention times…you know the drill. Bull. Since the great majority of folks work on projects, we gave them a tool that ID’s records over four years old which they should be able to delete. That keeps it to the retention schedule and it only takes a few minutes to do. Because it’s simple folks use it, like it and do hit the delete key and empty the recycle bin. OK the nervous folks will wait on the recycle bin for a few weeks. So what? Most people try to do the right thing and I can live with that. No one said it has to be perfect either. (they use it on their shared drives too)

    Work towards keeping it simple when it can’t be done in the background and do it in the background as much as you can. Let folks do the work they were hired to do.


Comments are closed.