Why is procurement so critical to minimizing information risk?

By: In: Information Management On: Sep 14, 2016
Why is procurement so critical to minimizing information risk?

In today’s business environment, no organization can afford to ignore information risk. The consequences of an information related catastrophe, whether it’s a malicious attack, a natural disaster or a simple employee error, can be enormous. Six figure fines, loss of reputation, potential lawsuits… the costs are frequently counted in millions of dollars. In many cases, businesses never recover. According to the London Chamber of Commerce, 90% of companies that suffer a significant data loss go out of business within two years.

 It’s not just about IT

While businesses are definitely waking up to the need to develop strategies to minimize their exposure to information risk, there is still a tendency amongst senior managers to think of this as an IT issue – in other words something for someone else to take responsibility for. Senior managers are not alone in their complacency. In a 2014 PwC survey of 1,800 businesses, when asked who should have a responsibility for information risk the majority said IT, with a mere 1% in Europe and 3% in North America saying “everyone”.

 Procurement on the front line

The fact is, information risk is something that affects everyone within an organization. We all benefit when it is managed well, and we all stand to suffer if it is ignored or handled poorly. And procurement professionals, in particular, find themselves on the front line of this critical issue.

Why procurement matters so much

One of the biggest challenges companies face in trying to get their records management under control is the unfortunate reality that they have records in too many disparate locations under the control of too many different vendors.

This causes immediate problems that threaten to undermine the best records management strategy. Having multiple storage locations and vendors makes it difficult to operate according to your established methods and processes. Not only that, it forces you to become an expert in all of your vendors’ respective systems and practices.

In most cases, this situation has not come about through a deliberate decision-making process. Multiple vendors can creep into an organization’s daily business activities in many ways. Some may be a legacy from mergers or acquisitions, whilst others have popped up through local offices or business units simply going off and doing their own thing.

However the situation evolved, the result is records being held by different vendors, in different locations, often under different systems. This is costly, complex and confusing. Moreover, managing multiple vendors is wasteful and makes it difficult, if not impossible, for the company who has all these vendors to be able to find the records it needs. Indeed, a recent report by Iron Mountain found that 83% of organizations were unable to locate hard-copy records when needed.

“Its not just you (my supplier), but your suppliers that I am interested in. If they are out of compliance, we are all out of compliance.” Ellen, Strategic Sourcing Manager

The consequences of chaotic procurement

Unnecessary expense

Managing multiple vendors increases the costs of records management and gives your organization far less control over deploying and enforcing enterprise-wide policies and processes. It also gives you less leverage than if you are using a single vendor. Furthermore, you are failing to maximize economies of scale and in all likelihood overspending on discovery costs, personnel, training and management.

Poor productivity

 Having multiple vendors is not only costly in dollars, it also puts an unnecessary strain on worker productivity. Employees have to go to different places to find records, utilizing different systems for legal holds and different processes for destruction.

Inconsistent policy management

With too many vendors, retention, destruction and legal holds can be subject to multiple and inconsistent policies, along with multiple applications and manual processes. This makes it almost impossible to achieve the records management standards you are seeking. According to research undertaken by Iron Mountain, only 9% of companies say they are able to achieve a best-practice level of consistent, enterprise-wide policy adoption.

Litigation risks

E-discovery costs are not the only major risk in having too many vendors for records management. Your organization may be more susceptible to litigation losses, or even unable to defend itself properly because inconsistent policy application across multiple vendors means information is not there when you need it. It is a poor way to settle a lawsuit when you could have mounted a vigorous defense, simply because you can’t find some records.

In our next blog, we look at how organizations can realign their procurement strategy to consolidate their vendors and turn information risk into information opportunity.

← How can procurement help an organization master information risk? Pre- Vs. Post-Classification For Records Metadata →

Leave A Comment


About the author

Amy Perras

Senior Product Marketing Manager, Records Management & Technology Services Amy is senior product marketing manager for Iron Mountain’s records management and technology services. Over the past nine years, Amy has held positions with Iron Mountain’s IT, operations, corporate communications and sales & marketing divisions. As senior product marketing manager, Amy’s focus is on the core messaging and creative marketing for Iron Mountain’s biggest business: records management. Most recently, she passed the Juran Institute Lean Six Sigma BlackBelt exam and was a leader of a business process improvement team focused on reducing the cycle time for customer on-boarding.