MARKET UPDATE: MOREQ2010 TESTING ANNOUNCED

DLM FORUM ANNOUNCES MOREQ2010 TESTING AND ACCREDITATION INITIATIVES Updated Archiving and Specification will be delivered in Q4 2011. Event: The DLM Forum announced on 12th December 2011 that it will publish a MoReq2010 Testing Framework and accredit the first MoReq2010 Testing Provider by the end of December 2011, which will reflect Government, regulators, users and vendors requests for robust information control mechanisms to meet European compliance and governance guidelines. Analysis: During 2012, MoReq2010 will become a key part of information compliance architectures that are driven by increased regulatory demands in the finance, government and environment sectors. This will be encouraged by National Archives and regulators and kick-start the process to define new vendor- agnostic information management strategies. It will create the demand to encourage content, and records management software and services vendors to produce MoReq2010-certified offers by the end of 2012.

What is MoReq2010 and Why does it Matter and to Whom? In the old days, chief executives used to worry about profits for shareholders and a competitive product. Eventually they realised that their duty to employees, but the Perfect Storm of the recession, global warming and the impending regulations across the financial sector mean that they must add a fourth Key Performance Indicator: Licence to Operate. Regulators are increasingly requiring them to submit frequent and detailed reports of their performance and outcomes, thus creating demand for a new generation of information systems that can deliver these at the lowest cost and smallest disruption to business. Technically this is not the challenge it once was. New technologies including Internet and cloud computing offer mechanisms to make it easier and pervasive, but some of the old problems of information control remain: how can CEOs control what their staff do with regulatory information? The paradox is that most CIOs can answer the question: “What network protocol do you use?”, but few can answer the most embarrassing IT questions: S What procedures does everyone use in your company to secure your important documents? S How do you decide what information you must keep, what can you throw away, and when? S What happens when you lose some critical information? At the same time CIOs are being asked to do more with less, and yet ensure their entire workforce does not breach numerous regulations. These include various Freedom of Information Acts, human resources legislation, health and safety and numerous vertical industry requirements, not forgetting new environmental regulations such as the Aarhus Convention, and whatever comes after Basel II and MiFID.

An Individual’s Personal Irresponsibility Must Not Become a Corporate Liability What most CEOs want is a set of policies and procedures that are built into implemented everyday services that provide compliance, without pain. They need to take years of experience of managing paper records and extend them to control electronic information. They must satisfy users who demand simpler, reliable and lower cost (preferably “free”) tools for storing, searching and retrieving the information they need to do their jobs. However, there is widespread acceptance that merely adopting approaches based on paper, like first generation electronic records management systems, is not going to work, as indicated by the collapse of the European markets for EDRMS software in the last five years. Worryingly, the problem has become bigger with the arrival of ubiquitous and uncontrolled deployment of laptops, NetBooks, mobile phones and internet-based consumer-oriented services including GoogleApps, Facebook and Twitter. These are the challenges and practices that MoReq2010 addresses, that Microsoft Office, Facebook and others avoid.

The Key Value is CONTROL MoReq2010 contains a model of how fileplans, files and records relate to each other within the context of a classification scheme, and, very importantly, how they can be applied across all electronic (digital), and physical (paper) files. The MoReq2010 specification embraces ISO15489, supersedes MoReq2 and previous fragmented approaches to sorting, storing and recording information across different countries in , describes requirements for the management of records and defines specifications for purchasing. MoReq2010 is designed to be a very practical specification. It does not specify a particular technology. Instead it outlines the essential elements that information systems should possess to ensure that important documents, emails, faxes, webpages etc are valued, properly managed, accessed at all times, retained for as long as they are needed and are properly disposed of once the obligatory retention and disposition period has expired. MoReq2010 extends this in a modular, simple framework. It enables interoperability between systems, and users can define records independent of proprietary products.

© 2011 Strategy Partners International Limited. Email [email protected] Call +44 8450941570 or see www.strategy-partners.com. 1

MARKET UPDATE: MOREQ2010 TESTING ANNOUNCED

What is the Process and Roadmap for MoReq2010? The key stages of this Specification’s development include: S 2009: Jon Garde of JournalIT was awarded a contract to develop a new version of MoReq, called MoReq2010, including three stages of consultation (over 500 responses) with users and vendors. S 2010/2011 The DLM Forum published MoReq2010 in modular form on it website ( www.dlmforum.eu) where it is available for free download, and started to persuade users and regulators across all sectors to consider incorporating MoReq2010 into their requirements to ensure that information provided within regulatory submissions can be trusted. S 2011/2012 Testing and certification of MoReq2010 starts for committed vendors and early adopters. S 2012. Most National Archives across Europe will review MoReq2010 and provide recommendations to Government concerning its deployment as a purchasing specification. This will change the rules for software providers and outsourcers. It will impact all Government and commercial provider of services to Governments when they review future Government contracts. In the UK the National Archive has indicated that it will evaluate MoReq2010 as a replacement for the old PRO2 standard, and initiated work on interoperability between records management systems based on MoReq2010. S During 2012 governmental commercial users across Europe will review the value of retaining country specific approaches (eg DOMEA in Germany, Z42 in , NOARK in Norway to name but a few…) with a view to superceding them with MoReq2010 or establishing a clear relationship. S By the end of 2012, we expect that all major CM vendors will have gained MoReq2010 certification for their middleware bundles, because no vendor can afford to fail to be shortlisted for a government contract in specific countries because it lacks such certification. S By 2013, we expect that vertical market extensions to MoReq2010 will emerge, together with frameworks that define standards for records interoperability, non-repudiation, email procedures, mobile security, and extended specifications in regulated industries.

What Users Need to Do Next: PCs Have become non-PC As various European National Archives support or adopt it, MoReq2010 will effectively make the de facto Windows-based personal computer approach of “c” drives, My Documents and shared “k” drives obsolete and untenable for collaborative and corporate computing. It will also set the parameters for private and public cloud-based archiving. It will provide a mechanism for Compliance Officers to insist that all users adopt explicit fileplans that vendors do not control. No administration can afford to be seen to be creating information that it cannot control, so the days are over for PC Windows Explorer; email backup that pretend to be email archiving, limitless uncontrolled storage and social computing “free-for-all”. Regulators and their political masters allow no excuses for lost laptops, pen drives, blogs and twitters that reveal political embarrassment, commercial secrets and personal information. You cannot outsource Compliance. To the generation of CIOs that were primarily concerned with technology, new definitions of security, privacy and return on investment will come as a shock. They face either being downgraded to plumbers (and risk being outsourced), or moving up to become information services providers that must meet sophisticated Service Level Agreements that control intellectual property assets as well as costs. The recession is hastening the demise of single supplier IT purchasing. This applies equally to SAP for ERP and at the desktop where Microsoft is facing real competition for the first time in twenty years. Not only has Microsoft been forced to provide online versions of its core Office suite, but also it is facing a losing battle for mindshare against Apple, Google and Facebook. All require MoReq2010-based control.

Where is the Money? How will MoReq2010 impact Software and Services Vendors Just as Kodak just struggled to gain market leadership in cameras once silver chemistry was replaced with digital CCD chips, the impact of new business-led regulations on current CM vendors will be profound. MoReq2010 is one piece of the new information management architectural jigsaw that includes pdf/a, W3C and OASIS standards like CMIS and BPMN. These standards make most CM suites look proprietary, inadequate and old fashioned. New regulations like MoReq2010 and discontinuous technologies such as mobile and TV apps, cloud computing and Open Source will create new markets and offer vendors potential for differentiation. Large CM vendors will be forced to adopt MoReq2010 because their existing Government customers and new contracts will demand it, just as DoD 5015 became de facto in the USA for federal records systems. Smaller niche vendors that specialise in government and regulated industries may well beat them to it, exploiting their closeness to specific European markets. Services providers will find it a pre-requisite of Government outsourcing deals at different rates in specific sectors, so we expect them offer MoReq2010- based approaches in 2012 and 2013 as a differentiator, and business du jour by 2014. Specialist compliance software vendors will need to add MoReq2010 to their portfolio as they migrate their offers from point solutions to bundles of compliance middleware services.

© 2011 Strategy Partners International Limited. Email [email protected] Call +44 8450941570 or see www.strategy-partners.com. 2

MARKET UPDATE: MOREQ2010 TESTING ANNOUNCED

In a Maturing Industry: Vendors Get What They Lobby For Most vendors regard standards as a friction on business and try to ignore them, especially when users prevaricate and become easily distracted by functionality. That is successful in bull markets and emerging technologies, but content management is a bear market with mature technologies, so attitudes must change. In 2010 we expect to see S Old approaches like BS 10008 (Evidential Weight of Scanned Documents) being revitalised as auditors ask questions over the probity and integrity of imaging systems that were rarely asked before. Consumers, corporate users, vendors and regulators urgently need the equivalent for email. S Key information standards like MoReq2010, pdf/a, ebXML, ISO 27000 and CMIS will increase in importance as they move from being interesting publications to become widely-accepted purchasing criteria. No IT buyer can afford a single source of supply. Substitution, an anathema to vendors, will emerge and a mindshare war will be waged: IT brands versus Recessionary Budgets. Users’ demands for more interoperability and vendor-agnostic information systems will not be easily achieved S IT standards in general will progress from addressing small complex problems towards being part of integrated frameworks, led by OASIS, W3C and the DLM Forum. Clever users will use these to direct purchasing, not just IT strategies, so that enable every maintenance contract can be scrutinised. S Vendors must move beyond being passive about standards to contributing proactively to their development, because the way to win any game is the write the rules. Vendors that do not contribute to technical standards will be left behind in the race to bring compliant products to market swiftly and cheaply. Standards can be used to lock out competitors, and provide a benchmark to differentiate specialists from generalists. For example, selling compliant CM into Government Departments is the aspiration of every vendor. Those with MoReq2010 certification can demonstrate that they understand what European Government departments require. It will be interesting to see if the CM product developers within EMC, IBM, Microsoft, Open Text, and Oracle are content to regurgitate generic North American products, or “belly up to the bar.” i.e. commit to provide European market-specific functionality and products. Europeans don’t drive gas guzzlers either…. Adopting standards enables their marketing department to be seen to be listening to users.

The Next Steps Are To Include Moreq2010 in Purchasing Specifications Records management is deadly dull in abstract, mildly interesting in theory but only practical if it is invisible. Records management is like potatoes: lots of people like potatoes but prefer someone else to do the hard work of preparation. The differentiator for suppliers and implementers of MoReq2010-based information software services will be the same as other IT systems: the ones that get used will be the ones that are easy to use. In future, to paraphrase Arthur C Clarke, successful information management will include explicit auditable controls that will be indistinguishable from magic. That means they must automatic wherever possible, because filing email and attaching metadata to old files on share drives is an unnatural act. That task is best carried out by modern classification software to give users an experience that is practically invisible, always on, and mostly correct to a level set by regulators, not users or Board members. These new approaches will offer developers and implementers the opportunity to differentiate software and services. More of “old school” electronic records and document management will not work. The critical audience for MoReq2010 is regulators, who tend to oscillate between being pussycats that are irrelevant, to acting like Rottweilers that appear unreasonable. They face the practical challenge of imposing regulations on unwilling Government departments and hostile commercial organisations. So their approach must be easy to retrofit and operationally feasible. MoReq2010 provides them with practical mechanisms to avoid “re-inventing the wheel” so far as information governance is concerned.

Save Money, Become a Hero, Keep your Job and Gain Control and Compliance in 2012 MoReq2010-based products on new cloud and SharePoint platforms can be an order of magnitude cheaper in 2012 than old CM systems. They can be acquired out of operational expenditure budgets for less than most Government departments expect to pay in maintenance in 2012 for old systems, with a portfolio of conversion and classification tools. Cost-justifying new systems by making savings out of operational expenditure budgets does not require a Board-level signature, nor a twelve month “requirements analysis project”. Buyers need to know what is safe to buy, where to buy it and the current market price for it. If they do not know these, or gain that analysis from an independent impartial source, they should not be buying anything. One avenue every information manager and user should explore in 2012, to save money, become a hero, keep their job and gain control and compliance in 2012 is to exploit MoReq2010-based approaches to refresh their information infrastructure and practices, to keep their name out of the newspapers and get every regulator off their back.

© 2011 Strategy Partners International Limited. Email [email protected] Call +44 8450941570 or see www.strategy-partners.com. 3