Can you imagine the type of operation needed to deploy an Information Management System for 185,000 end users in 52 operating entities across the globe?
In IT, sometimes life throws you a curveball that begs to reinvent the box.
Insurance and financial services giant Allianz’s IT company, Allianz Technology, was served with a curveball when their regulatory and legal demands, espcially GDPR, the world's toughest privacy and security law, required a broad-scale deployment. Allianz Technology was given a three-year window to figure out how to archive emails, apply and enforce retention and deletion policies. Let’s dive into their story and learn how they leveraged their constraints and hit it out of the ballpark.
Maximilian Friedl, SharePoint Online Product Owner, and Julia Stettner, M365 Governance Service Manager, leaders in Allianz Technologies joined us for a recent webinar to discuss their journey and explain how harmon.ie became an essential part of deploying a scalable solution that meets organizational requirements while increasing participation and compliance.
Friedl drives the entire governance and information protection initiatives at Allianz end to end, from collecting the business requirements to translating them into technical implementation to eventually presenting them in a format that the non-tech-savvy end user can handle well. Friedl is the product owner behind those services, which include SharePoint, along with other information protection government topics around Office 365.
At the heart of many information management challenges are competing needs from different parts of the business. In this case, there are legal requirements to delete and dispose of as much information as possible to comply with regulations and reduce potential legal liability. Meanwhile, the operating entities want to maintain business continuity and tend to amass a huge amount of information and emails.
Businesses obviously can’t ignore legal and compliance, so Friedl and Stettner can point to those as non-negotiable requirements.
“It's a clash,” Friedl said. “Our task within Allianz Technology was to come up with a technical solution which, on the one hand, makes sure that deletions can happen in a timely manner dependent on when they need to be deleted, but at the same time retains other data, if it's possible, based on the business requirements.”
For example, Allianz must deal with strict and very strong regulatory units in different countries. BaFin in Germany or FINRA in North America, for instance, both have regulatory and legal requirements in terms of data and information protection, not to mention GDPR and its unforgiving requirements surrounding how organizations handle personally identifiable information.
However, rank-and-file end users shouldn’t be expected or needed to understand the nuances of all those regulatory requirements. That demands a solution that minimizes the effort and decision-making each end user must make for any given email or file they’re dealing with, so Allianz has developed a solution that handles much of that specificity automatically.
One key to a usable and scalable document archiving system is consistency. Classification and metadata are powerful tools, but they’re far more effective when everyone uses the same definitions, rules, and terminology.
Allianz Technology kicked off its multi-year initiative by creating the Allianz Standard for Information and Document Management, or ASIDM. This gave the organization a common set of definitions instead of leaving it up to each individual end user or business unit.
With Microsoft 365 rollouts across the overall Allianz organization accelerated due to the COVID-19 pandemic, Allianz Technology now had a universal platform to leverage for their needs. They decided to offer two types of SharePoint sites to end users.
“Users have the option to create so-called SharePoint basic sites, which cover more of the collaborative part of document management,” Stettler said. “You could upload your files there to collaborate with them, together with your team, with your colleagues from the department and the files would get deleted after six years on those basic sites.”
The other option is using SharePoint DMS sites, which are compliant digital archiving sites. SharePoint DMS sites are the go-to option for end users to perform regulatory-compliant digital archiving.
“DMS sites come with an extended set of metadata that allows users to classify the uploaded files or emails with some extensions that describe the content of the file,” Stettler said. “We have an extended capability for retention and records. Management and users really benefit from the automatic retention labeling on those SharePoint DMS sites.”
It begins with creating a “dossier” on SharePoint, which is essentially a folder—i.e., a SharePoint document set—with the option to add metadata to it. End users provide some information about the container during its creation for improved searchability, such as the ability to find files owned by a certain person.
Next the end users begin adding files to a dossier, classifying them based on the category or content of the files. They first select a content type, picking “relevant document” if it’s a file that must be archived for regulatory reasons. They also select the business type, or class, of the document. These document classes are standardized for information and document management purposes, with each document class associated with a pre-defined retention period.
When the subject of a dossier is completed—the deal closes, the project is complete, the customer closes their account, etc.—end-users change the dossier status from open to closed. This kicks off an automated process to assign retention labels within seven days, providing a timeline for file destruction.
Now, end-users don’t need to know how long a business letter or accounting record must be retained. They just classify and close, and the system takes care of the rest based on the metadata.
Once the dossier is closed, those files are also now protected against accidental deletion or any changes to metadata or the file itself.
The above workflow has solved some of the challenges related to file retention and destruction, but email has its own nuances and requirements. Allianz turned to harmon.ie for its unique email management capabilities and convenient drag-and-drop interface.
“With harmon.ie, I can see the SharePoint browser view in Outlook and can do the same archiving journey for emails,” Stettler said. “We automatically identify them as relevant emails when they are moved into SharePoint via harmon.ie because we only want users to upload relevant emails from a legal or business perspective. You then select document class, save it, and the email is now uploaded into the dossier on SharePoint and archived properly.”
Not only does this make it significantly faster and easier for end users to archive relevant emails, but harmon.ie also helps Allianz meet the legal requirement of making email metadata visible in SharePoint. After moving a message to SharePoint using harmon.ie, all email fields (Subject, To, From, etc.) get extracted and displayed as SharePoint columns, which vastly improves the searchability of emails.
Most information management changes only succeed when end-user adoption and compliance reach meaningful rates. And with such a large, diverse, and distributed workforce, that’s no easy task for Allianz Technology.
While Friedl and Stettler can deliver a technical solution, generating adoption takes time and fostering an understanding among end users of why this change is needed. In the old system, archiving was for specialists who dealt with legal and regulatory matters daily, so this was a completely new topic for most other employees.
“Okay, I received an email, maybe two years ago, which is relevant for my company, not just for me personally, but relevant for the company from a legal point of view,” Friedl said. “So where do I have to put it now to avoid it getting deleted?”
“It's driven with extensive training,” Friedl continued. “Not just from a technical point of view, but also from the organizational point of view.”
Their adoption strategy was to market to business customers. Allianz Technology created a set of user materials to explain how the solution works. These were distributed and communicated with end users by the different operating entities, who had received centralized training.
There’s now onboarding training for all end users (regulatory plus technical/SharePoint basics). Each business unit has its own needs, so each user group adjusts accordingly.
The behind-the-scenes automation driving Allianz’s SharePoint- and harmon.ie-based solution removes many steps from end users. However, today the decision as to whether or not to archive an email still comes down to the end user. Potentially, artificial intelligence could alleviate users from having to make that decision… or at least make recommendations for the user to act upon.
For many more details and lessons from Allianz Technology, check out the entire webinar recording here. And if you’re considering adding harmon.ie to your organization’s information management toolbox, get started today with a free trial.