Can you imagine the type of operation needed to deploy an Information Management System for 185,000 end users in 52 operating entities across the globe?
In IT, sometimes life throws you a curveball that begs to reinvent the box.
Insurance and financial services giant Allianz’s IT company, Allianz Technology, was served with a curveball when their regulatory and legal demands, espcially GDPR, the world’s toughest privacy and security law, required a broad-scale deployment. Allianz Technology was given a three-year window to figure out how to archive emails, apply and enforce retention and deletion policies. Let’s dive into their story and learn how they leveraged their constraints and hit it out of the ballpark.
Maximilian Friedl, SharePoint Online Product Owner, and Julia Stettner, M365 Governance Service Manager, leaders in Allianz Technologies joined us for a recent webinar to discuss their journey and explain how harmon.ie became an essential part of deploying a scalable solution that meets organizational requirements while increasing participation and compliance.
Friedl drives the entire governance and information protection initiatives at Allianz end to end, from collecting the business requirements to translating them into technical implementation to eventually presenting them in a format that the non-tech-savvy end user can handle well. Friedl is the product owner behind those services, which include SharePoint, along with other information protection government topics around Office 365.
Balancing priorities
At the heart of many information management challenges are competing needs from different parts of the business. In this case, there are legal requirements to delete and dispose of as much information as possible to comply with regulations and reduce potential legal liability. Meanwhile, the operating entities want to maintain business continuity and tend to amass a huge amount of information and emails.
Businesses obviously can’t ignore legal and compliance, so Friedl and Stettner can point to those as non-negotiable requirements.
“It’s a clash,” Friedl said. “Our task within Allianz Technology was to come up with a technical solution which, on the one hand, makes sure that deletions can happen in a timely manner dependent on when they need to be deleted, but at the same time retains other data, if it’s possible, based on the business requirements.”
For example, Allianz must deal with strict and very strong regulatory units in different countries. BaFin in Germany or FINRA in North America, for instance, both have regulatory and legal requirements in terms of data and information protection, not to mention GDPR and its unforgiving requirements surrounding how organizations handle personally identifiable information.
However, rank-and-file end users shouldn’t be expected or needed to understand the nuances of all those regulatory requirements. That demands a solution that minimizes the effort and decision-making each end user must make for any given email or file they’re dealing with, so Allianz has developed a solution that handles much of that specificity automatically.
Beginning with definitions
One key to a usable and scalable document archiving system is consistency. Classification and metadata are powerful tools, but they’re far more effective when everyone uses the same definitions, rules, and terminology.
Allianz Technology kicked off its multi-year initiative by creating the Allianz Standard for Information and Document Management, or ASIDM. This gave the organization a common set of definitions instead of leaving it up to each individual end user or business unit.