With customers in over 200 countries and territories, client data management presented significant challenges
To meet regulatory requirements and client data retention commitments, this multi-line insurer embarked upon a global initiative, instructing all regions to implement appropriate management and control of unstructured client data. The project also sought to address known inadequacies with its Data Loss Prevention (DLP) processes and systems.
Data Retention Requirements
Every customer of the insurer agrees to T&Cs which state a data retention timeframe which is typically 7-10 years post exit of the customer. The insurer, therefore, has an obligation to ensure data is not kept longer than the agreed period.
Without achieving these objectives, the organisation was exposed to potential data breaches and non-compliance. Aside from regulator fines or sanctions, at stake was the organisation’s reputation for prudent stewardship of sensitive client data.
Two years In and the APAC Regional Programme Had Ground to a Halt
Tackling new problems without experience
The Insurer’s Australian office had chosen to involve business users in the migration of 100 TB of data to SharePoint. Engaging end-users in such an initiative is unfortunately seldom successful, as the insurer found out.
Uncontrolled scope and runaway budget
For the wider APAC region, the Insurer had selected a third-party multinational information technology services company to undertake data scanning and migration to SharePoint. However, the scope of the engagement had morphed such that the contract no longer reflected the requirements. As a result, the third-party had shifted to billing on a time and materials basis. An approach that was rapidly burning through the available budget.
Getting the Project Unstuck
Implementing effective project governance
PTS was initially engaged to help turn the project around in Australia. The first action PTS undertook was to implement appropriate and effective project governance and leadership. This started with a temporary halt to the project whilst the approach and progress to date could be swiftly and independently
evaluated. Utilising its proven project performance framework, PTS deployed its standard project governance procedures, including:
- Clarifying project objectives and priorities
- Defining project roles and responsibilities (utilising a RACI matrix)
- Creating a communications strategy and plan
Finding the right products and partners
The next action was to revise the Statement of Work, and to identify a
suitable vendor to support the project in Australia. This included:
- Reviewing the existing technical approach and plans. An action which resulted in exposing the
need for a file retention management tool, and the subsequent procurement, proof-of-concept,
implementation, and handover of the tool - Respecifying the exact requirements of the third-party services company
- Leading commercial renegotiations
Automating Retention Management
Working with the client, PTS specified AvePoint Cloud Records (ACR) as a suitable advanced information lifecycle management tool. ACR scans all files on a regular basis and alerts a file owner when a folder is due to be deleted. This is dependent on retention periods defined for each folder. The folder owner then has 90 days to either extend the retention period or allow the deletion. If nothing happens, the tool deletes the file and a stub file is put in its place to show that a file was there but is no longer. The user can restore from backup should the file still be required.
Working with the client’s business teams, the new supplier in Australia, and utilising AvePoint Cloud Records, circa 200 million files spanning 100 TB of data were successfully identified and labelled. The change in approach implemented by PTS enabled a 75% reduction in timescale and a commensurate reduction in project costs.
Gaining Control of Third-party Providers
Reducing Scope, Setting Objectives, and Fixing the Cost
Following success in Australia, PTS was further engaged to review the project in the wider APAC region. The first action taken was to review the Statement of Work (SoW) with third-party providers. This included reviewing the methods and approaches being used, and contractual arrangements.
Unnecessary activities were identified, the overall scope reduced, and clear objectives defined to ensure contractual commitment to deliver within a defined deadline and fixed budget. A revised SoW was signed off by each country, and renegotiation commenced with the vendors.
PTS worked with the insurer to facilitate and implement changes for regional proof-of-concept, testing, implementation, and eventual sign-off. The outcome was a significant reduction of fees (hundreds of thousands of dollars) and realignment with the original budget.
Containing a Runaway Budget
The project was a significant undertaking with over 400 million unstructured data files that were scanned (at least twice!), and over 200 TB of data labelled. This was achieved within a vastly reduced timeframe.
A runaway project budget was contained, new substantially more cost-effective third-party providers were brought on board, and control was re-established
over existing third-party providers who were subsequently able to deliver at significantly lower costs.
More importantly, the insurer now has a DLP system and supporting processes that are fit for purpose. APAC region customer data is appropriately handled and managed throughout its lifecycle, and in alignment with overarching group policy and customer commitments. And there is confidence of compliance with legislativeand regulatory requirements.
