Information management today and tomorrow

Professor Tom Wilson
Visiting Professor, University of Borås, Allégatan 1, 501 90, Borås, Sweden

What is 'information management' today – and what is its future? These are important questions for anyone working in this field today because we know that it changes very rapidly. To know how the subject is perceived today helps us to cope with the immediate changes and to identify gaps and weaknesses in our own information management activities. Similarly, guessing how the future is going to turn out can help us to prepare for that future: designing new teaching programmes in academia, and plotting our own career structure in the world at large.

No one, of course, can know the future; it is the big unknown, a different country from the present where we can only guess at how things may be done, what may be considered important and what tools might help in what we do.

To try to get a grip on the present, I've been storing Google Alerts on the topic of information management for the past four years (a total of 1,614 messages when I started preparing this paper). From the messages for the past year, I selected every tenth and transferred the news items to a file containing 122 items. One of these was a duplicate and several were out of scope, leaving a total of 116 to examine to categorise their content. The Alerts service scans press releases, newspapers, blogs and online magazines, so what we get is not an academic perception of the field of information management but a record of how the term is being used in business, industry and the world of work. The slide shows a sample of entries, from which you will see that very little information is provided to enable categorisation, so, often, the original document had to be retrieved.

Three general categories dominate the list: company news, conference news and news about people in the industry. These were further categorised by their content; for example, a press release headed Distinguished Industry Expert Joins the HealthPort Organization was categorised under Health information management since the HealthPort organization works in that area.

The first thing to comment on is that, in this kind of document, 'information management' has become almost indistinguishable from 'information systems' and there is also a degree of confusion with 'information technology management'. There are two implications of this:

First, people working in information management are going to need a very good background in information systems development and implementation, since that is what is needed today when establishing information management systems and services. The days when 'information' was still a hybrid concept, involving paper resources as well as digital, are almost completely gone, in business, industry, health care and local and national government.

Secondly, at a certain organizational level, we will be expected to manage the technology as well as the information resources. Chief Information Officers, typically, are responsible for the technology, for systems development and for information management. Their titles may vary – IT Director, Director of Knowledge Resources, Chief Information Officer – almost any combination of these terms; but the responsibilities will be diverse. Of course, in large organizations they don't do it all alone! They will have specialist staff responsible for the different sectors and the information management sector will be one of these.

That second point springs from the first: given the production of digital information, it follows that the means of managing the information will involve digital technology – computers, scanners, printers, mobile phones, iPads, laptops, etc., etc. And, of course, the telecommunication systems that enable the networks. The range of systems and software available for information is extensive and growing, as new needs are found, new systems are developed and new modules are added to existing systems.

The third conclusion that I draw from the material is that the systems being developed and sold are increasingly presented as integrated information systems, sometimes referred to as enterprise information management systems. Organizations are discovering that they need to bring together not only information from different divisions and departments, but also integrate information from outside of the organization. Progress in this direction appears to be slow, however, as an investigation discovered earlier this year.

A study for Hewlett Packard, of 641 companies (Information management... 2011), found that the problems of information management were recognized, but there was very little agreement on how to solve them. What is causing the problems is the massive increase in the amount of information content that organizations have to handle and it is difficult to find the money to create systems to deal with this content because of the pressure on budgets. In hard times, nothing is easy!

In spite of the growth on integrated systems, the study found that there is rarely a unified approach to information management in companies: in 20% of cases it is a matter for individual departments to deal with and almost 40% have different departments for different kinds of information content – marketing dealing with marketing information, human resources dealing with personnel information and so on. Only about 40% have a single department – usually IT – to deal with information management.

In other words, the system sellers have discovered the problem but the money required for implement systems to solve the problem is limited.

When we look in more detail at the content of the Google Alerts, information management for health care emerges as the biggest single area for systems and product development. The biggest area here is in the medical records field, presented under a variety of names such as patient record system, health information system, healthcare records system, electronic health records and so on. Here, again, integration is the selling point. Thus, a company like Software Unlimited Inc. (http://www.suimd.com/) sells a product called EHR Options which not only maintains patient records, but enables feeds from diagnostic equipment, messaging, letter generation, and a variety of other functions. In this area, the local context is critical, involving legal and regulatory issues that the physicians have to meet. Thus, the state of Maryland certifies patient record systems under its CRISP programme (Chesapeake Regional Information System for our Patients) (2009) and if you want to sell your product to hospitals and general practices in the state you need CRISP certification.

More specialised applications within the health care area include systems for the operating theatre (such as that offered by Surgical Information Systems (http://www.sisfirst.com/products/index.cfm), or systems for monitoring newborn children, while others focus on nursing information systems and systems for general hospital management. The essential thing about most of these systems is that they are devised, principally, to handle numeric data, or, at best, structured information. The problem that many organizations face, however is that of needing to handle increasing amounts of unstructured, or only slightly structured, text.

Other areas where information management is well-developed include:

• supply chain management – involving joint systems, or at least, access to systems, with suppliers;
• educational information management – student records, finance, etc.;
• utilities management – gas and electricity supply monitoring systems – data driven rather than unstructured information;
• transport management systems – involving, for example, GPS tracking of vehicles;
• etc., etc.

I see the basic functions of information management as acquiring the necessary information to meet organizational needs; storing that information securely, with appropriate access controls; preserving for the future the information that is expected to have some future value; managing the information processes; and delivering information to organizational members, collaborating partners, and, in the case of the public relations function, the outside world.

When we look at information management in this way, the critical issue that emerges out of the material I am using is that of security. This is understandable, because it is critical for many kinds of organizations: business and industry, central and local government, education, police forces, and so on. All of these agencies need to guard against unauthorised access to information, whether from inside or outside the organization, and all need to guard against accidental loss of information. This becomes even more critical in the age of smart phones, iPads and laptops, when confidential information can be legitimately downloaded by a member of staff, who then loses his or her device, or has it hacked by a third party. In addition, there are legal requirements to observe, relating to data protection and privacy, as well as, freedom of information acts, all of which require an organization to know what information it has, to maintain it securely and to make it available to the responsible authorities, when required.

Security implies protection not only against inappropriate access and use, but also physical security, i.e., protection against fire, flood and other natural or man-made disasters, not only for the physical servers in the organization, but also for network protection. Numerous companies are involved in producing systems to ensure compliance with access rules, monitoring usage to identify unauthorised attacks, but when humans are involved all of the software and systems in the world cannot prevent someone from losing a laptop with a customer file on it!

In a study undertaken by the Ponemon Institute (2011) for Check Point Software, covering companies in the USA, the UK, France, Germany and Japan, between 70% and 86% of the more than 2,000 respondents reported that their organizations had lost data in the preceding year (2010). Generally, the problems relating to security do not lie with the systems involved; the weak link is always the human being. The same study found that in the USA, the UK and France, more than 50% of employees had low awareness of the need for security and in France it was 74%. In Japan and Germany, the figure was much lower–around 30%. (Figure 2). When we read of accounts of corporate data being downloaded into laptops and USB drives, which are subsequently left in taxis or trains or coffee shops, the role of the human becomes obvious. And it is only by training and raising awareness of the consequences of data and information loss that such losses can be reduced.

This has been a rather subjective and rapid review of the state of information management today; can we have any idea of where it will go in the future?

From the material I've been reviewing and from a general appreciation of a wider body of information I come to the conclusion that we can identify three broad areas of information management activity in organizations – of all kinds, not simply business and industry.

First, there is information management for general organizational management: that is, integrated systems to enable top and middle management to understand what's going on in the organization. This has been one of the 'traditional' areas of information systems development and I foresee greater and greater integration of information sources to enable the factors affecting the performance of the organization (whether it is measured in terms of profits, or of patient waiting times in hospitals) to be assessed.

Secondly, we have information management for functional operations management: that is, information and data management to enable the performance of functions. Various sectors of health information management demonstrate this very clearly, in terms of patient record systems, operating theatre systems and so on, but the concept is applicable elsewhere; e.g., integrated systems to enable police forces to deal with crime and criminals. Again, this has been a traditional area for information systems development and the issue now, is how to create genuine information systems, rather than data handling systems.

Finally, information management for business intelligence: covering environmental scanning, competitive intelligence and business intelligence generally. This area did not appear at all in the Google Alerts for information management, but I ran a search and Figure 3 shows what came up for one hour of news output between 19:00 and 20:00 on the 9th August. Curiously, although we see this area as related to information management, that term is not used when describing the systems.

Over all of these developments we find the emergence of two or three other terms to describe the management of information – document management systems, digital asset management and one that seems to cover both of these and information management generally along with records management, i.e., enterprise content management. The notion of content means that this term covers all media. Perhaps the most rigorous definition of enterprise content management comes from the Gartner consultancy organization, which uses the following criteria to define a vendor of ECM systems ( Enterprise... 2011 ):

• Document management - check-in/checkout control, version control, security and library services for business documents.
• Web Content Management- ability to remove the webmaster bottleneck, managing dynamic content and content authoring, general ease of use.
• Records management- ability to comply with legal or regulatory purposes, long-term archiving and automation of retention and compliance policies such as admissibility.
• Document capture and document imaging for capturing and managing paper documents - entire scanning process from paper to electronic format.
• Document-centred collaboration for document sharing and supporting project teams - including permissions.
• Workflowfor supporting business processes and routing content, assigning work tasks and states, and creating audit trails of who did what, why, when and how.

One thing is missing from this set of criteria, however and it is an increasingly important criterion for many organizations. That is, the ability to handle non-documentary media: digital film, video, image, and sound files. An ECM system should be capable of handling these too.

The result of Garnter's evaluation of companies in the ECM market is shown in Figure 4: I suggest that in order to know what is likely to happen in information management, we need to know what these companies are doing and what organizational problems they are seeking to solve.

We cannot know the future, but we can try to identify trends, to "follow the money" and see what organizations are buying and what vendors are selling. By monitoring the marketplace for information management systems in this way we can identify research topics of potential interest and perhaps identify commercial partners in the research – an aspect of continuing importance when putting together teams bidding for European project funds. From a teaching perspective, this kind of monitoring will also help us to keep our programmes up to date and relevant in the marketplace.

I have said that we cannot know the future, and that is true; but we can try to identify trends and follow them, thereby ensuring that we are at least as up to date as everyone else!

References

• CRISP. (2009). The CRISP response to the request for application for a consumer-centric health information exchange for Maryland. Retrieved 2 August, 2011 from http://mhcc.maryland.gov/electronichealth/crisp.pdf (Archived by WebCite® at http://www.webcitation.org/60dStfjz4)
• Enterprise Content Management. (2011). What is enterprise content management?. Retrieved 25 July, 2011 from http://www.contentmanager.eu.com/ecms.htm (Archived by WebCite® at http://www.webcitation.org/62hiDeFXh)
• Information management spirals out of control. (2011). IT Business Edge. [Slideshow with commentary.] Retrieved 25 July, 2011 from http://www.itbusinessedge.com/slideshows/show.aspx?c=89119&slide=3 (Archived by WebCite® at http://www.webcitation.org/60RoLhs4u)
• Ponemon Institute. (2011). Understanding security complexity in 21st century IT environments. A study of IT practitioners in the US, UK, France, Japan & Germany Traverse City, MI: Ponemon Institute. Retrieved 25 July, 2011 from http://www.checkpoint.com/downloads/whitepapers/ponemon-check-point-march2011.pdf (Archived by WebCite® at http://www.webcitation.org/62hiVMMXg)

How to cite this paper

Wilson, T.D. (2011). Information management today and tomorrow. Keynote paper presented at a Workshop on Information Management, University of Murcia, Spain, 2011.