January 28, 2022

I'm Now a Certified Credentialing Professional


Updated 3/2 to add a little more background on how I got here. 

The Institute for Credentialing Excellence has created the Certified Credentialing Professional (ICE-CCP). I took the exam while it was in beta on November 1, 2021, and found out last week that I'd passed; today I got the digital badge from Credly. 

Here's what the badge says the program covers: 

Holders of this credential have demonstrated competence in professional credentialing, including in governance and resources, credentialing program operations, and assessment development and validation. Though they may be focused in certain functions in their day to day activities, they have demonstrated knowledge across all credentialing activities and understand the interplay among functions.

As with all certifications, this basically suggests that I am reasonably competent in defined best practices for something, in this case developing personnel accreditation programs. The exam is based on a body of knowledge, which itself was based on some type of competency model. In my case, it's a reflection of having worked as a subject matter expert on accreditation programs for more than 20 years, including: 

  • IMR Alchemy's software solution training and assessment
  • CompTIA's CDIA+ program
  • TAWPI's ICP program
  • HP's FlowCM Professional training and assessment
  • ARMA's Professional Competencies model, 1st edition
  • AIIM's CIP program from its inception in 2011 to its last update in 2019
  • And dozens of AIIM certificate programs and updates

And as with all certifications, a certification should really mean two things: that the certificant is reasonably competent at something, and that that something reflects a thought-out body of knowledge that reflects the competencies required to perform the role. In other words, it's shorthand that certificants know what they are talking about. This isn't always true, of course - "paper" certifications are still a thing, though a rigorous assessment can assist with that. But it does mean that hiring a certified person to do something, and then ignoring their thoughts on whether to do that thing and how, isn't particularly reassuring as to the wisdom of subsequent decisions. 

So. The ICE-CCP is good for four years. Not really sure about recertification requirements, but hey, I have four years to figure it out. 

January 16, 2022

Upcoming Webinars and Podcasts Through February 2022

 I wanted to include these in my new newsletter, but there are just too many of them! While I am speaking at a couple, and hope to make a few others, I don't have anything to do with them from a planning perspective, so please reach out to the individual event producers with any questions. 

1/19 - Meru Data Webinar - Effective Change Management for Successful Privacy and IG Programs

1/19 - AIIM Virtual Event - How to Optimize M365 for Information Professionals

2/1 - AIIM Records Management Coffee and Conversation - Gain Support Among Stakeholders for a RIM Program

2/1 - John Mancini's OxyMorons, with Lewis Eisen

2/3 - ARMA Triangle Chapter - RIM Technology - Policy Center and Smart Sort

2/7 - John Mancini's OxyMorons, with Ken Withers

2/8 - AIIM+ Meeting the Challenge - M365: Outlook Management 

2/8 - ARMA Twin Cities Chapter - Building Your Records Management Playbook

2/15 AIIM+ Meeting the Challenge - Digital Workplace

2/15 - ARMA Mile Hi Denver Chapter - Modernizing Information Governance and Lifecycle Management in the Face of Digital Transformation

2/15 - John Mancini's Oxymorons, with Shukra Kichambare and Charley Barth

2/16 - ARMA Nebraska Chapter, Emoji in the Workplace & Legal Implications - Legal Day

2/16 - ARMA New England Chapter - Elevating Your Resume

2/17 - ARMA St. Louis Chapter - The Intersection of Information Management and Compliance

2/17 - ARMA Detroit Chapter - Managing Records at a Nuclear Facility

2/17 - ARMA Greater Columbus Chapter - A Playbook for Responding to Pandemic-Related Records and Beyond

If you know of an IM/IG/RM industry related webinar or podcast episode happening between now and Feb 28, let me know at jesse.wilkins@athroconsulting.com and I'll add it. 

The Information Management Menu Launches!

I'm pleased to announce that I've launched a new newsletter called The Information Management Menu. I'm hoping to publish monthly. The newsletter will focus on RIM, IG, content services, and related things like privacy. Right now the sections include: 

  • Industry News
  • Get Involved - calls for participation
  • Recent Blog Posts - from me and others
  • Upcoming Webinars and Podcasts
  • Upcoming Conferences and Events
You can find the first edition here: 

If you want to subscribe, send me a note at jesse.wilkins@athroconsulting.com, or just click to the newsletter and there's a big blue Subscribe to The Menu button at the bottom. 


January 11, 2022

An Information Management Checklist for Separating Employees

Updated 2/7/2022 to add Priscilla Emery's invaluable suggestion re: roles-based access controls. 

This is an update to a post I wrote for AIIM, originally posted on the AIIM blog as "The Break-Up List - A Checklist to Avoid Information Management Issues with Employee Separation"

Every organization has a process for onboarding new hires, contractors, consultants, etc. If you hire a new records manager, for example, it might look like this: 

  • Get the paperwork filled out for payroll
  • Issue the badge
  • Issue the keys to the office and the fob for the parking garage
  • Issue the computer or laptop
  • Assign the office or cubicle
  • Set up the email account
  • Set up appropriate access to the recordkeeping system
  • Set up all the other information management system-related access

Similarly, when an employee separates, there's usually a checklist there too: remove access to systems, get the laptop back, get the keys back, etc. But what happens to the employee's information stores? The laptop often gets wiped and reissued. Maybe the employee's inbox is assigned to the manager for review. Maybe the manager even manages to do so at some point! (Probably not, though)

When Employees Separate

Employee separations can cause significant information management issues, particularly if the separation was not on good terms. Consider this: Do you know the statutes of limitations for common workplace issues such as discrimination, harassment, or hostile work environment? What is the likely outcome of litigation if it turns out that the former employee's laptop was wiped and reissued while litigation is underway or should have been reasonably anticipated?

And what about all the other information stores? These include but would by no means be limited to:

  • Folders on network file shares, including personal folders
  • SharePoint sites and collections
  • Email archives and .PST files
  • OneDrive for Business sites
  • Box, Dropbox, and all the other file sync & share tools
  • Slack, Teams, Yammer, Google Suite, and the plethora of other web-based collaboration tools available
  • Flash drives
  • User-owned devices and locations, if the organization allows or ignores Bring Your Own Device/Bring Your Own Apps
  • Social media accounts used on behalf of the organization

I once had an organization tell me that one of their senior staff had brought his .PST file, containing all of his email, contacts, etc. from his previous organization when he was hired. The employee likely assumes that he will be able to take his email with him when he leaves and goes to a new organization. In what world is this OK? 

Theft of organizational information assets by separating employees is also a major issue. Research has shown that the majority of separating employees take, or keep, at least some information with them when they leave. Whether inadvertently or intentional, this is a significant issue because of concerns about confidentiality, intellectual property, privacy, and others. And this is even more of an issue for employees working from home. While an attestation isn't bulletproof, it at least raises awareness on behalf of the employer and separating employee alike of the need to return the organization's information and destroy any copies that remain under the employee's control.  

The Information Management Checklist for Separating Employees

Organizations need to ensure that their employee separation plans address information management issues, and take appropriate measures with regards to any business information that is or was in the custody of separated employees. If the separation is on good terms, much of this can and should happen prior to separation; if not, it needs to be done as soon as is practicable. 

This checklist should include, at a minimum:

  • Communication to the employee about the need to deal with the organization's information assets under the employee's control.
  • Revocation of access to all systems: on-premises, cloud-based, everything. This is basic information security 101, yet too many organizations remain cavalier about this. This is also so much easier when using role-based access controls - not only can you cut off the separating employee's access, you can also assign someone else to that role so the transition is smoother. 
  • Return of any physical security credentials such as badges or fobs. 
  • Return of all company-issued hardware. Relevant hardware should *not* be reset or reissued but should instead be retained as-is for a period of time in case of legal issues.
  • Return/removal/destruction of all company-owned information outside the custody of the organization. Hardware and information should be retained until it is determined that there is no liability; this determination should be made through consensus among, at a minimum, the business unit, HR, legal, IT, and records management.
  • Removal/deactivation of all company-issued software. This needs to be discussed with the separating employee if possible, because some applications store data on the local computer and may not be transferrable or recoverable after the fact. 
  • Transfer of ownership of any organizational social media accounts including logon credentials.
  • Attestation by the separated employee that all company property, including hardware, software, and information, have been returned or destroyed.
  • Identification and review of all applications and information stores used by the separated employee.
  • Assessment of applications and information stores to determine potential liabilities. Where possible, information stores should be set to read-only to avoid potential issues with destruction, whether inadvertent or intentional.
  • Communication that the employee has separated. Some organizations will include a forwarding email address; care should be taken to ensure that doing so does not potentially allow the former employee to continue to receive communications intended for the organization. My recommendation is to communicate that the person has separated and where to direct any inquiries. 
  • Assessment of data stores to determine whether any are part of an existing legal hold or other legal or regulatory action.

The steward assigned to the separated employee's information stores may review their contents with an eye towards fulfilling any outstanding obligations and ensuring necessary transfers of responsibilities, but care should be taken to ensure that information is not altered or deleted.

What else do you have in your employee separation checklist? Ping me at jwilkins13@gmail.com with your suggestions.