Why is Microsoft finally investing in Records Management? (Part 2)

As Jason mentioned in his last post , several factors led Microsoft to invest in records management functionality for the 2007 release of Office. One factor was feedback we received from customers about our Information Rights Management features. But another equally important factor was the set of events that have happened over the last few years that made records management a vital business consideration for many of our customers.

So what happened over the last few years to get our, and our customers’, attention? Well, here are a few of the events and headlines that really stood out:

July 30, 2002 – The Sarbanes-Oxley Act is signed into law in the U.S.: While much has been written about this law (and the scandals that caused it, like those at Enron and Worldcom), it forced every public company to think about records management:

  • First, it required public companies to be able to demonstrate that they have control processes in place for ensuring the accuracy of their financial statements. This is a very significant challenge: a lot of people handling information at different levels in a company are involved in preparing financial results -- so certifying those results requires the organization to have a degree of confidence and structure in the end-to-end process at all levels of the organization.
  • Secondly, the act specifies some pretty harsh (and personal) penalties on corporate executives who sign off on inaccurate statements. So those leaders want to ensure that their companies keep records that show that they’ve acted in good faith – which means that every CFO, CEO & CIO of every public company now has a direct and personal connection to records management. J 

(And while Sarbanes-Oxley is important because it affects nearly every corporation, it’s just one example of a regulation that impacts records management. The pharmaceutical and financial services industries, among others, have long had regulatory requirements governing what records they need to keep.)

April 23, 2003 – Frank Quattrone of CSFB is indicted on obstruction-of-justice charges for sending an e-mail

May 18, 2005 – Morgan Stanley is ordered to pay $1.45 billion in damages for not properly producing e-mail records :

And as if specific regulations & laws like Sarbanes-Oxley weren’t enough, in the last few years the justice system also started paying much closer attention to records management. The cases listed above are just a few (extreme) examples of organizations being severely punished for either not having properly kept records or for failing to find and produce all of those records when required.

These cases were especially interesting for us at Microsoft for a few reasons: first, the sheer size of the penalties that were being sought, similar to those related to the Sarbanes-Oxley act. Punishments this large tend to get people’s attention and strongly motivate them to find solutions. (And by the way, Microsoft’s interest here isn’t just about selling software – we’re a large multi-national company, we too have a legal department, and we’re involved in more than our share of court cases… Tina Torres, Microsoft’s Corporate Records Manager, will be sharing some of that perspective in this blog as well.)

Secondly, these cases showed that even at very large companies the processes for keeping records are often ad-hoc and ineffective . In one case, sending a single e-mail was allegedly responsible for the destruction of vital business records! (And this is by no means an attempt to single out either of the companies in these examples. In a survey conducted by Cohasset Associates Inc. in 2003, 41% of records managers rated their programs as “marginal” or “fair.” This is certainly a general problem.)

So not only was it clear to us that companies everywhere would be increasingly concerned about records management, but that even the world’s largest and most information technology-intensive companies were apparently struggling to get their record management situations under control.

Those two trends helped convince us we should make the next version of the Office system a tool to help companies solve their records management problems. Although everyone likes publicity, when it comes to regulatory compliance and legal liability, our customers would appreciate it if we helped them stay out of the headlines.

Stay tuned for our next post, where Jason will conclude the tale of “how did we get here,” by explaining how some of the requests we got from Information Technology administrators also helped guide us towards investing in records management features.

Ethan Gur-esh, Program Manager