Today I Earned My CIP

CertInfoProfI wrote AIIM’s Certified Information Professional (CIP) exam in March 2015. Two hours to answer 100 multiple choice questions across six knowledge areas. I finished in 41 minutes. Frankly, I suggest that anyone who needs the entire two hours should probably not be working in any area related to managing information.

I wrote the exam not because I wanted the certificate for any particular reason, but because I wanted to assess my competence across the various domains. In preparation for the exam I did absolutely nothing other than what I do on a regular basis. I worked on my projects, I engaged with the information management community, I read, I wrote, and I attended the annual AIIM conference. I admit to a certain amount of trepidation in my approach as I may have found out I’m not as “expert” as I had initially thought.

As it turned out, I missed my target score by 0.9% overall, but I passed the exam and in a few weeks I’ll get an email, a certificate, and a pin (apparently I’m on my own to get the tattoo). I’m pretty pleased, not because I passed, but because the score breakdown shows me where I need to put in some additional effort in my professional development (not that anyone should ever consider not putting in effort). My breakdown is as follows:

  • Access / Use – I scored about what I expected and I’m happy with that.
  • Capture / Manage – I scored a little higher than I expected. I’m a bit “meh” about that one as the capture part isn’t really where I put a lot of focus, but I do spend a fair bit of time dealing with the manage piece.
  • Collaborate / Deliver – I scored lower than I expected. I’ll need to put some additional effort in here.
  • Secure / Preserve – I scored way higher than I expected. This one scares me as it may indicate that I ought to get into Records Management or something.
  • Architecture / Systems – I scored about what I expected. I would have been seriously bummed if I’d scored lower than expected as this is where I make most of my living.
  • Plan / Implement – See above.

I’d love to get a question-by-question breakdown of what my scores were; I’ll bet money that there are some AIIM and I could debate. Having taken some AIIM training in the past, I know that sometimes the answers on the exams are based on the course content rather than what happens in the real world. I’m cool with that as there are just too many possible right answers to account for them all in an exam.

Assuming the course goes ahead, I’ll likely continue with some professional development in May by taking AIIM’s ECM course in Calgary. I already have the ECM Master certificate (along with ERM and EMM), but I’m not after the certificate. I’m after what I can learn by attending the sessions and leveraging the discussions with the instructor (Jesse Wilkins) and the other attendees. I know that there are some who attend training for the piece of paper, and that’s cool in an academic setting. In real life, the take away has to be the experience and the knowledge. The paper is, maybe, a good piece of personal marketing.

I have to say that I thoroughly enjoyed the pat down and scan upon entering the exam facility; the TSA and CATSA could learn a thing or two.

AIIM2015 – Quick Thoughts

IMG_1301This year the annual AIIM Conference was held in San Diego, California; way better than last year’s location which was really a few hotels sitting on reclaimed swamp land or something. And it was great to reconnect with people and meet some new folks and blah, blah, blah ….

Overall I found this year’s event much better than last year’s. This could be because: A) I had no responsibilities as a speaker or representative of any company in any form; B) The content was just way more compelling to me. Either way the AIIM crew, led by Georgina Clelland (recently promoted to VP of something at AIIM, deservedly so), deserves huge congratulations. If I’m not dead or incapacitated I fully intend to be at the 2016 conference in New Orleans, Louisiana.

On to the good stuff …


IMG_1324I have to say that I was pretty dismayed, though completely unsurprised, that most people and organizations still view managing information from the risk / compliance side of the ledger. Even one of the vendors I spoke to understood that their tools could do so much more if they were employed for insight and analytics, rather than for responding and defending against discovery and compliance issues. During the conference AIIM ran an informal, unscientific survey about organizational priorities; the results are over there <-.

Information Governance

Information Governance seemed to be a hot topic this year, with at least a couple of roundtables and one panel discussion dedicated to it. Good news, right? Sort of. Between the sessions I attended and discussions I had, no one offered up a definition of Information Governance. In fact, one of the IG vendors went so far as to say that they don’t do IG, they’re merely a small part of it. For the record, this is the same vendor that opined their tool could be used for value as well as risk. Regardless of the lack of a cohesive definition (just shows that what the IGI, I, and others have said is true) it was apparent that IG is an important topic.

Enterprise File Sync and Share (aka The mmppfff Problem)

You don’t think that file syncing and sharing is important or disruptive? I don’t know how many sessions at the conference covered the topic, but I attended three:

While Lubor’s session was not explicitly about EFSS, it doesn’t take a genius to figure out where things are headed. Actually, you could say that we’re already there, but just not in a very polished way. In his session, Alan pointed out that, while working for some client or other, he and his team stopped counting once they’d reached 130 EFSS vendors.

EFSS is a big deal. No, it won’t kill ECM; depending on the vendor, it will BE ECM. Don’t believe me? Think about ECM vendors coming out with their own EFSS offerings. Some because it’s the future, some because it’s the only way to defend against the likes of some of our favourite EFFS players (130+? Holy Carp!)

Bits and Pisces

Lane Severson and I chatting about big data, analytics, data scientists (that kinda stuff) – if your data scientist type people don’t understand your business and context, they’re not worth it.

The guys in the corner from a three-letter ECM vendor now flogging an EFSS solution – if you can’t answer the simple questions, why are you here? Seriously. Why?

You know who you are – a roundtable session is not where you talk about your product for 20+ minutes to the point the AIIM monitor person has to step in and tell you to give everyone else a turn. That said, once you stopped talking it turned into a pretty good session.

Surprised but not by the absence of some of the EFSS players. You should have been there; I think it would have worked out better than last year.

Panel moderators should be like hockey referees; we don’t know they’re there until a fight breaks out.

Security 2015 or Why I Sometimes Hate My Clients

Last month Box announced their Enterprise Key Management thing. Today they announced their acquisition of Subspace, and are part of ACE (really important app standard). I sometimes marvel at the progress that the industry that pays my bills is making, and then this kind of shit shows up in my mailbox (the Canada Post version, not the Outlook one) …

Cyber Security 2015

In case you were wondering, mobile access is not supported and it’s recommended that you use IE or Safari.

Box Announces Enterprise Key Management

On February 10, 2015 Box announced the beta release of Enterprise Key Management (EKM). Put simply, EKM addresses cloud security concerns by giving customers control over the encryption keys used to access content stored on Box. It’s add-on functionality, at an additional cost, that’s going to remove one of the barriers to cloud adoption. This is a very, very good thing.


For those customers that have been dithering about whether or not to move content to the cloud because of security concerns, EKM ought to alleviate those concerns. Of course, those customers will have to be willing to commit to Amazon Web Services (AWS) if they want to avail themselves of EKM. However, it’s a beta folks and I’d bet that Box is actively working on other options.

With this announcement there’s a bunch of organizations that, all of a sudden, have no excuses left. That’s not to say that organizations should put everything into the cloud; they shouldn’t. There’s tons of content that organizations deal with on a day-to-day basis that makes absolutely no sense to move to Box. Take a look at transactional data that’s generated by utilities, communications providers, and financial companies; there’s nothing to be gained, yet, by moving all those transactions into Box. However, those same organizations, along with most others, deal with tons of content that is perfectly suitable due to its purpose in business processes. Think about loan/mortgage applications, cell phone contracts, and applications for utility services; all of these could easily be moved to the cloud. And now (well, when EKM gets to general release) it can be done with just that little bit extra assurance of security. Which brings me to another point, which I’ve made before …

Organizations are going to have a mixed bag of content repositories for the foreseeable future. Once EKM goes to general availability I’d love to have a bar chat about which is more secure; Box, on-premises, or the hosted private data centre. Based on what I know about some orgs I’ve worked with, I’d rather they put their content in Box, with or without EKM. I digress …

My point is that hybrid is a reality and that everyone involved in managing content (vendors, customers, regulators, legislators) is going to have to figure out how best to deal with access, security, collaboration, and everything else that goes into managing content as an asset. Part of that is understanding that not all content is created equal and can be treated the same. For me the end game has to be putting the users at the center and not forcing them into Cirque de Soleil-like contortions to gain access to the content they need to execute the task at hand. If Box’s track record is anything to go by, I’m optimistic that they haven’t lost sight of ease of use with the EKM beta.

The title of Aaron Levie’s (Box CEO) post announcing EKM is Breaking the Last Barrier to Cloud Adoption with Box Enterprise Key Management (and I thought I liked long titles). Uhm, no. Hell, EKM won’t even break down the last legitimate barrier. There is still a lot of Fear, Uncertainty, and Doubt (FUD) to overcome in getting organizations to move to the cloud (not a legitimate barrier). Organizations worry about data sovereignty, sometimes legitimately. Some contexts just don’t lend themselves to a smooth cloud experience (from twitter this am, via Laurence Hart “Some agencies require govt clearance to have access to encryption keys and/or be US citizen. Box can’t do that for workforce” – he’s not wrong. Laurence expands on the quote in this post.).

If I were Box I’d handle the above like this:

  • FUD – time, tide, and attrition are your friend – patience, Grasshopper.
  • Legitimate data sovereignty issues – influence and wait for legislation; partner up to build/lease/coopt some friggin’ data centres.
  • Illegitimate data sovereignty issues – see FUD
  • The point that Laurence brought up – don’t sweat it. You can’t play there now anyways.

Box’s announcement about Enterprise Key Management is significant, and it’s a really good thing. However, it’s not the last hurdle and I’d bet money they know that. But it does take away one excuse that that ditherers and FUDders have been hanging on to.

And for those of you who are about to bring up AWS outages – IT’S A BETA!!!