top of page

We're On a Road to Nowhere: Legacy ECM

I frequently speak with organizations about which ECM system they have. Here’s an example of a conversation that happens, unfortunately, all too frequently:

Me: So, what application do you use for ECM?

Them: Oh, we’ve got (Legacy Technology that hasn’t had an update in 10 years.)

Me: So how’s that working for you?

Them: Oh, it’s fine. (handwave) The (someone with organizational clout) likes it.

Me: (headdesk)

In my nearly two decades selling Laserfiche, I’ve seen several companies and agencies still heavily reliant on old, legacy ECM technology. Further complicating matters–in the private sector at least, a series of mergers has resulted in an enterprise-worth of incompatible systems inherited from prior organizations.

Some public sectors still use legacy systems because they think a change may cost them a lot. They are also worried about the potential risk of service delivery interruption associated with data movement and critical business processes to modern tech. Otherwise known as downtime. And they’ll need to learn to use and support a new application.

Generally, legacy ECM systems tend to be given inadequate resources for proper maintenance. The vendors don’t provide updates, bug fixes, or platform upgrades. Often there’s no way to add users to the applications, forcing the organization to “cheat” the licensing, which causes legal risk. In some cases, support is wholly abandoned, and if you are unfortunate to own ECM acquired in a merger with another ECM vendor, you will probably be forced to migrate to their preferred platform.

Now, think about the poor users of legacy ECM. There’s most likely no training (in-person or recorded) offered or continuing education, end-user conferences, or webinars. There's not much benefit for users of old systems.

The real problem with Legacy ECM

What I find to be the most worrisome is that organizations continue to store information assets in a system that may be unstable, uses old code, and won’t be patched or updated. There’s a reason why information is referred to as an asset but locked in a legacy system; it’s not being treated that way.

Also, you’ll agree that not a day goes by without a hack or data leak being reported in the news. With legacy ECM, cyber security is typically at risk. And what if the system needs to be shut down? Can it be recovered? How can a business continuity strategy be developed with unstable technology?

In the public sector, the issue is even more problematic as, in some cases, vital records are stored in legacy repositories, possibly locking in critical records. These black-box systems also can be a nightmare for compliance, and building a trusted system isn’t possible. Regarding records management, PRRs (Public Records Requests) can’t always be promptly completed with an untrustworthy system. Nowadays, many municipalities have set up PRRs to be self-serve using webforms, web portals, and workflow. Is this even possible with a legacy system? I doubt it.

Also precarious are any integrations with business-critical systems such as ERP. If your ERP requires an update, will it break the integration with the legacy ECM that you can’t update?

These are just some thoughts that run through my head when I speak with an organization with legacy ECM. I hope you find them helpful. If you’d like to talk to me about it, I can be reached at



bottom of page