Records management

From Wikipedia, the free encyclopedia - View original article

 
Jump to: navigation, search

Records management (RM), also known as Records information management or RIM, is the professional practice or discipline of controlling and governing what are considered to be the most important records of an organization throughout the records life-cycle, which includes from the time such records are conceived through to their eventual disposal. This work includes identifying, classifying, prioritizing, storing, securing, archiving, preserving, retrieving, tracking and destroying of records.[1]

Records management is part of an organization's broader activities that are associated with the discipline or field known as Governance, risk, and compliance (or "GRC") and is primarily concerned with the evidence of an organization's activities as well as the reduction or mitigation of risk that may be associated with such evidence.[2]

A record is something that represents proof of existence and that can be used to recreate or prove state of existence, regardless of medium or characteristics. A record is either created or received by an organization in pursuance of or compliance with legal obligations, or in the transaction of business.[3][4] Records can be either tangible objects, such as paper documents like birth certificates, driver's licenses, and physical medical x-rays, or digital information, such as electronic office documents, data in application databases, web site content, and electronic mail (email).

Key records management terminology[edit]

Records identification is the means by which consensus is achieved within an organization that leads to how a record is uniquely distinguished from other non-record material, such as a convenience file or draft. How records are managed throughout their life cycle is formalized into the policies and practices of the RIM program.

Once a record is created, record controls are triggered to regulate its access and distribution. A human resource employee may separate documents from a personnel file and keep them in a locked cabinet with a control log to control and track access. Role security may be set on a repository allowing access to approved users. Software may identify the official record, versions, copies, and distribution.

Just as the records of the organization come in a variety of formats, the storage of records can vary throughout the organization. File maintenance may be carried out by the owner, designee, a records repository, or clerk. Records may be managed in a centralized location, such as a records center or repository, or the control of records may be decentralized across various departments and locations within the entity. Records may be formally and discretely identified by coding and housed in folders specifically designed for optimum protection and storage capacity, or they may be casually identified and filed with no apparent indexing. Organizations that manage records casually find it difficult to access and retrieve information when needed. The inefficiency of filing maintenance and storage systems can prove to be costly in terms of wasted space and resources expended searching for records.

An inactive record is a record that is no longer needed to conduct current business but is being preserved until it meets the end of its retention period, such as when a project ends, a product line is retired, or the end of a fiscal reporting period is reached. These records may hold business, legal, fiscal, or historical value for the entity in the future and, therefore, are required to be maintained for a short or permanent duration. Records are managed according to the retention schedule. Once the life of a record has been satisfied according to its predetermined period and there are no legal holds pending, it is authorized for final disposition, which may include destruction, transfer, or permanent preservation.

A disaster recovery plan is a written and approved course of action to take after a disaster strikes that details how an organization will restore critical business functions and reclaim damaged or threatened records.

An active record is a record needed to perform current operations, subject to frequent use, and usually located near the user. In the past, 'records management' was sometimes used to refer only to the management of records which were no longer in everyday use but still needed to be kept - 'semi-current' or 'inactive' records, often stored in basements or offsite. More modern usage tends to refer to the entire 'lifecycle' of records - from the point of creation right through until their eventual disposal.

The ISO 15489-1: 2001 standard ("ISO 15489-1:2001") defines records management as "[the] field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records".[5]

The ISO 15489-1:2001 defines records as "information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business".[5] While there are many purposes of and benefits to records management, as both these definitions highlight, a key feature of records is their ability to serve as evidence of an event. Proper records management can help preserve this feature of records.

It should be noted that the format and media of records is generally irrelevant for the purposes of records management from the perspective that records must be identified and managed, regardless of their form. The ISO considers management of both physical and electronic records.[5] Also, section DL1.105 of the United States Department of Defense standard DoD 5015.02-STD (2007) defines Records Management as "the planning, controlling, directing, organizing, training, promoting, and other managerial activities involving the life cycle of information, including creation, maintenance (use, storage, retrieval), and disposal, regardless of media."[6]

Practicing records management[edit]

A Records Manager is someone who is responsible for records management in an organization.

Section 4 of the ISO 15489-1:2001 states that records management includes:

Thus, the practice of records management may involve:

Records management principles and automated records management systems aid in the capture, classification, and ongoing management of records throughout their lifecycle. Such a system may be paper based (such as index cards as used in a library), or may be a computer system, such as an electronic records management application.

Defensible solutions[edit]

A defensible solution is one that can be supported with clearly documented policies, processes and procedures that drive how and why work is performed, as well as one that has clearly documented proof of behavior patterns, proving that an organization follows such documented constraints to the best of their ability.[7]

While defensibility applies to all aspects of records life cycle, it is considered most important in the context of records destruction, where it is known as "defensible disposition" or "defensible destruction," and helps an organization explicitly justify and prove things like who destroys records, why they destroy them, how they destroy them, when they destroy them, and where they destroy them.[8]

Records life cycle[edit]

The records life cycle (or records lifecycle) consists of discrete phases covering the life span of a record from its creation to its final disposition. In the creation phase, records growth is expounded by modern electronic systems. Records will continue to be created and captured by the organization at an explosive rate as it conducts the business of the organization. Correspondence regarding a product failure is written for internal leadership, financial statements and reports are generated for public and regulatory scrutiny, the old corporate logo is retired, and a new one – including color scheme and approved corporate font – takes its place in the organization’s history.

Examples of records phases include those for creation of a record, modification of a record, movement of a record through its different states while in existence, and destruction of a record.

Throughout the records life cycle, issues such as security, privacy, disaster recovery, emerging technologies, and mergers are addressed by the RIM professional responsible for organizational RIM programs. RIM professionals are instrumental in controlling and safeguarding the information assets of the entity. They understand how to manage the creation, access, distribution, storage, and disposition of records and information in an efficient and cost-effective manner using RIM methodology, principles, and best practices in compliance with records and information laws and regulations.

Records classification[edit]

Records managers use classification or categorization of record types as a means of working with records. Such classifications assist in functions such as creation, organization, storage, retrieval, movement, and destruction of records.

At the highest level of classification are physical versus electronic records.

Physical records are those records, such as paper, that can be touched and which take up physical space.

Electronic records, also often referred to as digital records, are those records that are generated with and used by information technology devices.

Classification of records is achieved through the design, maintenance, and application of taxonomies, which allow records managers to perform functions such as the categorization, tagging, segmenting, or grouping of records according to various traits.[9][10]

Enterprise records[edit]

Enterprise records represent those records that are common to most enterprises, regardless of their function, purpose, or sector. Such records often revolve around the day-to-day operations of an enterprise and cover areas such as but not limited litigation, employee management, consultant or contractor management, customer engagements, purchases, sales, and contracts.

The types of enterprises that generate and work with such records include but are not limited to for-profit companies, non-profit companies, and government agencies.

Industry records[edit]

Industry records represent those records that are common and apply only to a specific industry or set of industries. Examples include but are not limited to medical industry specific records (e.g. HIPAA), pharmaceutical industry specific records, and food industry specific records.

Legal hold records[edit]

Legal hold records are those records that are mandated, usually by legal counsel or compliance personnel, to be held for a period of time, either by a government or by an enterprise, and for the purposes of addressing potential issues associated with compliance audits and litigation. Such records are assigned Legal Hold traits that are in addition to classifications which are as a result of enterprise or industry classifications.

Legal hold data traits may include but are not limited to things such as legal hold flags (e.g. Legal Hold = True or False), the organization driving the legal hold, descriptions of why records must be legally held, what period of time records must be held for, and the hold location.

Managing physical records[edit]

Managing physical records involves different disciplines or capabilities and may draw on a variety of forms of expertise.

Records must be identified and authenticated. This is usually a matter of filing and retrieval; in some circumstances, more careful handling is required.

Identifying records
If an item is presented as a legal record, it needs to be authenticated. Forensic experts may need to examine a document or artifact to determine that it is not a forgery, and that any damage, alteration, or missing content is documented. In extreme cases, items may be subjected to a microscope, x-ray, radiocarbon dating or chemical analysis. This level of authentication is rare, but requires that special care be taken in the creation and retention of the records of an organization.
Storing records
Records must be stored in such a way that they are accessible and safeguarded against environmental damage. A typical paper document may be stored in a filing cabinet in an office. However, some organisations employ file rooms with specialized environmental controls including temperature and humidity. Vital records may need to be stored in a disaster-resistant safe or vault to protect against fire, flood, earthquakes and conflict. In extreme cases, the item may require both disaster-proofing and public access, such as the original, signed US Constitution. Civil engineers may need to be consulted to determine that the file room can effectively withstand the weight of shelves and file cabinets filled with paper; historically, some military vessels were designed to take into account the weight of their operating procedures on paper as part of their ballast equation[citation needed] (modern record-keeping technologies have transferred much of that information to electronic storage). In addition to on-site storage of records, many organizations operate their own off-site records centers or contract with commercial records centres.
Retrieval of records
In addition to being able to store records, enterprises must also establish the proper capabilities for retrieval of records, in the event they are needed for a purpose such as an audit or litigation, or for the case of destruction. Record retrieval capabilities become complex when dealing with electronic records, especially when they have not been adequately tagged or classified for discovery.
Circulating records
Tracking the record while it is away from the normal storage area is referred to as circulation. Often this is handled by simple written recording procedures. However, many modern records environments use a computerized system involving bar code scanners, or radio-frequency identification technology (RFID) to track movement of the records. These can also be used for periodic auditing to identify unauthorized movement of the record.
Disposal of records
Disposal of records does not always mean destruction. It can also include transfer to a historical archive, museum, or private individual. Destruction of records ought to be authorized by law, statute, regulation, or operating procedure, and the records should be disposed of with care to avoid inadvertent disclosure of information. The process needs to be well-documented, starting with a records retention schedule and policies and procedures that have been approved at the highest level. An inventory of the records disposed of should be maintained, including certification that they have been destroyed. Records should never simply be discarded as refuse. Most organizations use processes including pulverization, paper shredding or incineration.

Commercially available products can manage records through all processes active, inactive, archival, retention scheduling and disposal. Some also utilize RFID technology for the tracking of the physical file.

Managing electronic records[edit]

The general principles of records management apply to records in any format. Digital records (almost always referred to as electronic records), however, raise specific issues. It is more difficult to ensure that the content, context and structure of records is preserved and protected when the records do not have a physical existence. This has important implications for the authenticity, reliability, and trustworthiness of records.

Much research is being conducted on the management of electronic records. The International Research on Permanent Authentic Records in Electronic Systems (InterPARES) Project is one example of such an initiative. Based at the School of Library, Archival and Information Studies at the University of British Columbia, in Vancouver, British Columbia, Canada, the InterPARES Project is a collaborative project between researchers all across the world committed to developing theories and methodologies to ensure the reliability, accuracy, and authenticity of electronic records.

Functional requirements for computer systems to manage electronic records have been produced by the US Department of Defense,[6] the The United Kingdom's National Archives (also known as the National Archives of England & Wales) and the European Commission,[11] whose MoReq (Model Requirements for the Management of Electronic Records) specification has been translated into at least twelve languages funded by the European Commission.

Particular concerns exist about the ability to access and read electronic records over time, since the rapid pace of change in technology can make the software used to create the records obsolete, leaving the records unreadable. A considerable amount of research is being undertaken to address this, under the heading of digital preservation. The Public Record Office Victoria (PROV) located in Melbourne, Australia published the Victorian Electronic Records Strategy (VERS) which includes a standard for the preservation, long-term storage and access to permanent electronic records. The VERS standard has been adopted by all Victorian Government departments. A digital archive has been established by PROV to enable the general public to access permanent records. Archives New Zealand is also setting up a digital archive.

Electronic tax records

Electronic Tax Records are computer-based/non-paper versions of records required by tax agencies like the Internal Revenue Service. There is substantial confusion about what constitutes acceptable digital records for the IRS, as the concept is relatively new. The subject is discussed in Publication 583 and Bulletin 1997-13, but not in specific detail.

Businesses and individuals wishing to convert their paper records into scanned copies may be at risk if they do so. For example, it is unclear if an IRS auditor would accept a JPEG, PNG, or PDF format scanned copy of a purchase receipt for a deducted expense item.

Current issues in records management[edit]

Government compliance and legal issues

As of 2005, records management has increased interest among corporations due to new compliance regulations and statutes. While government, legal, and healthcare entities have a strong historical records management discipline, general record-keeping of corporate records has been poorly standardized and implemented. In addition, scandals such as the Enron/Andersen scandal, and more recently records-related mishaps at Morgan Stanley, have renewed interest in corporate records compliance, retention period requirements, litigation preparedness, and related issues. Statutes such as the US Sarbanes-Oxley Act have created new concerns among corporate "compliance officers" that result in more standardization of records management practices within an organization. Most of the 1990s has seen discussions between records managers and IT managers, and the emphasis has expanded to include the legal aspects, as it is now focused on compliance and risk.

Security

Privacy, data protection, and identity theft have become issues of interest for records managers. The role of the records manager to aid in the protection of an organization's records has often grown to include attention to these concerns. The need to ensure that certain information about individuals is not retained has brought greater focus to records retention schedules and records destruction.

Adoption and implementation

The most significant issue is implementing the required changes to individual and corporate culture to derive the benefits to internal and external stakeholders. Records management is often seen as an unnecessary or low priority administrative task that can be performed at the lowest levels within an organization. Publicised events have demonstrated that records management is in fact the responsibility of all individuals within an organization and the corporate entity.

An issue that has been very controversial among records managers has been the uncritical adoption of Electronic document and records management systems (EDRMS). One well known RM thinker, Steve Bailey, has stated:

"As far as the average user is concerned, the EDRMS is something they didn’t want, don’t like and can’t use. As such, its no wonder that so few users accept them – as one person once said to me “making me use an EDRMS is like asking a plasterer to use a hammer!""
"And now, finally, it is time to turn our eyes to the records management profession itself. In my opinion, we have come within a whisker of allowing our blind obsession with EDRMS to turn us into an intellectually-sterile, vendor-led profession. For the best part of a decade we have allowed others to do the thinking for us and have come to rely on EDRMS as our intellectual-crutch. But make no mistake about it, the blame for this rests squarely with us. Like children following the Pied Piper, we allowed ourselves to be so enchanted by the tune being played that we were led, without question or debate, wherever the technology took us." ( RMS Debate: The case against EDRMS Has EDRMS been a success? The case for the prosecution, RMS Conference, Edinburgh 22 April 2007)
Impact of internet and social media

Another issue of great interest to records managers is the impact of the internet and related social media, such as wikis, blogs, forums, and companies such as Facebook and Twitter, on traditional records management practices, principles, and concepts, since many of these tools allow rapid creation and dissemination of records and, often, even in anonymous form.

Records life cycle management

A difficult challenge for many enterprises is tied to the tracking of records through their entire information life cycle so that it's clear, at all times, where a record exists or if it still exists at all. The tracking of records through their life cycles allows records management staff to understand when and how to apply records related rules, such as rules for legal hold or destruction.

Conversion of paper records to electronic form

As the world becomes more digital in nature, an ever growing issue for the records management community is the conversion of existing or incoming paper records to electronic form. Such conversions are most often performed with the intent to save storage costs, storage space, and in hopes of reducing records retrieval time.

Tools such as document scanners, optical character recognition software, and electronic document management systems are used to facilitate such conversions.

Education and certification[edit]

Many colleges and universities offer degree programs in library and information sciences which cover records management. Furthermore, there are professional organizations such as the Records and Information Management Professionals Australasia (RIMPA) and the Institute of Certified Records Managers which provides a separate, non-degreed, professional certification for practitioners, the Certified Records Manager designation or CRM. Additional educational opportunities in the form of a certificate program are also available from AIIM International, ARMA, and from the Records Management Society in Great Britain and Ireland. Education and training courses and workshops on scientific and technical records full life-cycle management and the Quality Electronic Records Practices Standards (Q-ERPS) are available from the Collaborative Electronic Notebook Systems Association (CENSA).

The University of South Australia offers a Graduate Certificate, a graduate diploma, and an MSc in Business Information Management and Library and Information Management with a specialist stream in records management. The Australian National University offer a six-week e-learning course worldwide, in Electronic Document and Records Management.[12] In addition, Columbia University offers its Masters of Science in Information & Digital Resource Management (IDRM).

A recent addition to records management education in the United States is the MARA - Master of Archives and Records Management [1] degree program, offered by the San Jose State University School of Library and Information Science. Another is the Archives and Records Management specialization offered by the University of Michigan School of Information as part of their MSI (Masters of Science in Information) degree. Wayne State University in Detroit offers an on-line Records and Information Management graduate level certification program. [2]

Schools in Canada also provide specialized education opportunities in records management. The Faculty of Information at the University of Toronto allows students in the Master of Information program to concentrate their studies in Archives and Records Management. The School of Information Studies at McGill University also includes an Archival Management stream that is enriched in records management coursework. The University of British Columbia offers a Masters of Archival Studies including a concentration in Records Management.

Electronic records management systems[edit]

An Electronic Document and Records Management System (EDRM) is a computer program (or set of programs) used to track and store records. The term is distinguished from imaging and document management systems that specialize in paper capture and document management respectively. ERM systems commonly provide specialized security and auditing functionality tailored to the needs of records managers.

The National Archives and Records Administration (NARA) has endorsed the U.S. Department of Defense standard 5015.2 as an "adequate and appropriate basis for addressing the basic challenges of managing records in the automated environment that increasingly characterizes the creation and use of records."[13] Records Management Vendors can be certified as compliant with the DoD 5015.2-STD after verification from the Joint Interoperability Test Command which builds test case procedures, writes detailed and summary final reports on 5015.2-certified products, and performs on-site inspection of software.[14]

The National Archives in the UK has published two sets of functional requirements to promote the development of the electronic records management software market (1999 and 2002).[15] It ran a program to evaluate products against the 2002 requirements. While these requirements were initially formulated in collaboration with central government, they have been taken up with enthusiasm by many parts of the wider public sector in the UK and in other parts of the world. The testing program has now closed; The National Archives is no longer accepting applications for testing. The National Archives 2002 requirements remain current.

The European Commission has published "MoReq", the Model Requirements for Electronic Records and Document Management in 2001.[16] Although not a formal standard, it is widely regarded and referred to as a standard.[17][18][19][20][21] This was funded by the Commission’s IDA program, and was developed at the instigation of the DLM Forum. A major update of MoReq, known as MoReq2, was published in February 2008.[22] This too was initiated by the DLM Forum and funded by the European Commission, on this occasion by its IDABC program (the successor to IDA).[23] A software testing framework and an XML schema accompany MoReq2; a software compliance testing regime was agreed at the DLM Forum conference in Toulouse in December 2008.

The National Archives of Australia (NAA) published the Functional Specifications for Electronic Records Management Systems Software (ERMS), and the associated Guidelines for Implementing the Functional Specifications for Electronic Records Management Systems Software, as exposure drafts in February 2006.[24]

Archives New Zealand published a 'discretionary best practice' Electronic Recordkeeping Systems Standard (Standard 5) in June 2005, issued under the authority of Section 27 of the Public Records Act 2005.[25]

Commercial records centers[edit]

Commercial records centers are facilities which provide services for the storage for paper records for organizations. In some cases, they also offer storage for records maintained in electronic formats. Commercial records centers provide high density storage for paper records and some offer climate controlled storage for sensitive non-paper and critical (vital) paper media. There is a trade organization for commercial records centers (for example, PRISM International), however, not all service providers are members.

See also[edit]

References[edit]

  1. ^ ARMA International. "Glossary of Records and Information Management Terms, 3rd Edition". ARMA International. 
  2. ^ Anthony Tarantino (2008-02-25). Governance, Risk, and Compliance Handbook. ISBN 978-0-470-09589-8. 
  3. ^ International Foundation for Information Technology, The (2010). "Definition of Record". International Foundation for Information Technology, The. Retrieved September 2013. 
  4. ^ ARMA International. "Glossary of Records and Information Management Terms, 3rd Edition". ARMA International. Retrieved September 2013. 
  5. ^ a b c International Organization for Standardization - ISO (2001). "ISO 15489-1:2001 - Information and Documentation - Records Management - Part 1: General". International Organization for Standardization - ISO. 
  6. ^ a b Assistant Secretary of Defence for Networks and Information Integration, Department of Defence Chief Information Officer (April 25, 2007). "United States Department of Defense Standard 5015.02 (DoD Std 5012.02), Electronic Records Management Software Applications Design Criteria Standard". United States Department of Defense - US DOD. 
  7. ^ Hale, Judith (December 2011). Performance-Based Certification: How to Design a Valid, Defensible, Cost-Effective Program. John Wiley & Sons, Inc. ISBN 978-1-118-02724-0. 
  8. ^ Hulme, Tony (June 2012). "Information Governance: Sharing the IBM approach". Business Information Review (Sage Journals) (vol. 29 no. 2): 99–104. doi:10.1177/0266382112449221. 
  9. ^ "Taxonomy of Record Types". The International Foundation for Information Technology. 2012. 
  10. ^ Jeremy C. Maxwell, Annie I. Antón, Peter Swire, Maria Riaz, Christopher M. McCraw (June 2012). A legal cross-references taxonomy for reasoning about compliance requirements (Volume 17, Issue 2). Springer Link. pp. 99–115. 
  11. ^ European Commission. MoReq2010, modular requirements for records systems, Core services & plug-in modules, version 1.1, Volume 1. European Commission date=2011. doi:10.2792/2045. ISBN 978-92-79-18519-9. 
  12. ^ COMP7420: Electronic Document and Records Management, Tom Worthington, Australian National University, from February 2011
  13. ^ http://www.archives.gov/records_management/policy_and_guidance/automated_recordkeeping_requirements.html
  14. ^ http://jitc.fhu.disa.mil/recmgt/register.html
  15. ^ http://www.nationalarchives.gov.uk/electronicrecords/function.htm
  16. ^ http://ec.europa.eu/idabc/en/document/2303/5644
  17. ^ http://findarticles.com/p/articles/mi_qa3937/is_200303/ai_n9184315/pg_5?tag=artBody;col1
  18. ^ http://www.eneclann.ie/Records_Management/legislation_standards.html
  19. ^ The Hidden Hand of the Malvine Project
  20. ^ Negotiating the RM standards maze
  21. ^ http://inventarisoss.smals.be/fr/71-RCH.html
  22. ^ http://www.moreq2.eu
  23. ^ http://ec.europa.eu/idabc/en/chapter/3
  24. ^ National Archives of Australia. "Electronic document and records management system (EDRMS)". National Archives of Australia. 
  25. ^ Public Records Act 2005

External links[edit]