It is a common misconception that the advent of electronic records management means we have left the world of paper files behind. Unfortunately, that is not the case; there are still plenty of examples of organizations out there dealing with significant volumes of physical files and shipping their paper records off to records storage facilities. Often, even information that is born digital is not managed digitally. Although these organizations are often adopting new technologies in other areas, they have lagged in acquiring solutions to support some of their most basic business activities. With a mix of paper and digital records, organizations are unable to answer basic questions, such as, is the paper or digital copy the official record? Which is the most up to date?
Implementing an electronic records management program can help you get control over your enterprise records. Here are the key things to know to get started.
What is the purpose of records management?
Records management means the management of information that is important enough to an organization to be worth ongoing maintenance. The definition of “record” includes any information that provides evidence, has historical value or delivers has any other business benefits.
The goal is ensuring that records are available when needed. More than applying systematic controls, records management needs to provide data protection, auditing, and in the case of electronic records, disaster recovery. Organizations also need to know the date of the records destruction. If an organization tells a court that a record is gone, it’s not because they just cannot find it.
It is important to remember that the meaning of records management includes all information. Online system stores data from electronic forms in a database table, the completed form, with all its instructions, will be a record. Even social media posts to Facebook, Twitter or Instagram created by the marketing team might be records. You need to look beyond documents.
What is records and information management?
Records and information management (RIM) is a collective term for systems that manage information (primarily documents, from the time they are created through their final disposition. RIM evolved from traditional records management and incorporates the holistic patterns of information management. RIM manages and protects enterprise information through the entire records life cycle.
In many organizations, a RIM program may be managing distinct information management and electronic records management systems. However, the information being managed provides business benefits for employees and must be managed as record. Why the difference in management systems?
The answer lies in the proliferation of productivity tools and the experience these tools provide. From the nearly ubiquitous SharePoint and Office 365 to more task-focused contract management systems, information management systems supporting critical business activities that are the priority for organizations. This makes a fully functional RIM solution critical, even if organizations implement the retention functionality in a later phase.
What is the records lifecycle?
The records lifecycle is the journey all documents and information pass through from creation to destruction. Information governance focuses on the strategy of managing information through this full cycle, providing business benefits while reducing your organization’s risk profile.
- Creation: All records begin as an idea, agreement or activity that leads to the capture of information into a document or other information container.
- Collaboration: This is the active phase for the information where the organization’s mission is actively supported.
- Retention: When information reaches the point where it is classified as a record, the document is placed under systematic control. Ideally the record is placed under the control of a RIM system.
- Disposition: This is the end of a record’s life. At this point, it has reached the end of its defined retention schedule (e.g., 5 years). The record now either enters the final phase or undergoes formal records destruction.
- Preservation: This is for essential records that need to be retained for long periods of time, such as documents with critical operational importance or historical value. Preservation often involves offline storage in redundant, secure locations.
Keep in mind that the records lifecycle is flexible and varies from organization to organization. It also differs based upon the type of record. A contract might be a vital record from its inception and kept for seven years before destruction. A briefing for the board of directors might have no value as a record until the final version is approved, at which point the briefing is retained for five years before being moved into long-term digital preservation due to its historical value.
What is a registry in records management?
“Registry” is the traditional name for the members of the group responsible for records management in an organization. Also known as a “records office,” the registry was composed of records managers. All vital records were sent to the group to be registered as records. Remember when people had to fill out forms in triplicate? One copy was for the customer, one was for the business unit, and the third copy was for the registry. The registry’s responsibility included data protection, as they had to keep these paper files in a secure location for the defined period of time. Keeping copies of files in a specific location was an effective data security and management strategy back when the world of data consisted of physical files.
With the development of electronic systems, the concept of a records registry has dissipated. Each business unit, for good or ill, either hired their own records managers or ignored the records requirement. The equivalent in today’s digital world is the centralized control of records through federated records management systems. This centralized “registry” applies records policies directly to native repositories, allowing for the necessary level of institutional control.
Who is responsible for records management?
The actual leadership varies based upon which group is driving the records requirement. Often the General Counsel takes ownership, since they focus on organizational risk. IT sometimes takes responsibility, but that is a poor choice, because the management services will be technically correct but get in the way people doing their jobs.
The best approach is to establish an information governance program consisting of the business, IT and legal representatives: Business lays out what information they need and when. Legal outlines the constraints necessary to mitigate risk and guided by laws your organization is subject to. IT then works with both groups to find the right tools to provide the needed business value while keeping risk down to an acceptable level.
Ultimately, determining who is responsible is a question that your organization must decide based upon your industry and organizational culture.
There is a lot to learn when you start working in the world of records management. When done right, it is not just a records management project; it is an information governance program.
The first step is to get the proper management resources in place to provide direction. Then, identify records and determine your current document management workflows. Work to mitigate risks but don’t get in the way of critical business activities; otherwise, you will quickly make people wary and you won’t get the needed cooperation as you work to get all records under control.
Remember, only records that are accessible to the business provide value. Records management programs that deliver value get funded.