Blogger

Our Research Team had another eventful year in 2017. We conducted international research for 58 countries, which includes all states and DC for the U.S. and all Australian and Canadian territories/states. This research was performed for Consulting clients and Versatile Retention (VR) software subscribers in a wide range of industries, including financial institutions, manufacturing, and pharmaceuticals. Internationally, we added over 11,000 citations and updated nearly 4,000. Domestically, we added nearly 3,000 citations and updated 2,000. A significant portion were added because of expanding subscription jurisdictions. The EU adoption of the General Data Protection Regulation (GDPR) (Regulation 2016/679) becomes effective later this year, so it’s especially important to stay up-to-date on laws evolving around this Regulation. VR clients can stay current with all the latest changes to recordkeeping and handling laws by running searches in the Research “Advanced mode” tab and selecting “Date Updated” to limit results customizable date ranges. Contact us   today to see how our   records retention solutions   and   consulting services   can help you stay complaint with ...
0 comments
Another day, another personal information data breach. Many companies started looking at their own system’s weaknesses after learning about the recent Uber data breach. No one wants to be the next data breach headline. This kind of news can make people long for the days when   records retention   was simpler and paper-based documents meant data protection wasn’t always part of the daily routine. Some may even wonder whether the benefits of personal data protection outweigh the administrative burden of returning to hard-copy records.   [1] But did you know that low-tech data can be just as easy, if not easier, to breach? How do data protection laws apply to hard-copy records? Cyber-security is on the front-lines of the personal data battle, but it’s just part of the equation. Careless retention of hard-copy records that contain personal information can also result in a data breach. Careless retention can affect both small and large organizations and those with domestic or international connections. Many companies moved from hard-copy records to digital records. Digital records are a more efficient and “greener” system. However, overlooking hard-copy documents can leave companies ...
0 comments
Blockchain & Archivierung - ein Anwendungsbeispiel bei der Metro (Originalbeitrag   http://bit.ly/Metro-Blockchain) Inzwischen gibt es auch in Deutschland die ersten Projekte, bei denen Blockchain-Techniken für die elektronische Archivierung eingesetzt werden. Bei der Metro geht es hier um Massendaten aus Kassen, die dem KassenG unterliegen: http://bit.ly/MetroBlockchain. Naturgemäß geht es eigentlich nicht um "Archivierung" sondern um "Aufbewahrung" entsprechend den Vorschriften von HGB, AO und GoBD. Im Anwendungsfall geht es nicht um Dokument-orientierte Speicherung sondern um strukturierte Datensätze. Bei Massendaten aus Tausenden von Kassen greifen bisherige Archivierungskonzepte nicht. Diese basieren auf einer Indexdatenbank, die auf einzelne Objekte in einem separaten Speicher verweist. Perfomance- wie auch Mengengründe stellen dieses Konzept aber bei Massendaten in Frage. Jeder einzelne Index in der Datenbank hätte z.B. die gleiche Größe wie der aufzubewahrende Datensatz des Kassenbons. Das Eintragen und prüfen der Indexinformation und das Wegschreiben der Archivobjekte ist bei großen strukturierten Datenmengen nicht performant genug. Die Nutzung von WORM-Verfahren im Speicher ...
0 comments
Savan Group is supporting the VA with their CUI implementation! Great opportunity to learn more about the Controlled Unclassified Information (CUI) Program and how agencies are approaching this Information Security Reform effort! Open to all, please join us! Please join the Department of Veterans Affairs (VA) for its Controlled Unclassified Information (CUI) Symposium to learn about the CUI Program, associated implementation efforts, and expected federal impact. The symposium will feature VA CUI subject matter experts, alongside panelists from the National Archives and Records Administration (NARA), the U.S. Department of State (DoS) and the Internal Revenue Service (IRS). Controlled Unclassified Information (CUI) is information that the Government creates or possesses. CUI requires protection under laws, regulations, or Government-wide policies, and it can correspond to any of the following sources: privacy, health, military, information technology (IT), contract, and personnel data. Within VA, the Office of Information and Technology’s (OIT) Department of Quality, Privacy, and Risk (QPR) hosts the Controlled Unclassified Information (CUI) Program, a consolidation ...
0 comments
Generally I am writing in German in this blog of the DACH community, but this topic might be as well of interest to some non-German speakers. The Impact of BREXIT on AIIM Europe AIIM has been active in Europe for quite a long time. The European headquarters are located in Worcester, UK. AIIM Europe is offering their services from the UK. On March 29th, 2019, the United Kingdom will be no longer part of the European Union. In fact, AIIM Europe was always focussing on the UK with its roadshows, courses and other services. Outside UK AIIM had only few benefits and services to offer, largely relying on local partners and some enthusiastic AIIM fans. English as common language facilitator between US and UK restricted activities and acknowledgement of AIIM in the rest of Europe. AIIM Europe was in fact AIIM UK. Now the UK is leaving the European Union and this will reduce the influence of AIIM in Europe even more. There are some operational considerations like: new form of invoices and pricing due to tax laws, change of Terms & Conditions because they are no longer covered by European law but by Bristish law, full implementation of GDPR although UK leavers the European ...
2 comments
Where are our Austin folks? Meet Amy Harrelson--you've probably already seen that name as she's been active in AIIM's community, helping just launch the new ECM community . But now she's on a mission to see if Austin locals are interested in meeting up in person, who's on board? With AIIM18 in San Antonio this year, hoping to find some new energy in this area, and Amy is just the one to lead it. Interested? Connect with Amy online. Let's meet up! Thanks for sharing your story with us Amy! Where do you live?   Austin, TX How long have you worked in information management?  This will be my twentieth year!! What does your work entail?  I oversee the daily workings of the RIM program Do you have company support?   Overall, there is organizational support from the top down. How are you helping drive the goals of your office through your work?   I try to align Records and Information Management best practices with the strategic goals of the organization in order to demonstrate where sharing accurate information with minimal operational impact in a timely manner adds value and efficiency to the overall way we conduct business.   By working with business units within ...
0 comments
Companies trading within the EU must comply with countless regulations every day, including directives specifically relating to VAT and electronic invoicing. The benefits of e-signatures for businesses are   well documented   and we regularly discuss how signing multiple documents with a single click saves significant time, cost and effort, however these benefits are particularly valuable when verifying invoice content.    In this context,   bulk signing   is a powerful capability. It removes the necessity to open and approve numerous documents individually and protects invoices from unauthorised changes – for example, adding an extra zero to an invoice that would be difficult to contest in court.   But what specifically is the VAT Directive? When introduced in 2006, the EU VAT Directive had one main objective – harmonise VAT law within the EU and regulate accounting, accounts payable and account receivable functions within businesses and commerce. Basically, the directive provides clear   guidance   on what must be included in invoices. It specifies what proof is required to allow the deduction of VAT in whichever EU country the transaction has ...
0 comments
If you have not yet heard, AIIM's community is forming an ECM group to help those with ECM initiatives. Think member to member conversations and a library of shared templates. There is a group working to launch the community in January, but it took one member to first suggest forming such a group and that member is Tom Wellman. From our first conversations, Tom was dedicated to not only hatching the idea, but committing the hours needed to make this happen. If you missed the discussion about the idea, definitely watch this quick VIP presentation .  It's AIIM great pleasure to introduce you to Tom Wellman, Records & Information Manager, State Board of Administration (Florida) Where do you live?      Tallahassee, Florida   How many years have you been an AIIM member?     3 Years What led you to information management?    I have always had an interest in information and documents, going back to my teenage years, even though I did not realize it then.  After college, my first job was working for the U.S. State Department in London, working in communications, and that is when my professional interest in information management started.  Later, during graduate ...
0 comments
Originally posted at http://www.e-wavesolutions.com/ Several AIIM Conferences ago, one of the top tier Enterprise Content Management (ECM) vendors made a point of delivering a session based on the premise that no one actually wants to see an ECM platform doing its stuff. What they meant was that clients wanted the benefits without really seeing how the ECM platform works. Like we all like hot dogs but don’t really want to know how they’re made. Note: Earlier this year someone claimed that ECM is dead (it’s not) and is being replaced by Content Services (wrong again, they’re the same thing). So, if you see something called “Content Services Platforms (CSP)” or similar, it’s the same as ECM platforms. In an ideal world, ECM works with your other enterprise and business applications to provide the content in holistic, end-to-end processes and workflows. However, that is rarely the case. Despite the fact that it’s easier than ever to make applications interoperate, most content is still stuck in silos and not available to people and applications that need it. And the content that is available to everyone that needs it is made available by sending copies around ...
0 comments
We are in an age of unprecedented digital technology and connectivity. As a result, businesses face an ever-increasing risk of cyber-attacks and security breaches. Just glance at the news to see how frequently such incidents occur. These attacks and breaches can be extremely costly and debilitate a business’s vitality and reputation. One of the most commonly exploited areas of a security system is the password. Attacks on passwords can occur physically on-site or through online brute-force attacks. Consider the following five points to create and maintain a more secure password: Keep it long : The length of a password is much more important than its complexity. A lengthy password takes much longer to crack than a shorter one, even if a short password has complex characters. Experts suggest a   minimum length of between 12 to 15 characters . Avoid single words. It may help to use a phrase or sentence to reach a beneficial length. Add some complexity:   While length is key, adding complexity to your password (such as uppercase letters, numbers, dashes, spaces, and other special characters) will strengthen it. Complexity adds an additional obstacle for would-be hackers. ...
0 comments
Employees from Peacock Foods recently filed a class action suit against their employer. The group claims the company violated the Illinois Biometric Identifier Privacy Act. The employees say the company collected their fingerprints when they clocked in and out of work. They also claim the company didn’t follow the mandates meant to protect this information. This Act requires private entities who collect biometric identifiers, such as iris scans, fingerprints, and even photos to create a written retention schedule. This schedule must be available to the public, specify why this data is collected, and include plans to destroy the records as soon as the retention period ends. Before they collect data, the company must have a written release from an individual. So, how long can the company keep the records? Just long enough to use them for the purpose for which they were collected. This group of employees said Peacock Foods violated all three areas of this act. The employees claim they didn’t know why the company collected their fingerprints. They also assert that they didn’t permit the company to collect and retain their fingerprint records. To add to that, they weren’t given ...
0 comments
NISO, the National Information Standards Organization, is excited to let you know that they have been awarded the U.S. Technical Advisory Group (TAG) to Joint Technical Committee (JTC) 1/ SC34, Document description and processing languages.  This committee is responsible for standardization in the field of document structures, languages, and related facilities for the description and processing of compound and hypermedia documents including: Languages for describing document logical structures and their support facilities Languages for describing document-like objects in web environments Document processing architecture and formatting for logical documents Languages for describing interactive documents Multilingual font information interchange and related services Final-form document architecture and page information interchange Hypermedia document structuring language and application resources API’s for document processing.   If you would like to be a member or want to nominate someone to be a member of this TAG, please email me at fanningba@hotmail.com by the end of the day on Friday, November 17. Be sure you have obtained agreement from the ...
0 comments
This month we're excited to introduce you to long time member, Julie Harvey, CIP a Records and Information Management SME at Ricoh USA.  If you missed Julie's VIP Lounge session focused on building an information governance program, definitely catch the  30 minute replay here .  If you're new to AIIM, involved with developing your organization's information governance policies, or studying for your CIP--definitely connect with Julie here.  http://community.aiim.org/network/members/profile?UserKey=2afac599-6d57-4d2a-856b-b29885b6f798    Name    Julie Harvey, CIP, IGP, BPM   Position   RIM Subject Matter Expert for our Legal (Law Firm) Vertical Company Ricoh USA, Inc Where do you live?        San Diego, CA How many years have you been an AIIM member?   15 What led you to information management?       It has been an evolution. My career began in risk management and self-insurance administration. One of my first jobs while still in school was working in the records department of a law firm. Later, I went to work for Insurance Carrier and my role evolved into Operations and IT management. These experiences contributed a great deal to the broad knowledge that ...
0 comments
BSI standard PAS 89:2012 (Enterprise content management – Code of practice) defines the process of embarking on an ECM initiative as below. Naturally, this cyclical process makes sense, much like deciding the dish, identifying the recipe, sourcing the ingredients and then preparing the dish. However, over more than a decade of working with ECM initiatives across UAE, Qatar, Bahrain and Oman (effectively the GCC minus Saudi Arabia), the de facto ECM initiative process more or less follows as below. Now this becomes an interesting case of almost buying the ingredients, deciding the dish, creating the recipe and then preparing the dish. While this may enable you to definitely end up having a dish, it may not be the right one as you can only have a dish as per the ingredients and not the one you wish to have. In the case of an ECM initiative, this leads to a misalignment between the requirements and the technologies, leading to either an expensive initiative or a failed one. None of the above is unknown, plenty of material has been written on how to roll out an ECM initiative. This article aims to guide organizations that may have adopted the above approach ...
0 comments
Introduction Headlines about natural disasters provide a stark reminder that we can’t control our environment. However, if we plan for disasters and assess risks, we can help ensure business continuity if disaster strikes. To plan for disaster, analyze the different types of potential disasters and then prepare to mitigate loss. For a Records Manager, this means finding a way to limit interruption to vital records. It also means taking steps to mitigate the disaster’s impact to the Records Program. Vital Records You need vital records for your business to operate. Without them, you can’t continue to conduct business and you can’t determine assets and liabilities. For business to continue, you need to identify vital records and safeguard them from the impacts of disasters. This should be a major component of any disaster plan. You might, for example, keep vital records in a   records management software   and have the data backed up so you don’t lose any records. Mitigating Disaster Types A risk assessment should identify possible disasters, estimate their likelihood, and consider their consequences. This analysis allows you to develop plans as well as strategies ...
0 comments
Records retention is challenging for healthcare entities. The requirements are complex and there is a lack of harmony among state, federal, and accreditation requirements. State and federal regulations identify different documents you must maintain in a patient’s medical record and mandate different retention periods for the medical record. Federal law typically requires the retention of medical records for five years. In contrast, states tend to mandate longer retention periods that average seven to ten years after a patient’s most recent visit. However, there are exceptions, such as Massachusetts, which requires the retention of medical records for at least twenty years. Mississippi is another exception, which requires different retention periods based on the type of patient, but mandates the destruction of certain medical records after twenty-eight years. Nuances in state law may also require specific retention methods or impose additional requirements for certain healthcare entities. For example, Alabama requires hospitals to retain records for five years, but only requires physicians to retain medical records for as long as necessary to treat the patient. Similarly, Minnesota ...
1 comment
To celebrate 30 years in business, Zasio Enterprises, Inc. gifted a scholarship to the San José State University Masters in Archives and Records Administration Program . CEO Kevin Zasio presented the program with a scholarship to support the efforts of graduate students hoping to advance their education in the field. Zasio, a records management and information governance software and consulting company, was founded in San José in 1987. Since the company achieved three decades in the industry, Kevin returned to his roots to gift the scholarship to the community that first supported it. “Because almost every business creates, uses, stores, and disposes of data, and must adhere to evolving laws and regulations, there’s never been a greater need for talented, driven students,” Kevin said. “As more records are stored digitally, information governance expertise is vital for businesses success. It’s an honor to give back to the students at SJSU, who have the potential to give those businesses confidence in records management.” Kevin and his team are passionate about information governance and the fields it encompasses. They believe the world needs more bright minds and innovative ...
0 comments
When paper or electronic records have reached the end of their retention period, how do you appropriately destroy them?  Below is a summary of common records destruction methods. Paper Records Confidential Information Shredding:   Paper is cut into thin vertical strips (straight-cut shredding) or into vertical and horizontal confetti-like pieces (cross-cut shredding). Most non-confidential records can be straight-cut shredded. Cross-cut shredding is more appropriate for sensitive and confidential records. Pulping:   Paper is reduced to fibers (pulp) by being mixed with water and chemicals. The pulp can then, in many cases, be recycled into other paper products. Pulverizing:   Paper is reduced to small, fine particles (such as powder or dust) by methods of crushing, grinding, etc. Incineration:   Paper is burned to ensure complete destruction and non-retrievability of data. While effective, it is not considered the most environmentally-friendly option. Non-confidential Information Recycling:   Suitable for non-confidential records where possible. Paper is reused or reconstituted as other paper products. This method promotes good conservation ...
0 comments
​Good morning; I am looking for some information about figuring out how many Engineering document controllers one would need for a 1.5 Billion dollar project.  I know there is a formula out there I just can't find it so, if anyone knows the formula for figuring our manpower for Document Controllers in a company I would greatly appreciate it.
0 comments
Hopefully you already know Connie as she's been an AIIM Member for the last couple years and an active community member in our discussion boards. She recently shared a Draft Retention Schedule to help others working on their own schedules. A great resource of industry experience, definitely get to know Connie this month; connect with her online here . And if you have a sample retention schedule, she'd love to see how your organization has it set up. Simple and easy? Show us your examples! Name: Connie Prendergast Position: Records Management Clerk Company: Flagstaff County - Alberta, Canada Where do you live in?   Sedgewick, Alberta, Canada How long have you worked in information management?  Almost 40 years.  Of course, it was different back then.  A secretary did everything; I didn’t work for large corporations for most of that time, there were no formal retention procedures. What does your work entail? Do you have company support? How are you helping drive the goals of your office through your work?   My position is brand new to the County.  They did not have a Records Management Clerk prior to purchasing our ERMS (Laserfiche).  That being said, for almost ...
0 comments