Blogger

If you have not yet heard, AIIM's community is forming an ECM group to help those with ECM initiatives. Think member to member conversations and a library of shared templates. There is a group working to launch the community in January, but it took one member to first suggest forming such a group and that member is Tom Wellman. From our first conversations, Tom was dedicated to not only hatching the idea, but committing the hours needed to make this happen. If you missed the discussion about the idea, definitely watch this quick VIP presentation .  It's AIIM great pleasure to introduce you to Tom Wellman, Records & Information Manager, State Board of Administration (Florida) Where do you live?      Tallahassee, Florida   How many years have you been an AIIM member?     3 Years What led you to information management?    I have always had an interest in information and documents, going back to my teenage years, even though I did not realize it then.  After college, my first job was working for the U.S. State Department in London, working in communications, and that is when my professional interest in information management started.  Later, during graduate ...
0 comments
Originally posted at http://www.e-wavesolutions.com/ Several AIIM Conferences ago, one of the top tier Enterprise Content Management (ECM) vendors made a point of delivering a session based on the premise that no one actually wants to see an ECM platform doing its stuff. What they meant was that clients wanted the benefits without really seeing how the ECM platform works. Like we all like hot dogs but don’t really want to know how they’re made. Note: Earlier this year someone claimed that ECM is dead (it’s not) and is being replaced by Content Services (wrong again, they’re the same thing). So, if you see something called “Content Services Platforms (CSP)” or similar, it’s the same as ECM platforms. In an ideal world, ECM works with your other enterprise and business applications to provide the content in holistic, end-to-end processes and workflows. However, that is rarely the case. Despite the fact that it’s easier than ever to make applications interoperate, most content is still stuck in silos and not available to people and applications that need it. And the content that is available to everyone that needs it is made available by sending copies ...
0 comments
We are in an age of unprecedented digital technology and connectivity. As a result, businesses face an ever-increasing risk of cyber-attacks and security breaches. Just glance at the news to see how frequently such incidents occur. These attacks and breaches can be extremely costly and debilitate a business’s vitality and reputation. One of the most commonly exploited areas of a security system is the password. Attacks on passwords can occur physically on-site or through online brute-force attacks. Consider the following five points to create and maintain a more secure password: Keep it long : The length of a password is much more important than its complexity. A lengthy password takes much longer to crack than a shorter one, even if a short password has complex characters. Experts suggest a   minimum length of between 12 to 15 characters . Avoid single words. It may help to use a phrase or sentence to reach a beneficial length. Add some complexity:   While length is key, adding complexity to your password (such as uppercase letters, numbers, dashes, spaces, and other special characters) will strengthen it. Complexity adds an additional obstacle for would-be hackers. ...
0 comments
Employees from Peacock Foods recently filed a class action suit against their employer. The group claims the company violated the Illinois Biometric Identifier Privacy Act. The employees say the company collected their fingerprints when they clocked in and out of work. They also claim the company didn’t follow the mandates meant to protect this information. This Act requires private entities who collect biometric identifiers, such as iris scans, fingerprints, and even photos to create a written retention schedule. This schedule must be available to the public, specify why this data is collected, and include plans to destroy the records as soon as the retention period ends. Before they collect data, the company must have a written release from an individual. So, how long can the company keep the records? Just long enough to use them for the purpose for which they were collected. This group of employees said Peacock Foods violated all three areas of this act. The employees claim they didn’t know why the company collected their fingerprints. They also assert that they didn’t permit the company to collect and retain their fingerprint records. To add to that, they weren’t ...
0 comments
NISO, the National Information Standards Organization, is excited to let you know that they have been awarded the U.S. Technical Advisory Group (TAG) to Joint Technical Committee (JTC) 1/ SC34, Document description and processing languages.  This committee is responsible for standardization in the field of document structures, languages, and related facilities for the description and processing of compound and hypermedia documents including: Languages for describing document logical structures and their support facilities Languages for describing document-like objects in web environments Document processing architecture and formatting for logical documents Languages for describing interactive documents Multilingual font information interchange and related services Final-form document architecture and page information interchange Hypermedia document structuring language and application resources API’s for document processing.   If you would like to be a member or want to nominate someone to be a member of this TAG, please email me at fanningba@hotmail.com by the end of the day on Friday, November 17. Be sure you have obtained agreement from the ...
0 comments
This month we're excited to introduce you to long time member, Julie Harvey, CIP a Records and Information Management SME at Ricoh USA.  If you missed Julie's VIP Lounge session focused on building an information governance program, definitely catch the  30 minute replay here .  If you're new to AIIM, involved with developing your organization's information governance policies, or studying for your CIP--definitely connect with Julie here.  http://community.aiim.org/network/members/profile?UserKey=2afac599-6d57-4d2a-856b-b29885b6f798    Name    Julie Harvey, CIP, IGP, BPM   Position   RIM Subject Matter Expert for our Legal (Law Firm) Vertical Company Ricoh USA, Inc Where do you live?        San Diego, CA How many years have you been an AIIM member?   15 What led you to information management?       It has been an evolution. My career began in risk management and self-insurance administration. One of my first jobs while still in school was working in the records department of a law firm. Later, I went to work for Insurance Carrier and my role evolved into Operations and IT management. These experiences contributed a great deal to the broad knowledge ...
0 comments
BSI standard PAS 89:2012 (Enterprise content management – Code of practice) defines the process of embarking on an ECM initiative as below. Naturally, this cyclical process makes sense, much like deciding the dish, identifying the recipe, sourcing the ingredients and then preparing the dish. However, over more than a decade of working with ECM initiatives across UAE, Qatar, Bahrain and Oman (effectively the GCC minus Saudi Arabia), the de facto ECM initiative process more or less follows as below. Now this becomes an interesting case of almost buying the ingredients, deciding the dish, creating the recipe and then preparing the dish. While this may enable you to definitely end up having a dish, it may not be the right one as you can only have a dish as per the ingredients and not the one you wish to have. In the case of an ECM initiative, this leads to a misalignment between the requirements and the technologies, leading to either an expensive initiative or a failed one. None of the above is unknown, plenty of material has been written on how to roll out an ECM initiative. This article aims to guide organizations that may have adopted the above approach ...
0 comments
Introduction Headlines about natural disasters provide a stark reminder that we can’t control our environment. However, if we plan for disasters and assess risks, we can help ensure business continuity if disaster strikes. To plan for disaster, analyze the different types of potential disasters and then prepare to mitigate loss. For a Records Manager, this means finding a way to limit interruption to vital records. It also means taking steps to mitigate the disaster’s impact to the Records Program. Vital Records You need vital records for your business to operate. Without them, you can’t continue to conduct business and you can’t determine assets and liabilities. For business to continue, you need to identify vital records and safeguard them from the impacts of disasters. This should be a major component of any disaster plan. You might, for example, keep vital records in a   records management software   and have the data backed up so you don’t lose any records. Mitigating Disaster Types A risk assessment should identify possible disasters, estimate their likelihood, and consider their consequences. This analysis allows you to develop plans as well as strategies ...
0 comments
Records retention is challenging for healthcare entities. The requirements are complex and there is a lack of harmony among state, federal, and accreditation requirements. State and federal regulations identify different documents you must maintain in a patient’s medical record and mandate different retention periods for the medical record. Federal law typically requires the retention of medical records for five years. In contrast, states tend to mandate longer retention periods that average seven to ten years after a patient’s most recent visit. However, there are exceptions, such as Massachusetts, which requires the retention of medical records for at least twenty years. Mississippi is another exception, which requires different retention periods based on the type of patient, but mandates the destruction of certain medical records after twenty-eight years. Nuances in state law may also require specific retention methods or impose additional requirements for certain healthcare entities. For example, Alabama requires hospitals to retain records for five years, but only requires physicians to retain medical records for as long as necessary to treat the patient. Similarly, Minnesota ...
1 comment
To celebrate 30 years in business, Zasio Enterprises, Inc. gifted a scholarship to the San José State University Masters in Archives and Records Administration Program . CEO Kevin Zasio presented the program with a scholarship to support the efforts of graduate students hoping to advance their education in the field. Zasio, a records management and information governance software and consulting company, was founded in San José in 1987. Since the company achieved three decades in the industry, Kevin returned to his roots to gift the scholarship to the community that first supported it. “Because almost every business creates, uses, stores, and disposes of data, and must adhere to evolving laws and regulations, there’s never been a greater need for talented, driven students,” Kevin said. “As more records are stored digitally, information governance expertise is vital for businesses success. It’s an honor to give back to the students at SJSU, who have the potential to give those businesses confidence in records management.” Kevin and his team are passionate about information governance and the fields it encompasses. They believe the world needs more bright minds and innovative ...
0 comments
When paper or electronic records have reached the end of their retention period, how do you appropriately destroy them?  Below is a summary of common records destruction methods. Paper Records Confidential Information Shredding:   Paper is cut into thin vertical strips (straight-cut shredding) or into vertical and horizontal confetti-like pieces (cross-cut shredding). Most non-confidential records can be straight-cut shredded. Cross-cut shredding is more appropriate for sensitive and confidential records. Pulping:   Paper is reduced to fibers (pulp) by being mixed with water and chemicals. The pulp can then, in many cases, be recycled into other paper products. Pulverizing:   Paper is reduced to small, fine particles (such as powder or dust) by methods of crushing, grinding, etc. Incineration:   Paper is burned to ensure complete destruction and non-retrievability of data. While effective, it is not considered the most environmentally-friendly option. Non-confidential Information Recycling:   Suitable for non-confidential records where possible. Paper is reused or reconstituted as other paper products. This method promotes good ...
0 comments
​Good morning; I am looking for some information about figuring out how many Engineering document controllers one would need for a 1.5 Billion dollar project.  I know there is a formula out there I just can't find it so, if anyone knows the formula for figuring our manpower for Document Controllers in a company I would greatly appreciate it.
0 comments
Hopefully you already know Connie as she's been an AIIM Member for the last couple years and an active community member in our discussion boards. She recently shared a Draft Retention Schedule to help others working on their own schedules. A great resource of industry experience, definitely get to know Connie this month; connect with her online here . And if you have a sample retention schedule, she'd love to see how your organization has it set up. Simple and easy? Show us your examples! Name: Connie Prendergast Position: Records Management Clerk Company: Flagstaff County - Alberta, Canada Where do you live in?   Sedgewick, Alberta, Canada How long have you worked in information management?  Almost 40 years.  Of course, it was different back then.  A secretary did everything; I didn’t work for large corporations for most of that time, there were no formal retention procedures. What does your work entail? Do you have company support? How are you helping drive the goals of your office through your work?   My position is brand new to the County.  They did not have a Records Management Clerk prior to purchasing our ERMS (Laserfiche).  That being said, for ...
0 comments
Simply removing direct and indirect personal identifiers isn’t enough to achieve de-identification of a dataset. Data controllers must also analyze the context in which the data is presented, as well as the risk of re-identification. Not only that, but technical methods for performing de-identification are not prescribed by law, but rather are often left to the discretion of the data controller. So how do you limit risk of re-identification and respond quickly with appropriate technical methods of de-identification? This article focuses on the practical challenges of meeting de-identification standards, including both GDPR’s heightened standard for anonymization, as well as meeting more traditional standards tied to the likelihood of re-identification. The full article can be seen at  ACC ‘s (Association of Corporate Counsel) Docket Magazine  here . Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal ...
0 comments
The Office of Inspector General (OIG) has broad authority to exclude a healthcare organization from participating in federal healthcare programs (e.g. Medicare, Medicaid). Although exclusions commonly arise from violations of the False Claims Act and Anti-Kickback Statute, there are many other violations that could lead to a permissive exclusion. For instance, the OIG can request immediate access to inspect and copy certain records, and can exclude a healthcare entity for failure to produce the demanded records. [1] The OIG can demand immediate access to records and data in any medium to ensure compliance with federal healthcare program requirements. You may have to produce records within twenty-four hours from receipt of the OIG request, or sooner if the OIG believes the records are at risk of being altered or destroyed. If you can’t produce the requested records, the OIG can immediately exclude you from participating in federal healthcare programs for at least ninety days. [2] If you cannot produce the records within the time allotted, you can provide a compelling reason for the delay. However, the OIG decides whether a reason for the delay is truly compelling. The regulations ...
0 comments
Anticipating your next technology change   This article, the fourth in a five part series on technology strategy techniques, discusses how to be successful through all kinds of business and technology changes. If you haven’t read the series, find the additional posts here . “It must be considered that there is nothing more difficult to carry out, nor more doubtful of success, nor more dangerous to handle, than to initiate a new order of things.” — Niccolo Machiavelli, “The Prince” I’ve seen this quoted in various settings before. Machiavelli wrote these words in the early 1500s to provide advice—his rant being potentially harmful or immoral—to a new prince attempting to establish rule in the 16th century. Yet today, in the minds of leaders who are driving strategic initiatives across the corporate landscape, these simple words continue to carry cautionary weight. Modern technological change is continuous and when it comes to your ECM platform or any large enterprise system, the preparation, planning, and continuous management through change is key to the health of your systems and team members. In the other articles of this blog series ...
0 comments
Individuals value their privacy. In contrast, businesses value the ability to leverage personal information to deliver quality products and services to meet the needs of their clients. The legal standards that regulate the protection of personal information help bridge the gap between these two opposing interests. This article addresses when to apply de-identification, the legal standards under specific regulations for de-identifying personal information, and the effect meeting such de-identification standards has on the use of the remaining data set. The full article can be seen at  ACC ‘s (Association of Corporate Counsel) Docket Magazine 
0 comments
Standards development is based on several hallmarks such as openness and consensus. Openness means that all individuals can freely express their opinions during meetings and on document approval ballots and that meetings are announced in an open and widely publicized manner. In other words, being transparent. Developing consensus means that unanimity is not the goal but trying to build consensus and using the direction or views of the majority to shape the result is what is needed for consensus. It is also important to understand that in the International standards area, each country that is a member receives one vote no matter how large the country is or how many representatives or subject experts attend meetings. The United States has representation on many standards committees to ensure that the U.S. industry is appropriately represented. For the information management industry, the US is represented by the technical advisory group administrated by the 3D PDF Consortium for content and document management, PDF, file format, information quality and information integrity standards. With regard to records management standards, standards for libraries, or metadata standards the ...
0 comments
I’ll admit it – Cloud is cool. Want to see my vacation pictures? I’ll send you a link. Maybe I want to listen to my CD collection while I’m staying at a hotel – it’s in the Cloud. New server? No problem – check back in 20 minutes. Just about everything related to IT can now be purchased “as a service” – software, platforms, infrastructure, storage, etc. Not only is it convenient, but also elastic. Most discussions about the Cloud center around security and costs, and rightly so, but this one does not. Not so long ago a full and/or poorly-kept records center was a clear sign of trouble. The transition from traditional paper records to imaging and digital storage on shared drives held the promise of tidying up all of that disorganized, inaccessible information into neat, searchable folder hierarchies. In actuality, it often just exacerbated and enhanced the disorganization because it was not governed properly and was even more out-of-sight/out-of-mind than the basement records center. When shared drives filled up and became unmanageable we migrated to SharePoint and content management systems that offered fresh hope for organizations because documents could have metadata and ...
0 comments
Defined ROT stands for Redundant, Obsolete, and/or Trivial information and includes all information NOT being stored for a valid business, legal or common practice purpose. It is duplicative of official records, past its useful life, and/or information that does not meet the standard for an official record. Also, it’s important to remember that ROT consists of both physical and electronic information, including email. Examples of why it is problematic: Storage is expensive. Although it seems like less of a problem to store ROT electronically it can actually be more expensive in the long term than paper. For example, extensive ROT that is being accumulated in an unstructured format has the potential for expensive discovery and legal hold work should a suit commence. It adds useless clutter, reducing accessibility of information by making it more difficult to find documents you need. It is a liability. Keeping information that is no longer useful and that is no longer required by law may create liability risk by preserving evidence that could be deemed adverse. Finally, if ROT contains personally identifiable information (PII), keeping it could ...
0 comments