ISO/TR 15489-2:2001; Information and documentation -- Records management -- Part 2: Guidelines describes the purpose of its fourth step in its implementation methodology, Step D, as to examine an organization’s existing systems to determine what systems are in place and which ones capture records. Some of these systems will be records repositories, but many of them will be line of business applications which may create records but not manage them effectively.
This technology assessment looks to determine whether records are being captured correctly, and if not, what needs to happen to ensure that they are. It also looks at both the technical and operational performance of those systems to determine whether they are as effective as they could be. Any gaps that are identified are used as part of your business case for the new electronic records management (ERM) system, and added to the system requirements.
The first step in the technology assessment is to identify all of the applications in your organization that could potentially create records. Many of the applications may not, in fact, create or store records, and it’s better to identify them early so there is no question later.
Your organization’s applications can be grouped for consideration into five categories:
Enterprise
Business unit
Departmental
Stand-alone or end-user, and
Specialized applications
Once all the applications have been identified, the next step is to examine their functionality to determine how they interact with the records-related processes.
Some of these applications can be used to create documents or records. Microsoft Word, for example, would certainly fall into this category, as would the email system (for at least some messages) and many of the line of business applications.
Many of them are used to access and retrieve information, and, again, you must examine this in the light of the records program. It could be that there are compliance requirements that must be implemented in the application to ensure that unauthorized users cannot access certain types of information.
Many of them store information, either in their own proprietary repository, a relational database, or using a combination of the file structure and security to mimic a repository. The points to identify include who has access to the file storage area, who can change that access, what users with access can do to the files in the storage area, whether controls can be set up to prevent records from being changed or deleted, and so forth.
Where it is determined that applications create and/or store records, the next step is to perform a gap analysis to identify what changes need to be made. Standards can be used for this task, including: DoD 5015.2 in the U.S., MoReq2 in the European Union, DOMEA in Germany, and the International Council on Archives (ICA) Guidelines (ISO 16175).
For you to manage our electronic records and documents, you need to know what applications and systems exist in your organization that create and store such content.
Tell us about your experience at carryout a technology assessment within your own organization.
What were the benefits you gained by learning of the systems and applications that create and store your records?
#ERM #ElectronicRecordsManagement #ECM