I hope the title is not misleading, but to be more specific, this is where the GARP health check up gets it wrong. Line 50 in the health check up states, "records managers responsible for paper records; IT responsible for electronic records." I read this statement and was surprised and wondering if others felt the same way, so I went to twitter and LinkedIn with the question "GARP health checkup states IT should be responsible for electronic records. Agree or disagree and why?" The response from Amy Dondy, Database and Risk Manager from Trucker Huss captured the general sentiment well:
GARP really has this one wrong. IT people rarely have a concept of what constitutes a record. Digital or physical, records should be managed by records professionals. We need to work with IT to have the tools necessary to manage electronic records, but they should never be in charge of their management.
Many responses were along this same line and some even called this statement from GARP an example of a severely outdated mindset and another said that this would be a symptom of an organization in trouble or on the pathway to trouble.
My main issue with the statement and several people mentioned this is that it is not detailed enough. What does "responsible" mean? IT can be responsible for the tools and infrastructure but that does not make them responsible for the records. Richard Jeynes, consultant at Memnet, states it well when he says
Depends what you mean by 'responsible for'. If you mean ownership of the records and the information they contain, then I disagree, because the business asset owner has that role. If you mean ensuring their security, then I agree, once the levels of security and other governance around that have been agreed with the asset owners.
The role of IT is to be a collaborating partner with RIM. RIM needs to be the one to set the policies and IT needs to be the enforcer. Managing electronic records is not a task RIM can do alone and needs IT to share partial responsibility. On the topic of IT's responsibility Sue Darby, BS, MOS, wisely stated
IT should be fully responsible for hardware, backup and software along with data security and even archiving and records retention but the users should be responsible for organizing it in a way that works for their team. IT should also be responsible for providing information on best practices for version control so the data does not get duplicated thus costing more to backup and store.
Carol Rittereiser, CRM, director of Records and Information Management at Pitney Bowes is spot on with the collaboration aspect with her statement, "IT should be responsible only in part for electronic records insofar as to ensure that the data is backed up in accordance with its established rotational cycles and to ensure its functionality, protection, security and privacy. Their primary responsibility is the management of the hardware, software and operation of the "production environment" of the data centers or third party providers. IT should not "own" the information. The electronic data itself should be under the management of the business owner/function and records management/legal to ensure the data complies with the respective enterprise's retention policy as well as any legal holds and extended audit requirements."
IT cannot replace RIM when it comes to managing electronic records. If RIM's expertise is only paper records our future is very brink. A record is a record no matter the format, so the principle for managing it should not be in IT. I believe the issue is summed up really well by Mary Binkholder, CRM/NS, Administration Supervisor at Ameren and Bill McDaniel, CEO of SemantiStar inc.
Mary Binkholder, CRM/NS "I disagree. IT may have the tools, but we (records managers) have the rules. While we work very closely with our IT staff for our records processing and storage, we have to maintain control. IT is generally not as familiar with all of our standards, guidelines, etc.; their focus is ensuring the systems work. For example, we ensure that we have exception reports for electronic transfer and we monitor any "glitches" or errors to make sure all of our records are successfullly transferred. I don't think it is their job description, nor their expertise, to have the records' responsibility." - Binkholder
Bill McDaniel "I agree with Mary. Saying IT should have responsibility for e-records is like saying the facilities management people should have been responsible for them, before computers, because they provided the file cabinets. Understanding what a corporate Record is, what it implies, how it fits in the corporate policy structure, and how it should be managed is a specialized skill. Understanding the technology used to retain and manage records properly and how to deploy that technology to provide for the requirements of IT users is a specialized skill as well. The IT department should SUPPORT the records management department, not BE it. -McDaniel
#electronic records management #GenerallyAcceptedRecordkeepingPrinciples(GARP) #InformationGovernance #InformationgGovernance #ElectronicRecordsManagement