Records management and archiving practices have now acquired a new level of visibility and importance within both public and private sectors, and, as a result, most organizations are acknowledging the relevance of comprehensive, high-quality records management solutions. The expectations for a conceptual framework of records management, however, now involve more than just the traditional perception of a having a system in place to effectively manage specific types of physical or electronic documents. The concept of “records management” must now, by necessity, include the creation and implementation of a workable and transparent framework with which to chronicle an organization’s activities (and the subsequent records that support them). In addition, safeguards must be in place to handle the obligations organizations face with regard to retention and disclosure of their records, activities that are facing tighter regulatory and legal scrutiny. Hence, records management as a construct must now encompass both the ability to address the needs for increased organizational efficiency as well as offer richer capabilities for fulfilling legal obligations. Unfortunately, although more organizations are realizing the extent of the responsibilities required in records management policies and their supporting tools, these organizations may be unsure how they can effectively integrate these records management components into an overriding knowledge management infrastructure.
While organizations, large or small, may have some sort of records management solution or policy in place, there isn’t always a sense of urgency in terms of full compliance with, or integration of, this policy or solution. However, new regulations have come about across the globe (such as the Federal Rules of Civil Procedure in the US) that have set many organizations scrambling to make sure they stay up to speed in terms of their records management responsibilities and supporting capabilities. These new regulations have illuminated the need for a variety of components to be in place in order for organizations to be well-positioned to meet the current and future demands of real records management. At the core of these components is the need for robust e-discovery tools, which should operate in tandem with technologies such as effective (electronic) search solutions and stable, long-term storage infrastructures (such as those that rely on XML). In fact, e-discovery and its supporting functionalities serve as the critical pillars upon which true records management can be built. It is only in this foundational context that a practical, compliant, and comprehensive enterprise-wide knowledge management solution can become fully actualized.
The importance of these concepts on a realistic market level should not just be viewed through the somewhat negative prism of risk aversion and legal preparedness, though. Even though the primary motivator for many companies wanting to establish solid records management policies and systems comes from the need to avoid certain risks, the structural and procedural environment created from such an initiative not only creates a strong position with which to accomplish better overall knowledge management across the organization, but it typically provides a variety of additional positive byproducts. These byproducts include more nimble and proactive customer service capabilities, an unencumbered environment for innovation, optimized maneuverability and preparedness in a rapidly shifting competitive marketplace and stronger positioning for long-term profitability.
Knowing the factors that drive solid records management
Records retention always carries with it some type of legal obligation, regardless of the type or size of an organization. The de facto standard for how records-retention requirements should fit together in a comprehensive records management environment are based upon internationally acknowledged frameworks and guidelines that include the National Archives (UK), National Archives of Australia, US Dept of Defense (DoD) 5015.2-STD, PRO-TNA, ISO 15489, MoReq2, and so on. Even though these sorts of standards are highly detailed and most applicable to large, bureaucratic and multi-tiered organizations, they do provide the necessary thematic guidelines for implementation across any size or type of organization, as well as outlining the required legal framework affecting retention obligations. The above standards, as examples, provide a clear structure for organizing file plans and streamlining the records management policies that can fit the needs of most organizations.
Though high-level records management principles are going to be similar across the globe, the type of specific policies a particular organization puts in place will depend heavily on the business sector(s) and geographic regions in which they are active, as well as their own actual levels of commitment (by both management and staff), allocated resources and perceived legal risk. Certainly, many instances still exist in which some organizations think about retention in terms of a very narrow “documentation management” model (i.e. storage focused rather than process focused), which falls short of meeting regulatory or performance expectations. Organizations can even be fully aware of the benefits of good records management but feel that setting up a formal and committed records management structure is a hassle and that the benefits don’t outweigh the costs or effort involved. These types of organizations are the ones that face the most risk, as they are only motivated to move forward when prompted with a reactive stimulus such as a litigation case (for example: the recent Microsoft anti-trust cases).
On the flip side, although regulatory guidelines exist, every organization is different, and even those organizations committed to creating and implementing a sound records management structure may not find the correct solution if they try to match or replicate another organizations records management model. There are basic tenets and principles to good records management—not just in terms of “managing records” but also in terms of creating a positive impact on the organization’s overriding knowledge management goals. This construct does not, however, mean that there is a “one size fits all” solution to every situation. A fixed, static model of “good records management” doesn’t exist; rather, the focal point of good records management is to have the right mix of records-management components in place (see Section 3) so that an organization has the appropriate level of reliability, consistency, and flexibility necessary to anticipate and adapt to changing regulations, business needs, technology, data formats and available resources.
Moving forward with an effectiverecords management strategy
Considering the context outlined in the previous section, any records management solution should at least adhere to the following basic principles:
Create additional flexibility regarding the way records are actually defined within the organization
Support the management of records as they are currently used (a file plan)
Provide a comprehensive and workable strategy for secure and enduring retention of records
Enable the accurate and secure final disposition of records, based on pertinent rules and regulations
Each of these principles will be explained in its own subsection below, along with possible approaches to successfully implementing them.
Creating a flexible definition of records
Every organization should have its own definition of a record, and this definition should be based on the actual business plan and nature of that organization. The bigger and more complicated the organization, the more complicated the records series (i.e. a numeric matrix of the records in an organization), which is the basic framework upon which a file plan is based. Because record series can become rather complicated, actual records should be defined based on content (and usability)— thereby allowing the automation of a retention schedule within each of the records series—as opposed to medium (e.g. e-mail) or document type (e.g. letter). This approach is consistent with that defined by the Department of Defense’s influential standard (DoD 5015.2-STD), which, among other guidelines, supports the notion that all documents, including e-mail, be treated according to the defined records series (and file plan).
An organization can define records as project-based collections of information if all records within that collection pertain exclusively to a particular project and if all records have the exact same lifespan (legal obligations on retention). A more efficient method is to create a multi-tiered file plan for project records (see Section 3.2). Using this approach means that records can be defined at the highest level as belonging to a particular project, at which point they can then be subdivided into “content” categories as the file plan is created. This structure allows for the automation of the retention schedule. Although organizations are free to define their records series and subsequent file plans, these items need to take into account the legal framework and jurisdiction where they operate and legal obligations for retention, privacy and disclosure.
Supporting a workable file plan
Any organization that is ready to implement the most up-to-date records management policies, especially to enhance overall efficiency, must consider the following factors in the context of its operation, priorities, and available resources:
Workable file structures
Classification and metadata
Evaluation and prioritization
Execution of plan
Having a solid file plan in place is critical to being able to organize and enhance the efficiency of back-office operations. As previously stated, file plans are directly related to the complexity of an organization and are based on its business needs. Therefore, for the US Department of Defense, for instance, the intricacy of the file plan is enormous, but there is no other workable alternative for an organization of such size and complexity. Smaller or simpler structures within organizations would require a much simpler and more straightforward file plan.
Creating a comprehensive retention strategy
Structuring records serves another goal, namely the length of time that any organization is required to keep records. Keeping all records forever is counterproductive, as this approach would lead to unmanageable sets of data. Rather, records series and file plans provide a structure to allow for the establishment of a retention schedule leading to final disposition.
After a file plan is defined, the implementation of a retention schedule attached to each record series becomes easier. This situation can be further enhanced by setting it up to provide an automated warning message that is sent to appointed officials. These officials can then affect the final disposition of particular records. Legal obligations apply, depending on the jurisdiction where the organization operates. For instance, in most parts of Europe, financial records need to be legally kept in their entirety for a period of seven years, whereas personnel records may need to be kept for up to 72 years, and so forth. In addition, depending on the policies that are mandated by law, an organization may decide to extend its retention schedule if the records in question constitute “substantial records” (i.e. records that are absolutely necessary for the re-start of operations in the event of a calamity and constitute a small percentage of the overall records of the organization). These records are required for the organization throughout its lifespan and should be kept forever.
After a retention schedule is established, disposition of records can go from permanent archival/inactive status (substantial records) to destruction. Records should strictly follow this retention schedule if an effective records management policy is to be applied.
Retention schedules are complicated, and the only way to effectively apply them is through the use of an automated system, setting alarms and warnings to allow for the implementation of the retention policy. (Realistically, no organization is going to perform these activities in a manual way; for more information, see Figure 1.) Logic holds, then, that a retention policy will not be possible without the presence of a strong records management policy that has clear and transparent file plans and records series.
Retention schedules can and should also be suspended in case of extenuating circumstances. To use the example of a court case, if certain records scheduled to be disposed of fall under disclosure obligations, these records need to be held until further notice. Therefore, the retention schedule should have the proper flexibility to accommodate these requirements, regardless of what type of system is implemented to monitor retention processes.
An efficient file plan will also serve as a numeric representation of the most important metadata attached to each record. For instance, a category in a file plan could be “220.127.116.11” in which each of the numbers represents an element of metadata, with the first number on the left corresponding to the highest or broadest level (e.g. search and disclosure) and then subsequent numbers referring to more specific metadata categories.
Executing the file plan
To see how different variations of data retention policies complement a filing plan, take a look at Figure 1. Theoretically, different options exist for data retention and filing plans to be performed manually and/or automatically. Four strategies are in place, of which three are realistic:
Figure 1 – Data retention and filing plan matrix
Manually executed file plan in which data is stored in non-controlled physical and electronic locations and a reference is made within an electronic (simple) database or EDRMS. This method is easy to implement and execute at low costs, but it only works efficiently in very small, linear organizations
Computer controlled filing plan execution and data stored outside of the RMA system. Here, records are controlled and maintained, but the data is outside of RMA system. This method works well for complex filing plans, and both workflow and automation are guaranteed. This solution is very solid, enabling auditing and working in combination with digital signatures of paper-based sign-off forms.
Computer controlled filing plan execution with data inside repositories that are controlled by the RMA application. This solution is DoD compliant and is the most efficient and effective of all solutions, working well in both large, complex organizations as well as with small/linear ones. Furthermore, this method reduces the chance of human error and provides for transparent and auditable records management policies. Traditionally smaller organizations shy away from such solutions, scared by potential costs. Efficient EDRMS (RMA) solutions are scalable and costs are directly proportional to the size of the application. Consequently, this solution may well be the most cost-effective one available for any organization.
By focusing on two components—a file plan and a final disposition plan—and using those two factors to evaluate the needs of particular business units, an organization can then build up a ‘laundry list’ of the types of records management tools and capabilities they need on an organizational scale. Basing a file plan on content (theme) rather than on medium will also contribute to finding commonalities among the different groups within a specific organization, allowing for an easier implementation of a records management policy. In addition, an efficient file plan should take into account particular nuances that will allow customized implementation per area as required.
#information governance #Records-Management #ElectronicRecordsManagement #e-discovery #FilingPlan #InformationGovernance