By Susan Goodman CIP, IGP, CRM, CIPP posted 04-16-2013 16:44


Another terrific annual AIIM conference has just concluded. I had the privilege of presenting a session with Rob Howley to a packed audience on Records Management in the Cloud, heard many engaging presentations and spoke with colleagues and vendors of products. Here are some of my thoughts:

There is obvious consensus that to effectively manage a firm’s information, a very broad-based approach must be taken. Information governance must include all media, all repositories/locations, all types of data, etc. I have always advocated and practiced a very comprehensive approach toward records and information management (RIM) that includes the governance of all data and information in the organization. 

Data under management essentially includes it all - ranging from long-term critical digital assets to ephemeral/transitory data that should be disposed after only a brief period (or not retained at all – such as text messages for many organizations). The whole spectrum of data is potentially discoverable, it all costs (potentially enormous sums) of money to manage and value can only be derived (ROI of information assets) if people know that the information exists, is accessible to them and is in usable form (e.g., in reusable formats for secondary purposes when needed).

Structured (e.g., content in databases) and unstructured data (e.g., MS office documents; text messages) are in scope in the electronic records world. Not all data has equal value – but all data must be evaluated for its value (or lack thereof) and retained, disposed and/or protected according to that assessment.

Information Governance is fast emerging as the best term to use to describe this and the word “data” is being used more and more interchangeable with the word records.

Key components and tenets of information life-cycle management apply to information governance/electronic records management. All of these remain important in the information governance arena. (I’m going to use data, information and records interchangeably here):   

1. Creation or collection of needed data (content, structure, context) in needed formats. This includes system and records specific metadata (see guidance/defacto standards like MoReq and Dod5015.2 and other sources for examples of electronic records metadata).

2. Retention of information in a manner that ensures “trustworthy” records and record-keeping systems. Ensuring trustworthiness is the ONLY way that an organization can to truly become “electronic” or “digital” – because it needs to ensure that its electronic records/data will be acceptable to regulators and admissible in court.

UETA and the E-Signature Act in the US have established the equivalency of electronic records and signatures and physical records and “wet” signatures if the electronic records are reliable and there is no other law requiring a different format. Requirements for trustworthiness can be found in ISO15489, Rules of Evidence, etc. and relate to requirements such as access controls/protection, unalterablity, integrity, authenticity, etc.  

3.  Efficient retrieval/usability. Retrieval includes, but is not limited to the use of metadata (information about information), key words, crawler technology in a manner that will enable quick retrieval of needed information (with a minimum of "false hits.". A system is only valuable if intended users are able to perform intended activities in a manner that is relatively easy to use. 

4. Distribution and use of information in a manner that complies with all (sometimes competing) requirements for that data/information. For example, marketing and privacy requirements are sometimes competing priorities in firms that must both be satisfied.  

5. Retention of records/data for necessary time periods to satisfy legal/regulatory requirements and considerations and business needs (documented in retention schedules/policies)

6. Placement, management and release of legal holds (i.e., ability to place legal holds, suspending disposition when data is needed for litigation; to broaden or narrow the scope of the legal hold; release legal holds by matter, in a manner that allows records/data to re-enter the disposition stream)

7. Defensible/responsible data disposition when retention periods are met and the records are not needed for litigation or other legitmate "holds," in a manner that obliterates the data. Firms today have a significant (and growing) need to dispose of huge volumes of data that are not needed (including “junk,” duplicates, etc). This is because it is expensive to manage that data and search through it/potentially produce it during litigation) – as aptly stated by John Mancini, AIIM Executive Director.

8. Protection of long term data (e.g., records that are archival due to their evidentiary and/or historical value) that are needed for the life of the corporation – often requiring migration to new platforms; ensuring that media does not become obsolete, etc.

9. Application of all requirements for appropriately managing and protecting information as dictated by the following requirements/considerations: Privacy, Cross-Border/In-Country global requirements, Information/Data Security, Back-up/replication for business continuity purposes, contracts (e.g., to retain specific data on a separate server), etc. 

Additionally, the following infrastructure elements, among others, are needed for broad-scoped Information Governance:   

  • Dedicated staff and sufficient budget
  • Charter and Governance structure (e.g. RIM Advisory Committees, Information Governance Oversight Committee, or equivalent with key stakeholders – Legal, Compliance, Information Technology (IT), Risk, Finance, Privacy, Quality, Business Representatives, etc.
  • Records Retention Schedule – covering all documented information content, described in "functional" buckets
  • Data mapping - identifying content in specific systems/repositories and mapping to retention schedule
  • Business unit management level and administrative support level liaisons
  • Policies, standards and procedures based on legal and business requirements, standards, industry best practices, etc.
  • Enabling tools (e.g., ECM, DM, ERM software)
  • Reporting, Monitoring and Audit

The information governance field is multi-disciplinary, requiring the involvement of and collaboration with a broad range of internal (and, as applicable, external) stakeholders. Buy-in of key internal stakeholders (e.g., senior management) – as we always say – is critical.

All of the components above – and several additional ones - continue to be critical aspects of Records and Information Management (including Electronic Records Management), Information Governance, Information Life-Cycle Management and Data Management. The term “Information Governance” - does seem to be the high-level umbrella term that captures it all.       


#electronic records management #datamanagement #information governance #informationlife-cyclemanagement #electronicrecords #InformationGovernance #governance #ElectronicRecordsManagement
1 comment



05-13-2013 16:53

And you gave me some additional points for my ongoing "We need to Govern Information" discussions. Thanks for helping clarify my thoughts.