Special Report – IT’s Critical Partnership with Records Management

Laying the Groundwork for the RIM/IT Partnership

While it is easy to identify areas in which RIM and IT have common purpose and common goals, it is often much more difficult to ensure that the partnership is effective. The following activities will facilitate a true collaborative relationship.

Establish a shared language – One area of difficulty is the language we use to describe what we do. The words may be the same, but point to entirely different meanings. For example, in RIM, the word record is defined as “Recorded information, regardless of medium or characteristics, made or received by an organization that is evidence of its operations, and has value requiring its retention for a specific period of time.” But, for the IT professional, a record refers to a “complete set of information” and is generally composed of fields of information.

Similarly, the word “archive” has distinct meanings for each profession. For RIM, the term refers to documents created or received by a person or organization and preserved because of their continuing value, often also referred to as historical value. For the IT professional, it is much more common to think of archive as a process of compressing and copying files to a long-term storage medium.

Take time to make sure that everyone on the RIM/IT team has the same understanding of terms that are being used in their work together. Does everyone understand what a backup is and what it is used for? Does everyone understand the difference between backups and long-term retention? Does everyone understand information lifecycle management and how it might differ from the records lifecycle?

Understand the goals of electronic records management – RIM’s primary responsibility is to ensure that a system which captures and receives records can also preserve required record characteristics. This is particularly important since the vast majority of records are now “born digital” or converted into electronic formats.

Ensure electronic records meet tests of evidenceISO 15489-1, Information and Documentation – Records management – Part 1: General outlines four tests that must be met for a record to meet the test of evidence. Those characteristics are:

  • Authenticity – A record must be what it purports to be.

  • Reliability – a records must be a full and accurate representation of the transactions, activities, or facts to which it attests.

  • Integrity – a record must be complete and unaltered.

  • Usability – a record must be able to be located, retrieved, presented, and interpreted.

Other international and national level standards address various elements of ensuring the tests of evidence can be met through the capture and retention of metadata, controlled processes for records conversion and migration, and the integration of various technologies (e.g., electronic document management systems, electronic records management systems, cloud computing, SaaS, etc.)

Capture metadata specific to records management actions – RIM-related metadata aids in the implementation of the organization’s information processing activities and records management policies. Proper recordkeeping metadata ensures that records are retrievable, are properly handled throughout the records lifecycle, and assists in maintaining the integrity and authenticity of records.

Ensure accessibility of records throughout the lifecycle – ISO 15489-1 makes clear that accessibility to records must be assured throughout the lifecycle of the record. The standard does not preclude organizations from transferring records to nearline or offline storage, but it does require that the records be retrievable and usable throughout their defined records lifecycle.

It is a joint responsibility of RIM and IT to ensure that the systems in use provide the necessary levels of protection for personal privacy and corporate information. Methods should be implemented to prevent unauthorized access, tampering, or disposal.

Manage disposition of electronic records – Effective recordkeeping programs enforce a records disposition schedule that defines the necessary retention times for various categories of records. Disposition occurs when the pre-determined time period has passed between the creation or capture of a record and the endpoint (date) as specified in the retention schedule. In North America, the term disposition may mean permanent transfer of a record to an historical archive or permanent destruction of the record.

Once the disposition is complete, it is important to create an information audit trail of the disposition actions and the authority on which they are based. The audit trail should include:

  • Method of disposition (e.g., shredding, maceration, degaussing, permanent preservation).

  • Title/name of the file.

  • Records schedule identification or classification code applicable to the file(s).

  • System identifier pointing to the system where the record originated (for audit purposes).

  • Name of individual authorizing the destruction of records.

  • Name of the vendor responsible for records disposition if an outside party is used.

  • Disposition date and destruction date.

Recommendations for RIM/IT Collaboration

By now it is clear that the roles of RIM and IT professionals converge throughout the information lifecycle. Decisions made by these professionals should align with the company’s records management policies as based upon relevant laws, statutes, or regulations. No actions should be taken that would create unnecessary risk to the organization or would negatively impact the content, context, or integrity of the record. But beyond that, what are the key areas for RIM and IT collaboration?

To avoid the prospect of “boiling the ocean” it is important for each organization to assess its unique areas of opportunity and vulnerability to determine the initial focus of the collaborative efforts. But most companies will benefit from first addressing the following areas.

Apply retention and disposition rules to electronic records – As we have seen, the requirements for information governance and compliance apply to all record formats. The organization’s records retention and disposition policy identifies the length of time the organization will maintain its records. Retention periods will vary by type of record and may extend from a few months to many years, or even permanent retention for some types of records. Since email messages often contain record information, the systems in place for managing email must allow the application of the organization’s retention and disposition policy as well.

IT and RIM must work together to develop the strategies and protocols that will ensure the organization’s retention and disposition rules are followed for the vast array of electronic repositories, such as shared servers, transactional databases, data warehouses, ECM systems, document management systems, etc.

Initial discussions between IT and RIM on this topic will likely lead to a need for developing a shared or complementary taxonomy which facilitates retrieval and disposition of records and information. RIM understands the records, the retention and disposition requirements, and how the business units use the information in their conduct of business. IT understands the capabilities and limitations of the systems and storage media in use, as well as the plans and implementation for technology upgrades. Both perspectives must be considered to result in effective records retention and disposition.