Professional Documents
Culture Documents
Federal Records and Information Management (RIM) Maturity Model
Federal Records and Information Management (RIM) Maturity Model
Federal Records and Information Management (RIM) Maturity Model
Instructions:
1
2
3
4
5
6
7
8
9
10
Instructions:
Statement
(a) Management and leadership incorporate RIM as a strategic element of the agency's/component's business and mission.
(b) RIM program has strategic goals and objectives.
(c) Management places RIM within the part of the agency/component that provides RIM visibility, authority, and sufficient
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
(a) Leadership and management at all levels endorse the RIM program.
(b) Leadership and management consider records and information valuable assets.
(c) Agency/component assigns authority and delegates responsibility to personnel with skill sets that align with assigned RIM
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
Agency/component provides:
(a) Appropriately qualified and trained RIM staff;
(b) Sufficient numbers of dedicated staff to meet agency needs for program implementation;
(c) Funding for continuing eduation for RIM staff; and
(d) Sufficient funding for services, equipment, technology and acquired resources.
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
The extent to which the agency/component:
(a) Has an established method to inform all personnel of their records management responsibilities in law and policy;
(b) Has developed a communications program that promotes awareness; and
(c) Continuously provides up-to-date RIM policy and guidance to all personnel.
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
main 1: Management Support and Organizational Structure
Agency/component management creates a positive foundation that enables and empowers the agency’s/component’s RIM pr
1-1: Strategic Planning
Management and leadership incorporate RIM as a strategic element of the agency's/component's business and mission.
RIM program has strategic goals and objectives.
Management places RIM within the part of the agency/component that provides RIM visibility, authority, and sufficient resources.
(a) More consistent approach developed to align RIM needs with business/mission activities
(b) Some strategic elements established
(c) Leadership understands and supports the need to address RIM as an agency/component
(a) RIM program addressed through a proactive approach to align with business/mission activities
(b) Strategic elements established to support integration with strategic and operational planning/execution
(c) Leadership fully endorses the RIM program and participates in the governance function
(a) RIM is embedded as a core function that is addressed at the strategic level
(b) Fully developed governance framework defines RIM policy, roles, and responsibilities at both a strategic and operational le
(c) RIM is fully integrated with the agency's/component's strategic elements
(d) Leadership engages the RIM program at the strategic level
1-3: Resources
ency/component provides:
Appropriately qualified and trained RIM staff;
Sufficient numbers of dedicated staff to meet agency needs for program implementation;
Funding for continuing eduation for RIM staff; and
Sufficient funding for services, equipment, technology and acquired resources.
1-4: Awareness
e extent to which the agency/component:
Has an established method to inform all personnel of their records management responsibilities in law and policy;
Has developed a communications program that promotes awareness; and
Continuously provides up-to-date RIM policy and guidance to all personnel.
0
0
0
Domain 2: Policy, Standards, and Governance
Statement
(a) Agency/component assigns responsibilty for developing RIM policy, standards, and governance.
(b) RIM policy, standards, and governance are documented in an understandable manner.
(c ) RIM policy, standards, and governance are based upon legislative and statutory regulatory requirements and profession
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
(a) Performance measures and goals are established at the agency/component and program levels.
(b) The agency/component has mechanisms in place to monitor and review compliance with RIM policy, standards, and gov
(c) Compliance is measured and reported (internal audits, reviews, and evaluation).
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
(a) Agency/component identifies and analyzes internal and external risk to agency/component records and information.
(b) Agency/component determines who is best to manage or mitigate the risk and what specific actions should be taken.
(c) Agency/component monitors the implementation of actions to management or mitigate risk.
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
The level to which:
(a) Agency/component has a flexible communications framework for disseminating RIM policies, standards, and governance
(b) Agency/component uses a communications framework to ensure that all staff understand and comply with RIM respons
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
Internal Controls (Internal controls are defined as: control activities or processes that provide a reasonable assurance of the
of operations and compliance with RIM policies and practices such as approvals, authorizations, verifications, reconciliation
that separate personnel with authority to authorize a transaction, process the transaction, and review the transaction.)
The agency/component:
(a) Identifies and develops internal controls; and
(b) Uses internal controls to ensure compliance with RIM policies, standards, and governance.
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
main 2: Policy, Standards, and Governance
The RIM program has a governance framework, articulated policy, and clear standards.
2-1: Policy, Standards, and Governance Framework
Agency/component assigns responsibilty for developing RIM policy, standards, and governance.
RIM policy, standards, and governance are documented in an understandable manner.
RIM policy, standards, and governance are based upon legislative and statutory regulatory requirements and professional standards.
(a) Relevant external and internal requirements are starting to be incorporated into a governance framework that establishes
principles
(b) Limited adoption of agency/component-wide RIM policy, standards, or governance
(a) Formal RIM policy, standards, and governance established for the agency/component
(b) RIM elements are widely adopted across the agency/component
(c) Governance framework is established to support integration with strategic and operational planning/execution
(d) Formal RIM policy, standards, and governance are systematically promulgated through the use of systems, training, auditin
compliance measurements
Le
(a) Some RIM functions have been informally developed to identify and address compliance
(b) Some RIM compliance audit infrastrucuture
(c) Compliance processes are mostly manual
(d) Limited standardization of compliance management across the agency/component
(a) RIM functions are defined to identify and address compliance needs
(b) RIM compliance audit is conducted at the agency/component level
(c) Initial efforts at standardized measurement and reporting
(d) Disparate automation with limited standardization of processes across the agency/component
(a) RIM functions fully implemented to identify, address, manage, measure, and enforce compliance
(b) RIM compliance audit is conducted at the agency/component level
RIM functions are integrated into agency/component strategy and business/mission practices to increase compliance levels w
management overhead
Le
(a) RIM functions are defined to identify and address risk mitigation needs
(b) RIM risk analysis is conducted at the agency/component level
(c) Initial efforts at standardized measurement and reporting
(d) Disparate automation with limited standardization of processes
(e) More unified and active approach to mitigating exposure to risk
(a) RIM functions are fully implemented to identify, address, manage, measure, and reduce risks
(b) RIM risk analysis is conducted at the agency/component level
(c) Consolidated systems with higher level of standardization of processes facilitate a proactive approach that further reduces
risk
(a) RIM functions are integrated into agency/component strategy and business/mission practices to increase compliance level
resources for increased efficiencies
(b) Agency/component RIM systems with embedded management functions facilitate optimal management of exposure to ris
Le
2-4: Communications
e level to which:
Agency/component has a flexible communications framework for disseminating RIM policies, standards, and governance; and
Agency/component uses a communications framework to ensure that all staff understand and comply with RIM responsibilities.
Agency/component-wide communications for RIM policies, standards, and governance strategies are integrated into core bus
practices
Le
e agency/component:
Identifies and develops internal controls; and
Uses internal controls to ensure compliance with RIM policies, standards, and governance.
Le
Score
0
0
0
0
0
Domain 3: RIM Program Operations
Statement
(a) Records and information are managed throughout the lifecycle: creation/capture, classification, maintenance, retention,
(b) Records and information are identified, classified using a taxonomy, inventoried, and scheduled.
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
The level to which records and information are easily retrievable and made accessible when needed for agency/component
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
(a) RIM is integrated into agency/component-wide business processes.
(b) Recordkeeping requirements are integrated into information systems and contracted services.
(c) RIM staff participate in system acquisition, development, and/or enhancements.
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
(a) Agency/component has policies in place to protect records and information from internal and external threats.
(b) Agency/component has systematic identification and protection of records and information essential for an emergency o
Operations (COOP) event.
(c) Agency/component provides guidance on the handling of records and information exempt from disclosure.
(d) Agency/component has access controls and safeguards for security classified information as well as other types of restric
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
Statement
(a) Agency/component ensures that all staff are trained on their records management responsibilities.
(b) Agency/component supports professional development for RIM personnel.
(c) Agency/component provides specialized RIM training to key stakeholders.
Level 0
Level 1
Level 2
Level 3
Level 4
Notes:
Assessment:
main 3: RIM Program Operations
The RIM program has effective processes that cover the entire records and information lifecycle.
3-1: Lifecycle Management
Records and information are managed throughout the lifecycle: creation/capture, classification, maintenance, retention, and dispositio
Records and information are identified, classified using a taxonomy, inventoried, and scheduled.
(a) Some processes exist for the identification of records but lack formal definition and standardization
(b) Little/no RIM strategy with localized management of records
(c) Disparate RIM lifecycle processes across the agency/component
(d) Records metadata structure and use are highly localized
(a) Formal processes exist for the identification and classification of records across the agency/component
(b) Definition of record types are beginning to be established and standardized across the agency/component
(c) Some unified metadata structures have been developed
(d) Formal RIM strategy exists with a defined lifecycle management schedule
(e) Standardized RIM lifecycle processes have been developed across the agency/component
(f) Standardized RIM processes are beginning to be promulgated across the agency/component
(a) Processes for identification and classification of records are standardized across the agency/component
(b) Records definitions are beginning to be managed consistently across the agency/component
(c) Unified metadata structures are beginning to be applied across the agency/component
(d) RIM lifecycle processes are being applied and practiced consistently across the agency/component
(e) Increasing centralization of records lifecycle management
(f) Some integration of RIM processes with business automation tools
(a) Records identification and classification processes are documented and integrated with agency/component business/missi
the strategic level
(b) Records definitions have been developed at the agency/component level
(c) Unified metadata structures are applied consistently across the agency/component
(d) RIM lifecycle processes are optimized across the agency/component
(e) RIM lifecycle processes are fully supported through automation across the agency/component with ongoing and proactive
maintenance
(f) High level of RIM integration with business/mission activities and processes
Level 0 -
(a) Formal processes exist in order for records to be accessed and retrieved in a timely manner
(b) Standardized RIM lifecycle processes have been developed across the agency/component making access and retrieval of re
more reliable
(c) Standardized processes for access and retrieval are beginning to be promulgated across the agency/component
(a) Processes for identification and classification of records are standardized across the agency/component making access and
retrieval reliable
(b) Records are usually accessed and retrieved in a timely manner
(a) Records identificiation and classification processes are documented and integrated with agency/component business/miss
the strategic level in order for records to be accessed and retrieved in a timely manner
(b) Records definitions have been developed at the agency/component level making access and retrieval accurate and efficien
(c) All records are accessed and retrieved whenever needed in a timely manner
Level 0 -
3-3: Integration
RIM is integrated into agency/component-wide business processes.
Recordkeeping requirements are integrated into information systems and contracted services.
RIM staff participate in system acquisition, development, and/or enhancements.
(a) Plan is developed to integrate RIM functionality into agency/component-wide core business/mission activities and process
(b) Implementation of standardized tools and technology to facilitate automation of business/mission and RIM processes
(c) Developing integration into development of business strategy and process design
(a) RIM functionality standardized and fully integrated into core business processes at the agency/component level
(b) RIM operates as an integral component of business strategy development and process design
Level 0 -
Level 0 -
3-5: Training
Agency/component ensures that all staff are trained on their records management responsibilities.
Agency/component supports professional development for RIM personnel.
Agency/component provides specialized RIM training to key stakeholders.
(a) All staff receive well-defined, customized training based on their job requirements
(b) Management support structure is in place to provide consistent and ongoing training and to promote adoption of RIM prin
(c) Management supports provisional development of RIM personnel
(a) All staff receive well-defined, customized training based on their job requirements and understand their RIM responsibilitie
(b) Management supports ongoing training to elevate RIM performance
(c) RIM personnel have support for and take part in professional development
Level 0 -
Score
0
0
0
0
0
Maturity Summary
Score
0.0
0.0
0.0
0.0
0.0
0.0
Score
0.0
0.0
0.0
0.0
0.0
0.0
0.0