'G TH E W /ÙUtUy A-

In c o n g r e s s . J

a îttm o t5 ^ ccfarctftott oftft iSaittn nwtie^ Si

'------- ® fc.,
, Xkfyéÿi**^ /i> U f4 * ^ / 4 f ^ Mm.4 ^ é * t é ^ ^4»*>
j4hm i i n A r r . À ^ é / M é
f,-4 /. .^yyX, • ^ ^ ■ fj^ riV rf______

EN CYCLO PED IA
OF ARCHIVAL
SC IEN C E

EDITED BY
Luctana Duranti
AND
Patricia C. Franks
218 Functional Analysis
(Foscarini 2012). Sociology, social-psychology,
theory of administration, management science, and
organizational theory (with particular regard to
organizational culture) are among the disciplinary
approaches that may help archivists and records
managers get a better understanding of function.
Conclusion
Because records are the product of functions and
contribute to the accomplishment o f functions, the
concept of function is used as a pillar of archival
methodology throughout a record’s lifecycle. Nev­
ertheless, due to the ambiguous nature and complex
relationship of function with the other components
o f a record’s context (e.g., structure, human agents),
defining what function is and how it relates to any
kinds of subfunctions and to the structural features
of organizations is arduous and requires further re­
search. —Fiore lia Foscarini
Keywords: function, activity, transaction
Related Entries: Access/Accessibility; Appraisal;
Archival Arrangement; Archival Description;
Functional Analysis; Formal Analysis; Records
Classification
Bibliography
Bearman, D., and R. H. Lytle. “The Power of the
Principle of Provenance.” Archivaria 21 (1985-
1986): 14-27. http://journals.sfu.ca/archivar/in-
dex.php/archivaria/article/view/11231/12170.
Cook, T. “Mind over Matter: Towards a New The­
ory of Archival Appraisal.” In B. L. Craig, ed..
The Archival Imagination: Essays in Honour o f
Hugh A. Taylor. Ottawa: Association of Canadian
Archivists, 1992, 38-70.
Foscarini, F. “Understanding Functions: An Or­
ganizational Culture Perspective. Records
Management Journal 22 (1) (2012): 20-36.
DOLlO.l 108/09565691211222072.
Hurley, C. “Ambient Functions: Abandoned Chil­
dren to Zoos.” Archivaria 40 (1995): 21-39.
http://journals.sfu.ca/archivar/index.php/archi-
varia/article/download/12095/13080.
------- . “What, If Anything, Is a Function?” Ar­
chives and Manuscripts 21 (2) (1993): 208-18.
International Council of Archives (ICA). Interna­
tional Standard fo r Describing Functions (ISDF).
2007. www.ica.org/10208/standards/isdf-intema-
tional-standard-for-describing-functions.html (ac­
cessed July 2014).
Jenkinson, H. A Manual o f Archive Administration,
2nd edition. London: Percy Lund, Humphries &
Co., 1965 [1937].
New South Wales (NSW) State Records Authority.
“Keyword AAA.” n.d. www.records.nsw.gov.
au/recordkeeping/resources/keyword-products/
keyword-aaa (accessed July 2014).
Sabourin, P. “Constructing a Function-Based Clas­
sification System: Business Activity Structure
Classification System.” Archivaria 51 (2001):
137-54. http://joumals.sfu.ca/archivar/index.php/
archivaria/articIe/view/12797/13999.
Samuels, H. W., ed. Varsity Letters. Documenting
Modern Colleges and Universities. Metuchen, NJ,
and London: Society of American Archivists and
Scarecrow Press, 1992.
Schellenberg, T. R. Modern Archives: Principles
and Techniques. Chicago: University o f Chicago
Press, 1956.
Thornton W. M., ed. Norton on Archives. The Writ­
ings o f Margaret Cross Norton on Archival and
Records Management. Carbondale and Edwards-
ville: Southern Illinois University Press, 1975.
FU N C T IO N A L AN A LYSIS
Functional analysis, used as a phrase, has never
been treated in the records literature as a stand­
alone topic, that is, as the title of a dedicated article
or standard. Instead, it is associated predominantly
with the writings on archival appraisal. Less in the
form of the exact expression and more in its varia­
tions, such as “functional approach” or “function-
based approach,” the topic is also associated with
the management of current records, that is, with
the control of the creation, capture, classification,
and disposition of records. Although the generally
promoted notion of understanding or studying the
functions of records-creating organizations for other
records purposes such as arrangement, description,
and access is also discernible in the literature, this
type of discussion lacks a noticeable degree of cohe­
siveness and synthesis in presenting function-related
 Functional Analysis
arguments. For this reason, this entry focuses on
functional analysis in the context of archival ap­
praisal and current records management, and in par­
ticular, within the latter, on records classification,
as records classification joins together and manifests
records creation and capture on the one hand, and
serves as foundation for disposition on the other.
Functional Analysis and Archival Appraisal
The term functional analysis was introduced in
Helen Samuels’s 1992 article, “Improving Our
Disposition: Documentation Strategy,” along with
the qualifying term institutional. To be accurate, the
phrase functional analysis appeared earlier in her
1986 article, “Who Controls the Past,” published
in The American Archivist, but only once, and as
a general term. The 1992 article, which is primar­
ily based on the introduction section of her book
Varsity Letter, Documenting Modern Colleges and
Universities, formally presented “institutional func­
tional analysis” as “a new tool to supplement archi­
val practice . . . and revamp it.” Archival practice
here was used to include “appraisal,” “selection,”
“acquisition,” and “collection analysis” (Samuels,
128). The term, however, was not accompanied by a
definition, nor were its relationships with those ar­
chival practices specifically explained. The discus­
sion involved general all archival practices, without
sufficient differentiation. Moreover, a number of
terms such as functional study, functional approach,
and functional understanding were seemingly used
as synonyms of functional analysis, although the
synonym-stance was not explicitly stated and none
of the terms are defined or elaborated on. In the
article the term institution seems to be used to refer
to two types of institutions: a designated archival
institution and an organization having an in-house
archival program. According to Samuels, functional
analysis means to understand what institutions do,
irrespective of organizational structures and the
content of records. The analysis of organizational
structure and records content is considered “tradi­
tional” and no longer responsive to archival needs
arising from contemporary reality. The arguments
for this assertion are built around two main issues:
frequently changing structures and unmanageable
volume of records. Methodologically, institutional
functional analysis is stated as applicable to both
219
individual organizations and types of organizations,
such as scientific institutions and colleges/universi-
ties. However, no general methods for carrying it
out were introduced. Varsity Letters exemplified
one procedural step, consisting of deriving catego­
ries and terms from “a careful examination of the
literature on higher education, and particularly the
vocabularies this community uses to describe and
evaluate itself,” and then consider “the categories
and concepts familiar to the archivists responsible
for these records” (Samuels, 132).
In contrast, macroappraisal considers “functional
analysis” its “theoretical and methodological core.”
Without the benefit of a dedicated definition, the
“theoretical core” likely refers to the assumptions,
as reflected by the concept of function, on “what
is valuable and what is not, what is worth remem­
bering by society and what is not, what should
become archives and what should be destroyed”
(Cook 2004, 5-6), and the “methodological core”
refers to “researching, understanding and evaluat­
ing the degree of importance of the legislation,
regulations, policies, mandates, purposes, functions,
programmes, decision-making processes and delib­
erations, the internal organisation and structures,
organisational culture and communication patterns,
the liberty and flexibility allowed to public servants
to interpret policy and thus implement it in varying
ways, and, out of all this, the activities and transac­
tions of the record creator (the branch, sector or
programme entity covered by the appraisal project)”
(Cook 2004, 12). Here, functional analysis, in addi­
tion to a methodological usage, acquired a theoreti­
cal underpinning, thus differentiating itself from the
institutional functional analysis as articulated in the
documentation strategy, where it is only a “tool”
or “technique.” Moreover, the analysis component
of the macroappraisal functional analysis, as pre­
scribed by its methodology, is much more intensive
than that of the institutional functional analysis,
as the former includes many aspects not required
to be examined by the latter, with “internal orga­
nization and structures” being the most noticeable
example. Correspondingly, the issue of recurring
organizational changes as a supporting argument for
functional analysis is no longer present, and the jus­
tification for functional analysis becomes primarily
the unmanageable volume of records and the “crisis
of preserving electronic records” (Cook 2004, 5)
220 Functional Analysis
There are other discussions of functional analysis
in relation to archival appraisal, presenting rather
distinct focuses from the aforementioned two. Ger­
ald Ham explained functional analysis as “an ex­
amination of who created the record and for what
purpose,” and considered it useful for providing
“important clues to the value of a record, especially
for institutional history,” yet less useful in evaluat­
ing “what records tell us about people, places, and
phenomena with which the institution dealt with”
(1993, 51-52), hardly resembling any aspect of the
functional analysis as advocated in both Samuels’s
documentation strategy and the Canadian macroap­
praisal. Relying on Mintzberg’s theory on organi­
zational configuration, Victoria Lemieux proposed
to analyze how the structural components of an
organizational system function rather than what they
specifically do (1998, 37-85). Theoretically sub­
scribing to the same assumptions of macroappraisal,
however, the methodological aspect of Lemieux’s
proposal—^that is, the focus on how—differs signifi­
cantly from the one developed by Cook.
Functional Analysis and Records Classification
As a phrase, functional analysis was first used in
the Australian national standard AS 5090-2003,
Work Process Analysis fo r Recordkeeping, which
was subsequently issued in 2008 as an ISO stan­
dard. Functional analysis in this standard conforms
theoretically with the requirements of ISO 15489-
2001 Information and Documentation—Records
Management, that is, operates along the lines of
the relationship between records and “business
activity,” with the latter as the sole cause for the
creation and use of the former. In the standard,
functional analysis constitutes one of the two types
of analyses that aim at “the creation, capture and
control of records,” which “seeks to group together
all the processes undertaken to achieve a specific,
strategic goal of an organization” (ISO 2008, 2). A
(work) process in this context means “one or more
sequences of transactions required to produce an
outcome that complies with governing rules,” and
transaction means “the smallest unit of a work pro­
cess consisting of an exchange between two or more
participants or systems” (ISO 2008, 2). Functional
analysis, therefore, is expected to uncover relation­
ships among functions, processes, and transactions
and, as dictated by its being a top-down approach.
to represent the uncovered relationships in a hierar­
chical fashion. Unlike process and transaction, the
term function is not defined, but, as indicated by the
prescribed basic steps of functional analysis, linked
to the strategic goals of the organization. Functional
analysis distinguishes “operational functions” and
“administrative functions,” with the former defined
as those that “meet the unique objectives of the or­
ganization” and the latter as those that “support the
delivery of the operation functions” (ISO 2008, 8).
The standard recommends conducting functional
analysis independently o f organizational structure
and rationalizes the recommendation as due to the
consideration that “function may be exercised in
more than one location within, or across one or more
organizations” (ISO 2008, 6). Structural analysis,
however, is not ignored but addressed as part of
“contextual review”—“the foundation for undertak­
ing functional analysis” (ISO 2008, 6). The major
outcome of the analysis is a high-level relation­
ship representation model, useful for “determining
aggregations of records for disposition”—an idea
similar to that claimed by functional analysis for
appraisal and for a “functions-based classification
scheme” (ISO 2008, 8).
A function-based classification scheme in the
context of ISO 15489-2001 refers to a logically
established system that identifies and arranges
business activities or records. The analysis of busi­
ness activity, therefore, becomes synonymous with
functional analysis in this sense. For example, the
Step B in the DIRKS manual is termed “Analysis
of Business Activity,” producing a hierarchical
representation of functions, activities, and trans­
actions, which, in turn, serves the need of con­
structing a function-based records classification
(NSW State Records 2007). Another example is the
methodology developed by Library and Archives
Canada, called the Business Activity Structure
Classification System (BASCS), which prescribes
a classification structure o f function, subfunction,
and activity (Library and Archives Canada 2006).
These developing methodologies maintain the same
theoretical stance, by prescribing the adherence to
the operations of an organization embodied in func­
tions as the foundation for classifying records—a
recommendation made by Schellenberg in his 1956
book. Modern Archives: Principles and Tech­
niques, and already proposed by Campbell in 1941.
They, however, differ in the methodology, most
 Functional Analysis
noticeably on how to break down or formulate a
function (Xie 2006). The most challenging part for
users of these methodologies is to determine how
specific or at what level the analysis should be. A
(true) function-based, or functional, classification
system cannot stop at high-level analyses (that is,
what constitutes function, subfunction, activity,
or process, depending on the methodology being
applied), but needs to go further down to the level
of transactions—that is, it needs to conduct, for ex­
ample, the other type of analysis described in ISO
26122-2008 as sequential analysis. It is at the level
of transaction that records creation takes place, and,
in order to classify records functionally, in par­
ticular digital records, classification is to be done
when and where records are created. In this sense,
transactional analysis is at the heart of functional
analysis for records classification, and this contrasts
sharply with the top-down approach o f functional
analysis for archival appraisal.
Conclusion
Functional analysis in its current state appears to
be an underdeveloped concept, in both its theoreti­
cal underpinnings and its methodological implica­
tions. This is due to its inherent link to the concept
of function, which is abstract and difficult to be
defined in a way that allows direct application.
The common guidance that functions are derivable
from legal and regulatory documentations perti­
nent to the records-creating organization is simply
inadequate for explaining the nature of functions
and ineffective in indicating the complexity of the
analysis required to reach the pursued goal. Also,
there is a lack of recognition by the archival lit­
erature on functional analysis of the indispensable
role of records management in supporting and, in
some cases, allowing to conduct archival work. As
discussed earlier, all of the functional analyses pro­
posed by archivists focus exclusively on guiding
archivists to tackle “messy” records in organiza­
tions. Messy records are only the symptom of poor
records management. In other words, the archival
discourse on functional analysis misses the cause
of the issues that functional analysis is called to re­
solve—the lack o f a records management program
in creating organizations. A strong and effective
records management program is one that conducts
both top-down and bottom-up analysis, with the
221
former focusing on developing an adequate un­
derstanding of the organization and the latter on
synthesizing the lowest level of business actions
for the purpose of identifying functions, activities,
or processes (Xie 2013). Therefore, the decision
of conducting bottom-up analysis should not be
left to individual organizations to make—as the
functional classification methods typically recom­
mend, but instead, should be strongly advocated if
not prescribed as a precondition for good records
management. The concept of functional analysis,
therefore, requires a further development that takes
into consideration these factors.—Sherry Xie
Keywords: function-based approach, functional
classification, top-down approach, bottom-up
analysis, transactional analysis
Related Entries: Appraisal; Formal Analysis; Func­
tion; Records Classification
Bibliography
Campbell, E. G. “Functional Classification of Ar­
chival Material.” The Library Quarterly: Informa­
tion, Community, Policy 11 (4) (1941): 431-41.
www.jstor.org/stable/4302884.
Cook, Terry. “Macro-Appraisal and Functional
Analysis: Documenting Governance Rather Than
Government.” Journal o f the Society o f Archivists
25 (1)(2004): 5-18.
Ham, Gerald. Selecting and Appraising Archives
and Manuscripts. Chicago: Society of American
Archivists, 1993. Available online at http://babel.
hathitrust.org/cgi/pt?id=mdp.39015024110697;vi
ew=lup;seq=21.
International Standards Organization. ISO/TR
26122:2008: Information and D ocumentation-
Work Process Analysis fo r Records. Paris, France:
International Standards Organization, 2008.
Lemieux, Victoria. “Applying Mintzberg’s Theories
on Organizational Configuration to Archival Ap­
praisal.” Archivaria 1 (46) (1998): 32-85. http://
journals.sfu.ca/archivar/index.php/archivaria/ar-
ticle/view/12675/13842.
Library and ArchivesofCanada.“BASCS Guidance.”
www.collectionscanada.gc.ca/007/002/007002-
2089-e.html#six (accessed December 2013).
NSW State Records. “DIRKS Manual.” www.
records.nsw.gov.au/recordkeeping/dirks-manual
(accessed December 2013).
222 Functional Analysis

Samuels, Helen. “Improving Our Disposition: Doc­ maedfoundation.org/pdfs/Sherry_Xie_Study.pdf

umentation Strategies.” /Irc/ï/vana 1 (33) (1992):
125^0. http://joumals.sfu.ca/archivar/index.php/
archivaria/article/view/11804/12755.
Xie, Sherry. “Function-Based Records Classifica­
tion System: A Comparative Study.” www.ar-
(accessed December 2013).
------. “The Nature of Records and the Informa­
tion Management Crisis in the Government of
Canada.” https://circle.ubc.ca/handle/2429/44450
(accessed December 2013).
 I
IM PARTIALITY (RECO RD)
In 1922, Hilary Jenkinson, in his seminal book A
Manual o f Archives Administration, identified as
the first characteristic of archives their impartiality.
In doing so, he was not referring to the relation­
ship between the authors o f the records constitut­
ing the archives (or archival fonds) and the acts or
facts the records put into being, participated to, or
talked about. Rather, he referred to the relationship
between the records and the use to which those
records are put after they are no longer current and
active in the activity generating them. Impartial­
ity is therefore not an attribute of persons (be they
authors, writers, or creators), but a characteristic of
records that are part of an archives; it expresses the
ability of their form, content, relationships with the
other records in the same archives (i.e., the archival
bond) to reveal facts, acts, and the circumstances of
their occurrence. Impartiality is also an attribute of
the archivist only in the sense that archivists should
not be partial to any type of use or user, however,
the term is not presented here in relation to the ar­
chivist, but in relation to the nature of archives and
records.
The Concept
All archives, and the records constituting them, are
impartial with respect to the purposes for which they
will be used in the future because such purposes
cannot be predicted by the persons creating them or
authoring their content. Records are created in the
course of activity as a means for carrying it out and
its by-product. Therefore—Jenkinson writes—they
223
are “free from the suspicion of prejudice in regard to
the interests in which we now use them .. . because
they were not written in the interest or for the infor­
mation of Posterity” (1937, 11-12).
This characteristic of impartiality makes archives
inherently truthful and the most reliable source for
both law and history, whose purposes are to rule and
explain the conduct of society by establishing the
truth (Duranti 1994, 334). In common law, evidence
acts consider records to be an exception to the hear­
say rule, and to be admissible as evidence precisely
because of the trustworthiness that derives to them
from their creation in the usual and ordinary course
of business, for the purposes of the business, by a
person responsible for doing so, at the time or close
to the time of the fact or act they refer to (Duranti
and Rogers 2012, 528).
Conclusion
Records and archives are impartial and the most
reliable source of information because they are not
the purpose of the activity from which they result,
but their by-products. To protect the impartiality
of archives and records as well as their evidentiary
nature is to protect their capacity to reveal the biases
and idiosyncrasies of their creators or authors. The
activities supporting this duty of protection, in par­
ticular archival arrangement and description, came
to be known as the “moral defence of archives”
and are seen as central to the professional ethics of
archivists (Jenkinson 1937, 66).—Luciana Duranti
Keywords: archives, record, archival document,
evidence, reliability
224 Information Assurance
Related Entries: Authenticity; Interrelatedness (Re­
cord); Naturalness (Record); Reliability; Unique­
ness
Bibliography
Duranti, Luciana. “The Concept of Appraisal in
Archival Science.” The American Archivist 57
(2) (Spring 1994): 328-44. http://archivists.meta-
press.com/content/pu548273j5j 1p8 16/fulltext.
pdf.
Duranti, Luciana, and Corrine Rogers. “Trust in
Digital Records: An Increasingly Cloudy Le­
gal Area.” Computer Law & Security Review
28 (5) (October 2012): 522-31. http://dx.doi.
org/10.1016/j .clsr.2012.07.009.
Eastwood, Terence M. “What Is Archival Theory
and Why Is It Important?” Archivaria 1 (37)
(1994): 122-30. http://joumals.sfu.ca/archivar/in-
dex.php/archivaria/article/view/11991/12954.
Jenkinson, Hilary. A Manual o f Archives Adminis­
tration. London: Percy Lund, Humphries & Co.,
1937.
IN FO RM A TIO N ASSU RAN CE
The goal of information assurance (lA) is to en­
sure that “the information flows within a company
are confidential; their integrity is safeguarded and
available” (U.S. Federal Government Committee;
McCumber 1992; Maconachy, Schou, Ragsdale,
and Welch 2001). The integrity of the system’s
architecture and the authenticity of its contents are
now regarded as of equal importance as the security
of its data. Verifying the identity of the creators of
information, proving that they are who they say they
are and that the information in question has not been
altered subsequently, have all proven to be critical
success factors in recent court cases. The field of
records management (RM) has been addressing the
issue of what constitutes critical information for an
organization for some time. RM is one of disciplines
within the broader context of communities with a
fundamental stake in lA. Both RM and lA seek to ad­
dress issues relating to the integrity, authenticity, and
security of the content of systems that directly impact
our private, organizational, and societal personas.
A key element of RM has always been its abil­
ity to provide evidence of an activity. Historically,
if evidence could be provided of an event, it was
deemed to have happened that way. Records, then,
are powerful tools in the hands of those who seek
recognition of positions of authority and verifica­
tion of the status quo, for example. Recent archival
articles on ethies and the use of records in countries
where power structures are shaping and reshaping
highlight the danger of misuse. Control of records
and therefore evidence enables the construction of
external image, affecting standing within the inter­
national community and ultimately global power
structures. At an organizational level, control of re­
cords requires the implementation of RM processes
to ensure that records can be provided as evidence.
Records are defined in ISO 15489 (the interna­
tional standard for RM) as “information created, re­
ceived and maintained as evidence and information
by an organization or person, in pursuance of legal
obligations or in the transaction of business” (In­
ternational Standards Organization 2001). It further
identifies the RM role as ensuring that records will
be accepted as evidence in a court of law, should this
be required.
“The principles of good practice in recordkeeping
are of value, even if the need to produce electronic
records in court never arises. The effort and re­
sources required to comply quickly bring business
benefits, whether the original is in court or not”
(International Standards Organization 2001).
Frank Upward, creator of the Record Continuum
Model, highlights “evidentiality” as one of the four
axes of recordkeeping (RK) and asks how the use
of the term evidence in RK relates to legal evidence
(2005).
The tools available to the records manager in­
clude classification schemes to categorize records
in a systematic and consistent way, appraisal to
determine which records are deemed to have value,
retention to determine how long they should be kept,
and disposition to ensure these decisions are imple­
mented. The authors believe that some of the tried
and tested methods honed to international standards
in the records management arena can shed light on
the management of digital forensics data embedded
in systems in order to ensure the preservation of reli­
able digital evidence for current and future access.
 Information Assurance 225

Table 1.1. Underlying principles of IA vs. RM (Boucher and Endicott-Popovsky, 2008).*

Inform ation A ssu ra n ce P rinciples R ecords M anagem ent P rinciples

C o n fid e n t ia lity In tegrity

In tegrity U s a b ilit y
A v a ila b ilit y A u th e n tic ity
A u th e n tica tio n R e lia b ility
N o n -re p u d ia tio n

Discussion of the Principles of Each pean Commission. In some respects, ISO 15489
itself was devised in order to deal with the issues of
The authors make the case that the goals of both are
nonrepudiation. By following the principles and rec­
similar. ISO 15489 states that records must possess
ommendations enshrined in the standard, it would
content, context, and structure. Content reflects the
prove more difficult to repudiate records provided
facts about the activity: they should be accurate and
as evidence of activities.
complete. Context, that is, the circumstances of cre­
In RM, the level of accountability and the op­
ation and use, include the a c t i v i t y , a n d ad­
erational requirements of the organization and their
ministrative context of the record. Structure reflects
perception of legal risk, compliance, and business
the relationships within the record and external to it
decision making will define which transactions
and organizes the content in such a way as to denote
require full evidential protection. These are organi­
context (Shepard and Yeo 2003, 156).
zational decisions that the RM team will implement.
RM has always been about the context in which
ISO 15489 catalogues an eight-stage procedure
records are created—that is, if this is not known, the
for RM programs, the first five of which relate to
“record” ceases to be relevant and evidential. ISO
establishing the current position and identifying
15489 further isolates four qualities that records
the requirements for records, before designing a
should possess: authenticity, reliability, integrity,
strategy to satisfy these requirements. This common
and usability. Authenticity is linked to the accuracy
objective of defining what records/information/data
of the records; reliability pertains to the records be­
are required for evidential and legal purposes is an
ing a full and accurate representation of the activity/
area that we believe brings the two disciplines closer
transaction. Integrity relates to the fact that records
together. By pre-identifying certain categories of
are complete and unaltered. Finally, usability re­
evidence, it would be possible to provide special
fers to records being retrievable, presentable, and
treatment for those requiring full digital forensics
interpretable. Although the language relates to the
(DF) protection.
“record,” increasingly it is accepted that in order
Sremack refers to the need for research into “us­
to maintain the above characteristics in records, it
ing case specific knowledge of a system to deter­
is the systems and the information architecture that
mine what information is critical, thereby minimiz­
must be proven to meet these requirements.
ing the amount of extraneous information that is
RM does not explicitly refer to nonrepudiation
collected and analyzed and guarantee that no criti­
and confidentiality. It does, however, constantly
cal data is missed” (2008, 6). Sommer (2005, 34)
work within the confines of legislation, particularly
calls for “improvements in overall system specific
freedom of information and data-protection laws.
and management process to capture more potential
These form a natural tension between what society
worthwhile evidence.”
considers appropriate in terms of accountability
Records managers have to analyze the processes
of organizations and confidentiality demanded by
in an organization before they can identify the
citizens and customers. Access rights and data secu­
record-creating processes. Only then are they able to
rity are key elements in the management of digital
identify those that require “special treatment” (i.e.,
records, as is evidenced by their prominence in the
vital records in current business terms). From a DF
recently released MOREQ 2 specification (February
point of view, knowing where (i.e., what processes)
2008) issued for comment on behalf of the Euro­
to apply the techniques more rigorously would be
226 Information Assurance
a benefit. From an RM perspective, the ability to
prove that techniques have been employed to as­
sist in verifying that a system and, therefore, the
records it creates possess integrity and authenticity
is a benefit.
The aim of RM is to ensure that the relationships
between the essential business entities are apparent
and maintained for current and future usage. If RM
offers tools that narrow down the number of “infor­
mation objects” that should be considered “critical,”
that is, those more likely to be called on in court and
therefore have a requirement to be “trustworthy,”
DF processes could be applied to a more limited set
of processes, and NFR may be more achievable.
We can’t know how which single documentIdaXst
set/record will be challenged in the future but we
can seek to manage those most likely to be required.
RM procedures are set up to determine which of
these are most likely to be and to capture them into
RK systems. Making early decisions regarding risk
to the organization and to wider society of keeping
or not keeping records and utilizing RM and DF
practices and procedures to ensure their reliability
and accessibility may reduce discovery and spolia­
tion costs. It may also reduce digital preservation
costs.
A Comprehensive Model of Information
Assurance
Hardware, software, protocols, and operational tech­
niques associated with the process of managing
information change at a very high rate. Any stable
Figure 1.1. The McCumber Cube. McCumber
1992
information-security model must be based on en­
vironmental, organizational, system, and informa­
tion aspects that remain relatively constant over
extended periods of time. The last two decades of
tumultuous change and growth in the information­
processing and -management area has shown that
the Comprehensive Model of Information Systems
Security (CMISS) presented in 1991 by McCumber
has the basic model components and characteristics
that allow this model to remain useful over this ex­
tended period of time (McCumber 1992; see figure
I.l). The key aspects of the CMISS that provide the
foundation of this continual period of application
and usefulness are its focus on information along
with a model structure that allows human beings the
ability to organize and reason about information at
the proper level of abstraction.
With a focus on characteristics of information that
are independent of implementation technology and
organizational structure, the CMISS distills the es­
sence of information-security practices in a manner
that is usable by security planners and managers.
By arranging primary concepts in groups of three
and constraining model relationship views to nine
or fewer items, the CMISS also addresses critical
cognitive complexity issues associated with the ap­
plication of these types of models. The stable form
presented by the CMISS is of great benefit to sea­
soned information-assurance professionals that have
an extensive background and expert understanding
of the information-assurance domain.
Walking through the model, security must be
considered for each information state through which
 Information Governance
information passes in a system: transmission, stor­
age, and processing. In each information state, the
required security services of confidentiality, integ­
rity, availability—^the so-called CIA of security—are
described. Finally countermeasures—human factors,
policies and practices, and technologies—are identi­
fied and prescribed. Further, changes brought about
by networking systems have generated a modified
model that incorporates the security services of au­
thentication and nonrepudiation into the base CMISS
(Maconachy, Schou, Ragsdale, and Welch 2001).
Conclusion
The field of information assurance is in a formative
stage that is proceeding with a high rate of change at
organizational and technical levels. A fundamental
security model that is independent of technology
and organizational changes is helpful in thinking
through information-security requirements of sys­
tems. Using the McCumber Cube, the complete
security context for any given situation can be ef­
fectively addressed.—Barbara Endicott-Popovsky
Keywords: information assurance (lA), records
management, McCumber Cube
Related Entries: Archival Standards; Authenticity;
Records Continuum; Reliability (records)
*Acknowledgment: The comparison of lA and RM
is courtesy of a collaboration between the Uni­
versity of Washington Center for Information As­
surance and Cybersecurity and Aberyswyth Uni­
versity, Wales, Adran Astudiaethau Gwybodaeth/
Department of Information Studies (Boucher and
Endicott-Popovsky 2008). (See Table I.l.)
Bibliography
Boucher, K., and B. Endicott-Popovsky. “Digital
Forensics and Records Management: What We
Can Learn from the Discipline o f Archiving.”
Paper presented at Information Systems Compli­
ance and Risk Management Institute, University
of Washington, September 2008.
International Standards Organization. ISO 15489-
1:2001: Information and Documentation—Re­
cords Management—Part 1: General. Geneva,
Switzerland: International Standards Organiza­
tion, 2001, 5.Iff.
227
Maconachy, W., C. D. Schou, Maconachy, Daniel
Ragsdale, and Don Welch. “A Model for Infor­
mation Assurance: An Integrated Approach.”
Paper presented at the Proceedings of the 2001
IEEE Workshop on Information Assurance and
Security, U.S. Military Academy, West Point,
NY, 2001.
McCumber, John. “Information Systems Security:
A Comprehensive Model.” In Proceedings o f the
14th National Computer Security Conference,
Washington, DC, October 1991. Reprinted in Pro­
ceedings o f the Fourth Annual Canadian Com­
puter Security Conference, Ottawa, Ontario, May
1992. Reprinted in DataPro Reports on Informa­
tion Security. Delran, NJ: McGraw-Hill, 1992.
Shepherd, Elizabeth, and Geoffrey Yeo. Managing
Records: A Handbook o f Principles and Practice.
London: Facet, 2003.
Sommer, Peter. “Directors and Corporate Advisors’
Guide to Digital Investigations and Evidence.”
Information Assurance Advisory Council, 2005.
Sremack, Joseph. “Formalizing of Analysis: A
Proof-Based Methodology.” Master’s thesis.
North Carolina State University, Raleigh, NC,
2004.
Upward, Frank. “The Records Continuum.” In Sue
McKemmish, Michael Pigot, Barbara Reed, and
Frank Upward, eds.. Archives: Recordkeeping in
Society. New South Wales: Charles Stuart Univer­
sity, Centre for Information Studies, 2005, 207.
U.S. Federal Government Committee on National
Security Systems Instruction No. 4009. National
Information Assurance Glossary.
IN FO RM A TIO N G O V ER N A N C E
Information is a vital organizational asset, and in­
formation governance (IG) is an integrated, strate­
gic approach to managing, processing, controlling,
maintaining, and retrieving information as evidence
of all transactions of the organization. Informa­
tion governance is defined as “the specification of
decision rights and an accountability framework
to ensure appropriate behavior in the valuation,
creation, storage, use, archiving and deletion of
information. It includes the processes, roles and
policies, standards and metrics that ensure the effec­
tive and efficient use of information in enabling an
228 Information Governance
organization to achieve its goals” (Gartner n.d.). IG
is a high-level, strategic function that involves stake­
holders from across the organization, each with their
own expertise and responsibilities (Franks 2013,
321). A renewed interest in records and informa­
tion management has resulted in a call by many to
use fundamental records management principles as
the foundation for sound IG. Records management
is just one component of IG, but the processes used
to manage records can be leveraged to manage all
information (Franks 2013, 29).
Rationale for Information Governance
The realization that an IG strategy is necessary is
often the result of the dramatic changes that have
taken place due to the growing amount of data and
unstructured electronic records; an increased em­
phasis on e-discovery and compliance; and the lack
of sufficient controls over all electronically stored
information (ESI).
An IG program enables an organization to man­
age information securely and effectively; reduce the
volume of information retained while meeting its
regulatory, legal, and business obligations; and de­
velop an awareness of both the location and nature
(sensitive, proprietary, private) of its information
assets. Specific benefits of IG are reduced risk; im­
proved e-discovery preparedness; increased trans­
parency, trust, and therefore enhanced reputation;
and reduced product and information cycle times
due to improved information flows.
Information Governance Components
and Reference Model
IG is comprised of the following components:
records lifecycle management, information risk,
policy management, information access and se­
curity, information capture and classification, and
information content governance.
Information Governance Reference Model
Representatives from legal, human resources, in­
formation technology, and business units must col­
laborate in developing the IG strategy as illustrated
in the IG Reference Model (see figure 1.2).
This model presents an image of the cross­
functional groups of key IG stakeholders; not all
organizations will have the same mix of stakehold­
ers. Notice the relationship between the value of
the information assets that were created and used
and the duty the organization has to hold, discover,
retain, maintain, store, secure, and dispose of those
assets. Cooperation between all stakeholders is nec­
essary to develop policies and processes to achieve
effective IG.
Information Governance Framework
Effective IG helps businesses operate more effi­
ciently and mitigate risk. Writing in the eDiscovery
Journal blog, Barry Murphy explained that IG
provides a framework for the “conservative side of
information management” (2010).
Every organization must consider its legal and
regulatory environment along with its tolerance for
risk when determining its governance framework.
Questions to be asked include these:
• What records and information are needed to
support business processes?
• What steps must be taken to be in compliance
with governing laws and regulations?
• What records and information should be de­
stroyed and when?
Records management plays a key role in answer­
ing these questions. An IG model can be used to
provide context to discussions o f an integration of
information management, risk management, and
records management considerations. This frame­
work would address all types of information,
whether meeting the requirements for a record or
not.
There are three basic elements to an IG frame­
work: policies, processes, and compliance. The IG
framework sets out the way the organization han­
dles information, in particular personal and sensi­
tive data. The framework determines how data is
collected, stored, used, and shared. Accountability
measures in the form of audits and metrics moni­
tor the components o f these elements. Records
management should be integrated throughout the
process.
 Information Governance 229

\ED GOVERNA/Vç-^

Hold, Retain Store,

Discover Archive Secure

Dispose

.C<
TRANSP^^^'^^

Figure 1.2. The information governance reference model (ICRM ). EDRM (edrm.net)

ARMA's Principles and Information Governance Information Governance, C-Level Management,

ARMA’s Generally Accepted Recordkeeping Prin­
ciples can be used to govern both records and
information. The eight principles are: account­
ability, transparency, integrity, protection, compli­
ance, availability, retention, and disposition (ARMA
n.d.). The principles can be assigned to specific IG
stakeholders to ensure that ownership is clear and,
in some cases, shared across the organization. For
example, the principles of retention and disposi­
tion may be “owned” by the records and informa­
tion management program, compliance may be the
responsibility of the legal/risk stakeholders, and
integrity and transparency responsibilities could be
shared by all stakeholders.
and the IG Steering Committee
“C-level” is an expression describing high-ranking
executive titles in an organization, including chief
information officer, chief knowledge officer, chief
compliance officer, and chief records officer. Some
organizations may use traditional titles, such as
president, vice president, general manager, and di­
rector. Regardless of the size of the organization or
the titles of high-ranking officials, the organization
would benefit from the formation of an IG steering
committee to develop a strategic plan and provide:
• advice on the organization’s information man­
agement strategy with regard to quality and
230 Information Governance
integrity, safety and security, and appropriate
access and use of records and information as­
sets; and
• assurance in relation to processes for creat­
ing, collecting, storing, disseminating, sharing,
using, and disposing o f information. (Franks
2013, 324)
Each member of the steering committee should
have the responsibility for filling a specific role; for
example, the chief executive officer may be respon­
sible for information across the organization in his/
her role as accountability officer, and the senior IT
security specialist may be assigned responsibility
for ensuring compliance with information security
standards (ISO/lEC 27001-2005). Examples of ad­
ditional roles are IG lead, data protection and free­
dom of information lead, and records management
lead.
Information Governance Strategy
IG strategy documents must include at a minimum
an introduction, a scope statement, and a conclusion.
However, most include the following sections:
1. Introduction: Asserts the value of information
as a vital asset and establishes IG as the frame­
work for information management.
2. Purpose Statement: Provides the context for
the IG plan in relation to other organizational
strategies such as risk management and busi­
ness management.
3. Scope Statement: States the components of the
strategy, such as the IG policy and annual ac­
tion (improvement) plan.
4. Goals: Overarching goals of IG, goal of the
strategic plan, and methods to achieve effec­
tive IG are stated in this section.
5. Strategic Objectives: Objectives for a specific
period of time (e.g., three to five years) are
either included in the goals section or imme­
diately follow it. Objectives include monitor­
ing and assessment methods, identification of
lead position (not person), and target date for
completion.
6. Key Strategic Areas: This section explains the
role of the IG steering committee and any sub­
groups (e.g., project teams).
7. Responsibilities: This section clarifies ind-
vidual responsibilities, including those fc«" al
employees.
8. Conclusion: This section reinforces the in>-
portance of the IG strategy, policy, and actiar
plans to ensure efficient information m a n a ^
ment and risk reduction (Franks 2013, 326).
Information Governance Plan
The IG plan is the first of two required componeiis
of the IG strategy. It should be brief and concbs:
and provide actions to be taken to accomplish goak
for example, assign IG roles and responsibilities,
approve the IG policy and strategy itself; and refer
to additional existing governing policies such as tb:
e-mail policy and confidentiality policy.
Information Governance Strategic Policy
The IG policy is the second required component csf
an IG strategy. The policy provides details that wert
not included in the IG plan, including foundations.'
principles, governing legislation, best practices, im­
provement plan and assessment, auditing and moni­
toring criteria, implementation and disseminaticsr
strategy, responsibility for IG document (steering
committee), and any relevant attachments and ap­
pendix, such as a list of related policies and proce­
dures (e.g., mobile-computing policy, social media
policy, records retention policy).
Change Management, Communication,
and Training
Two issues that can have a positive impact on the
acceptance of an IG initiative are change manage­
ment and training. Change management is a struc­
tured approach to transition individuals, teams, and
organizations from a current state to a desired future
state where change can be accepted and embraced.
As with other changes, the best approach to imple­
ment an IG strategy will depend on the culture of
the organization. Success of a change management
effort will depend on the organization’s ability to
establish a clear vision and strategy to stimulate
organization-wide buy-in.
These goals, as well as the benefits that will ac­
crue to the organization, must be communicated to
 Information Governance
Il employees. Training can provide an explanation
f the IG strategy, expectations for compliance, and
enalties for noncompliance. Training platforms and
enues might include in-person classes; online mod-
iles; on-demand classes; wikis and blogs; a private
ocial media site managed by the organization; and
odcasts, videoconferences, and audio conferences.
^sessment Tools and Services
fhe IG steering committee is responsible for mea-
iuring the level of compliance with the norms estab-
ished for IG. Industry-related IG tools are available
ind may be required; for example, the United King­
dom National Health Service (NHS) Department of
Health issues an IG Toolkit for NHS organizations
to conduct mandated self-assessments (NHS n.d.).
Other assessments can be voluntary and involve
employing an outside organization to conduct an as­
sessment; for example, EMC Corporation will lead
a structured discussion to assess the current state of
information within an organization using the EMC
IG Maturity Model Matrix (EMC^ n.d.).
Professional Certification
IG provides a holistic approach to managing all
information within the organization. Recordkeep­
ing professionals can expand their background in
the area of records and information management by
earning a new credential—the Information Gover­
nance Professional (IGP) designation—that recog­
nizes the expertise of those who possess the knowl­
edge, skills, and abilities to perform competently as
an IG professional. Recordkeeping professionals,
including archivists, can prepare for the 140-item
examination administered through ARMA Interna­
tional by acquiring additional knowledge and skills
in the areas of information assurance, risk manage­
ment, strategic planning, and information technol­
ogy (including cloud computing).
However, recordkeeping professionals are not the
only stakeholders who would benefit from certifica­
tion as an Information Governance Professional.
Stakeholders from information technology, risk
management, and legal professions can also benefit
by demonstrating their competence to become in­
volved in IG initiatives by earning the Information
Governance Professional designation.
231
Conclusion
As stated in the introduction, IG is a high-level, stra­
tegic function that involves stakeholders from across
the organization, each with their own expertise and
responsibilities (Franks 2013, 321). IG provides an
accountability framework comprised of processes,
roles, standards, and metrics designed to encourage
desirable behavior that enables an organization to
achieve its goals” (Gartner n.d.).
High-level managers must support the IG strategy
and are ultimately responsible for its success, but the
actual planning is best carried out by an IG steering
committee comprised of some senior managers as
well as representatives from IT, business units, risk/
legal, and records management.
Although records management is a subset of IG,
it can provide the foundation for an effective IG
Strategy. Records managers and other information
professionals wishing to move into new positions
made available by the transition from records and
information management to IG can demonstrate
their capabilities by earning the designation of
Information Governance Professional.—Patricia
Franks
Keywords: information assurance, information gov­
ernance, IG, strategy, information management
Related Entries: Information Assurance; Informa­
tion Management; Information Policy; Records
Management
Bibliography
ARMA International. Generally Accepted Record­
keeping Principles. 2014. www.arma.org/r2/gen-
erally-accepted-br-recordkeeping-principles (ac­
cessed July 30, 2014).
EMC^. EMC Information Governance Maturity
Model Assessment. EMC Corporation, n.d. www.
emc.com/collateral/services/consulting/h4905-
info-gov-maturity-model-svo.pdf (accessed July
30, 2014).
Franks, P. C. Records and Information Manage­
ment. Chicago: ALA-Neal Schuman, 2013, 29,
321,326.
Gartner. “Information Governance.” IT Glossary,
2013. www.gartner.com/it-glossary/information-
govemance (accessed July 30, 2014).
232 Information Management
Murphy, B. “What Is Information Governance?”
eDiscovery Journal (blog), March 22,2010. http://
ediscoveryjoumal.com/2010/03/what-is-informa-
tion-govemance.
National Health Service. Information Governance
Toolkit. Department o f Health, England, n.d.
www.igt.hscic.gov.uk (accessed July 30, 2014).
IN FO RM A TIO N M ANAGEM ENT
The nature of information management as a disci­
pline is subject to debate. Information management
is a contested concept, with the meaning varying
according to the occupational group claiming own­
ership of it. Its origins can be traced back to the
early twentieth century; reflecting on this historical
development provides some insight into the current
situation.
The Concept
The three modem information ages identified by
Ronald Day (2001) provide a useful perspective
from which to view the development of particular
occupational specialties that arose in order to ad­
dress specific problems encountered in managing
information. The first information age occurred in
the late nineteenth century and resulted in the spe­
cialty of documentation to manage the explosion
of documents in the late nineteenth century. From
about 1920 in Europe the term “documentation”
was used as a comprehensive one encompassing
bibliography, records management, and archival
work (Buckland 1997). Two leading figures in the
Institut International de Bibliographie (renamed
the International Federation for Documentation in
1935), Paul Otlet and Frits Donker Duyvis, showed
an integrative view of the management of informa­
tion resources of a variety of types and in a variety
of contexts, including the office as well as library
(Buckland 1998).
Williams (1998) describes special librarians as the
first documentalists in the United States and quotes
Ethel Johnson in 1915 distinguishing special libraries
from public libraries by emphasizing the key role of
information: “The main function of the general library
is to make books available. The function of the special
library is to make information available” (174).
In the United States, information science even­
tually superseded documentation as the preferred
term, and the American Documentation Institute,
founded in 1937, changed its name to the American
Society for Information Science in 1968 (Buckland
1999), eventually becoming the American Society
for Information Science and Technology. It has been
suggested that the terms information management
and information science can be used interchange­
ably, with either being today’s manifestation of
documentation (Buckland 1999).
The second information age occurred in the mid­
twentieth century. The formation of records man­
agement as a distinct profession has been linked
to the need to manage the immense proliferation
of documents in North America post World War
II (Duranti 1989). Today, in the third information
age, there is a tendency for records managers to
emphasize their role as information managers. For
instance, the Records Management Association of
Australasia has rebranded itself as “Records and
Information Management Professionals Austral­
asia.” However, corporate information technology
professionals may also often refer to themselves as
information managers. Librarians also continue to
refer to themselves as information managers.
The consequence of these multiple claims for ju­
risdiction over the domain is that the scope and range
of information management can be defined too nar­
rowly, or if broadly, the purposes for which different
information types need to be managed may not be
recognized. A major contributing factor to the ambi­
guity associated with information management is the
absence of a robust and coherent theoretical basis.
The information continuum model that was de­
veloped as a teaching tool by academics at Monash
University has the potential to clarify the ambiguity.
The model is briefly described as part of a suite of
continua (Upward 2000) and provides a theoretical
framework that unifies approaches to information
management. It is applicable to all information
management specialisms and facilitates more in-
depth analysis of occupational roles. It has been
applied in various settings, including to assess the
sustainability of a community information network
(Schauder et al. 2005), to investigate information
culture (Oliver 2004) and in the development of
a university-wide information strategy and digital
repository (Treloar et al. 2007).