Professional Documents
Culture Documents
Developing A Standards-Based Records Management Program: Frank Mcgovern Product Marketing Engineer
Developing A Standards-Based Records Management Program: Frank Mcgovern Product Marketing Engineer
Developing A Standards-Based Records Management Program: Frank Mcgovern Product Marketing Engineer
Agenda
NARA
4
Simultaneous attention to People, Process and Technology Integrating Records Management into an Organizations Business Processes and IT Governance and Applications
NARA
5
Defining a Record
Evidence of operations
Has value requiring retention for a specific period of time Regardless of recording format, medium or characteristics
6
Characteristics of a Record
Authenticity It is what is says it is. Reliability It can be trusted as a full and accurate representation of the transactions or facts.
ISO 15489
7
Supports event and time based retention rules Structured file plan organizes records and manages, enforces complex policies/rules
Preserves records over time and ensures reliability Ensures record access, retrieval and usefulness Prevents unauthorized deletion
VERS
DOMEA
MOREQ
10
DoD 5015.2
RM Software Certification and Testing Program DoD certification required for software sales to Department of Defense, National Archives and Records Administration (NARA), federal government agencies De facto industry standard Key Sections Definitions Mandatory Requirements
General Detailed
45 Vendors/Products Scheduled
Important standard, gaining momentum throughout world Framework for records program design in many industries
13
Key Points
Impact
UK National Archives has formally adopted ISO 15489
15
Focus on the functional requirements for electronic records management systems390 requirements Key areas:
Classification Schemes Controls and Security Retention and Disposal Capturing Records Referencing Searching, Retrieval, and Rendering Administrative Functions
16
Describes
Retention and Disposition IAW Records Retention Schedule Acceptable Use Access and Retrieval Appropriate Security Measures Network Security Protection of Confidential Information Identification and Protection of Vital Records Remote Access Back-Up Metadata Capture Audit Trails Anti-Virus Protection
No certification program
17
Specifies methods to capture records from desktop and business systems Specifies ways to capture meta data
Preserves contextual relationships
18
DOMEA (Germany)
Completeness, integrity and authenticity of official records, to guard against official documents being altered, changed, removed, destroyed or deleted. The records principle of public administration, i.e., documents are organized in subject files. Maintenance of adequate and proper documentation for accountability and lawfulness of administrative procedures.
19
RM Standards Summary
RM STANDARDS Products DoD 5015.2* VERS* DOMEA* MOREQ* Program ISO 15489 ANSI/ARMA 9-2004
20
Applies to the management of records, in all formats or media, created or received by any public or private organization in the conduct of its activities, or any individual with a duty to create and maintain records organizations for records and records policies, procedures, systems and processes
Provides guidance on determining the responsibilities of Provides guidance on records management in support of a
quality process framework to comply with other ISO standards
Developing Policies and Procedures Formulating Records Management Strategies Designing the Records Management Program Elements Implementing the Solution Establishing Processes and Controls Programs to Monitor and Audit the Program Training the Organization of RM Policies and Procedures
22
Develop/Review Policies and Responsibilities Strategic Planning, Program Design and Implementation Develop Records Processes and Controls Monitoring and Auditing Requirements Planning and Executing Training Programs
23
Documents Policies and Procedures Performed in the Normal Course of Business Authorized by Highest Level in the Organization
Requires Employees to Declare Records Ensure Records Created as Part of the Process Provide Transparent or Easy Access Provide Protection of Records Enforces Records Disposition Policies
24
Policy
Design
Standards
Implementation
25
Identify Records Requirements Assess Existing Systems Develop Strategies for Meeting Records
Requirements
Design the Records System Implement the Records System Perform Post-Implementation Review
26
Instruments of Control Classification Scheme Based on Business Processes Disposition Processes Security and Access Controls Analyze Regulatory Requirements Perform Risk Analysis Identify Employ and User Permissions
Classify Business Activities Create Thesaurus, Glossary Establish Records Disposition Authority Determine Documents/Objects to Classify as Records Develop Retention Schedules
27
28
29
Patriot Act
Basel II
HIPAA
SOX
30
Hours of Operation Manual Access Points Percentage of Records correctly declared Percentage of Records correctly classified Size of Holdings (i.e. number of records) Automated
Manual
Periodic Audit
High
Accuracy
Manual
Periodic Audit
High
Measure of Quality
Capacity
Automated
System
Low
No indication of Quality Purely subjective but indicative of success and acceptance of electronic records management
Efficiency
Survey
High
31
Participation
Manual Manual
Medium Medium Low for one system, high across the enterprise Low Low
Productivity
Automated
System
Automated Automated
System System
Automated Automated
System System
Low Low
Automated
System
Low
Metric Throughput (i.e. transactions per hour or per unit of time) Response Time (i.e. time to retrieve a record) Availability (i.e. system uptime) User satisfaction rating
Com m ents
Measures IT performance not success of ERM Measures IT performance not success of ERM Measures IT performance not success of ERM Nearly universal metric for ERM exemplars
System
User Satisfaction
33
Legal
Numbers and types of process violations that are Semi-Automatic System caught, missed, and/or are attempted Fraction of the inventory of electronic records Semi-Automatic System w ithin an ERM system that is in the w rong state
Medium
Medium-High
Indicative of the quality of the processes and services provided w ithin an ERM system
34
35
Key Take-Aways
Records Management is a journey RM Software applications are tools, not a substitute for policy
36