2005-12-13 AWP Presentation - Records Mgmt Stds

8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds

1/36

Developing a Standards-Based Records

Management ProgramFrank McGovern

Product Marketing Engineer


2/36

2

Agenda

Trends and Challenges in RM

Defining and Positioning RM

Overview of Relevant RM Standards

Using ISO 15489

Key Take-Aways


3/36

3

Records Management Trends

Decline in number of staff specializing in filing

Investment in Software functionality that creates records isgrowing

Mission critical records are often not sharable, retrievable oruseable

Copies proliferate; data conflicts or is unreliable

Email often replaces phone conversations, meetings and formalwritten communication

Instant Messaging increasingly replaces email

Litigation and discovery costs skyrocketing

Authenticity is questioned

Premature destructionNARA


4/36

4

The Challenge of Electronic Records

AuthenticityOver Time

Variety4,800+ Different Types of E-Record Formats

ComplexityIncreasingly Sophisticated Formats

VolumeVast Quantities of Records

ObsolescenceConstantly Changing Technology

User ExpectationsEvolving, Unrelenting

NARA


5/36

5

Effective Records Management:

Simultaneous attention to People, Process andTechnology

Integrating Records Management into an

Organizations Business Processes and ITGovernance and Applications

NARA


6/36

6

Defining a Record

Recorded information

Made or received by an organization

Regarding legal obligations or transactions

Evidence of operations

Has value requiring retention for a specific period of

time

Regardless of recording format, medium or

characteristics


7/367

Characteristics of a Record

AuthenticityIt is what is says it is. ReliabilityIt can be trusted as a full and accurate

representation of the transactions or facts.

IntegrityIt is complete and unaltered.

UsabilityIt can be located, retrieved, presented and

interpreted

ISO 15489


8/368

RM from 10,000 Feet

Supports event and time based retention rules Structured file plan organizes records and manages,

enforces complex policies/rules

Enables legal holds, facilitates audit and electronicevidence discovery

All processes are audited and managed

Ensures record authenticity, integrity and contextual

relationships


9/369

RM from 10,000 Feet

Preserves records over time and ensures reliability Ensures record access, retrieval and usefulness

Prevents unauthorized deletion

Ensures timely disposition and complete record

expungement

Ensures privacy and record security policy

management

Supports physical records


10/3610

Records Management Standards

DoD Standard 5015.2 ISO Standard 15489

ANSI/ARMA 9-2004

VERS

DOMEA

MOREQ


11/3611

DoD 5015.2

RM Software Certification and Testing Program

DoD certification required for software sales to Department ofDefense, National Archives and Records Administration(NARA), federal government agencies

De facto industry standard

Key Sections Definitions

Mandatory Requirements

General

Detailed Non-Mandatory Features

Requirements defined by the Acquiring Organizations Other Useful Features

Classified (Secret) Records


12/3612

Impact of DoD 5015.2 Standard

Adoption and recognition by vendor community 50+ Vendors/Products Currently Certified

Standalone (RM only) Product pairings (RM + ECM Suite) Multiple Versions (Certification valid for 2 years)

Multiple Environments (Oracle/MS SQL/DB2) 45 Vendors/Products Scheduled

Mandatory for most government opportunities

Mandatory/highly desirable for most Fortune 1000

Companies and others

FileNet Records Manager is certified (Chapter 2)


13/3613

ISO Standard 15489

Information and Documentation, Records Management Part IGeneral

Part IIGuidelines

Important standard, gaining momentum throughout

world

Framework for records program design in many

industries


14/3614

Key Points

Principles of Records Management Programs Determining which records should be created

Deciding form and structure

Metadata requirements

Retrieval requirements How to organize records

Assessing risks

Preserving records

Complying with legal and regulatory requirements Security

Records retention

Improvement opportunities


15/3615

Impact

UK National Archives has formally adopted ISO 15489

Embraced in many UK FOI deployments

Foundation for US NARAs Strategic Redesign of RM

Adopted by Australian Federal Government

Used by Auditor General to monitor Government performance

Translated in many Languages

Recognized by ARMA

Basis of FileNets RM Best Practices


16/3616

MOREQ (European Union)

Model Requirements for the Management of ElectronicRecords

Focus on the functional requirements for electronic

records management systems390 requirements

Key areas: Classification Schemes

Controls and Security

Retention and Disposal

Capturing Records

Referencing Searching, Retrieval, and Rendering

Administrative Functions


17/3617

ANSI/ARMA 9-2004Email Standard

Requirements for Managing Electronic Messages asRecords Describes

Retention and Disposition IAW Records Retention Schedule Acceptable Use Access and Retrieval Appropriate Security Measures Network Security Protection of Confidential Information Identification and Protection of Vital Records Remote Access Back-Up Metadata Capture Audit Trails Anti-Virus Protection

No certification program


18/3618

VERS Standard (Australia)

Victorian Electronic Records Strategy Generic, extensible standard

Works with existing recordkeeping and business practices

Ensures records preservation

Enable viewing of records in the future, regardless of systems thatcreated them

Specifies methods to capture records from desktop and

business systems

Specifies ways to capture meta data

Preserves contextual relationships

Details audit trail methodologies so that changes to

records are detectable


19/3619

DOMEA (Germany)

Document Management and Electronic Archiving RM for case files Governs

Completeness, integrity and authenticityof official records,to guard against official documents being altered, changed,removed, destroyed or deleted.

The records principleof public administration, i.e.,documents are organized in subject files.

Maintenance of adequate and proper documentation foraccountability and lawfulnessof administrative procedures.


20/3620

RM Standards Summary

*Formal Certification Programs

Products Program

DoD 5015.2* ISO 15489

VERS* ANSI/ARMA 9-2004DOMEA*

MOREQ*

RM STANDARDS


21/3621

ISO 15489 - Part 1 General

Applies to the management of records, in all formats or media,

created or received by any public or private organization in the

conduct of its activities, or any individual with a duty to create

and maintain records

Provides guidance on determining the responsibilities oforganizations for records and records policies, procedures,

systems and processes

Provides guidance on records management in support of a

quality process framework to comply with other ISO standards

Provides guidance on the design and implementation of a

records system


22/36

22

ISO 15489Part 2 Guideline

Provides guidance on implementing the policies andprocedures in Part 1

Developing Policies and Procedures

Formulating Records Management Strategies

Designing the Records Management Program Elements

Implementing the Solution

Establishing Processes and Controls

Programs to Monitor and Audit the Program

Training the Organization of RM Policies and Procedures


23/36

23

Steps to Sound Records Management

Develop/Review Policies and Responsibilities

Strategic Planning, Program Design and

Implementation

Develop Records Processes and Controls

Monitoring and Auditing Requirements

Planning and Executing Training Programs


24/36

24

Develop/Review Policies and Responsibilities

Develop Records Management Policy Statements Documents Policies and Procedures Performed in the

Normal Course of Business

Authorized by Highest Level in the Organization

Define Responsibilities and Program Authorities

Requires Employees to Declare Records

Ensure Records Created as Part of the Process

Provide Transparent or Easy Access

Provide Protection of Records

Enforces Records Disposition Policies


25/36

25


Implementation

Step A:

Conduct

preliminary

investigation

Step B:

Analyze

business

activity

Step C:

Identify

requirements

for records

Step E:

Identify

strategies to

satisfy

requirements

Step F:

Design

records

system

Policy

Standards Implementation

Design

Step D:

Assess

existing

systemsStep H:

Conduct post-

implementation

review

Step G:

Implement

records

systems


26/36

26


Implementation

Conduct Preliminary Investigation

Analyze Business Activities and

Processes

Identify Records Requirements

Assess Existing Systems

Develop Strategies for Meeting Records

Requirements

Design the Records System Implement the Records System

Perform Post-Implementation Review


27/36

27

Develop Records Processes and Controls

Instruments of Control Classification Scheme Based on Business Processes

Disposition Processes

Security and Access Controls

Analyze Regulatory Requirements

Perform Risk Analysis Identify Employ and User Permissions

Classify Business Activities

Create Thesaurus, Glossary

Establish Records Disposition Authority

Determine Documents/Objects to Classify as Records

Develop Retention Schedules


28/36


29/36

29

Monitoring and Auditing Requirements

Identify Requirements forCompliance Auditing

Determine what Evidential Weight

is Necessary

Develop Performance Metrics and

Monitoring and ReportingProcesses


30/36

30

Auditing and Monitoring

SOX

PatriotAct

H

IPAA

CAD

atabase

Prote

ctionAct

BaselII

Business and Messaging Apps

Records Management

Policies, Controls and Process

Evidence and Proof


31/36

31


MeasurementCategory

Metric CaptureMethod

CaptureMedium

CaptureBurden

Comments

Hours of Operation Manual Periodic Audit LowAlmost certainly greatly improved

w ith automation

Access Points Automated System LowAlmost certainly greatly improved

w ith automation

Percentage of

Records correctly

declared

Manual Periodic Audit High Measure of Quality

Percentage of

Records correctly

classified

Manual Periodic Audit High Measure of Quality

Capacity

Size of Holdings

(i.e. number of

records)

Automated System Low No indication of Quality

EfficiencyEase of performing

daily tasksManual Survey High

Purely subjective but indicative of

success and acceptance of

electronic records management

Access to

Services

Accuracy

August 2004 Industry Advisory Council White Paper


32/36

32

Auditing and MonitoringMeasurement

Category Metric

Capture

Method

Capture

Medium

Capture

Burden Comments

Number of Seats Automated System Low No indication of Quality

Number of PeopleDeclaring Records

Manual Live Oversight Medium Indicative of Acceptance of theSystem

Number of People

Classifying

Records

Manual Live Oversight MediumIndicative of Acceptance of the

System

Number of People

Retrieving RecordsManual Live Oversight Medium

Indicative of Acceptance of the

System

Productivity

Number of

RequestsProcessed Each

Week

Automated System

Low for one

system, highacross the

enterprise

Diff icult to measure enterprise-w ideacross multiple processes

System Search

TimeAutomated System Low No indication of Quality

System Retrieval

TimeAutomated System Low No indication of Quality

Number of

SuccessfulSearches

Automated System Low

Diff icult to interpret; returned result

is not necessarily the desired result

Number of Search

IndexesAutomated System Low

Indicator of complexity and therefore

ease of use

Number of

Classification

Categories

Automated System LowIndicator of complexity and therefore

ease of use

Participation

Search andRetrieval



33/36

33


Measurement

Category Metric

Capture

Method

Capture

Medium

Capture

Burden Comments

Throughput (i.e.

transactions per

hour or per unit oftime)

Automated System LowMeasures IT performance not

success of ERM

Response Time (i.e.

time to retrieve a

record)

Automated System LowMeasures IT performance not

success of ERM

Availability (i.e.

system uptime)Automated System Low

Measures IT performance not

success of ERM

User

Satisfaction

User satisfaction

rating Manual Survey HighNearly universal metric for ERM

exemplars

System



34/36

34


Measurement

Category Metric

Capture

Method

Capture

Medium

Capture

Burden Comments

Number of People

Retrieving RecordsAutomated System Low


System, no indication of success or

satisfaction

Virtual Visitors Automated System Low


System, no indication of success or

satisfaction

Numbers and types

of processviolations that are

caught, missed,

and/or are

attempted

Semi-Automatic System Medium

Measure of accuracy and quality ofthe ERM processes w ith potential

legal w eight, significance, and

bearing

Fraction of the

inventory of

electronic recordsw ithin an ERM

system that is in

the wrong state

Semi-Automatic System Medium-High

Indicative of the quality of the

processes and services provided

w ithin an ERM system

Utilization

Legal



35/36

35

Planning and Executing Training Programs

Identify Records Management Training Requirements for the

Organization

Determine the Personnel that Must be Trained Managers, including senior managers,

Employees,

Contractors,

Volunteers,

Other personnel who have a responsibility to create or use records

Provide Records Management Professionals Training

Determine Training Methods

Evaluate Effectiveness of Training


36/36

Key Take-Aways

Records Management is a journey RM Software applications are tools, not a substitute

for policy

The ISO Standard 15489 serves as an excellent modelfor an RM program

2005-12-13 AWP Presentation - Records Mgmt Stds

Documents

Transcript of 2005-12-13 AWP Presentation - Records Mgmt Stds