The not-so-recent focus on information governance has generated a renewed interest in records management, records management profession, and the value of records management to the organization. The role is redefined in business to be a strategic resource to the CEO as organizations look to better understand, measure, and manage the unprecedented growth in electronic information and the complexities inherent in determining what information to trust, to keep, to secure, to connect, and of course, to discard.
The recognition of the records manager as key component of information governance, and the focus of information governance as a business enabler, are long overdue. Today, the most critical asset to any organization is its business information and records. Organizations are struggling to use huge volumes of information for better business outcomes. At the same time, the number of high-profile examples of data mismanagement is growing, making the need for proper oversight and use of information key to success.
Defining the Current State of Records Management
- Over the last 10 years, as electronic information has grown to represent 90% of all information, information management strategies have been in reactive mode, responding to gaps in principles and infrastructure exposed by legal or regulatory imperatives.
- Most information management technology investments have also been reactive, stopgap measures designed to address a specific problem, such as electronic discovery.
- Massive adoption of collaboration tools including Sharepoint, the web, and social media has blurred the distinction between content and records and increased risks associated with over retention, information loss, legal and regulatory compliance.
- End-to-end information management automation across electronic and physical records does not exist. If it did, it would allow the enterprise to address record keeping principles intelligently and declare, classify, store, secure, retain, discover, and ultimately dispose of content based on policy and automated, defensible enforcement.
- Poorly architected solutions have turned information assets into liabilities – systems that once satisfied basic requirements laid out decades ago buckle under the increased pressure for interoperability, scalability, end-to-end security, and discoverability. This predicament has fielded unsustainable solutions along with upward spiraling integration costs.
- Progress on establishing an information management strategy, which is essential for mid-size to large enterprises, has been extreme slow. For example, according to the AMA only 1% of all healthcare providers have an electronic records management strategy, and 94% have yet to start planning for the information management requirements of HITECH.
- Records managers cannot get the e-discovery monkey off their backs. Even in 2010, records managers will be consumed with managing e-discovery risk leaving little time for strategic records management programs and activities.
Back to Basic Principles
On the Wikibon Peer Incite call February 16, 2010, the primary organizational message was “get back to the basics” of principles of records management and use these principals as the basis for sound information governance. These principles, originally defined by ARMA International, a not-for-profit professional association and the “authority on managing records and information” are expressed and embellished on below (see [ARMA] for the official versions):
- Accountability - Assign a senior executive who will oversee and be accountable for record keeping program (aka information governance program, or IGP) and delegate program responsibility to appropriate individuals; adopt policies and procedures to guide personnel, and ensure program auditability. Make all business managers accountable for information governance and the records management principles, policies, and costs.
- Integrity - Construct an IGP so that records generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability. Identify technologies and processes that can provide suitable and reasonable guarantees. To do this of course requires an organization to first define and classify the difference between official records and business information.
- Protection - The IGP must ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity. These attributes are the core differentiators when comparing content management to records management systems.
- Compliance - The IGP must be established to comply with applicable and jurisdictional laws, regulations, and the organization’s policies. The challenge for most organizations is not developing policies but instead enforcing these policies across a vast number of information repositories and file systems.
- Availability - The IGP must maintain records in a manner that ensures timely, efficient, and accurate retrieval of needed information, as more and more organizations are turning to information governance and IGP to do more than meet compliance regulations.
- Retention - Maintain records and other information for an appropriate time (and for no longer), taking into account business, legal, regulatory, fiscal, operational, and historical requirements.
- Disposition - An IGP provides for the deletion for records that have no incremental business value or that create liability for the business.
- Transparency - The IGP must be implemented in a defensible, understandable, and efficient manner and be available and understood by internal and external business stakeholders.
Action Item: Get back to basics in records management and understand the clear distinctions between content management and records management. Do the homework to understand the value of having effective records program built on tried-and-true principles. Use these principles as the discipline of your information governance program.