This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
RecordRecordmakingmaking vs. vs. RecordRecordkeepingkeeping Systems: Making Systems: Making Sure IT Doesn’t Get Blindsided Sure IT Doesn’t Get Blindsided
Rick Barry, Principal, Barry Rick Barry, Principal, Barry AssociatesAssociates
About “About “RecordRecordmakingmaking vs. Record vs. Recordkeepingkeeping Systems: Systems: Making Sure IT Doesn’t Get Blindsided”Making Sure IT Doesn’t Get Blindsided”
Major systems that produce recordsMajor systems that produce records—record—recordmakingmaking systems systemsHow these relate to systems that How these relate to systems that properly manage records—properly manage records—recordrecordkeeping keeping systemssystemsOptions for getting them into lineOptions for getting them into lineHow compliance requirements and How compliance requirements and standards can helpstandards can helpFutures Futures
StatsStatsStatsStats: : Indicative trends; Hide standard deviationsIndicative trends; Hide standard deviationsInformation productionInformation production:: World population: 6.3 billion. ~ 800 MB of recorded World population: 6.3 billion. ~ 800 MB of recorded information produced p.c., p.a. Equivalent: ~ 30’books information produced p.c., p.a. Equivalent: ~ 30’books Print, film, magnetic, optical storagePrint, film, magnetic, optical storage media produced ~ 5 exabytes of new info in media produced ~ 5 exabytes of new info in 2002. 92% magnetic media—mostly HDs 2002. 92% magnetic media—mostly HDs 1 exabyte = 1024 petabytes, each of which = 1024 terabytes1 exabyte = 1024 petabytes, each of which = 1024 terabytes 5 exabytes? If digitized with full formatting, the 17,000,000 books in the Library of 5 exabytes? If digitized with full formatting, the 17,000,000 books in the Library of
Congress contain about 136 terabytes; 5 exabytes is equivalent to info contained Congress contain about 136 terabytes; 5 exabytes is equivalent to info contained in 37,000 new libraries the size of Library of Congressin 37,000 new libraries the size of Library of Congress
EmailEmail:: Average users in US spend 25+ hrs per month on Internet at home and 74 Average users in US spend 25+ hrs per month on Internet at home and 74 hours at work. 19% use to do research for work hours at work. 19% use to do research for work IMIM:: 31% U.S. business Internet users used IM >/ once in May ‘02 31% U.S. business Internet users used IM >/ once in May ‘02 WWWWWW:: 2000 estimated public (surface) Web volume: 20 to 50 terabytes; 2003 2000 estimated public (surface) Web volume: 20 to 50 terabytes; 2003 measured volume: 167 terabytes - 3X BrightPlanet estimates deep web ~ 66,800 measured volume: 167 terabytes - 3X BrightPlanet estimates deep web ~ 66,800 and 91,850 terabytes.and 91,850 terabytes.BlogsBlogs: 2003: : 2003: ~ 2.9 million active weblogs containing about 81 GB~ 2.9 million active weblogs containing about 81 GBSource: “How Much Information? 2003,” UC Berkeley's School of Information Management and Systems, Source: “How Much Information? 2003,” UC Berkeley's School of Information Management and Systems, http://www.sims.berkeley.edu/research/projects/how-much-info-2003/execsum.htmhttp://www.sims.berkeley.edu/research/projects/how-much-info-2003/execsum.htm
Create documentation that meet Create documentation that meet commonly accepted definitions of recordscommonly accepted definitions of recordsVirtually all digital systems used to create, Virtually all digital systems used to create, communicate and record business in communicate and record business in support of business processes (BPs)support of business processes (BPs)Human to humanHuman to humanHuman to systemHuman to systemSystem to system System to system System to humanSystem to human
Survey of IT Directors Survey of IT Directors AssociationAssociation
23 CIOs, CTOs, IT Directors of South Carolina 23 CIOs, CTOs, IT Directors of South Carolina State AgenciesState AgenciesWhat functions and systems were they What functions and systems were they responsible for?responsible for?What kind of systems had their organizations What kind of systems had their organizations implemented?implemented?What did they see as the major issues, including What did they see as the major issues, including electronic recordelectronic record
E-recs tied for 2E-recs tied for 2ndnd place among concerns place among concernsAbout 30% felt that the balance in their org was too About 30% felt that the balance in their org was too much on IT, too little IMmuch on IT, too little IMAbout 90% responsible for IM, 70% RM and ~½ for About 90% responsible for IM, 70% RM and ~½ for web contentweb contentNearly all operating websites & intranets; few had Nearly all operating websites & intranets; few had EDMS, ERP systems or EDMS+ (EDMS + 5015) EDMS, ERP systems or EDMS+ (EDMS + 5015) Directors with RM responsibility for RM saw e-recs Directors with RM responsibility for RM saw e-recs as major issueas major issueDirectors without RM responsibility saw e-recs as a Directors without RM responsibility saw e-recs as a minor or no issueminor or no issueResponsibility for e-recs brings respect for issuesResponsibility for e-recs brings respect for issues
RecordRecordkeepingkeeping Systems ( Systems (RRKKS)S)
ISO 15489 defines “records” as: “information ISO 15489 defines “records” as: “information created, received, and maintained as evidence created, received, and maintained as evidence and information by an organization or person, in and information by an organization or person, in pursuance of legal obligations or in the pursuance of legal obligations or in the transaction of business” with following transaction of business” with following characteristics: authenticity, integrity and characteristics: authenticity, integrity and usability. usability.
It defines “records system”: information system It defines “records system”: information system which captures, manages and provides access which captures, manages and provides access to records through time.to records through time.
RecordRecordkeepingkeeping Systems ( Systems (RKS)RKS) Most, not all, business communications = recordsMost, not all, business communications = recordsWhat characterizes records? Content, context, structure. What characterizes records? Content, context, structure. Not Not
technology platformtechnology platform..Importance of the BP determines the value of records they Importance of the BP determines the value of records they
produce.produce.Assessment of BPs is how:Assessment of BPs is how: value is determinedvalue is determined disposition management policy is applieddisposition management policy is applied
Keep or not? If so, how long? Specified # yrs/Indefinite?Keep or not? If so, how long? Specified # yrs/Indefinite? disposition is carried outdisposition is carried out
All records can constitute legal evidence. They can also be All records can constitute legal evidence. They can also be challenged as legal evidence.challenged as legal evidence.
Trustworthy RecordTrustworthy Recordkeepingkeeping Systems Systems
Systems with robust archives & records management Systems with robust archives & records management (ARM) functionality for records capture, maintenance of (ARM) functionality for records capture, maintenance of integrity, long-term preservation & disposition integrity, long-term preservation & disposition management: Univ.of Penn. Functional Requirements management: Univ.of Penn. Functional Requirements for Evidence in Recordkeeping: for Evidence in Recordkeeping: http://web.archive.org/web/20000818163633/www.sis.pitt.edu/~nhprc Trustworthy Electronic Recordkeeping SystemsTrustworthy Electronic Recordkeeping Systems are are generally accepted as maintaining the integrity, generally accepted as maintaining the integrity, accuracy, authenticity and accessibility of electronic accuracy, authenticity and accessibility of electronic records.records. Information Nation, Seven Keys to Information Management Information Nation, Seven Keys to Information Management
ComplianceCompliance, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004 ““Best Practices for Document Management in an Emerging Digital Best Practices for Document Management in an Emerging Digital
Environment” by R.Barry,1994, www.mybestdocs.com, Other Environment” by R.Barry,1994, www.mybestdocs.com, Other Papers sectionPapers section
Ergo:Ergo:A trustworthy recordkeeping system:A trustworthy recordkeeping system:Maintains and permits continuing management of Maintains and permits continuing management of
records in a manner consistent with rigorous records in a manner consistent with rigorous recordkeeping requirements and standardsrecordkeeping requirements and standards
Maximizes likely acceptance as evidence Maximizes likely acceptance as evidence
A records management application (RMA) is the A records management application (RMA) is the software component of a broader recordkeeping software component of a broader recordkeeping regime to facilitate management of recordsregime to facilitate management of records
DoD 5015.2 Records Management DoD 5015.2 Records Management Applications standard Applications standard
Meets minimal requirements for trustworthy Meets minimal requirements for trustworthy recordkeepingrecordkeeping
Recommended by Archivist of US for all Recommended by Archivist of US for all federal agencies federal agencies www.archives.gov/records_management/policy_and_guidance/bwww.archives.gov/records_management/policy_and_guidance/b
ulletin_2003_03.html ulletin_2003_03.html Most portions are applicable to private sectorMost portions are applicable to private sectorAbout 60 products, product partnerships About 60 products, product partnerships
certified under 5015.2 certified under 5015.2 http://jitc.fhu.disa.mil/recmgt http://jitc.fhu.disa.mil/recmgt
RMAs shall provide capabilities to:RMAs shall provide capabilities to: Define file plan - record categories/series and their associated Define file plan - record categories/series and their associated
disposition schedulesdisposition schedules
Identify/declare records, provide contextIdentify/declare records, provide context
Store, preserve, protect electronic recordsStore, preserve, protect electronic records
Search for and retrieve electronic recordsSearch for and retrieve electronic records
Track records’ disposition schedule statusTrack records’ disposition schedule status
Beyond 5015.2 (V2 June 2002)Beyond 5015.2 (V2 June 2002)
Possible topics for inclusion in V3Possible topics for inclusion in V3Incorporation of standard data elementsIncorporation of standard data elementsInteroperability within enterprise Interoperability within enterprise
environment/among disparate RMAsenvironment/among disparate RMAsManual transfer of electronic records to NARAManual transfer of electronic records to NARADirect transfer of electronic records to archivesDirect transfer of electronic records to archivesMinor changes in security section reflecting recent Minor changes in security section reflecting recent
amendment to Executive Order on national securityamendment to Executive Order on national securityMigration of some non-mandatory features to Migration of some non-mandatory features to
mandatory, e.g., extraction/redaction, more DMmandatory, e.g., extraction/redaction, more DM
Increased focus on BPs as links between strategic aims & Increased focus on BPs as links between strategic aims & assets: human, financial, facilities, technology, information assets: human, financial, facilities, technology, information More multi-national/international business transactions & More multi-national/international business transactions & operationsoperationsGreater emphasis on post-911 info security needsGreater emphasis on post-911 info security needsFurther globalization of business transactions under Further globalization of business transactions under multiple RK/FOI practices and lawsmultiple RK/FOI practices and lawsContinued concerns over privacy issuesContinued concerns over privacy issues
Legals:Legals:Growing court discovery judgments—e-recordsGrowing court discovery judgments—e-recordsEfforts to harmonize e-bus laws/regulations internationallyEfforts to harmonize e-bus laws/regulations internationallyDe facto changes in business law definitions of records by De facto changes in business law definitions of records by lawyers with no ARM backgroundlawyers with no ARM background
Tighter integration of BP & technologyTighter integration of BP & technology Greater consolidation of business-process based: records, Greater consolidation of business-process based: records,
compliance, information security and risk managementcompliance, information security and risk managementMore standards: IM, RM, IT; increased use of open source More standards: IM, RM, IT; increased use of open source platforms (Linux www.linux.org/, OpenReader platforms (Linux www.linux.org/, OpenReader www.openreader.com) www.openreader.com) Ubiquitous recordkeepingUbiquitous recordkeepingBurgeoning of wireless, natural language and video business Burgeoning of wireless, natural language and video business applications. More multimedia records applications. More multimedia records Computer-aided records detection, capture, classificationComputer-aided records detection, capture, classificationMore advanced personal electronic records toolsMore advanced personal electronic records toolsBusiness, government take-up of hip technologies—IM, blogs, Business, government take-up of hip technologies—IM, blogs, integrated mobile phones/PDAs, game technologies for business integrated mobile phones/PDAs, game technologies for business purposes purposes
Technology doesn’t (yet) change ‘recordness’ of Technology doesn’t (yet) change ‘recordness’ of documents/objectsdocuments/objectsTechnology dramatically changes the ways we Technology dramatically changes the ways we must must managemanage records records‘‘Hands-off’ recordmaking by computersHands-off’ recordmaking by computersLocation-independent computing – universal Location-independent computing – universal workspaceworkspaceRecords created in homes, hotels, temporary offices & Records created in homes, hotels, temporary offices &
outsourced organizationsoutsourced organizationsEmployees need remote access to records; security Employees need remote access to records; security Workers need records in different renditions/formats Workers need records in different renditions/formats
ARM ImplicationsARM ImplicationsLarge-scale system replacement of legacy recordmaking Large-scale system replacement of legacy recordmaking systemssystems1 ERP supplants many legacy ‘paperful’ systems1 ERP supplants many legacy ‘paperful’ systemsSystems producing massive volumes of records without Systems producing massive volumes of records without own recordkeeping capabilitiesown recordkeeping capabilitiesWeb pages very dynamicWeb pages very dynamicPublic- or customer-facing Web pages often reflect Public- or customer-facing Web pages often reflect changing enterprise understandings or commitments to changing enterprise understandings or commitments to public or other clients. Often only place where records exist public or other clients. Often only place where records exist ((See “Web Sites as Recordkeeping and “Recordmaking” Systems, See “Web Sites as Recordkeeping and “Recordmaking” Systems, by R.E. Barry, by R.E. Barry, Information Management Journal, Information Management Journal, Nov/Dec 2004.) Nov/Dec 2004.)
New systems may use email/instant mail interface; no New systems may use email/instant mail interface; no humans involved humans involved Records produced but not managed = riskRecords produced but not managed = risk
CEOsCEOsGet up on top of the issues. Number of stakeholders requires CEO to Get up on top of the issues. Number of stakeholders requires CEO to make it happen.make it happen.Put recordkeeping on your strategic agenda. Take another look at Put recordkeeping on your strategic agenda. Take another look at organization/staffing of ARMorganization/staffing of ARMCall for risk analysesCall for risk analyses Revisit Y2K risk analyses, auditsRevisit Y2K risk analyses, audits Do it in-house: See “Best Practices” paper with checklist at Do it in-house: See “Best Practices” paper with checklist at www.mybestdocs.comwww.mybestdocs.com in in
Other Papers Other Papers
Provide management mandate to make high-risk recordProvide management mandate to make high-risk recordmakingmaking systems systems into trustworthy recordkeeping systems into trustworthy recordkeeping systems Build alliances to keep you informed of risks, options Build alliances to keep you informed of risks, options Representative program managers, CIO, ARM manager, general counsel, auditor, Representative program managers, CIO, ARM manager, general counsel, auditor,
facility manager facility manager Adopt as enterprise standards:Adopt as enterprise standards:
ISO 15489 for regime-level records management ISO 15489 for regime-level records management DoD 5015.2 for ECM system-level records managementDoD 5015.2 for ECM system-level records management Metadata, document-access standardMetadata, document-access standard Others standards and regulations appropriate to businessOthers standards and regulations appropriate to business
StandardsStandardsUnlike laws, regulations, standards are voluntarily adopted or mandated by Unlike laws, regulations, standards are voluntarily adopted or mandated by organizations as policyorganizations as policyISO 15489 Records Management Standard—broad recordkeeping ISO 15489 Records Management Standard—broad recordkeeping regimeregime standardstandard5015.2 Records Management Applications (RMA) Standard (US DoD)—5015.2 Records Management Applications (RMA) Standard (US DoD)—softwaresoftware standard standardMetadata standards required for information discoveryMetadata standards required for information discovery Dublin Core Dublin Core http://dublincore.org/; http://dublincore.org/; W3C Recommendation 10 Feb 2004 W3C Recommendation 10 Feb 2004
www.w3.org/TR/rdf-primer/ www.w3.org/TR/rdf-primer/ Australian National Archives AGLS MetadataAustralian National Archives AGLS Metadata
ADA Section 508—Americans with Disabilities ActADA Section 508—Americans with Disabilities Act www.section508.gov/ www.section508.gov/
SOX—Sarbanes-Oxley Act of 2002 SOX—Sarbanes-Oxley Act of 2002 www.law.uc.edu/CCL/SOact/soact.pdf www.law.uc.edu/CCL/SOact/soact.pdf www.sec.gov/divisions/corpfin/faqs/soxact2002.htm www.sec.gov/divisions/corpfin/faqs/soxact2002.htm
SEC Rule 17a-4 -- Records to Be Preserved by Certain SEC Rule 17a-4 -- Records to Be Preserved by Certain Exchange Members, Brokers and Dealers Exchange Members, Brokers and Dealers www.law.uc.edu/CCL/34ActRls/rule17a-4.html www.law.uc.edu/CCL/34ActRls/rule17a-4.html
CIOs/ITDs, ARM Managers: Getting CIOs/ITDs, ARM Managers: Getting recordmaking systems into linerecordmaking systems into lineECMS+ECMS+: also tested, certified/approved RMA: also tested, certified/approved RMA Centralized IT is back; but scalability remains an issueCentralized IT is back; but scalability remains an issue
PairingPairing: Port products of ECMS, EDMS, ERP and other : Port products of ECMS, EDMS, ERP and other recordmaking systems into a trustworthy RMA or recordmaking systems into a trustworthy RMA or ECMSECMS++/EDMS/EDMS++ recordkeeping recordkeeping UpgradeUpgrade recordmaking system to become a trustworthy recordmaking system to become a trustworthy RK systems—embed recordkeeping in business RK systems—embed recordkeeping in business processesprocessesHybridHybrid of above of above Whichever way: implement at enterprise IM-IT architecture Whichever way: implement at enterprise IM-IT architecture
levellevel Implement small. Plan enterprise.Implement small. Plan enterprise.
Require bidding documents to require bidders toRequire bidding documents to require bidders to:: Commit to maintain 5015.2 certificationCommit to maintain 5015.2 certification Specify which “Additional Baseline Requirements,” Specify which “Additional Baseline Requirements,”
(C2.2.10) features are supported by its product(s) (C2.2.10) features are supported by its product(s) vs. expected of the user organizationvs. expected of the user organization
Specify other compliance requirements supported Specify other compliance requirements supported by its product(s) by its product(s)
Include costs of data conversion from legacy Include costs of data conversion from legacy information (including electronic records) to information (including electronic records) to proposed systemproposed system