Records Management Education

Intellectual Property Rights, Financial Auditing Pitfalls, Privacy Act Violations, Misplaced/Lost Institutional Records…

These are just a few of the records management issues that are of the utmost concern to CEO’s, corporate shareholders, records management personnel, legal counsel, and Risk Management Committee members.

Today, Records and Information Management (RIM) awareness, accuracy, diligence, accountability and security are all topics of concern for almost every corporation. RIM is no longer an operation that can be arbitrarily assigned or relegated to individuals who do not have a sufficient understanding of the importance of proper records keeping and acceptable records management procedures.

Improper records management can lead to; loss revenue, negative exposure, criminal prosecution and/or legal sanctions. Each has the potential to temporarily cripple and /or permanently topple an organization (as was witnessed by the world with Enron).

The individual charged with spearheading or supporting practical records keeping, and/or records management, initiatives for an organization must possess a thorough understanding of proper procedures to ensure the integrity, while preserving the authenticity, of organizational records. Mitigation of risk and the reduction in negative exposure is directly proportionate to the effectiveness of the corporate records management program.

One thing is for certain, Records Management, which was the once often dismissed, overlooked and undervalued job of almost every company/corporation, has now evolved into one of the most important administrative functions for every organization, regardless of size. Records created as a mechanism for doing business will only continue to increase. Couple this with the fact that existing and/or archived content must be managed as efficiently as new and/or current content, effective methods for the migration of legacy content must be adopted.

As previously noted, the tasks and services associated with RIM have become increasingly complex. Although the original foundation of records management stems from basic origins, one must be astute, remain current with RIM trends and continuously monitor the evolution of the industry to be effective in their job.

The amount of records being produced globally has increased significantly over the last few decades. The requirements for managing records accurately and efficiently are an international concern as well as a necessity. Immerging economies that fuel international business, increasing populations and geographical development are a few examples of areas that require accurate and methodical procedures to manage the volume of records content currently being generated.

As countries modernize and seek to conduct profitable international business, they must establish an effective means for records and content management in order to communicate effectively with partnering countries. The efficient exchange of content and information is the key to supporting and maintaining relationships. Records that are shared and/or exchanged must be recorded accurately and preserved in accordance with international records standards such as ISO 15489; which maintains that diligence must be observed when managing records. Additionally, records must be managed in a uniform fashion to ensure that adequate protection is afforded to facilitate efficient search, location and retrieval.

Following the developed nations, it is also recognized that the citizens of countries emerging from the Third World must be effectively tracked to maintain national security, health care, and support citizen statistical data as well as genealogy. For many countries, the management of these records has historically relied upon manual processes, without any form of electronic support.

RIM technology is proving to be one of the most valuable tools for these fledgling countries. RIM technology enables governmental entities to effectively keep track of their citizens as well as conduct business in a efficient manner, while supporting and broadening modernization and development endeavors.

In the global arena, RIM has clearly evolved as one of the most important facets of modern society. Records content, regardless of content, format and/or location, must be accessible and retrievable.

Recent events, as well as the demand for systematic records control, have given way to the adoption of standards and procedures for the proper management of records content. No longer can an organization afford to be callous in its internal records management procedures.

Due to high profile cases involving Enron, Goldman Sachs & Co, Morgan Stanley, WorldCom, Salomon Smith Barney and numerous others, proper records management has to be taken seriously. The aforementioned investment banks mentioned in this section were fined $8 million dollars; not hardly an insignificant sum! The $8 million dollar fines were a result of improper and insufficient e-mail management. In other words, not preserving e-mail messages in accordance with an established retention schedule.

Regulations for records management cover virtually every industry, while some regulations overlap multiple industries.

RIM regulations cover everything from the creation and active lifecycle management to the destruction of records content. The regulations also mandate the timely access, dissemination, use and reproduction of certain content.

RIM regulations were born out of the need to regulate and control records management procedures to protect against corporate fraud and privacy invasion, as well as preserve vital records.

Records Management procedures are important to every member of an organization. Each individual has a vested interest in the proper management of organizational records whether they realize it or not. This includes, but is not limited to, the management of employee personnel records, company payroll information, insurance/benefits; as well as accounts receivable/payable ledgers, client/customer information, marketing prospectus, profit loss statements, etc.

Vital information is continuously disseminated throughout an organization on any given day, at any given time. In the advent of the electronic age and internet/intranet, accessibility records content flows in one form or another around the clock.

RIM regulations help ensure that corporate/enterprise records content is managed in accordance with municipal and/or federally mandated procedures.

• Federal Rules of Civil Procedure 26 & 34 for electronic records discovery, essentially establishes the way organizations must set aside records that have been subpoenaed for discovery and/or review. This is significant as this rule sets the precedence for the way organizations manage their records.

  December 1, 2006 was an important date for the Records and Information Management Industry as the Federal Rules of Civil Procedures standards were released to establish governance and control for the management and discovery of electronic documents.

  At the time of this writing, Intel is the most recent organization to be affected by the ramifications of improper records management due to the lack of control of their electronic documents. Intel is subject to fines imposed by the courts for not being able to produce electronic in documents in a timely manner as ordered by the courts.

• Sarbanes-Oxley Act. 404.2.: Financial reporting and retention by auditing firms for compliance with the Formal Audit procedures as erected by the PCAOB for accurate and compliant financial reporting as well as tracking purposes dictated by the Federal Government to monitor the internal practices of publicly traded organizations. Although corporations can be fined and/or criminally prosecuted for acts of spoliation and/or for not preserving records as stipulated by the ACT, Sarbanes Oxley does not implicitly specify minimum or maximum term limits for the retention of records.
• C22 standards for imaged document management erected by the Enterprise Content Management Association to establish document imaging standards and specifications for the capture and/or maintenance of electronic documents to standardize the procedures and establish Best Practices Methods.
• NASD 3010 requires that member firms maintain a system to monitor registered representatives including but not limited to public transactions.
• NASD 3110 requires member firms to establish a retention schedule for books and records. The content and records covered under both sections must be preserved in a readable format and readily accessible. Additionally all instant messages sent to clients and employees must be preserved for a minimum time period of three years.
• ISO 15489 International Records Management Standard, adopted by European Countries, stipulates that records management be integrated into business systems and practices. To quote: “The standardization of records management policies and procedures ensures that appropriate attention and protection is given to all records; and that the evidence and information they contain can be retrieved more efficiently and effectively, using standard practices and procedures.”
• SEC Rule 17a lists the standards of retention for brokers and traders as having to preserve records related to trading for a minimum of six years. Correspondence related to the Organizational Entity must be retained for a period of three years. SEC Rule 17a also mandates that all electronic mail must be preserved in WORM format for the same term. The messages must also be indexed and searchable in a concise fashion to facilitate access and retrieval by the SEC and NASD, if required.
• HIPAA Standards adopted for the release and/or control of medical treatment information for current or past patient information. HIPAA also stipulates metrics for the control and accessibility of this information to ensure compliance and security.
• Gramm-Leach Bliley stipulates the control and access to personal financial information. Again, governance and control is the main purpose of the act; to categorize and/or classify information as well as to preserve the integrity of personal data.
• EU Data Protection Directive was erected by the European Parliament to govern the access and control of private and personal data. This directive states that content must be wholly accessible, retained and/or preserved in a secure manner.

RIM Best Practices are records management processes and strategies that are recognized as proven and effective mechanisms for the creation, distribution and/or preservation of physical and electronic records components.

RIM Best Practices methods can be unique to a corporation, enterprise, organization, business unit, department etc. The underlying concept is based on an efficient records management regime which ensures the accessibility of records components.

Organizations benefit immensely by adhering to a uniform set of internal records management rule sets which include retention and final disposition and destruction methods. Efficient records management procedures allow organizations to minimize cost expenditures associated with mismanaged, temporarily and/or permanently lost records components. Additionally, with standardized Best Practice Methods, less time and resources are spent by organizational employees resorting to alternative methods (i.e. e-mail, phone calls, physical searches, etc.) to locate and retrieve records components.

The most significant benefit of employing a best practices schema for the management of organizational records is the institution of control, which establishes security in the process. By doing so, risk is mitigated and legal exposure is effectively reduced.

A comprehensive and procedural records management program is an integral part of any successful business. Systematic control, uniform methods of use, acknowledgement of employees and adherence to organizational policy facilitates compliance; thereby enabling companies to leverage corporate information to its best effect.

Electronic Records Management is commonly referred to as (ERM) or Electronic Records Management System (ERMS). Both acronyms refer to software applications designed and developed with the primary function to manage records information. Even though the name connotes electronic as the primary identifier, ERM and ERMS applications are usually capable of managing both electronic and physical records components. Historically, Records Management Systems (RMS) were only capable of managing physical records by way of manually input records metadata with digital references to the properties of a given physical record item or component.

Bringing forth content from older computer systems to existing and/or new Records Management software applications can be a major undertaking. However, it is necessary to manage old records content in the same fashion as new and/or pre-existing records to establish and guarantee uniform records management methods. The concept behind uniform records management is a single repository based system that governs the access and use of all records regardless of format, type, location and/or age.

To ensure confident control, all records must be managed in accordance with an established corporate/organization-wide records rule set. If records are maintained in multiple repositories and/or server locations, compliance cannot be guaranteed, thus increasing liability and legal exposure.

The problem faced with legacy content migration is ensuring the content is compatible with newer systems and applications. A common dilemma for many organizations is the fact that content can be spread across multiple applications making migration to a single application moderately to extremely difficult. Content migration can also be aided by an in-place retention schedule that will allow you to designate inactive/closed and/or no longer required records for final disposition and/or destruction.

Some organizations are not willing to make the investment of time and resources to appropriately handle legacy content. This scenario presents an internal issue of having to maintain separate records repositories which are by no means confidence inspiring.

Some organizations remedy the situation by utilizing a bridge to link the incumbent systems to the new system. This can work and be satisfying for some, but it is still not as efficient as managing records content within one system from a single repository.

Listed directly below are some RIM Industry resources that can prove invaluable to everyone from the novice records practitioner, professional records manager and/or the individual seeking information and guidance on the many facets of RIM.

AIIM

Formerly known as the Association for Information and Image Management International now referred to as The Enterprise Content Management Association, has six decades of experience in the ECM sector. AIIM provides organizations with valuable insight and knowledge on how to most effectively manage all records content types utilizing automated content management ERMS (Electronic Records Management System) and EDMS (Electronic Document Management System) tools/systems.

In addition, AIIM has a very active and knowledgeable Imaging and Electronic Document advisory board. The EDMS advisory board holds consensus and votes on acceptable standards for the format of electronic documents.

The AIIM Website can be found at: www.aiim.org.

ARMA International

ARMA International is one of the oldest records management organizations in existence. ARMA specializes in establishing best practices records management protocols and procedures. It also enjoys one of the largest membership populations of any Information Management Organization.

Corporate, Government, Municipal and International committees look to ARMA for information to assist their organizations with locating effective records management resources. ARMA is also recognized for hosting the largest annual RIM conference in the world. Additionally, numerous records management publications can be sourced via ARMA’s online bookstore.

More information on ARMA can be found here: www.arma.org.

NARA

National Archives and Records Administration serves as the archivist and governing body and public liaison for official and governmental records; including, but not limited to, records pertaining to the US census, US congress, US Courts, US military, US population history and other records-based information maintained by the US government.

Information for NARA can be found at: www.nara.org.

NAID

National Association for Information Destruction was founded to establish secure, uniform, methods and practices for the destruction of all records regardless of format. NAID members follow strict protocol measures to ensure that records are appropriately certified immediately following records destruction.

More information about NAID and its standards of ethics can be found at: www.naidonline.org.

PRISM International

Professional Records & Information Services Management organization was established in 1980. PRISM is a not-for-profit trade association that supports the commercial records management industry. PRISM serves as the resource and standards committee to vendors who operate commercial offsite records centers, records destruction services, imaging/scanning services, electronic media vaulting, as well as consulting and outsourcing services.

PRISM is an international organization with members in over 40 countries. More information about PRISIM can be found at: www.prismintl.org.

Records and Information Management has entered the modern technological age and many innovative tools now exist to support RIM initiatives. This has not always been the case, as not to many years ago an alphabetically and/or numerically arranged Card Index System was considered de rigueur. One would simply create a new entry on the index card using a pen, pencil or typewriter. All relevant information, including the file information, would be listed on the card an inserted into a card pocket on the file folder pocket. The index card would serve as the identifier displaying all relevant metadata for the file. All movement, including but not limited to, check in/out history, file transfers, etc. would be indicated on the card.

It was very easy to detect a file that was subjected to heavy or frequent activity as its corresponding index card would be completely covered with multiple handwritten and/or typed entries, chronicling its movement. In some instances, several index cards would be affixed to the first original index card to accurately capture the lifecycle of the respective file.

Procedurally, at the end of the active lifecycle, the file would be placed in an inactive file staging area and deactivated. The end of activity date would be listed on the respective index card as well as in a master general records log.

Upon deactivation, the index card would be removed from the file with an applicable status indicated (inactive and/or closed) and placed into a master card index drawer organized numerically, alphabetically, or alphanumerically; depending on organizational preference.

The index drawers would serve as the key reference library for inactive, closed and/or archived legacy files that were separated from the active/live file population in file centers and lateral cabinets. Even today, you will find that original card file index libraries exist in many organizations, and are relied upon to assist corporate employees with locating and retrieving legacy files. In lieu of the technologically superior electronic records systems that exist today, many senior records managers still prefer the old card index system of records management. They maintain the belief that it is safer because index cards are never offline.

However, today we enjoy fully automated records management applications that enable us to perform routine records tasks in mere seconds. To perform the same task utilizing the old card index file systems would require several minutes. Additionally, the efficiency of file index cards are limited to the management of physical records files, as index cards cannot be used to manage electronic records.

ERM systems provide us with the flexibility to manage all records in the same fashion, regardless of format. Additionally, records can be searched, located and requested from outside the office.

Today’s records systems enable organizational control, ensure compliance and preserve records in a uniform and concise fashion. With ERMS applications, records content can be searched and accessed—in electronic form—by multiple users simultaneously. The manual card index system would require generating multiple physical copies of the record to facilitate shared access and review.

Additionally, ERM systems enable organizational personnel to link electronic documents to physical records components. These electronic records can then be managed in unison, under the same rule set, as its physical counterpart. Additionally, physical items or components such as hardcopy paper documents and/or content stored on various forms of electronic media can be attached, converted, imaged and/or scanned directly into electronic records management systems.

For efficient, practical, identification and tracking, barcode technology is recognized as the standard for labeling physical record file components. Label stock with a guaranteed shelf life of 20 years regardless of ambient conditions, ensure that the file description, file number and associated metadata will be readable for the entire lifecycle and retention period of the file record.

Keyboard Wedge Scanners enable records personnel to quickly scan labels, facilitating the selection of file functions such as check out/in, transfer, send offsite, retrieve from offsite, etc.

Portable barcode scanners offer the same functionality as the key board wedge scanners, with the added flexibility of wireless connectivity. Users can perform file audits on the fly, re-assign records and/or components to different locations, send and/or receive records to or from offsite storage locations, etc.

RFID (Radio Frequency Identification) is the newest file tagging technology. RFID compliments physical barcode labels by providing a more rapid type of file recognition. RFID technology, pioneered by 3M Corporation, is based on a radio transmitter chip with integrated memory. The RFID chip (commonly referred to as a tag) contains the file description, file number and associated records metadata that would typically be displayed on a physical file label. An RFID tag is typically used in conjunction with a physical label to provide visual identification for the respective file or record component.

The RFID chip is super efficient as it enables simultaneous file processing, either individually or in bulk. A specially designed portable wireless wand allows personnel to scan the RFID tagged contents of a records storage box using a sweeping motion. Users are not required to have line of sight to read the information of records contained in a box. Additionally, strategically placed transponders enable automated records processing and/or security. i.e. in the event an employee picks up a file and leaves a file center or records staging area with transponders present. Further, if the employee has an electronic employee ID card, the information from his or her employee ID card can automatically be associated with the file components being removed from a file center.

In an environment with RFID technology deployed, routine functions such as check out/in and transfer of file location, are processed automatically as file content is transmitted directly to the records repository (database). RFID presents a significant leap in security as file records movement can be captured in strategic locations throughout the corporate environment.

Records and Information Management is now being recognized as a vital component and core operations function for any organization, regardless of size. As the RIM industry evolves, records management tasks will be made more efficient through the use of technology and, therefore, will be given the same precedence and attention afforded to other key corporate/enterprise processes.

E-discovery is on everyone’s mind these days because it is often misconstrued that one can simply delete a record from their computer to never be seen again. Of course, this is not true. Today, computer forensics experts are dedicated to locating and retrieving deleted content from computer hard drives. E-discovery has evolved into one of the most important areas of legal representation.

In large corporate cases, Requests for Production now include e-documents wherever they may reside. Organizations are now subject to FRCP 26 which allows discovery of any matter relevant to the claims of a party as long as the discovery appears to be reasonable.

This means that corporations can be expected to produce and turnover all records that may be of relevance to legal proceedings. This includes, but is not limited to, e-mail, instant messages, electronic documents, electronic images, voice files, phone messages, video images, etc.

FRCP 26, adopted on December 1 2006, states that organizations must come to an agreement on the materials requested and produce the same in a timely manner. If the requested material is not produced as stipulated in the rule, the non-obliging party can be fined and/or sanctioned by the court for noncompliance.

As excerpted from FRCP Rule 26

Parties may obtain discovery regarding any matter, not privileged, that is relevant to the claim or defense of any party, including the existence, description, nature, custody, condition, and location of any books, documents, or other tangible things and the identity and location of persons having knowledge of any discoverable matter. For good cause, the court may order discovery of any matter relevant to the subject matter involved in the action. Relevant information need not be admissible at the trial if the discovery appears reasonably calculated to lead to the discovery of admissible evidence. All discovery is subject to the limitations imposed by Rule 26(b)(2)(i), (ii), and (iii).

E-discovery is particularly important from the standpoint that many corporations do not have an adequate handle on their corporate content, often resulting in multiple duplicated records. Although several copies of a document may in fact have been deleted (or assumed to have been deleted) from an employee’s computer and/or the corporate network server, the smoking gun copy can still exist somewhere. One document can cost an organization millions, just for being present when it should not be.

The reciprocal circumstance is the absence of a comprehensive organizational retention policy, without which relevant e-records may have been prematurely destroyed. In both cases a legal hold order is issued both externally and internally to preserve records that are needed for legal matters. ERM systems enable organizations to select a subpoenaed record series; while holding and freezing all activity of the requested records series. This functionality allows organizations to produce only the specific records that have been requested, allowing the organization to respond defensibly; while supporting proper records management procedures.

Knowing where your enterprise records are, knowing what records exist and knowing how and when they were created and/or modified, goes a long way towards reducing exposure and mitigating risk.

In conclusion, it is evident that records and information management is a must in the protection of the corporate image as well its resources and assets. Technological developments, both in the workplace and in the RIM industry, have led to an ever-increasing trend of legislation and regulatory rules to govern the lifecycle of records. It is only the unwise who, in this day and age, do not employ the latest RIM technology to ensure the security and legal protection of their corporation.