View
647
Download
3
Category
Tags:
Preview:
DESCRIPTION
Building upon the AIIM MN chapters lecture series regarding PDF/A standards, this presentation introduces the topic of Records Management Best Practices to support an organizations adoption of the new PDF standards for preserving their vital electronic documents.
Citation preview
Preserving Electronic RecordsRecords Management Best Practices
Graham Riley
AIIM MN Chapter
January 26th, 2009
©2007 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated.
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 2
The Topic Of Electronic Record Preservation
Sept 08: PDF Standards by Betsy Fanning, AIIM
PDF/A is just one component of a comprehensive preservation strategy
Successful preservation strategy implementations depends upon:
Records management policies and procedures Additional requirements and conditions Quality assurance processes
Oct 08: Auto. Document Centric Processes by Peggy Winton, AIIM
The traditional electronic record (document) environmentBusiness Process Management (BPM) and Enterprise Content
Management (ECM)
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 3
Agenda
What are we doing? Implementing a compliant archival system
Why are we doing it? Compliance Cost Provide value in the future
How are we doing it? The role of the emerging PDF standards PDF/A implementation support considerations Records Management “Best Practices”
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 4
The Compliant Archival System
Ability to maintain and keep electronic records that have enduring value as reliable memories of the past, and they help people find and understand the information they need in those records.
The information maintained and stored by the archival system provides a legally viable digital representation of any form of media i.e. photographs, video, sound recordings, letters, documents, electronic records, etc.
Organizations must select records valuable enough to justify the costs of storage and preservation, plus the labor intensive expenses of arrangement, description, and reference service.
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 5
Technology For Supporting An Archival System
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 6
Technology For Storing Archival Records
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 7
Rationale For Change
ComplianceLegislationLitigation support
CostTechnologySupport services
Provide “value” for future generationsAccurate representation of an event or moment in time
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 8
Trends In The Storage Of Electronic Records
Exponential growth of electronic records
Changing Regulatory Environment
Emergingtechnology
IT & RecordsManagement Teams
Rule 26 ofCivil Procedure
FACTA
Patriot Act
SEC Rule 17
HIPAA
Sarbanes-Oxley
Gramm-Leach-Bliley
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 9
The Regulatory Environment
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 10
Exponential Growth In Electronic Documents
Gartner Inc. The current explosion of data is outpacing the decline in storage prices, even before the resource costs for maintaining data are taken into account.
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 11
Electronic Record Archival Implementation
Common vision
Current management of electronic records
Electronic record locations
Suggested implementation strategy
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 12
Common Vision
“Provide the Enterprise with the ability to securely preserve and manage ALL electronic records
requiring long term archival per the company’s records management
policy in a cost effective & compliant manner.”
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 13
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 14
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 15
Electronic Record Locations
“Inside” Your Enterprise “Outside” Your Enterprise
DocumentsConverted
ToElectronic
Email Backup Images
Media
ManagementDigital
Management
DocumentsAwaiting
ConversionTo
Electronic
ITApplication
RecordsManagement
System
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 16
What Are We Doing Again?
Filter
Electronic Record Archival System
EmailBackupImages
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 17
Suggested Implementation Strategy
Based upon successful existing enterprise methods:Where are we now?Where do we need to be?How do we get there?How do we measure progress?How do we know when we are there?
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 18
Step 1: Organize
Establish ownershipExecutive sponsorDedicated archival implementation teamSteering committee
Roles & responsibilitiesGovernance level Implementation levelAdministration level
Determine program scopeEnterpriseBusiness UnitDepartment
Terminology
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 19
Step 1: What Is A Record?
Regulated
Administrative
Casual
Critical
Archive
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 20
Alternatively...
Confidential
Internal
Public
Restricted
Archive
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 21
Step 1: Organizational Checkpoint
What it is?
Why it is important?
Ability to describe the benefits for the: Enterprise Business Unit Department User
Who is doing what & when?
Terminology
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 22
Building On The Foundation
Storage
Compliance
Service
CapacitySecurity
Cost
SearchRetrieve
Accurate
Responsive
Reliable
Retention
Litigation
Privacy
Storage ControlDisposal
ArchivalSystem
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 23
Step 2: Assessment Tool Questionnaire
Design a diagnostic questionnaireRetentionPolicies & Procedures Indexing & AccessingDisposalAudit Compliance & Accountability
Foundation of the assessment processRepeatableTarget audienceTIP! When between ratings, select lesser value
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 24
Step 2: Assessing The Results
Rating 1 to 5
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 25
Step 2: Assess The Archival System
Assess technology for:ManagementMeasurementEnforcement
Assess functional & technical requirements:Record classificationSearch capabilityRecord retentionReporting capabilityAdministration & securityApplication integrationDocument tracking
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 26
Step 2: Assessment Checkpoint
Storage Current situation Desired situation
Service Current situation Desired situation
Compliance Current situation Desired situation
TechnologyRequirements specificationAlternatives identified
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 27
Step 3: Develop
Consolidation PlanRecord, data & information repositories
Create records classification schemeIdentify & define record typesIdentify recordkeeping requirementsAssign retention periods based on:
1.Legal requirements2.Risk considerations3.Operational needs
Develop a comprehensive records retention schedule that provides consistent rules across the enterprise
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 28
Step 3: Development Checkpoint
Deliver consistent policies, procedures & practices that:
Are compliant with specific regulations
Demonstrate good faith efforts
Provide management accountability
Facilitate employee adoption
CLEARLY spell out what constitutes an electronic record that requires archiving!
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 29
Step 4: Implement
Launch as a formal programDesign & roll-out training by audiencePhased approach EXCEPT the records requiring
ARCHIVINGFirst implement comprehensive “base” programThen implement best opportunities for “win”
Tailor umbrella company policy & procedures for each application
Prioritize by risk & business value
Securely destroy ALL eligible inventory Consolidate inventoryApply retention schedule to existing records
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 30
Step 4: Implementation Checkpoint
Communication is KEY!Newsletter, Intranet, Open House
Presenting SolutionsPrioritize solution aligned with your audiences key issuesTie features & benefits to the audiences needsUse your audiences language, so avoid jargon,
abbreviations & acronymsSummarize how your audience will benefit
Seek employee feedbackWhat is it?Why is it important to me?What are the benefits of doing it?
Archival records stored using PDF standards
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 31
Step 5: Manage
Manage security, access & integrity of data
Enforce classification & destruction review via reports & safeguards
PDF compliant storage of Archival records
Maintain training, communications & certification programs
Update retention schedule, policies & procedures
Plan & budget for program maintenance, enforcement, audit & enhancement
Ensure appropriate business unit oversight
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 32
Step 5: Management Checkpoint
Destructions in progress
Authorized user lists updated
Inventory repositories consolidated
Practices & procedures regularly updated and are taught at new hire / orientation
End user departments report improved SLA’s
Are we cost effective when responding to regulatory, litigation & operational requirements?
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 33
Step 6: Audit
Incorporate into the internal audit function
Review all key components annually (longer for the Archival System)Recommend improvementsDecide on corrective actions
Benchmark against audit metrics
Benchmark against industry “Best Practices”
Risk Management/Cost Management
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 34
Step 6: Audit Checkpoint
Timeliness of destructions?Retention Schedule accuracy?
Record classification accuracy & completeness?
Are archival records being stored in a PDF compliant format?
User, department & business unit compliance?Destruction “Hold” administration?Training & communications delivery?
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 35
Next Steps: Some Do’s & Don’ts
DO incorporate the requirements for an archival system into existing processes for record SERVICE & COMPLIANCE and NOT replace them
DO adopt a practical implementation strategy based on “Best Practices”
DO leverage technology as component of an archival program i.e. the PDF standards
DO consider the outsourcing option for long-term storage. Items invoiced monthly tend to get questioned!
DON’T bite off too muchDON’T over-engineer or over-complicateDON’T think that technology alone can solve the archival
challenges that your Enterprise faces
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 36
Next Steps: Trend of Change Will Continue…
Exponential growth of electronic records
Changing Regulatory Environment
Emergingtechnology
IT & RecordsManagement Teams
Rule 26 ofCivil Procedure
FACTA
Patriot Act
SEC Rule 17
HIPAA
Sarbanes-Oxley
Gramm-Leach-Bliley
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 37
One-Stop-Shop Electronic Archival Solution
CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 38
Next Steps: Your Response…………
“Provide the Enterprise with the ability to securely preserve and manage ALL electronic records
requiring long term archival per the company’s records management
policy in a cost effective & compliant manner.”
©2007 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated.
For additional information…
Graham Riley
Graham.Riley@ironmountain.com
612.490.0228
Recommended