Embed Size (px)
Citation preview
Electronic Records ManagementAddie Mattox, @doc,
www.atdoc.com
Fundamentals of ECM System Architecture Certificate Program
Addie Mattox: Biographical Information
Addie Mattox: Biographical Information
Addie Mattox is a partner of @doc, a firm specializing in document/records management technologies. She assists user organizations to formulate strategic plans for document and records management, reengineer business processes, assess their needs for document and records management technologies, perform cost/benefit analyses, evaluate vendor offerings and provide implementation assistance. @doc is one of the few consulting firms that provides objective analyses of clients’ requirements and matches them with the most appropriate solutions on the market.
Addie's client list includes domestic and international companies, from a wide range of industries including: utilities, government agencies, law firms, banks, insurance companies, manufacturing, research, petroleum, and publishing. Addie is the co-author of AIIM’s white paper on Bringing the Business Case for Document Management to Management. She is a frequent speaker at technical conferences and consulted by members of the trade press. Addie's MBA is from Pepperdine University. Her graduate degree in English as a Second Language is from UCLA.
Course ObjectivesCourse Objectives
• Define what constitutes an electronic record
• Overview of Electronic Records Management technologies
• Define the foundations necessary to successfully manage electronic records
• Trends regarding legal and regulatory compliance
• Identify industry "Best Practice" standards• Identify where many organizations fall
short in their records management and preservation program
Electronic Records Management
Electronic Records Management
• Application of records management principles in a digital environment
• Includes same concepts as paper-based records management (RM) – storage media does not change the business rules
• Involves technologies to make managing easier, though more complex
Definition of a RecordDefinition of a Record
• All books, papers, maps, photographs, machine-readable materials, or other documentary materials regardless of physical form or characteristics, made or received by an agency of the United States government under Federal law or in conjunction with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate predecessor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the information value of the information in them. (US Government, NARA, 4 USC 3301)
What about these?What about these?
• Record:– An email because it has been printed
• Retention period– After 30 days or 60 MB as determined
by IT• Records disposition
– Removed from the shared drive but kept on individuals’ laptops
Electronic Records Management
Electronic Records Management
• The systematic control of all records (regardless of format or media) from creation or receipt through processing, distribution, maintenance, retrieval to disposition.
ERM DriversERM Drivers
• Documents are a resource (content) and a liability (costs)
• Quantity and types of information is growing exponentially – costs for discovery are growing
• Email, backup tapes, databases and web pages all have unique characteristics – fertile source of evidence
• The court decides what is evidence
RM ReviewRM Review
• An RM plan includes management practices, policies and procedures, citations of laws and regulations, documentation and audits, roles and responsibilities – not just technology!
• Recent survey of 2000+ companies – 57% don’t include electronic records in the RM programs
Value of RecordsValue of Records
• Records have value– Transactional, administrative, fiscal,
legal, historical– We need to reference them to conduct
business– Some are re-used as portions of new
situations
• Documents have different retrieval profilesRetrieval Over TimeRetrieval Over Time
0
5
10
15
20
25
1 3 5 7 9 11 13 15
Years
Retr
ievals
BirthCertificate
Research
Tax Return
PersonnelRecords
Cost of RecordsCost of Records
• Managing and maintaining records is costly:– File space & materials– Finding records on a day-to-day basis– Keeping additional, unnecessary
documents that staff must search through – Cost of producing records during
discovery– Losing law suits due to the lack of
information or damaging information found during discovery process
Legal IssuesLegal Issues
• Litigators focus on: – Hardware & software reliability– Data capture– Quality control: access,
annotation/alteration, encryption– Testimony of person responsible for
records• You won’t know what elements of
your case will be challenged until it happens - be prepared
ERM System TypesERM System Types
• Manual – RM programs exist without an ERM system– Paper based, do not control electronic
records• ERM can be a single application to
help manage documents and the program
• Document Management systems can include RM functionality with additional software
Records Management Applications (RMAs)
Records Management Applications (RMAs)
• Functionality is defined generically - for example, “carry information to understand the transaction” but not specifically what data or transaction. – GRS 20 issued by NARA– Department of Defense standard 5015
• Certification of software against DoD 5015• Implementation of certified software in fed
government– Mo-Req (EU)– VERS (Australia)– VERS (UK)– And others….
• Your job will be to define what specific functionality is necessary.
DoD Certified RMAshttp://jitc.fhu.disa.mil/recmgt/register.htm
DoD Certified RMAshttp://jitc.fhu.disa.mil/recmgt/register.htm
• Open Text Corporation's Livelink Records Management v2.5 *
• Open Text Corporation's iRIMS v9.0.5 *
• MDY Advanced Technologies, Inc.'s FileSurf v7.50
• Cexec Inc.'s Cexec eRecords Enabler v1.0
• Open Text Corporation's Livelink Records Management v2.5
• Open Text Corporation's iRIMS v9.0.5
• Vredenburg's Highview RM 4.1 • Identitech's FYI v3.5 with IBM
Corporation's IBM Records Manager v2.0
• Documentum's Documentum Records Manager v3.0 with Documentum Content Server v4.3
• Documentum Records Manager v3.0 with Documentum Content Server v5.1
• IBM e-Records Solution v1.1 • Feith Systems and Software Inc.'s
Feith Document Database v7 • Documentum Records Manager v3.0
with iManage, Inc.'s WorkSite • Documentum Records Manager v3.0 • Documentum Records Manager v3.0
with MS SharePoint Portal Server 2001
• IBM Corporation's IBM Records Manager v2.0
• IBM Corporation's IBM Records Manager v2.0 with MS SharePoint Portal Server 2001
* (Includes Chapter 4 - Management of Classified Records)
As of 4/1/03
ERM System FunctionalityERM System Functionality• Submittal/Declaration
– When you have decided that a digital object is a record, how do you control it?
• Control – Records cannot be changed or deleted.
• Categorization/Organization– How will the record be retrieved and used?
• Retention– Based on legal and business requirements, you
will know and track how long to keep records.• Disposition
– When you don’t need to keep it anymore, how do you get rid of it?
DeclarationDeclaration
• What and Who– Users (authorized) decide that a
document (or email or object) is a record. They click a button and the document is captured and controlled.
– Documents meeting set criteria are captured and controlled.
– Captured and controlled means moved to a a place (physical or virtual) where record cannot be changed or deleted.
CategorizationCategorization
• What and Where– When a user declares a record, the
system allows them to choose a (pre-defined) category
– Auto categorization suggests or applies a category based on content
– Categories can fit within search taxonomies to facilitate retrieval (similar to knowledge management)
RetentionRetention• When and Why
– Retention periods applied to the category selected
– Retention periods can be tied to event triggered automatically (when submitted, when project complete, when employee retires, etc.)
– Retention periods and requirements managed with tools
– Organization of record storage based on retention requirements
DispositionDisposition• How
– When retention period expires, provides reports of documents to be disposed
– Purges and reports on results– Provides audit capabilities
ControlControl
• To use electronic records as evidence, you must show that the records were controlled from a process and technical aspect– No one can declare, edit or delete
without authority and documentation– No one can access data files directly
(independent of database retrievals for viewing documents)
– WORM, Network security, encryption
Useful Document Technologies
Useful Document Technologies
• Endorsing – identifies which documents/records have been captured
• Redaction – covers a portion of an image for confidentiality
• Recognition - (OCR, ICR) makes the content of images searchable
• Microfilm – analog
Legality of WORMLegality of WORM
• Write once, read many• Records management rules for microfilm
and optical storage– Images must be retained in the exact format
they were presented at a specific point in time– Images must be retained in a storage medium
that is deemed secure:• Permanence and stability of media• Authorized access only
• Legality is determined on case-by-case basis
• Paper and microfilm are still appropriate for long-term archival (12 - 50 years+)
• Electronic Signatures in Global and National Commerce Act – “a signature, contract, or other record relating
to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form”
• Signed electronic records shall contain information associated with the signing that clearly indicates the printed name of the signer, the date and time when the signature was executed. The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
Electronic SignaturesElectronic Signatures
Technical Access OptionsTechnical Access Options
• Ways to maximize security AND information access– Replication – allows a copy of the
system to be available for users while another is secure
– Internet security – security and encryption options
– Watermarks –identifies copyright or authenticity
Controlling AccessControlling Access• Permission on each document – more
control results in more administration• Role based groups – access to
document sets based on user profiles• Authentication – use network access
to determine who can use system• Audit – post usage verification to see
who is accessing documents/records• Control can be based on:
– File inventory– Classification– Retention– Versions
Adminis-trationgoes
down as
control goes down
Complementary System Options
Complementary System Options
• Imaging – a place for digital paper• Document management – control of
work in progress• Knowledge management – facilitate
access and reuse of information• Content management - control of
transitory information objects/sections
• Workflow – automating the movement of workThere are other AIIM courses on these topics!
Determining Your Requirements
Determining Your Requirements
• System requirements are a combination of:– Accepted standards and methods of
maintaining records– Functionality specific to your
organization based upon your RM program and practices in place
– Functionality specific to your organization based upon the way people do their business and the information they need
Review Existing RM SeriesReview Existing RM Series
• Often there is a relationship between electronic records and paper or hard-copy records. Reviewing an existing RM Series is helpful.
• For each record series, identify which electronic documents would also fall into that same category.
• If they don’t, a new category may need to be listed.
Process OrientationProcess Orientation
• Processes define what your organization does. At a high level, your organization’s mission statement may be your overall process.
• Each process can be broken down (decomposed) into smaller processes
• If your organization has been through a Business Process Reengineering project, or a process redesign project, you may have already defined these.
• Each task will help identify the interaction with external entities, the use of documents that might be records and retrieval requirements
Customer OrientationCustomer Orientation• Develop a list of the entities with transactional
relationships to your organization. – Customers (pay you to provide a service or product) – Constituents (receive your products or service even
though someone else may pay for it) - public– Supplier (provide materials or subcontract services
that contribute to your final product) – manufacturers– Supporters (provide product or service that does not
directly help you provide service, but helps you maintain your organization) - personnel services, accountants, etc.
– Controllers (have legal authority to define how you perform your business) – regulatory agencies, government
– Employees - subcontractors, unions
Record Series DataRecord Series Data
• About the overall list– Department name– Date of inventory– Name of contact– Name of analyst
• About each series– Meta Data Information
• Series title• Summary description• File type• Dates covered• Storage/edit date• Arrangement• Quantity
– Count– Bytes
– Estimated growth
– Physical Storage Requirements• Storage location• Media characteristics• Hardware environment
– Reference Activities• Online• Nearline• Offline• Offsite
– Retention Requirements• Relationship to human
readable records• Supporting files• Vital record status
• For each record series, list the custodian or owner
ResearchResearch
• RM is never complete without knowing the laws and practices specific to your environment
• Good place to start in altering existing RM practices or starting from scratch– http://www.cohasset.com/LOAM/– ARMA
Paper vs. Electronic: Conditions
Paper vs. Electronic: Conditions
• Form and format linked.
• Content and context linked.
• Humanly readable.• Intelligible after
25 years.• Designed not to
change.
• Form and format unlinked.
• Content and context unlinked.
• Not humanly readable without intervention.
• Unintelligible after 25 years, unless old technology is in place.
• Designed to be easily changed.
ArgumentsArguments
• Records management saves money
• Saves valuable space and reduces storage costs
• Schedule records after creation
• Records management costs money
• Space and storage are cheap
• Schedule records prior to creation
Hard Dollar Avoidance – Hard Dollar Avoidance – EmailEmail
Hard Dollar Avoidance – Hard Dollar Avoidance – EmailEmail
• Fortune 500 company – wrongful termination lawsuit
• Subpoenaed for all records• Printed all emails for past 4
months, reviewed manually, took weeks
• $750,000 un-reimbursable expense• Settled out of court
Paper vs. Electronic: Infrastructure
Paper vs. Electronic: Infrastructure
• Centralized file systems
• Simple foundation• Records put
together physically
• Decentralized• Complex
technology foundation
• Tied together through links, categories, integration
Paper vs. Electronic: Personnel
Paper vs. Electronic: Personnel
• Agency records officers.
• Value of records management known, understood, applied.
• Records programs have knowledge and experience.
• Network administrators, middle management.
• Value of records management not recognized.
• Records programs lack experience.
ERM EssentialsERM Essentials
• Management – overall plan and process, sponsorship
• Policies – what should be done• Procedures – how to do it• Training – why it is important and
how to do it• Audits – verifying that it was done• Documentation – what was done
ProceduresProcedures
• Oversight and Monitoring– oversight mechanisms are needed to monitor
compliance with policies and guidelines for recordkeeping
• Proposed Approach– include RM in new employee orientation– integrate oversight and monitoring with other
internal and external audits to the extent possible
– use auditing and analysis of recordkeeping capabilities in conjunction with efforts to improve and enhance business processes or systems
– publicize and reward success stories
DocumentationDocumentation
• Electronic records systems must have accurately documented policies, assigned responsibilities, and formal methodologies for their management.– A register of all policies– Procedures, including staff
responsibilities– Operations manual
Problems and IssuesProblems and Issues
• Distinct Disciplines– Support of ERM program requires
complementary skills of IT and RM– RM wants to write only, IT wants to
read, write• Remedy
– Education, communication– New reporting structure?
Problems and IssuesProblems and Issues
• Chain of command– Image conversion may require records
to be outside control– ASP puts records into another’s
repository • Remedy
– Clear agreements, audits, documentation
Problems and IssuesProblems and Issues
• Timeframes and Obsolescence– To make an electronic record viewable
requires hardware, OS, application version, language
• Remedy– Migration policies to identify when and
how to move to next technology– Careful tracking of changes to industry– Acceptance of analog technologies
Problems and IssuesProblems and Issues
• Email– Email is voluminous, backed up in
multiple places– Emails have message and attachment– Sometimes used inappropriately
• Remedy– Strict and clear policies and
procedures with training– Appropriate technology to classify,
control, retrieve, dispose
System TrendsSystem Trends
• Document management, imaging are providing some RM functions without need for add-ons
• Email solutions are improving• Content management tracks web-
based information being integrated
Non-system TrendsNon-system Trends
• Strategic Motivators– Sarbanes-Oxly – accounting scandals– HIPAA – Healthcare privacy
• Savvy judges• Role of IT in ERM growing but still
under-represented. No one is in charge of electronic documents.
Additional Information Additional Information
• For further study on:– Records management, visit
www.arma.org or www.cohasset.com– Document technologies and enterprise
content management, visit www.AIIM.org
– CDIA+, document technologies, visit www.atdoc.com or find @doc materials on the AIIM bookstore website
