Preserving Electronic Records Records Management Best Practices By Graham Riley

Preserving Electronic RecordsRecords Management Best Practices

Graham Riley

AIIM MN Chapter

January 26th, 2009

©2007 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated.

CONFIDENTIAL AND PROPRIETARY INFORMATION OF IRON MOUNTAIN 2

The Topic Of Electronic Record Preservation

Sept 08: PDF Standards by Betsy Fanning, AIIM

PDF/A is just one component of a comprehensive preservation strategy

Successful preservation strategy implementations depends upon:

Records management policies and procedures Additional requirements and conditions Quality assurance processes

Oct 08: Auto. Document Centric Processes by Peggy Winton, AIIM

The traditional electronic record (document) environmentBusiness Process Management (BPM) and Enterprise Content

Management (ECM)


Agenda

What are we doing? Implementing a compliant archival system

Why are we doing it? Compliance Cost Provide value in the future

How are we doing it? The role of the emerging PDF standards PDF/A implementation support considerations Records Management “Best Practices”


The Compliant Archival System

Ability to maintain and keep electronic records that have enduring value as reliable memories of the past, and they help people find and understand the information they need in those records.

The information maintained and stored by the archival system provides a legally viable digital representation of any form of media i.e. photographs, video, sound recordings, letters, documents, electronic records, etc.

Organizations must select records valuable enough to justify the costs of storage and preservation, plus the labor intensive expenses of arrangement, description, and reference service.


Technology For Supporting An Archival System


Technology For Storing Archival Records


Rationale For Change

ComplianceLegislationLitigation support

CostTechnologySupport services

Provide “value” for future generationsAccurate representation of an event or moment in time


Trends In The Storage Of Electronic Records

Exponential growth of electronic records

Changing Regulatory Environment

Emergingtechnology

IT & RecordsManagement Teams

Rule 26 ofCivil Procedure

FACTA

Patriot Act

SEC Rule 17

HIPAA

Sarbanes-Oxley

Gramm-Leach-Bliley


The Regulatory Environment


Exponential Growth In Electronic Documents

Gartner Inc. The current explosion of data is outpacing the decline in storage prices, even before the resource costs for maintaining data are taken into account.

http://www.computerworld.com/action/inform.do?command=search&searchTerms=Gartner+Inc.


Electronic Record Archival Implementation

Common vision

Current management of electronic records

Electronic record locations

Suggested implementation strategy


Common Vision

“Provide the Enterprise with the ability to securely preserve and manage ALL electronic records

requiring long term archival per the company’s records management

policy in a cost effective & compliant manner.”




Electronic Record Locations

“Inside” Your Enterprise “Outside” Your Enterprise

DocumentsConverted

ToElectronic

Email Backup Images

Media

ManagementDigital

Management

DocumentsAwaiting

ConversionTo

Electronic

ITApplication

RecordsManagement

System


What Are We Doing Again?

Filter

Electronic Record Archival System

EmailBackupImages


Suggested Implementation Strategy

Based upon successful existing enterprise methods:Where are we now?Where do we need to be?How do we get there?How do we measure progress?How do we know when we are there?


Step 1: Organize

Establish ownershipExecutive sponsorDedicated archival implementation teamSteering committee

Roles & responsibilitiesGovernance level Implementation levelAdministration level

Determine program scopeEnterpriseBusiness UnitDepartment

Terminology


Step 1: What Is A Record?

Regulated

Administrative

Casual

Critical

Archive


Alternatively...

Confidential

Internal

Public

Restricted

Archive


Step 1: Organizational Checkpoint

What it is?

Why it is important?

Ability to describe the benefits for the: Enterprise Business Unit Department User

Who is doing what & when?

Terminology


Building On The Foundation

Storage

Compliance

Service

CapacitySecurity

Cost

SearchRetrieve

Accurate

Responsive

Reliable

Retention

Litigation

Privacy

Storage ControlDisposal

ArchivalSystem


Step 2: Assessment Tool Questionnaire

Design a diagnostic questionnaireRetentionPolicies & Procedures Indexing & AccessingDisposalAudit Compliance & Accountability

Foundation of the assessment processRepeatableTarget audienceTIP! When between ratings, select lesser value


Step 2: Assessing The Results

Rating 1 to 5


Step 2: Assess The Archival System

Assess technology for:ManagementMeasurementEnforcement

Assess functional & technical requirements:Record classificationSearch capabilityRecord retentionReporting capabilityAdministration & securityApplication integrationDocument tracking


Step 2: Assessment Checkpoint

Storage Current situation Desired situation

Service Current situation Desired situation

Compliance Current situation Desired situation

TechnologyRequirements specificationAlternatives identified


Step 3: Develop

Consolidation PlanRecord, data & information repositories

Create records classification schemeIdentify & define record typesIdentify recordkeeping requirementsAssign retention periods based on:

1.Legal requirements2.Risk considerations3.Operational needs

Develop a comprehensive records retention schedule that provides consistent rules across the enterprise


Step 3: Development Checkpoint

Deliver consistent policies, procedures & practices that:

Are compliant with specific regulations

Demonstrate good faith efforts

Provide management accountability

Facilitate employee adoption

CLEARLY spell out what constitutes an electronic record that requires archiving!


Step 4: Implement

Launch as a formal programDesign & roll-out training by audiencePhased approach EXCEPT the records requiring

ARCHIVINGFirst implement comprehensive “base” programThen implement best opportunities for “win”

Tailor umbrella company policy & procedures for each application

Prioritize by risk & business value

Securely destroy ALL eligible inventory Consolidate inventoryApply retention schedule to existing records


Step 4: Implementation Checkpoint

Communication is KEY!Newsletter, Intranet, Open House

Presenting SolutionsPrioritize solution aligned with your audiences key issuesTie features & benefits to the audiences needsUse your audiences language, so avoid jargon,

abbreviations & acronymsSummarize how your audience will benefit

Seek employee feedbackWhat is it?Why is it important to me?What are the benefits of doing it?

Archival records stored using PDF standards


Step 5: Manage

Manage security, access & integrity of data

Enforce classification & destruction review via reports & safeguards

PDF compliant storage of Archival records

Maintain training, communications & certification programs

Update retention schedule, policies & procedures

Plan & budget for program maintenance, enforcement, audit & enhancement

Ensure appropriate business unit oversight


Step 5: Management Checkpoint

Destructions in progress

Authorized user lists updated

Inventory repositories consolidated

Practices & procedures regularly updated and are taught at new hire / orientation

End user departments report improved SLA’s

Are we cost effective when responding to regulatory, litigation & operational requirements?


Step 6: Audit

Incorporate into the internal audit function

Review all key components annually (longer for the Archival System)Recommend improvementsDecide on corrective actions

Benchmark against audit metrics

Benchmark against industry “Best Practices”

Risk Management/Cost Management


Step 6: Audit Checkpoint

Timeliness of destructions?Retention Schedule accuracy?

Record classification accuracy & completeness?

Are archival records being stored in a PDF compliant format?

User, department & business unit compliance?Destruction “Hold” administration?Training & communications delivery?


Next Steps: Some Do’s & Don’ts

DO incorporate the requirements for an archival system into existing processes for record SERVICE & COMPLIANCE and NOT replace them

DO adopt a practical implementation strategy based on “Best Practices”

DO leverage technology as component of an archival program i.e. the PDF standards

DO consider the outsourcing option for long-term storage. Items invoiced monthly tend to get questioned!

DON’T bite off too muchDON’T over-engineer or over-complicateDON’T think that technology alone can solve the archival

challenges that your Enterprise faces


Next Steps: Trend of Change Will Continue…

Exponential growth of electronic records

Changing Regulatory Environment

Emergingtechnology

IT & RecordsManagement Teams

Rule 26 ofCivil Procedure

FACTA

Patriot Act

SEC Rule 17

HIPAA

Sarbanes-Oxley

Gramm-Leach-Bliley


One-Stop-Shop Electronic Archival Solution


Next Steps: Your Response…………

“Provide the Enterprise with the ability to securely preserve and manage ALL electronic records

requiring long term archival per the company’s records management

policy in a cost effective & compliant manner.”

©2007 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated.

For additional information…

Graham Riley

[email protected]

612.490.0228

mailto:[email protected]