What We ll Cover Foundations of Records and Information Management Creating a Defensible Retention Schedule Paper v. Electronic Records Organization and Retrieval of Records and Information Records Management and Risk Management Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs Q & A 2
Foundations of Records and Information Management Record v. Information Record Recorded information, regardless of medium or characteristics, made or received by an organization in pursuance of legal obligations or in the transaction of business. Information Data that has been given value through analysis, interpretation, or compilation in a meaningful form. ARMA International Glossary of Records and Information Management Terms 3 rd Edition 3
Foundations of Records and Information Management Record v. Information How many records? On average 7-10% of the information an organization creates is a record Of that, only 2-7% are vital records And less than 1% are permanent records Most organizations retain too much information and keep records longer than required based on business value or legal/ regulatory requirements 4
Foundations of Records and Information Management Key Characteristics of a Record Authenticity Integrity Reliability Usability For information to be considered a record, it must possess all four characteristics and It must maintain those characteristics for the life of the record International Organization for Standardization. Information and documentation Records management part 1: General (ISO 15489-1). 6
Foundations of Records and Information Management Goals of Records and Information Management Programs: Ensure records are managed, retained, and disposed of in accordance with all applicable business, legal and regulatory requirements. Manage all records consistently throughout the organization regardless of media, format or location. Ensure vital records are available when needed to recover an organization s operations in the event of a disruption. Establish standards for the routine destruction of information when no longer needed for routine purposes. Establish standards for the routine disposition of records when retention requirements have been met. Assist with the location and retrieval of records and information in response to litigation or investigation. 7
Foundations of Records and Information Management Records Management Standards and Best Practices Potentially hundreds depending on industry, jurisdiction, technology used, etc. Four to know ISO 15489 - International Organization for Standardization Records management MoReq2 - Model Requirements for the Management of Electronic Records The Sedona Principles The Generally Accepted Recordkeeping Principles 9
Creating a Defensible Records Retention Schedule Legal Requirements Employment Law Tax Law Unique Federal Requirements Unique State Laws and Regulations Statutes of Limitation Litigation Profile Review/Model State Government Retention Schedules Work with Counsel 12
Creating a Defensible Records Retention Schedule Business/Organizational Requirements Operational Value versus Legal Requirements Important to work with ALL business areas Functions with unique requirements: Human Resources Finance (including Tax) Senior Leadership/Board of Directors Contracts Licenses Legal 13
Creating a Defensible Records Retention Schedule Methods for Developing the Retention Schedule Doing it yourself Inventory method Survey method Hybrid method Paying someone else Consultants Outside Counsel Software & Subscription Services 14
Creating a Defensible Records Retention Schedule Record Formats and the Retention Schedule The format agnostic schedule Separate schedules for physical and electronic Retention schedule with record format specified Email 15
Creating a Defensible Records Retention Schedule Review, Audits, and Updates of the Retention Schedule Review of the initial schedule Legal / Outside Counsel Business Areas Records Management Audits Business function compliance Retention Schedule audits Updates Frequency Implementation Governance 16
Organization and Retrieval of Records and Information Best Practices for Physical Records Filing methods Establishing Alphabetic, Numeric, and Subject Filing Systems Official records, reference copies and WIP Storage Considerations and Standards Location and Organization Offsite Storage NFPA 232 Standard for the Protection of Records ARMA TR 01-2011 - Records Center Operations Guideline for Evaluating Offsite Records Storage Facilities 22
Organization and Retrieval of Records and Information Best Practices for Electronic Records Structured versus Unstructured Databases LANs and shared drives ECM & DM Solutions MS SharePoint Email Format Considerations Proprietary formats Open formats MS Office documents Websites Social Media 23
Organization and Retrieval of Records and Information Best Practices for Electronic Records Technology Considerations Data migrations Open Source SaaS and Outsourcing Deletion versus Logical Deletion Back-up 24
Organization and Retrieval of Records and Information Standards for Electronic Records ISO 16175 - Principles and functional requirements for records in electronic office environments Procedures and Issues for Managing Electronic Messages as Records ARMA TR 02-2007 Records Center Operations ARMA TR 01-2011 Revised Framework for Integration of EDMS and ERMS AIIM/ ARMA TR 48-2006 DoD 5015.02-STD Design Criteria Standard for Electronic Records Management Software Applications Guideline for Outsourcing Electronic Records Storage and Disposition Guideline for Outsourcing Records Storage to the Cloud 25
Records Management and Risk Management Vital Records Programs Vital Record Records that are fundamental to the functioning of an organization and necessary to continue operations without delay under abnormal conditions. ARMA International Glossary of Records and Information Management Terms 3 rd Edition Types of Vital Records Costly Operational Legal Emergency 26
Records Management and Risk Management Vital Records Programs The objectives of a vital records program are to: Identify records needed to conduct business under emergency operating conditions Identify records needed to perform or reconstruct the organization's most mission-critical functions Identify records protecting the legal and financial rights of the organization/institution, its employees, and the people it serves Develop and implement cost effective methods, including off-site storage and the application of technology, to protect and safeguard those records identified as vital from loss, misuse, and unauthorized access or modification Develop policies, procedures, and a plan of action to assess damage and to begin recovery of any records that may be affected by an emergency or disaster, regardless of the storage medium 27
Records Management and Risk Management Records Management and Business Continuity & Recovery The Vital Records Inventory Record Recovery Recovery Time Objective Recovery Point Objective Record Protection for BC&R Duplication and Back-up Offsite storage of physical records Offsite data centers for electronic records 28
Records Management and Risk Management Privacy Privacy versus access and usability Customer information Employee information Vendors and third parties International challenges Why do you track this info? The CIPO 29
Records Management and Risk Management Information Security Passwords Encryption Access versus Usability Laws and Regulations The more you have The CISO 30
Records Management and Risk Management Litigation Risk Volume Discovery Costs for electronic information Record integrity Spoliation Over production Under production 31
Information Governance The future of Records Management Programs Information Governance The specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processed, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals Gartner A holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management - IBM 45
Information Governance The future of Records Management Programs Information Governance Address all phases of the information life cycle Incorporates privacy requirements, electronic discovery, storage optimization, metadata management, information security Is built upon a foundation of strong Records Management Encompasses more disciplines and perspectives than traditional Records Management 46