Upload
scorpion0411
View
220
Download
0
Embed Size (px)
Citation preview
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
1/36
Developing a Standards-Based Records
Management ProgramFrank McGovern
Product Marketing Engineer
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
2/36
2
Agenda
Trends and Challenges in RM
Defining and Positioning RM
Overview of Relevant RM Standards
Using ISO 15489
Key Take-Aways
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
3/36
3
Records Management Trends
Decline in number of staff specializing in filing
Investment in Software functionality that creates records isgrowing
Mission critical records are often not sharable, retrievable oruseable
Copies proliferate; data conflicts or is unreliable
Email often replaces phone conversations, meetings and formalwritten communication
Instant Messaging increasingly replaces email
Litigation and discovery costs skyrocketing
Authenticity is questioned
Premature destructionNARA
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
4/36
4
The Challenge of Electronic Records
AuthenticityOver Time
Variety4,800+ Different Types of E-Record Formats
ComplexityIncreasingly Sophisticated Formats
VolumeVast Quantities of Records
ObsolescenceConstantly Changing Technology
User ExpectationsEvolving, Unrelenting
NARA
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
5/36
5
Effective Records Management:
Simultaneous attention to People, Process andTechnology
Integrating Records Management into an
Organizations Business Processes and ITGovernance and Applications
NARA
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
6/36
6
Defining a Record
Recorded information
Made or received by an organization
Regarding legal obligations or transactions
Evidence of operations
Has value requiring retention for a specific period of
time
Regardless of recording format, medium or
characteristics
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
7/367
Characteristics of a Record
AuthenticityIt is what is says it is. ReliabilityIt can be trusted as a full and accurate
representation of the transactions or facts.
IntegrityIt is complete and unaltered.
UsabilityIt can be located, retrieved, presented and
interpreted
ISO 15489
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
8/368
RM from 10,000 Feet
Supports event and time based retention rules Structured file plan organizes records and manages,
enforces complex policies/rules
Enables legal holds, facilitates audit and electronicevidence discovery
All processes are audited and managed
Ensures record authenticity, integrity and contextual
relationships
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
9/369
RM from 10,000 Feet
Preserves records over time and ensures reliability Ensures record access, retrieval and usefulness
Prevents unauthorized deletion
Ensures timely disposition and complete record
expungement
Ensures privacy and record security policy
management
Supports physical records
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
10/3610
Records Management Standards
DoD Standard 5015.2 ISO Standard 15489
ANSI/ARMA 9-2004
VERS
DOMEA
MOREQ
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
11/3611
DoD 5015.2
RM Software Certification and Testing Program
DoD certification required for software sales to Department ofDefense, National Archives and Records Administration(NARA), federal government agencies
De facto industry standard
Key Sections Definitions
Mandatory Requirements
General
Detailed Non-Mandatory Features
Requirements defined by the Acquiring Organizations Other Useful Features
Classified (Secret) Records
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
12/3612
Impact of DoD 5015.2 Standard
Adoption and recognition by vendor community 50+ Vendors/Products Currently Certified
Standalone (RM only) Product pairings (RM + ECM Suite) Multiple Versions (Certification valid for 2 years)
Multiple Environments (Oracle/MS SQL/DB2) 45 Vendors/Products Scheduled
Mandatory for most government opportunities
Mandatory/highly desirable for most Fortune 1000
Companies and others
FileNet Records Manager is certified (Chapter 2)
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
13/3613
ISO Standard 15489
Information and Documentation, Records Management Part IGeneral
Part IIGuidelines
Important standard, gaining momentum throughout
world
Framework for records program design in many
industries
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
14/3614
Key Points
Principles of Records Management Programs Determining which records should be created
Deciding form and structure
Metadata requirements
Retrieval requirements How to organize records
Assessing risks
Preserving records
Complying with legal and regulatory requirements Security
Records retention
Improvement opportunities
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
15/3615
Impact
UK National Archives has formally adopted ISO 15489
Embraced in many UK FOI deployments
Foundation for US NARAs Strategic Redesign of RM
Adopted by Australian Federal Government
Used by Auditor General to monitor Government performance
Translated in many Languages
Recognized by ARMA
Basis of FileNets RM Best Practices
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
16/3616
MOREQ (European Union)
Model Requirements for the Management of ElectronicRecords
Focus on the functional requirements for electronic
records management systems390 requirements
Key areas: Classification Schemes
Controls and Security
Retention and Disposal
Capturing Records
Referencing Searching, Retrieval, and Rendering
Administrative Functions
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
17/3617
ANSI/ARMA 9-2004Email Standard
Requirements for Managing Electronic Messages asRecords Describes
Retention and Disposition IAW Records Retention Schedule Acceptable Use Access and Retrieval Appropriate Security Measures Network Security Protection of Confidential Information Identification and Protection of Vital Records Remote Access Back-Up Metadata Capture Audit Trails Anti-Virus Protection
No certification program
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
18/3618
VERS Standard (Australia)
Victorian Electronic Records Strategy Generic, extensible standard
Works with existing recordkeeping and business practices
Ensures records preservation
Enable viewing of records in the future, regardless of systems thatcreated them
Specifies methods to capture records from desktop and
business systems
Specifies ways to capture meta data
Preserves contextual relationships
Details audit trail methodologies so that changes to
records are detectable
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
19/3619
DOMEA (Germany)
Document Management and Electronic Archiving RM for case files Governs
Completeness, integrity and authenticityof official records,to guard against official documents being altered, changed,removed, destroyed or deleted.
The records principleof public administration, i.e.,documents are organized in subject files.
Maintenance of adequate and proper documentation foraccountability and lawfulnessof administrative procedures.
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
20/3620
RM Standards Summary
*Formal Certification Programs
Products Program
DoD 5015.2* ISO 15489
VERS* ANSI/ARMA 9-2004DOMEA*
MOREQ*
RM STANDARDS
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
21/3621
ISO 15489 - Part 1 General
Applies to the management of records, in all formats or media,
created or received by any public or private organization in the
conduct of its activities, or any individual with a duty to create
and maintain records
Provides guidance on determining the responsibilities oforganizations for records and records policies, procedures,
systems and processes
Provides guidance on records management in support of a
quality process framework to comply with other ISO standards
Provides guidance on the design and implementation of a
records system
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
22/36
22
ISO 15489Part 2 Guideline
Provides guidance on implementing the policies andprocedures in Part 1
Developing Policies and Procedures
Formulating Records Management Strategies
Designing the Records Management Program Elements
Implementing the Solution
Establishing Processes and Controls
Programs to Monitor and Audit the Program
Training the Organization of RM Policies and Procedures
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
23/36
23
Steps to Sound Records Management
Develop/Review Policies and Responsibilities
Strategic Planning, Program Design and
Implementation
Develop Records Processes and Controls
Monitoring and Auditing Requirements
Planning and Executing Training Programs
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
24/36
24
Develop/Review Policies and Responsibilities
Develop Records Management Policy Statements Documents Policies and Procedures Performed in the
Normal Course of Business
Authorized by Highest Level in the Organization
Define Responsibilities and Program Authorities
Requires Employees to Declare Records
Ensure Records Created as Part of the Process
Provide Transparent or Easy Access
Provide Protection of Records
Enforces Records Disposition Policies
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
25/36
25
Strategic Planning, Program Design and
Implementation
Step A:
Conduct
preliminary
investigation
Step B:
Analyze
business
activity
Step C:
Identify
requirements
for records
Step E:
Identify
strategies to
satisfy
requirements
Step F:
Design
records
system
Policy
Standards Implementation
Design
Step D:
Assess
existing
systemsStep H:
Conduct post-
implementation
review
Step G:
Implement
records
systems
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
26/36
26
Strategic Planning, Program Design and
Implementation
Conduct Preliminary Investigation
Analyze Business Activities and
Processes
Identify Records Requirements
Assess Existing Systems
Develop Strategies for Meeting Records
Requirements
Design the Records System Implement the Records System
Perform Post-Implementation Review
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
27/36
27
Develop Records Processes and Controls
Instruments of Control Classification Scheme Based on Business Processes
Disposition Processes
Security and Access Controls
Analyze Regulatory Requirements
Perform Risk Analysis Identify Employ and User Permissions
Classify Business Activities
Create Thesaurus, Glossary
Establish Records Disposition Authority
Determine Documents/Objects to Classify as Records
Develop Retention Schedules
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
28/36
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
29/36
29
Monitoring and Auditing Requirements
Identify Requirements forCompliance Auditing
Determine what Evidential Weight
is Necessary
Develop Performance Metrics and
Monitoring and ReportingProcesses
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
30/36
30
Auditing and Monitoring
SOX
PatriotAct
H
IPAA
CAD
atabase
Prote
ctionAct
BaselII
Business and Messaging Apps
Records Management
Policies, Controls and Process
Evidence and Proof
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
31/36
31
Auditing and Monitoring
MeasurementCategory
Metric CaptureMethod
CaptureMedium
CaptureBurden
Comments
Hours of Operation Manual Periodic Audit LowAlmost certainly greatly improved
w ith automation
Access Points Automated System LowAlmost certainly greatly improved
w ith automation
Percentage of
Records correctly
declared
Manual Periodic Audit High Measure of Quality
Percentage of
Records correctly
classified
Manual Periodic Audit High Measure of Quality
Capacity
Size of Holdings
(i.e. number of
records)
Automated System Low No indication of Quality
EfficiencyEase of performing
daily tasksManual Survey High
Purely subjective but indicative of
success and acceptance of
electronic records management
Access to
Services
Accuracy
August 2004 Industry Advisory Council White Paper
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
32/36
32
Auditing and MonitoringMeasurement
Category Metric
Capture
Method
Capture
Medium
Capture
Burden Comments
Number of Seats Automated System Low No indication of Quality
Number of PeopleDeclaring Records
Manual Live Oversight Medium Indicative of Acceptance of theSystem
Number of People
Classifying
Records
Manual Live Oversight MediumIndicative of Acceptance of the
System
Number of People
Retrieving RecordsManual Live Oversight Medium
Indicative of Acceptance of the
System
Productivity
Number of
RequestsProcessed Each
Week
Automated System
Low for one
system, highacross the
enterprise
Diff icult to measure enterprise-w ideacross multiple processes
System Search
TimeAutomated System Low No indication of Quality
System Retrieval
TimeAutomated System Low No indication of Quality
Number of
SuccessfulSearches
Automated System Low
Diff icult to interpret; returned result
is not necessarily the desired result
Number of Search
IndexesAutomated System Low
Indicator of complexity and therefore
ease of use
Number of
Classification
Categories
Automated System LowIndicator of complexity and therefore
ease of use
Participation
Search andRetrieval
August 2004 Industry Advisory Council White Paper
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
33/36
33
Auditing and Monitoring
Measurement
Category Metric
Capture
Method
Capture
Medium
Capture
Burden Comments
Throughput (i.e.
transactions per
hour or per unit oftime)
Automated System LowMeasures IT performance not
success of ERM
Response Time (i.e.
time to retrieve a
record)
Automated System LowMeasures IT performance not
success of ERM
Availability (i.e.
system uptime)Automated System Low
Measures IT performance not
success of ERM
User
Satisfaction
User satisfaction
rating Manual Survey HighNearly universal metric for ERM
exemplars
System
August 2004 Industry Advisory Council White Paper
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
34/36
34
Auditing and Monitoring
Measurement
Category Metric
Capture
Method
Capture
Medium
Capture
Burden Comments
Number of People
Retrieving RecordsAutomated System Low
Indicative of Acceptance of the
System, no indication of success or
satisfaction
Virtual Visitors Automated System Low
Indicative of Acceptance of the
System, no indication of success or
satisfaction
Numbers and types
of processviolations that are
caught, missed,
and/or are
attempted
Semi-Automatic System Medium
Measure of accuracy and quality ofthe ERM processes w ith potential
legal w eight, significance, and
bearing
Fraction of the
inventory of
electronic recordsw ithin an ERM
system that is in
the wrong state
Semi-Automatic System Medium-High
Indicative of the quality of the
processes and services provided
w ithin an ERM system
Utilization
Legal
August 2004 Industry Advisory Council White Paper
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
35/36
35
Planning and Executing Training Programs
Identify Records Management Training Requirements for the
Organization
Determine the Personnel that Must be Trained Managers, including senior managers,
Employees,
Contractors,
Volunteers,
Other personnel who have a responsibility to create or use records
Provide Records Management Professionals Training
Determine Training Methods
Evaluate Effectiveness of Training
8/13/2019 2005-12-13 AWP Presentation - Records Mgmt Stds
36/36
Key Take-Aways
Records Management is a journey RM Software applications are tools, not a substitute
for policy
The ISO Standard 15489 serves as an excellent modelfor an RM program