The funny thing about the essential policy decisions to successfully implement a records management program is that none is directly dependent on the technologies supplied in SharePoint 2010 (such as the records repository or managed metadata). The essential policy decisions that underlie a solid records and information management (RIM) program are technology independent. Before launching into the decisions themselves, here are five level-setting concepts for those of you who may not be familiar with records management.
First of all, what is records management? One SharePoint manual offers this definition:
Records management is the practice of organizing and maintaining documents within an organization based on a series of predetermined rules. These rules control things such as where files are stored, how long they should be retained, how they should be disposed of, and who is responsible for the files.
RIM professionals take a different, much broader perspective. The International Standards Organization defines records management as a “field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.”
Upon reflection, it is easy to see the SharePoint perspective as a way to implement the ISO definition in an electronic environment. This article will focus on RIM policy decisions derived from the ISO definition.
Second, RIM professionals take a holistic, enterprise-wide approach to records and information management. They contend that to manage records well, all content maintained in all media and formats should be managed using records management principles. For RIM professionals, records and all other information assets should be:
- Managed from a life cycle perspective. They are created or received, used to conduct business, stored for a time determined by internal and/or external business needs, and finally destroyed/deleted or offered to an archival institution for long-term preservation.
- Retained as long as necessary to meet business requirements and no longer.
- Available, discoverable, shareable, interoperable and exploitable across and beyond the enterprise consistent with access requirements.
Third, the ISO records management standard specifies that information assets should have four characteristics in order to serve as records:
Authenticity: A record can be demonstrated to be what it purports to be.
Reliability: A record can be trusted to be a full and accurate representation of the transaction it documents.
Integrity: A record is complete and unchanged.
Usability: A record can be located, retrieved, presented and interpreted over the entire life of the record.
A recordkeeping system must have the controls necessary to demonstrate that the records it manages have these characteristics.
Fourth, the management of records should be linked to strategic business outcomes. But what are they and what specific problems does the organization face that SP2010 and its RIM capabilities are supposed to solve? Is the organization worried about litigation costs, compliance vulnerabilities, inability to locate information, too much information but not the right information, or something entirely different? This is a context question that will frame answers to the RIM policy questions.
Finally, establishing a RIM program and implementing it within SP2010 involves significant effort – and not just for the organization’s records manager. Answers to the RIM policy questions will affect the entire organization – business areas, IT staff, legal counsel, risk managers, computer security and access professionals, knowledge managers and other information/digital curation specialists, and employees generally. They are all stakeholders in RIM decision-making. Now on to the five major decisions.
Decision 1: What needs to be filed as part of the organization’s corporate files?
This is different than asking what is a record, and it is easier for people to answer. The question is what needs to be preserved in the corporate file using SharePoint’s records management capabilities for classification, retention and storage. The question encompasses more than traditional documents – it includes blogs, wikis, personal sites and the other forms of social networking.
But what about the content that won’t be captured as corporate records? It needs to be managed as well. For example, if the content in an engineer’s blog is not needed to document how the engineering solution was developed, is it then deleted at the end of the project? Or should it be retained because the ideas found there may be useful in solving another engineering problem? If the blogs are used in ways that document business activity then they will need to be managed as records. In either case, it is a basic RIM tenet that all content be managed in a lifecycle fashion. The only difference is that the organization needs to be able to demonstrate the authenticity, reliability, integrity and usability of their corporate records. Because this will require extra effort and expense, the identification of what needs to be treated as a corporate record is an important decision.
Decision 2: When should a document be declared to be a record?
One school of thought, popular in the federal sector, is that a document becomes a record when a person hits print, send or save and should be declared to be a record at that point. Others hold that only certain documents need to be declared records because only certain ones are necessary to document business activity and those should be declared only when in their final form. Moreover, some would claim that whether a document should be declared a record is not evident at the time of creation.
SP2010 has the capability to structure sites to support any of these choices. To make that decision, organizations must decide what they fear more – having more documentation than is actually required, or not having documentation that would prove useful if it had been retained. Early declaration will likely result in more records, later declaration will likely result in fewer. The question is critical because once a document has been declared to be a record, it will need to be managed as one, metadata will need to be added, and additional controls imposed.
Decision 3: How will the records (and other content) on a site be managed?
Microsoft recommends a strong governance structure for SP2010 implementations and governance is deeply embedded in SP2010 implementation guidance. However, RIM governance is not always part of the standard solution. There are two principle governance issues from a RIM perspective.
- Who will be responsible for site content, including records? Someone needs to be responsible and accountable for ensuring that the records created on the site are managed in accordance with RIM procedures. Among the roles that SP2010 includes in its governance plan, the SharePoint power user seems the most likely person to be responsible for records since the power user is responsible for other aspects of site management. Day-to-day responsibility can be delegated, but someone needs to be accountable. Identifying the person or persons responsible for records should be a part of the site setup process.
- What RIM policy rules will be incorporated into the site governance process? Minimally, the policy should address what happens to the records and other content when a site is closed down, but preferably sites are provisioned with filing structures linked to the file plan and retention schedules. When properly configured, SP2010 tools can assist in the organization and management of site content.
Decision 4: Is your RIM policy framework sufficiently up-to-date?
Records management literature makes the point that up-to-date RIM policies are essential to successfully implementing electronic recordkeeping. Because RIM policies and procedures may have been created decades ago for paper-based records, they may not address all the capabilities of SP2010. Here are three examples where outdated RIM policies would likely cause problems.
Coverage: Does the RIM policy address the record status of social media such as personal sites, profiles, blogs, tagging, note boards, etc.? Does it clearly state that such content can be record material if it meets the organization’s record definition, and, if so, it must be managed to ensure its authenticity and integrity as a record?
File plans: File plans developed for paper records may be inappropriate for use by staff filing electronic records. File plans for paper-based records are often complex; appropriate for use by trained RIM staff, but difficult for others to understand and use. The search and retrieval capabilities of SP2010 make it possible to use less detailed file plans to achieve the same (or better) retrieval speed and precision, and file plans that offer staff fewer filing choices usually result in greater filing accuracy and compliance.
Records schedules: Records schedules instruct staff about how long records must be retained before they can be destroyed (or if they can be destroyed at all). Schedules for paper-based records tended to be granular, with each disposition applicable to a narrow body of records. Today the trend is to “big bucket” schedules utilizing fewer dispositions to cover a broader range of records. These have proven easier to implement in automated systems, especially ones that use any form of auto-characterization to assist staff in filing records.
Decision 5: In SP2010, should RIM focus on records creation or retention and disposition?
SP 2010 looks at records management as the management of created objects that need to be treated with special care. SP2010 has the tools to file records, store them to ensure integrity and dispose of them according to established rules. However, RIM professionals know the creation phase of the records lifecycle offers the most opportunities for improving efficiency and effectiveness. Creating the “right” records and adding the metadata necessary to manage them are the keys to improving the management of records.
SP2010 offers a range of capabilities to better manage records and other content from the point of creation making the back-end management much simpler. SP2010 offers libraries, templates, content types, style sheets, workflow, metadata inheritance and other metadata-generating functionality that can be put to good use in creating authentic and trustworthy records. If a SP2010 site is properly set up using these and other SP2010 tools, then the record creator should have only minimal metadata elements to add when declaring a record.
There are many advantages in focusing records management activities on records creation first. But there is a catch – it takes a lot of work. If you are going to make use of the metadata capabilities to manage content in SP2010, you will already be capturing much of the metadata needed to manage records. The additional work to add specific recordkeeping metadata is incremental, because the metadata developed as part of the business solutions will be important for records that document those activities.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access