Post on 20-Dec-2015
transcript
July 2005
Electronic RecordsElectronic RecordsManagementManagement
Why have an e-records Why have an e-records management program?management program?
• Compliance with federal, state or local regulations– HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley,
FACTA, FERPA, CFR, IRS
• Control over “rogue” systems• Support mission-critical decisions• Reduce low-quality decisions• Improve system performance• Reduce risk and potential for liability
• Legal status of e-records as records– Burst.com v. Microsoft– Zubulake v. UBS Warburg LLC
• Value to organization for administrative, historical, evidential or longitudinal purposes
• Ease of manipulation and mishandling
Program Elements:Program Elements:
• Planning
• Policy development, implementation and compliance
• Technology as “de-incentivizer”
• The User: behavior, demands and perceptions
Planning...Planning...
“The primary benefit of not planning is that failure will come as a complete surprise rather than being preceded by a period of worry and depression.”
--Harold Kerzner
When should planning occur?When should planning occur?
• Before e-systems are built
• When other planning initiatives are taking place
• When identifying objectives for programs
Who should participate?Who should participate?
• Important players– Users– IT administrators– Decision-makers / resource allocators– Records managers
• Cross-functional team if system is to be implemented organization-wide
What should planning cover?What should planning cover?
OBSTACLE:• Funding source• Size of project/program• Who does the work?• Software solutions• Is validation required?
MILESTONE:
Justification
Scope
Project team
Selection
Security protocols & procedures
What should planning cover?What should planning cover?
• User training• When will system/ program go live?
• Ongoing system/program management?
• How will e-files be managed?
Training program
Implementation
Change control
Retention and disposition
Planning—JustificationPlanning—Justification
• Prepare business case:– Align with other organizational goals for
managing records– Provide cost / benefit data– Provide realistic timeline for program
implementation– Enumerate the risks and potential costs of not
having the program– Be able to back up your request with data
Planning—ScopePlanning—Scope
• Define the scope of the e-records management program– Individuals, departments, entire organization?
– Email, desktop, intranet / extranet, websites
– Instant messaging
• Define documentation tools for amending the program
Planning—Project teamPlanning—Project team
• Must be accountable for planning and developing the program
• Should be cross-functional– Executive—solves monetary concerns
– Project manager—leads team, tracks budget, reports to executive
– IT analyst—provides technical expertise and necessary system support
– Functional area representatives (users)
Planning—SelectionPlanning—Selection
• Will software be used to manage e-records?– Research vendors– Requests for information– Define functional requirements– Vendor demos using large data sets– Select application
Planning—ValidationPlanning—Validation
• Depending on your environment, you may need to validate that e-records have not been tampered with and are authentic
• Plan for these validation and security needs early on
Planning—TrainingPlanning—Training
• How will users be trained in e-records management?
• Will training include management of records in original, digital form?
Planning—ImplementationPlanning—Implementation
• How will the e-records management program be phased in?– Incrementally– Organization-wide– By site
• Who is on call to answer questions?
• Anticipate resistance to new system
Planning—Change ControlPlanning—Change Control
• How will changes in retention requirements of e-records be handled?
• Are requests for changes formal or informal, and what sort of approval process must they go through?
• How are changes to the program documented?
Planning—Retention and dispositionPlanning—Retention and disposition
• Retention and disposition is affected by:– Corporate policy– IT infrastructure and management
• E-records management program must attempt to overcome the “retain forever” mentality
“We currently have no guidelines on retention of records since we do not purge them. We have experienced unusual requests over the years to reconstruct statistics from work order data going back a number of years. It is best that when your Director asks for something that you don't have to say we deleted those records last week. We might be interested in a more formalized archiving system, but probably not purging the records. The only reason I could see for even archiving records would be if system performance deteriorates, or the number of records created some inefficiency in an application process.”
The Planning Obstacle...The Planning Obstacle...
• Going through these steps requires time and financial investment.
• To succeed, e-records management must remain a top priority, or resources shift to other projects leaving the planning phase incomplete.
Policy Development...Policy Development...
• Statement of purpose clarifies the reason for the policy
• Scope clarifies record types included—should be exhaustive
• Aids in consistency and reducing variation
Do records-related policies and Do records-related policies and definitions include electronic definitions include electronic records?records?
• User discretion
• Inconsistent application
• Arbitrary / subjective retention and disposition decisions
Having no policy is a “policy”Having no policy is a “policy”
“Employees with limited perspectives on management and legal issues should not be relied upon to make decisions that could affect the entire business.”
--Steven C. Burnett
• Websites / blogs / wikis
• Email and instant messaging
• Unified messaging
• Versioning
• Imaging
• Computer forensics and “destruction”
• E-commerce
Are policies keeping pace withAre policies keeping pace with technologytechnology??
• Depends on your environment
• Depends on “newness” of the policy and users’ familiarity with other records management principles
• When and how policies are applied can be critical…..
Will policies conflict or coincide with Will policies conflict or coincide with culture?culture?
• “This is not something you get to decide. This is company policy. Do not archive your mail. Do not be foolish. 30 days.”
http://www.timesonline.co.uk/article/0,,2095-1367433,00.html
The Policy Obstacle...The Policy Obstacle...
• Policies governing e-records management must be comprehensive, addressing as many formats as your organization handles.
• If not following the policies creates unnecessary risk for your organization, sanctions must be in place.
• The policy obstacle may change based on your environment.
Technology…Technology…
• “It costs you more to think about whether to delete something than simply to leave it on your computer.”
Tom Burt, Deputy General Counsel at Microsoft
http://www.businessweek.com/magazine/content/04_51/b3913099.htm
IT and RecordsIT and Records• IT community is hard to convince that
records management and e-records preservation are important– Move toward systems capable of saving
everything
• Does technology sneak up on us? – It is planned, built, and installed BUT– If not planned people develop own solutions– Technology is the “go to” solution
Different paradigmsDifferent paradigms
• Record series is not such a clear delineation with e-records unless consciously designed
• Filing / organizing becomes moot
Are the technologically savvy allies or Are the technologically savvy allies or adversaries for e-records management?adversaries for e-records management?
• 10 years worth of data can be kept just as easily as 1 year’s worth
• Gmail (“Search, don’t sort” and “Don’t throw anything away”)
• Perceived irrelevance of records managers and archivists
Storage is cheap…Storage is cheap…
• …but e-records management applications are not
• Creates over-abundance of electronic information– Digital landfills contain obsolete data,
irrelevant data– Overabundance increases risk of low-quality
decisions
• Transport mechanism for business data– Example: email attachments
• Effect of technology on workflow– Duplication dilemma– Productivity
RMA or EDMS?RMA or EDMS?
Not transparent
Turned on or off?
Expensive
DatabasesDatabases:
TransactionalA/P or A/R
RegistrationsLibrary books
ReferenceLexisNexis
Retention informationImage banks
DatabasesDatabases:
Research RichDurable Data
Relational
Longitudinal
• Databases are powerful tools used to compile statistics or research data, or to track / find other types of records
• Typically can’t apply traditional records management principles to database records
The Technology Obstacle…The Technology Obstacle…
• Acts as a “de-incentivizer” because it installs the ability to store vast amounts of data and e-records.
• There are fewer reasons to purge e-records once technology is in place.
• The behaviors affected by technology become part of the organization’s culture
The User…The User…
Some questions askedSome questions asked
• What criteria do you use to decide to keep and electronic document?
• To delete one?• Do you follow a schedule for
retaining/destroying files or records? • Do you ever weed files (e.g., word
processing documents) or folders from the hard drive?
Retention criteria Retention criteria
• Keep– Anticipated use – 40%– Save everything – 40%
• Delete– No further use anticipated – 20%– Print then delete – 5%
Follow a schedule?Follow a schedule?
• No – 63%
• Yes – 30%
Weed files or folders?Weed files or folders?
• Yes -- 64%
• No – 33%
So what needs to happen?So what needs to happen?
Planning:
• Ideally before e-systems are built
• As part of other planning initiatives
• Strategically (strategy drives structure)
• Planning requires data
So what needs to happen?So what needs to happen?
Policy:
• Reduce user discretion
• Broadcast widely
• Provide justification for policy (legal or regulatory, efficiency, etc.)
So what needs to happen?So what needs to happen?
Technology:• Recognize the behaviors it installs• It can reduce or eliminate incentive to
manage e-records• It will usually be part of the solution, not
the entire solution• Identify where technology fits in the entire
system
So what needs to happen?So what needs to happen?
Users:• Identify users’ perceptions & behaviors
– Surveys
– Interviews
– Training, especially for new employees
– Take every opportunity to educate
– Understand how e-records are used and for what purposes before trying to develop your e-records management program
Obstacles:Obstacles:
• They exist
• They can be overcome
• They are created by users, the technologies we employ, inadequate planning, and poorly constructed policies