Records Management: Comprehensive Records Management Program 1
An effective Records Management program should be designed to achieve the following objectives:
- Ensure that all needed business records are retained;
- Ensure that all records that are required to be retained by statute, regulation, or contract are retained for the appropriate and approved period of time;
- Ensure that all authorized users can access business records efficiently;
- Ensure that all business records can be read, used, and regarded as authentic once located;
- Establish litigation hold procedures to ensure that potentially responsive documents are not destroyed once litigation and/or government investigation is reasonably anticipated; and
- Establish procedures to ensure the timely destruction of appropriate documents as their respective retention periods expire.
Developing and implementing an effective records management program is a complicated, time-consuming task that requires a multi-faceted team of professionals committed to fully understanding the business and the types of records created by the company. At a minimum, the following individuals must be involved in the effort:
- Senior business personnel from key units within the organization who are knowledgeable of the types of documents that are created within the organization;
- Records retention specialists who possess the necessary skill sets for managing the process;
- Information Technology ("IT/IS") personnel who are familiar with the types of electronic documents the organization creates and receives, know where the electronic documents are stored and how to locate them, and understand the technological capabilities of the company;
- Lawyers and regulatory specialists who are familiar with the legal requirements for document retention.
Before beginning, the team should clearly define their individual roles and responsibilities within the project.
The goal of the team should be to develop a concise policy that clearly defines the record type, applicable retention period, and the source of the retention requirement (whether business, statutory, or regulatory). The team should document and retain records outlining how the program was developed and implemented, in order to be in a position to demonstrate it used "best efforts" to comply with document retention requirements.
The record retention needs of each department of a business vary greatly. This fact must be taken into account when creating a records management program. Different departments create and use records in unique ways, and the program, in order to be effective, must accommodate these unique uses and needs.
Before implementing a document retention policy, an inventory of threatened and pending litigation and/or government investigations should be conducted. Steps must be taken, in consultation with counsel, to ensure that all potentially responsive documents are preserved. The stakes of spoliation are so high that extreme caution must be taken with respect to documents related to disputes, investigation, potential future litigation, and existing litigation.
After taking steps to ensure that the program meets all legal requirements, training of all employees should be conducted. The program should be well-publicized within the company, and employees should be advised of where to direct questions.
All employees must comply with a Records Management program in order for it to be successful. The wide variety of employees that a business has should be accounted for in the planning and implementation of a strong Records Management program; consultants, contract personnel, and vendors all require clear instruction regarding records.
- Fulbright and Jaworski, L.L.P., Records Management and Best Practices in E-discovery.
- Information Requirements Clearinghouse, Legal Issues in Records Retention
and Disposition Programs.
What is a Record? - ISO Definition
The ISO 15489 definition of a record:
A "record" is information created, received, and maintained as evidence by an organization or person in the transaction of business, or in the pursuance of legal obligations, "regardless of media."
A record can also be thought of as information that holds operational, legal, fiscal, vital or historical value. Following are some examples of records:
- A final draft of a contract;
- Evaluation report of a current employee;
- Insurance related documents; and
- Company charter.
On the other hand, information with no operational, legal, fiscal, or historical value is not a record. Duplicates and copies of existing, maintained records are also not records. These should be disposed of as soon as they are no longer of use or value. Retaining such beyond their use is a liability to any organization. Following are some examples:
- Personal messages;
- Email inviting staff to a birthday party;
- Routine notices; and
- A phone message note "Call Joe back after 3 pm."
After information is produced, the employee must determine if it is a record. Each employee should be familiar with the ISO record definition from their Records Management training. Training should explain exactly how records should be retained (i.e. where records will be stored, for how long and in what form.) The training should teach the employee to ask: "Does this information reflect an activity of the business? Does it reflect fiscal, operational, administrative, legal, vital or historical value?" If it does, then the information is a record, and steps must be taken to retain it and its associated metadata.
The record representative of each department in a company is responsible for assisting employees in identifying, retaining, and organizing the records they create. These representatives are implanted resources that mediate between the business departments and the Records Management office.
Record Capture (Metadata)
Upon the declaration that a document is a record, the document and its existing metadata must be captured. At this point, a new piece of metadata will be added: the RM classification of the record.
The RM program might physically move the record into a separate repository, move it into a repository with all of the enterprise data (with slightly different metadata, like "Read Only" and the RM classification) or keep the document where it is, but record the metadata into the RM Program.
There are several considerations to take into account within the confines of the RM Program:
- How the record is going to be captured;
- When the record will be captured;
- What metadata will be captured; and
- How the document declaration will be made.
The RM Program will also need to account for different categories of electronic documents, like email and Word or Excel files and databases.
The document declaration is the step that requires the most of the end user. For all of the documents and communications an employee creates, sends and receives, he must decide which ones are "records" and indicate that to the RM system. There is a delicate balance between the need to accurately capture the record's metadata and to not interrupt the employee from his work. A document declaration step that is too intrusive risks not only hindering employee productivity, but might even result in records not being declared, as employees bypass the burdens of the declaration process. On the other hand, a document declaration process that asks too little risks irrelevance in the enterprise.
One attempt around this dilemma is to automate the declaration of records. This would necessarily involve a conceptual analysis of the document to determine if it is a record, and if so, what its classification should be. This has been the holy grail of ERM for years and has yet to be implemented on a widespread basis.
Until this is achieved, the declaration process will require manual intervention. Current methodologies include having a dialog box appear that demands user input before a document is saved or sent. It allows a user to click classification options from drop-down boxes and drag a file or message to one of a set of RM folders. The file or message then inherits the RM properties of the folder.
Another consideration is the timing of the declaration. Some file and email systems allow for metadata modification, meaning that a declaration made after the document is sent or initially saved might include altered metadata. This may not cause concern in the RM world, but could raise preservation concerns during discovery.
A final consideration is what metadata needs to be captured by an RM system. The RM group might care for little other than the date, author and classification of a document, while discovery users will need a great deal more.
Vital records are any records, regardless of archival value, that are essential to the functions of an organization during and after an emergency. They also include those records essential to the protection of the rights and interests of that organization and of the individuals for whose rights and interests it has responsibility. Roughly 3% - 8% of an organization's records are vital. The loss of vital records during a disaster could result in the disruption of essential services, exposure to unplanned expenses of financial settlements or loss of revenue, increased vulnerability to litigation, and loss of productivity due to gaps in information. The length of retention of vital records is often mandated by internal company policy as well as by regional and federal statute (rules and regulations).
A document can evolve from the general case to a vital record. If an organization is anticipating or engaged in a legal or regulatory discovery request, or internal investigation, then the records and documents associated with the matter become vital records. Documents that are deemed vital to discovery may include custodian files and email and instant messages stored on servers, PCs/laptops, handheld devices such as a BlackBerry and portable hard drives. These documents must be identified and declared records for discovery purposes. They become vital records to the matter and should be managed as such. Furthermore, an existing vital record may be identified as relevant to a legal matter or internal investigation. In this case, the retention date for the record may have to be changed to meeting the overriding requirement of the legal matter.
Categories of Vital Records
Vital records fall into two general categories:
- "'Emergency Operating Records"'
These are records which are needed immediately by fire and safety personnel during an actual emergency and records which are needed by an organization's management and staff members assigned to disaster recovery efforts.
- "'Rights and Interest Records"'
These are records which are needed by an organization's staff to continue mandated operations and services during and after the actual emergency and in order to preserve the legal and financial rights and interests of the organization and the individuals directly affected by its activities.
Procedural considerations include routinely updating vital records, prohibiting food, beverages and smoking in records areas, segregating combustible material, and conducting periodic electrical, building and fire inspections. Another important procedure is the regular testing of a vital records program through simulations to ensure adequate functioning in the event of a genuine emergency. Exclusive reliance upon on-site vital records protection measures is not recommended because of the potential for total or near total destruction of a single location in a disaster.
Methods of Protecting Vital Records
Common methods of protecting vital records are:
Duplication and Dispersal
This technique involves the distribution of duplicate copies created in paper, microfilm, or electronic format to locations other than the institution's primary office space. Such dispersal may be either routine or planned. During the regular course of business, duplicates of vital records are often routinely distributed to other buildings. So long as these duplicates are designated as the vital records security copy and maintained in the proper conditions for the same length of time as the primary copy, the information they contain would be protected. In cases where copies of vital records are not routinely dispersed, each office must plan to have copies of vital records distributed to alternative sites specifically for protection purposes. Such copies should be sent to designated buildings and kept for the full retention period.
Using the dispersal method of protection requires constant monitoring by each office to ensure that the vital records security copy is updated on a periodic basis (called cycling). It is also essential that this copy be dispersed to a location that would not be affected by an area-wide disaster that could destroy both the copy and the primary records, but yet be sufficiently close that the security copy is readily accessible if needed.
Each office can protect its vital records by storing them in fire-resistant vaults, safes, or file cabinets. Such equipment is rated according to the maximum number of hours of exposure to fire and maximum temperature at which they will protect records.
Magnetic tape, microfilm, diskettes, CD-ROM's, and photographic records require special equipment ratings because of their susceptibility to high humidity levels. The National Fire Protection Association publishes standards for these types of protective equipment, which can be located at http://www.nfpa.org.
The major disadvantage to on-site storage of vital records is the potential for total or near destruction or contamination of the organization's primary office area in the event of a disaster.
Off-site storage involves keeping vital records in a single location separate from the central building. An off-site storage center should be close enough for access, control, and updating. Locations which may be considered for off-site vital records storage include other organizations' buildings within a locality which are reasonably secure (neighboring organizations could exchange vital records, thereby using their neighbor's facility as an off-site storage location), or a commercial storage vendor. The advantages of central, off-site storage include:
- General effectiveness - It is less likely that an off-site storage facility will be affected by the same disaster that occurs to your building;
- Ease of retrieval - Unlike dispersal techniques where vital records may be distributed to a number of off-site locations, central off-site storage simplifies access;
- Ease of control - The ability to incorporate the same design and procedural considerations for security, facility and equipment compatibility, as used in on-site storage, and
- Ease of staffing - The ability to use trained records professionals to administer the facility.
For off-site storage of backup tapes and disks, the team coordinator is responsible and the appropriate vendors, if necessary, should be contacted. At a minimum, each office should save its vital electronic records to the organization's Local Area Network servers on a periodic basis if routine backups are made and/or make backup copies of vital electronic records on floppy disks, tapes, or CD-ROM's, and store them at an alternative off-site storage location.
Backing Up Vital Records
To protect information and records from accidental erasure, hardware malfunction, or disaster, back-up procedures for information and records stored on the organization's computers must be instituted. Departments will determine a regular back-up schedule and assign responsibility for insuring that the back-up schedule is kept.
Stand-Alone Departmental Systems
In developing a regular schedule for the back-up of information on stand-alone departmental systems, frequency of back-ups must be determined. This should be based on:
- The frequency with which changes are made;
- The volume of changes made;
- The importance of the records or information to the function of the department. For instance, if the database is updated daily and if the office would suffer operationally without the information in the database, then back-ups should be done on a daily basis; and
- The number of back-ups.
The general rule for good back-up procedures dictates that there be three generations of back-up. For instance, data backed up on a daily basis would have back-up versions for three days. On the fourth day, the oldest back-up version would be overwritten by that day's back-up procedure.
Some departments have a local area network to which their departmental computers are attached. Normally, the network system administrator has responsibility for backing up files stored on the network, and these procedures are determined by departmental management. It is important to note, however, that one should not assume that files are being backed up just because one's computer is attached to the departmental network. Any file that is created and maintained on a computer attached to a network will only be backed up if the person who created the file takes the extra step of copying the file to the network server. The department, in this case, should publish its network back-up schedule and encourage staff to copy important files to the server. NOTE: Information Technologies (IT) Network and System Services staff have responsibility for the back up and protection of all files residing on IT's centrally supported computing systems.
In the context of protecting records and information, departments must determine whether their computers are vulnerable to theft. Departments are responsible for instituting measures for the physical security of system hardware, if hardware is determined to be vulnerable (by location, traffic, or previous history). Departments should seek assistance in selecting an appropriate physical security device, which can then be installed by the Lock Shop or by the department.
Documentation of departmental electronic recordkeeping systems must be available to support the uninterrupted functioning of the department if the person who set up the system(s) is no longer available. It is important to document the following:
- The location of software disks and software documentation;
- The back-up and recovery procedures used by the department;
- The file-naming standards and classification schemes used by the department; and
- A list of databases and spreadsheets that support departmental functions, including a description of the application and its purpose, a listing of spreadsheet cell formulas, a listing of database field names, and a definition of any programs that are run in conjunction with departmental applications.
This is an important step in having a vital records team in place and ensuring that the business will be operating in good times, bad times, and even with unexpected disasters. This is also an important step towards ensuring that the organization is in compliance with recent regulations.
The protection and preservation of vital records is essential to the maintenance of organizations. The most important step an organization can take to protect its vital records is to develop a Vital Records Protection Plan, the goals of which are to prevent the loss of information critical to the continuing operation of the organization, to recover damaged information, and to resume operations quickly and efficiently. This plan is intended to deal with disasters involving the organization's vital records.
The Vital Records Disaster Management Team
Organizations should establish a vital records disaster management team. The following list identifies personnel that would be key in having a successful vital records team. The Vital Records Disaster Management Team will help prepare, implement and update the Vital Records Protection Plan. The team should consist of the following members:
Institutional Staff Members
- Team Coordinator: Overall responsibility for disaster recovery operations.
- Assistant Coordinators: Provide assistance in identifying vital records, assessing damage, and selecting recovery methods.
- Records Manager: Assists with recovery operations and records scheduling.
- Director of Operations: Coordinates overall recovery activity and serves as chief liaison with fiscal and purchasing offices.
- Facilities Manager/Security: Has overall responsibility for security and safety of physical structure.
- Information Systems Manager: Serves as advisor to overall systems back-up for the organization's computer systems.
- Fiscal Officer: Approves emergency expenditures relating to disaster.
- Purchasing Officer: Provides support for emergency recovery operations by expediting purchases of supplies and equipment.
- Legal Counsel: Provides advice on legal issues associated with disaster response.
- Press Officer: Prepares press releases and works with media to issue accurate and timely information in a disaster situation.
The staff members of the Vital Records Disaster Management Team should meet on an annual basis to review procedures relating to disaster preparedness and disaster response. Auxiliary members will be consulted periodically on specific issues as they arise. They will also review their Vital Records Inventory Forms on an annual basis to ensure that all information is accurate and will submit updated forms to the team for incorporation in the plan. Only those records listed on the official inventory forms maintained by the Assistant Coordinator will be considered vital if a disaster occurs. Other staff members will be kept informed of any changes or updates, and the team will periodically conduct training exercises.
Incorporation of Electronic Records into a RM Program
The cornerstone of a good corporate RM Program is that it addresses all types of business records, regardless of media. There should be no distinction between paper and electronic records. Until recently, electronic documents were not considered records. Traditionally, individuals printed electronic records and saved them as records. Then and only then were they considered records.
Such traditions are no longer viable. The volume of e-mail and office documents, as well as the number of mobile workers have grown so large that electronic documents never make it to the paper file. Lacking standards (and enforcement) for labeling Windows file folders, users store electronic files wherever it is convenient, without consistency or predictability.
Recent experience and surveys show that 80% of corporate information resides in different repositories, e.g., on individual hard drives and file shares. Approximately 80% of these are not reviewed or retrieved within 30 days and more than 50% are not retrieved within 90 days. A recent case showed that of these "unstructured" electronic documents, 25% are E-mail, 25% are on shared network drives, 48% are on personal drives, and 2% are on the Web and in Public Folders. Furthermore, 67% of such records had not been updated in over 2 years, and between 16% and 33% were exact duplicates. Finally, there were no document or record management systems governing their classification, storage or disposition.
Effectively incorporating electronic records into an RM Program requires:
- Systems, and
- Management support.
Awareness involves two elements: (a) awareness of records management and what it means; and (b) awareness of procedures to comply with records management and the risks of non-compliance.
Awareness of Records Management
The first element necessarily involves a comprehensive records retention policy and supporting record classification and retention schedule. Implementation is accomplished through web-based training on the contents of these documents (upon hiring and then annually thereafter). The documents should also be posted on the corporate intranet so employees can access them anytime. Employees should be required to sign a certificate (by electronic check mark) indicating that they understand the effects of non-compliance. Web-based records management (RM) training will often take into account and train employees on appropriate content for business records.
Awareness of Compliance Procedures and Risks of Non-Compliance
The second element involves the management of information as an asset and ensures that the company handles that information in the appropriate manner according to established procedures. This can be accomplished through regular operation reviews, checkups and audits. The bulk of this procedural awareness - especially for electronic records - is provided by systems that are designed to internalize these procedures and to gate the user accordingly.
Records management is a business function, not an IT function. Electronic Document and Record Management Systems (EDRMS) are supported and maintained by IT, but designed by the business units collaboratively to meet the corporate record classification and retention schedule standards.
Ideally, the e-mail application (Outlook) will have an integrated EDRMS that prompts the user to declare a message (and its attachments) as a record and determine where to file it when the message is sent or received. The user should be able to identify what qualifies as a record by virtue of his RM training.
By the same token, other office applications (Word, Excel, PowerPoint, Visio) should be integrated with an EDRMS such that the user is prompted whenever a SAVE or CLOSE operation is requested to declare whether the file is a record and, if so, where to store it. In both cases, the user will have a standard set of files, defined and set up by IT at server levels, in which to store the document or message.
Physical record management support groups were typically constituted at the physical site level. For electronic records, it is on the functional/business unit level, much as the Corporate Record Classification scheme is.
IT always had infrastructure support people responsible for the lower-level, horizontal, system-related programs and technologies. End users were responsible for application programs such as Word and Excel. However, electronic records management requires an IT support group that is vertical - that owns the folders and files holding the business unit's records regardless of software application. IT can interface with the business units and the program system administrators to set up "virtual file rooms" with standard folder types and labels on the servers for each record generating "System." They also interface with the Corporate RM Group to support and bolster RM "Awareness."
Awareness, systems and management support are primary prerequisites to effectively integrating electronic records into a RM program. They will not all necessarily move in a smooth, fluid, well-integrated fashion - but they should move forward in an open, communicative fashion as time and resources permit. As this is generally an enterprise-wide initiative, it is usually led by an Executive Sponsor with the assistance of an Executive Advisory Board and the hands-on resources of a dedicated, cross-functional Project Team.