Best Practices in Deploying Records Manager - PowerPoint PPT Presentation

1 / 33

About This Presentation

Title:

Best Practices in Deploying Records Manager

Description:

Never in the history of business has the capture, control, storage and timely ... The size and scope of Corporate failures (Enron, WorldCom, Arthur Anderson, etc. ... – PowerPoint PPT presentation

Number of Views:39

Avg rating:3.0/5.0

Slides: 34

Provided by: file3

Learn more at: https://armanebraska.org

Category:

more less

Transcript and Presenter's Notes

Title: Best Practices in Deploying Records Manager

1
Best Practices in Deploying Records Manager

The ISO 15489 Model

2
Catalysts for todays Record Management

Never in the history of business has the capture,
control, storage and timely destruction of
records had the impact it has on the success and
future of a business.
A need which has been brought to light through
advances in technology, the proliferation of
information, and many recent events.
Reliance on electronic information in dispersed
data management systems
The Internet (e-mail and web content)
An ever growing amount of hard copy information
Increased cost of corporate litigation due to the
vast amounts of information
9/11 disaster (Vital and Corporate Records lost)
The size and scope of Corporate failures (Enron,
WorldCom, Arthur Anderson, etc.)

3
Corporate Failures Have Ushered in a New Age of
Corporate Governance

Its about compliance
Government legislation (SOX, HIPAA, etc.)
Records management is a vital component for
corporate compliance
To ensure compliance companies must harmonize
the relationship between
Business Processes Policies
Electronic Physical Documents
Records Management
Legal Obligations

Compliance is not a document, its a process ---
Gartner Group
4
Blunders are Expensive and Embarrassing

Morgan Stanley (1.4 Billion) for not producing
emails
5 firms fined 8.25 million for failing to
preserve email communications.
alleges in its 280 billion racketeering suit
that tobacco companies destroyed documents
Author Anderson out of business for not Holding
records

5
Risks Abound

Missing or non-accessible records
Failure in complying with laws and regulations
Fines and Penalties
Loss of Public Confidence
Higher litigation costs
Discovery Costs
Fines and Penalties
Higher operating costs
Storage and labor

6
How You Can Reduce Risk and Create ROI

Retain what you need to, for only as long as you
need to, as determined by law, regulatory statute
and/or sound business policy.
Only destroy (delete) records at the right time,
for the right reason and by the right person.
Enforce RM policy consistently and uniformly
through process, not people wherever possible.
Know the business case for electronic records .
Risk reduction TCF (total cost of failure).
Business improvement ROI (multiple areas).

7
RM Policy Most Organizations

Records don't get captured from the business
user.
Records are incorrectly classified.
Records arent getting destroyed at all.
High storage costs are unnecessary and avoidable.
Records are lost or destroyed too soon.
Inability to produce in court leads to spoliation
claims.
Costly to recreate.
Records are kept too long.
Discoverable and very expensive to defend.
Process information not recorded.
Breaks legal chain of custody.
Now required for audit and compliance.
RM policy not enforced.
Reliance on users to make decisions about
records.
IT systems do not implement RM policy.

85 have formal records management programs, 47
do not include electronic records. 38 do not
regularly follow own RM policy 46 do not have
formal process for holds, 65 do not include
electronic records 93 believe outcome of future
litigation based on electronic records policy,
62 doubt they could defend own records 67
doubt own IT department understands RM policy
Survey data from Cohasset Associates A Call To
Action AIIM and ARMA 2003 study
8
THE Records Management Standard

ISO 15489 - Information and documentation
Records management
Part 1 General
Part 2 Guidelines (Technical Report)
Developed Through Consensus of International
Standards Organization (ISO) Member Bodies
Recognized World-Wide as the Model for Records
Management Best Practices

9
ISO 15489 - Part 1 General

Applies to the management of records, in all
formats or media, created or received by any
public or private organization in the conduct of
its activities, or any individual with a duty to
create and maintain records,
Provides guidance on determining the
responsibilities of organizations for records and
records policies, procedures, systems and
processes,
Provides guidance on the design and
implementation of a records system,

10
ISO 15489 Part 2 Guideline

Provides guidance on implementing the policies
and procedures in Part 1
Developing Policies and Procedures
Formulating Records Management Strategies
Designing the Records Management Program Elements
Implementing the Solution
Establishing Processes and Controls
Programs to Monitor and Audit the Program
Training the Organization of RM Policies and
Procedures

11
Steps to Sound Records Management

Develop/Review Policies and Responsibilities
Strategic Planning, Program Design and
Implementation
Develop Records Processes and Controls
Monitoring and Auditing Requirements
Planning and Executing Training Programs

12
Develop/Review Policies and Responsibilities

Develop Records Management Policy Statements
Documents Policies and Procedures Performed in
the Normal Course of Business
Authorized by Highest Level in the Organization
Define Responsibilities and Program Authorities
Requires Employees to Declare Records
Ensure Records Created as Part of the Process
Provide Transparent or Easy Access
Provide Protection of Records
Enforces Records Disposition Policies

13
Strategic Planning, Program Design and
Implementation
Step A Conduct preliminary investigation
Step B Analyze business activity
Step C Identify requirements for records
Step E Identify strategies to satisfy
requirements
Step F Design records system
Policy
Design
Implementation
Standards
Step D Assess existing systems
Step H Conduct post-implementation review
Step G Implement records systems
14
Strategic Planning, Program Design and
Implementation

Conduct Preliminary Investigation
Analyze Business Activities and Processes
Identify Records Requirements
Assess Existing Systems
Develop Strategies for Meeting Records
Requirements
Design the Records System
Implement the Records System
Perform Post-Implementation Review

15
Overlapping Requirements
Privacy Requirements
Geopolitical Specific Regulations
Risk Management
Industry Specific Regulations
Corporate Governance
16
Types of RM Software

Paper Only Records Centers,
File Folders, Box Location
Electronic Only Born-Digital
Paper and Electronic Manage multiple objects
Integrated Combined Capabilities with DM, Wf,
Paper and Images, etc.
Enterprise Application RM and ECM

17
Doculabs Sample ECM Reference Architecture
18
Compliance Architecture

Business Process Management
Modelling Simulation
Auditing and Monitoring
Content Management
Active Content event-driven architecture
Records Management
Automated declaration and disposition
Email Management
Automated filtering classification
Additional Components
eForms - electronic signatures and on-line
validation
Rules engine integration adapt to regulation
changes
Imaging with fast ingestion and scalability
Collaboration

19
Infrastructure requirements

Process Control
Auditing
Records email management
Responsiveness and active monitoring
Roles and Responsibilities
Information Security
Content in context
Regulatory Reporting
Communication Management
Transparency Accountability

20
Develop Records Processes and Controls

Instruments of Control
Classification Scheme Based on Business Processes
Disposition Processes
Security and Access Controls
Analyze Regulatory Requirements
Perform Risk Analysis
Identify Employ and User Permissions
Create Thesaurus, Glossary
Establish Records Disposition Authority
Determine Documents/Objects to Classify as
Records
Develop Retention Schedules

21
Classify Business Activities for File Plan
Organization

Establish an organizational plan for Records
classification
Apply Records Management Policies and Procedures
Retention Schedules
Disposition and Transfer
Vital Records Protection

File Plan
Category
Folder
Volume
Category
Folder
Volume
22
Classify Business Activities for File Plan
Organization
File Plan
Example 1 Human Resources 1.1 Recruiting 1.1.1
Position Description 1.1.1.1 Applications 2
Contracts Administration 2.1 Project 123 2.1.1
Contracts 2.1.1.1 ABC Company
Category
Folder
Volume
Category
Folder
Volume
23
Records Management vs. Retention Management

Retention Management
Supports only time-based retention rules.
Single (or only a few) simple retention rules.

Records Management
Event and time-based retention rules
Structured file plan
Enables legal holds,
Auditing and monitoring
Authenticity, integrity
Preservation
Access and retrieval and electronic discovery
Prevents deletion
Timely disposition and expungement
Privacy and security
All formats, physical and electronic

24
Develop Records Processes and Controls

Capture
Registration
Classification
Access and security classification
Identification of disposition status
Storage
Use and tracking
Implementation of disposition

25
Key Component Process Management

Automated record capture and administration
Active compliance through real-time monitoring
and escalation
Automation of compliance processes
Automation and standardization of business
processes

26
Leveraging Business Processes
Line of Business Process
27
Records Administration Processes
Transfer/Disposition
Record Declaration
Disposition/Destruction
Review/Disposition
28
Records Metadata