An Introduction To ELECTRONIC RECORDS MANAGEMENT

2y ago
96 Views
2 Downloads
8.54 MB
140 Pages
Last View : 18d ago
Last Download : 2m ago
Upload by : Samir Mcswain
Transcription

An Introduction toELECTRONIC RECORDSMANAGEMENTDr. Patricia C. Franks, CRMAssociate ProfessorMARA Program CoordinatorSLIS Internship CoordinatorSchool of Library & Information ScienceSan José State UniversitySan José, CA1

Workshop Topics1.2.3.4.5.6.7.8.Introduction to Electronic Records ManagementRole of Records Management in an InformationGovernance StrategyElectronic Records Management ProgramFundamentalsSystems Design/Functional RequirementsMetadata StandardsCustodian vs. Non-custodial Models of ERMEmerging Technology and New Forms ofUnstructured DataGetting Started with Real World Examples2

Electronic RecordsManagementPart 13

RecordsInformation created, received, andmaintained as evidence andinformation by an organization orperson, in pursuance of legalobligations or in the transaction ofbusiness. ISO 15489-14

Electronic Records(also digital record; automated record, largely obsolete),n. Data or information that has been captured and fixedfor storage and manipulation in an automated system andthat requires the use of the system to render itintelligible by a person. SAA Glossary of Archival and Records Terminology.Information captured through electronic means, and whichmay or may not have a paper record to back it up. Alsocalled machine readable record. Business Dictionary.com5

General Characteristics of aRecordContent Context Structure Metadata ISO 15489-1:20016

Characteristics of anAuthoritative Record Authenticity – An authentic record can be proven to bewhat it purports to be, created or sent by the personpurported to have created or sent it, and create or sent atthe time purported. Reliability – A reliable record can be trusted as a full andaccurate representation of the transactions, activities, orfact to which it attests. Integrity – A complete and unaltered record is said topossess integrity. Usability – A usable record can be located, retrieved,presented, and interpreted. ISO 15489-1:20017

Records and InformationManagementThe field of management responsiblefor the efficient and systematic controlof the creation, receipt, maintenance,use, and disposition of records,including processes for capturing andmaintaining evidence of and informationabout business activities andtransactions in the form of records. ISO 15489-18

Electronic RecordsManagement (ERM)(1)The application of recordsmanagement principles to electronicrecords.(1)The management of records usingelectronic systems to apply recordsmanagement principles (e.g., paper,CDs/DVDs, magnetic tape, audio-visual, andother physical records). ARMA Glossary, 4th edition9

10

Structured DataThe primary key (ID in bold) ineach table relates to the same IDin another table.11

Everything else!12

Each different type of file has adifferent file format (format for encodinginformation in a er.py?hl en&answer 3528713

14

Records ManagementLifecycleThe span of time of a records fromits creation or receipt, through itsuseful life, to its final disposition,whether that disposition isdestruction or retention as ahistorical record. ARMA, Requirements for Managing Electronic Messages as Records15

Records Management LifecycleCreationArchivalPreservationRetention &DestructionDistribution& UseStorage &Maintenance16

Information LifecycleManagement (ILM) ILM is not a technology - it is a combinationof processes and technologies thatdetermines how data flows through anenvironment. It helps end users manage datafrom the moment it is created to the time itis no longer needed. ILM uses a number of technologies andbusiness methodologies, including thefollowing: Assessment, Socialization,Classification, Automation, and 5/The new buzzwords Information lifecycle management?pageNumber 117

Information Lifecycle ormation Lifecycle Model, based on model used as a basis for the JISC InfoNetInformation Management management/Information-Management.pdf18

Records ContinuumA model of archival science thatemphasizes overlapping characteristicsof recordkeeping, evidence,transaction, and the identity of thecreator. Pearce-Moses, A Glossary of Archival and Records Terminology, SAA19

20

Role of Records Managementin an Information GovernanceStrategyPart 221

Information GovernanceAccountability FrameworkProcessesRolesStandardsMetricsto encourage desirable behaviorenabling an organization to achieve its goals22

Information Governance the specification of decisionrights and an accountability frameworkto encourage desirable behavior inthe valuation, creation, storage, use,archival and deletion of information. Gartner23

Goes beyond Records Managementbecause of the focus on electronicallystored information (ESI), which includesmanagement of metadata, storageplatforms, security classifications, dataprivacy attributes, and digital rightsmanagement.24

Benefits of EffectiveInformation Governance Reduce risk Improve e-discovery and FOIApreparedness Increase transparency, trust & reputation Reduce product and information cycletimes as the result of improvedinformation flows25

What is the difference?Records management with its traditionalfocus on retention and disposition of bothpaper and electronic records is considered acomponent of information governance.Information governance focuses on thepreservation of confidentiality, integrity,availability, and quality of ALL electronicallystored information. (ESI).26

27

Generally Accepted RecordkeepingPrinciples Download the Principles handout from:http://www.arma.org/garp/garp.pdf

Information Governance Maturity Model5TransformationalProactiveEssentialIn DevelopmentSub standard1Download PDF del.pdf

Information Governance Maturity ModelDownload PDF del.pdf

AccountabilityPeoplePoliciesA senior executive (or person ofcomparable authority) oversees therecordkeeping program and delegatesprogram responsibility to appropriateindividuals.The organization adopts policies andprocedures to guide personnel, and ensurethe program can be audited.

Accountability – Level 1No senior executive (or comparableauthority) responsible for the recordsmanagement program.Records manager role is largely non-existentor is an administrative and/or clerical roledistributed among general staff.

Accountability – Level 2Records manager role is recognized, althoughhe/she is responsible for tactical operation ofthe existing program.May cover paper records only.Information technology function ordepartment is de facto lead for storingelectronic information. Not donesystematically. Records manager not involvedin discussions of electronic systems.

Accountability – Level 3Records manager is an officer of the organization andresponsible for the tactical operation of the ongoing programon an organization-wide basis.RM actively engaged in strategic information and recordsmanagement initiatives with other officers of the organization.Senior management is aware of the program.Organization has defined specific goals related toaccountability.

Accountability – Level 4The records manager is a senior officerresponsible for all tactical and strategicaspects of the program.A stakeholder committee representing allfunctional areas and chaired by the recordsmanager meets on a periodic basis to reviewdisposition policy and other recordsmanagement-related issues.Records management activities are fullysponsored by a senior executive.

Accountability – Level 5The organization’s senior management and itsgoverning board place great emphasis on theimportance of the program.CROThe records management program is directlyresponsible to an individual in the senior level ofmanagement, (e.g., chief risk officer, chief complianceofficer, chief information officer) OR,A chief records officer (or similar title) is directlyresponsible for the records management programand is a member of senior management for theorganization.The organization’s stated goals related toaccountability have been met.

TransparencyThe processes and activities of anorganization’s recordkeeping program shallbe documented in an understandablemanner and be available to all personnel andappropriate interested parties.

Transparency – Level 5TransformationalFOIA &eDiscoverysatisfied ! The organization's senior management considerstransparency as a key component of informationgovernance. The organization's stated goals related to transparencyhave been met. The organization has implemented a continuousimprovement process to ensure transparency ismaintained over time. Software tools that are in place assist in transparency. Requestors, courts, and other legitimately interestedparties are consistently satisfied with the transparency ofthe processes and the response.

IntegrityA recordkeeping program shall beconstructed so the records andinformation generated or managed byor for the organization have areasonable and suitable guarantee ofauthenticity and reliability.

Integrity – Level 5TransformationalAuditsThere is a formal, defined process for introducing newrecord-generating systems and the capture of theirmetadata and other authenticity requirements, includingchain of custody. This level is easily and regularly audited.The organization’s stated goals related to integrity havebeen met. The organization can consistently andconfidently demonstrate the accuracy and authenticity ofits records.

ProtectionA recordkeeping program shall beconstructed to ensure a reasonablelevel of protection to records andinformation that are private,confidential, privileged, secret, oressential to business continuity.

Protection – Level 5TransformationalAuditsExecutives and/or senior management and the board placegreat value in the protection of information.Audit information is regularly examined and continuousimprovement is undertaken.The organization’s stated goals related to recordprotection have been met.Inappropriate or inadvertent information disclosure or lossincidents are rare.

ComplianceThe recordkeeping program shall beconstructed to comply with applicablelaws and other binding authorities, aswell as the organization’s policies.

Compliance – Level 5TransformationalRoles &ProcessesThe importance of compliance and the role of records andinformation in it are clearly recognized at the seniormanagement and board levels. Auditing and continuousimprovementThe roles and processes for information management anddiscovery are integrated.The organization’s stated goals related to compliance havebeen met.The organization suffers few or no adverse consequencesbased on information governance and compliance failures.

AvailabilityAn organization shall maintain recordsin a manner that ensures timely,efficient, and accurate retrieval ofneeded information.

Availability – Level 5TransformationalTrainingThe senior management and board levels providesupport to continually upgrade the processes thataffect record availability. There is an organizedtraining and continuous improvement program.The organization’s stated goals related toavailability have been met.There is a measurable ROI to the business as aresult of records availability.

RetentionAn organization shall maintain its recordsand information for an appropriate time,taking into account legal, regulatory, fiscal,operational, and historical requirements.

Retention – Level 5TransformationalAll informationRetention is an important item at the senior managementand board levels. Retention is looked at holistically and isapplied to all information in an organization, not just toofficial records.The organization’s stated goals related to retention havebeen met.Information is consistently retained for appropriateperiods of time.

DispositionAn organization shall provide secure andappropriate disposition for records andinformation that are no longer requiredto be maintained by applicable laws andthe organization’s policies

Disposition – Level 5TransformationalIntegrationProcessesConsistent &DefensibleThe disposition process covers all records and informationin all media. Disposition is assisted by technology and isintegrated into all applications, data warehouses, andrepositories.Disposition processes are consistently applied andeffective.Processes for disposition are regularly evaluated andimproved.The organization's stated goals related to disposition havebeen met.

To Get StartedIdentify the gaps between the organization'scurrent practices and the desirable level ofmaturity for each principle.Assess the risk(s) to the organization, basedon the biggest gaps.Determine whether additional informationand analysis is necessary.Develop priorities and assign accountabilityfor further development of the program.

dkeepingprinciples/principles-health-checkup

Let’s stop to conduct our ownPrinciples Health Check!54

Program Improvement AreasRoles & Responsibilities Polices & Procedures Communication & Training Systems & Automation 55

Assigning Ownership of the principles basedon the EDRM Model

ERM Program FundamentalsPart 357

Phases in Planning & Managing an ERMProgram1.2.3.4.5.Inventory e-recordsLink to the business processDevelop a taxonomyCreate a retention and disposition scheduleProtect vital recordsFranks, P. (2013). Records and Information Management, p. 162.ALA/Neal-Schuman Publishers, Chicago, IL.58

Electronic Records Inventory – Somethoughts An inventory is a descriptive listing of each record seriesor system, together with its location and other pertinentdata (NARA). It can be conducted at the same time as the physicalinventory or independently and is used as the basis fordeveloping a retention schedule and can be used toidentify RM problems (e.g., insufficient identification ofvital records and inadequate security and privacypractices). It will form the basis for management decisions and assistorganizations in fulfilling current and future obligationswhen faced with e-discovery and/or FOI requests. It should concentrate on logical collections of recordsgrouped by business function or subject and not onphysical locations.59

To Conduct the Inventory: Determine the scopeIdentify who will be involvedUnderstand the environment andcultureDevelop a strategyGather inventory dataFollow up60

Electronic Records Inventory – Location ofElectronic Records Centralized information systems: email servers,content/document/records repositories, enterprise-wideapplication servers, and legacy systems. Decentralized information systems: Work units developtheir own information technology resources to meetneeds not relevant to other work units in the organization(e.g., 911 computer dispatch system in fire department). Personal work stations an storage devices: Otherdecentralized locations such as PC hard drives, laptops,digital cameras, smartphones, and tablets. Third-party systems: Social networking sites and cloudservice providers (e.g., IaaS, PaaS, SaaS, and STaaS).61

Document Management Systems (DMS)The use of a computer system and software to store, manage andtrack electronic documents and electronic images of paper basedinformation captured through the use of a document scanner. The termdocument is defined as "recorded information or an object which canbe treated as a unit".DM systems allow documents to be modified and managed buttypically lack the records retention and disposition functionalityfor managing records. Key DM features are: Check In / Check Outand Locking,Version Control, Roll back, Audit Trail, and nagement#sthash.JqZEtG1s.dpuf62

Content Management System(CMS)The term content management system can be used to describespecific types of systems in use for different purposes orwithin different industries, for example:Web content management system: Allow users to maintain awebsite using a simple web-browser-based interface (insteadof manually authoring webpages).Industry-specific content management system: For example,the Care Converge healthcare WCMS that allows healthcareorganizations to create and manage consumer websites andportals.Social content management system: Combine socialnetworking applications (e.g., blogs, wikis, image sharing) intoone suite to make it easy to manage and share social contentwithout building silos of information.63

Enterprise Content ManagementSystem (ECMS)Enterprise Content Management System: ECMS are used tocontrol unstructured content so that the information can beput to use in daily operations. But they are also designed toprotect digital documents (primarily text and graphics) thatserve as accurate and complete evidence of transactions.According to AIIM, ECMS are able to perform five majorfunctions: Capture: Create, obtain, and organize information. Manage: Process, modify, and employ information. Store: Temporarily back up frequently changing information inthe short term. Preserve: Back up infrequently changing information in themedium64

Enterprise InformationSystems (EIS)The applications that constitute an enterprise's existing system forhandling companywide information. These applications provide aninformation infrastructure for an enterprise. An enterpriseinformation system offers a well-defined set of services to itsclients. These services are exposed to clients as local orremote interfaces or both. Examples of enterprise informationsystems include enterprise resource planning systems, mainframetransaction processing systems, and legacy database systems.65

66

Collect data: System titleBusiness OwnerIT OwnerDates coveredSystem descriptionFile type & formatQuantity and estimatedgrowthHardwareSoftwareMedia characteristics Relationship to otherrecordsRetentionrequirementsSupporting filesBackup proceduresProvisions formigrationReference & retrievalRestrictions on useVital records status67

68

Electronic Records Inventory and anESI Data Map & Data AtlasA data map must be maintained forcentralized and decentralized systems. It must include internal collaborationtools such as SharePoint. It must also include information hostedby social media sites and third-partyproviders, including records stored inthe clouds. 69

70

71

Electronic Records Inventory and anESI Data Map & Data Atlas (cont.)The data map (or maps) supplemented bycharts, lists, and tables, with supplementaryillustrations and analyses that describe theinformation and the infrastructure andsystems that host the information, provides a“total information systems overview” knownas a data atlas. Wayne Wong. “Managing your way to compliance with a data atlas,”Information Management (January/February 2012), 21-29.72

NARA recommends that e-recordsare inventoried by informationsystem, versus file series, which isthe traditional approach for physicalrecords.73

Let’s stop to complete datafields for an ElectronicRecords Inventory!74

A taxonomy is a subject-basedclassification scheme used to arrangeterms in a controlled vocabularyinto a hierarchical structure showingparent-child relationships. In a simpletaxonomy, each item being classifiedfits into just one place in thetaxonomy, with a single parent andany number of children.75

76

A recordsclassification schemeis also referred to asa file plan.77

State Government Regulatory AgencyFunctional TaxonomyAccountingProcurementContracts and AgreementsLicensing and CertificationTechnical AssistancePermittingCompliance and Emergency ResponseEnforcementNotice of ViolationTransactionsConsent DecreeRequest for R

Dr. Patricia C. Franks, CRM Associate Professor MARA Program Coordinator SLIS Internship Coordinator School of Library & Information Science San José State University San José, CA 1 . Workshop T

Related Documents:

Records Management System (ERMS). Johnston and Bowen (2005, p.132) define the term ERMS in the following way: "An electronic records management system (ERMS), as the term stands, could be an electronic system for managing records on any media. An electronic system for managing paper records in a records centre or

The paper begins with definitions for Electronic Health Records (EHR), Electronic Medical Records (EMR), Personal Health Records (PHR) and Health Information Technology (health IT). It then explains the steps involved in planning for and implementing electronic records,

22.07: Ski Fly Boat Speeds 22.08: Ski Fly World Records 22.09: Ski Fly Course Rule 23 – Records 23.01: What Records are Recognized 23.02: Competitions where Records may be set 23.03: Jump Records 23.04: Slalom Records 23.05: Tricks Records 23.06: Open Division Overall Records 23.07: Under 21 Record 23.08: U

4.11 Records Security and Business Continuity 28 Useful Guidance 29 5.1 Adopted Persons Health Records 29 5.2 Ambulance Service Records 29 5.3 NHS 24 Records 29 5.4 Asylum Seeker Records 30 5.5 Child School Health Records 30 5.6 Complaints Records 30 5.7 Controlled Drugs Regime 31 5.8 Data Processors, Subcontractors and Changes in Contracts 31

information technology (IT) staff, records management (RM) staff, and agency managers in managing electronic records in an effective, cost-efficient manner that also accommodates their public records responsibilities. The handbook emphasizes the crucial role of records maintenance and disposition in man

records. It is intended to apply to permanent records created and maintained electronically, including those records that have already been digitized. Agencies should implement business processes that support permanent electronic records to the fullest extent possible, and eliminate the need to produce and manage hard copy and analog records.

applications. As a result, local government records programs are faced with big challenges to manage and access these records. Developing Support for Managing Electronic Records One of the most important aspects of managing electronic records is developing awareness of the need, and

documents, and any attachments, such as word-processing and other electronic documents, which may be transmitted with the message. (Defined in the CFR as an electronic mail message.) Electronic Records/ e-Records Records stored in a form that only a computer can process. Records