Standards for Establishing

Similar documents
The RIM Professional s Bookshelf

Sydney Opera House Policy

Records Management Policy

Managing Electronic Records

Records and Information Management Framework. Government Records Office Archives of Manitoba

Information Governance and Records Management Policy March 2014

RECORDS MANAGEMENT /4/2016 Susan McKinney, CRM University of Minnesota 1

Defines the knowledge and skills needed to perform successfully in the records and information management (RIM) profession.

ELECTRONIC RECORDS DISPOSITION, STORAGE, AND TRANSFER

Relationship between ISO/TC 46/SC 11 Archives/records management and IT-021 Records and Document Management Systems committees in standardisation

Digitization Project Guidance

Records & Information Management Best Practices for the 21st Century

TRICARE OPERATIONS MANUAL M, AUGUST 1, 2002 RECORDS MANAGEMENT CHAPTER 2 SECTION 1

What s the next best technology?

What s New at CU*Answers? Records Management

Records have a Life-cycle.

A tool for assessing your agency s information and records management

ISO/TR TECHNICAL REPORT. Information and documentation Records management Part 2: Guidelines

TRICARE Operations Manual M, February 1, 2008 Records Management. Chapter 2 Section 1

TRANSLINK RECORDS MANAGEMENT POLICY

ISO Information and documentation Management systems for records Fundamentals and vocabulary

DePaul University Records Management Manual October 1, 2016

Implementation Practices for the Archiving and Compliance Infrastructure

Creating a Record Retention Schedule

IMS 5047 MANAGING BUSINESS RECORDS

KWANLIN DÜN FIRST NATION. Records Management Policy

1. Each employee is responsible for managing college records in a responsible and professional manner.

Information and documentation Records management. Part 1: Concepts and principles

RECORDS MANAGEMENT KNOWLEDGE MANAGEMENT INFORMATION MANAGEMENT

Current Issues With Records Management For ISO Certification & How LuitBiz DMS Can Help

The National Archives Records Management Guides

NUS RECORDS MANAGEMENT POLICY. Ver 1.6

What is ISO 30300? Who, when, where, why and how to implement

RECORDS MANAGEMENT GOVERNANCE IN 12 EASY STEPS A GUIDE CREATED BY

Information is important to the operation of a company. A system. Records Management. C h a p t e r Introduction to Records Management

Enterprise Content Management & SharePoint 2013 As ECM Solution

Title: Corrected Frequently asked questions on ISO/DIS and ISO/DIS documents.

IRMT Fostering Trust and Transparency in Governance Schedule for Botswana Forum 20 July 2007 / LM

RIM Program Audits: Value and Approaches MARK A. MACFARLANE, IGP DAVID FLEMING, CRM, IGP, CIP MARCH 9, 2017

1.1 IDENTIFYING INFORMATION REQUIRING CAPTURE

Recorded Information Management (RIM) Assessment

SECTION 18. INFORMATION TECHNOLOGY AND COMMUNICATION SYSTEMS RECORDS

Reduced risk and costs when no longer retaining unnecessary information, that s what!

Managing Electronic Records: Methods, Best Practices, and Technologies

UW-Madison Records Management Program. UW Archives and Records Management

RELATIONSHIPS BETWEEN THE ISO SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC46/SC11: Archives/Records Management

Dominion Dental USA, Inc. and Subsidiaries

Strategies for Social

TABLE OF CONTENTS ABBREVIATIONS 1.0 DEFINITIONS PURPOSE AND SCOPE GUIDELINES FOR PRACTICE REFERENCES AND RELATED DOCUMENTS 10

UK Research and Innovation (UKRI) Records Management Policy

Long-Term Surveillance and Maintenance Records: Challenges Inherent to Managing Electronic Records 15165

Retention and Destruction Rule. Florida Court Clerks and Comptroller Summer Conference 2013 Presenter: Vestina F. Crayton

10 Things to Know about Record Retention William Saffady

Global Records and Information Management Risk: Proactive and Practical Approaches to Effective Records Management. September 16, 2014

Marketing Best Practice Records Management. Kemal Hasandedic MBII GDDM MRMA National President RMAA

Introduction GUIDELINES FOR THE SELECTION OF AN ELECTRONIC DOCUMENTS AND RECORDS MANAGEMENT SYSTEM

Records Management Policy

AUDITING THE RECORDS MANAGEMENT PROGRAM

Roche Group Records Management Directive V2.0

In our ever-changing, developing, and expanding world, we are faced with an abundance

VITAL RECORDS: AN OVERVIEW

RM-03 (2017) Records management policy

Approved by Board: 22/06/2016. Records Management Policy

SAFFADY LIS 520: Records Management Spring 2013 COURSE OBJECTIVES: WHAT YOUR WILL LEARN

Organize. Access. Manage

PUBLIC RECORDS REQUIREMENTS & RECORD RETENTION

RECORDS MANAGEMENT FRAMEWORK

Project Procedure 1.0 PURPOSE 2.0 SCOPE 3.0 REFERENCES. No.: P /21/2012 PAGE 1 OF 12 PROJECT RECORDS MANAGEMENT

Micron: Project Profile and Approach

KIV/SI. Přednáška č.9. Jan Valdman, Ph.D.

Records Management at MSU. Hillary Gatlin University Archives and Historical Collections November 23, 2015

Classification and Metadata. Priscilla Emery President e-nterprise Advisors

IT Enterprise Services. SharePoint. for records management

DE MONTFORT UNIVERSITY RECORDS MANAGEMENT POLICY

Electronic Records Management at MSU

Transform records management

Records Management Governance Getting it Right in 12 Steps

International Standards Reference

Policy on Records Management for the Arctic Council Secretariat

AS/NZS ISO and AS/NZS ISO Management systems for records. Presented by Judith Ellis

HP TRIM software. Using HP TRIM to add value to Microsoft SharePoint

INFORMATION AND RECORDS MANAGEMENT POLICY

INTERNAL AUDIT DIVISION REPORT 2017/022. Audit of knowledge and records management at the United Nations Framework Convention on Climate Change

NATO UNCLASSIFIED Releasable to ALBANIA/CROATIA 6 February 2009 DOCUMENT C-M(2009)0021 (INV) Silence Procedure ends: 2 Mar :00

Electronic Record Keeping Principles. October 25, 2011

Osprey Technologies, LLC. Quality Manual ISO9001:2008 Rev -

Specification for Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry

Information, Privacy and Archives Division. Government of Ontario Function-Based Common Records Series: Information Technology

R. Scott Murchison, CRM Kaizen InfoSource LLC SVP, Information Management Services

Information Governance 101. Presented by: Sara Anne Hook, M.B.A., J.D. Indiana University

Selling RIM in your Organization: Tears and Fears. Thérèse P. Miller, Esq. Shook, Hardy & Bacon LLP ARMA Tri-Chapter Spring Seminar April 6, 2011

Records Management Policy. EPA Classification No.: CIO CIO Approval Date: 02/10/2015. CIO Transmittal No.: Review Date: 02/10/2018

STANDARD DEVELOPING RECORDS RETENTION AND DISPOSAL SCHEDULES FOR OPERATIONAL RECORDS

INTERNATIONAL STANDARD

INF 389E: Introduction to Records Management Fall 2015 Unique Number: 27870

RECORDS AND INFORMATION MANAGEMENT

INFORMATION GOVERNANCE & COMPLIANCE

Monitoring recordkeeping performance

OFFICER USE ONLY. 2. Position No: Title of Immediate Supervisor: University Secretary 3. Level: 10

INFORMATION MANAGEMENT TOOL KIT FOR FIRST NATIONS GOVERNMENT IN BRITISH COLUMBIA

Transcription:

RIM FUNDAMENTALS 2012 ARMA International www.arma.org Standards for Establishing Records and Information Management Programs Virginia A. Jones, CRM, FAI Organizations that don t already have a records and information management (RIM) program, as well as those whose programs have lapsed for lack of monitoring and updating and those that have been affected by the introduction of new technologies, should consider using RIM standards and best practices as a foundation for their programs. Alarge variety of national and international standards, as well as technical reports and best practice guidelines, have been developed to aid records and information management (RIM) professionals in determining the best methods, rationale, components, and processes for managing the life cycle of records and information. Understanding and applying the guidance these publications provide are essential to developing the efficient procedures, tasks, and processes that are important to a RIM program s success. However, wading through the list of available standards to find those that are most useful for establishing a good program can be time-consuming. This article identifies a number of key standards and best practices that have near-universal usefulness and can form a foundation for a comprehensive records management program. Setting the Foundation A good baseline for any RIM program is the adoption of the two publications recognized as the international records management standard and its accompanying technical report: ISO 15489-1:2001 Information and documentation Records management Part I General (ISO 15489-1) ISO/TR 15489-2: 2001 Information and documentation Records management Part II Guidelines (ISO 15489-2). ISO 15489-1 ISO 15489-1 is a standard developed by representatives of a number of participating countries using a consensus process. It applies to the management of records in any format or media, created or received by any public or private organization during the course of its activities and to any individual with a duty to create and maintain records. Specifically, it provides guidance on determining RIM responsibilities, supporting a quality process framework, and designing and implementing a records system. It does not include the management of archival records within archival institutions. ISO 15489-2 ISO/TR 15489-2 is a technical report, recommended for use with ISO 15489-1. It provides further explanation of the standard, including implementation options and some recommended procedures for achieving the requirements in ISO 15489-1. It provides one methodology to facilitate implementation and serves as a foundation for establishing a solid implementation plan based on pertinent jurisdictional laws and regulations. It gives an overview of the processes and factors to consider for organizations wishing to comply with ISO 15489-1. Foundational Requirements The requirements of ISO 15489-1, in particular, can be used to establish a foundation for a basic RIM program that satisfies the RIM needs of most organizations, especially when com- 38 JULY/AUGUST 2012 INFORMATIONMANAGEMENT

2012 ARMA International www.arma.org RIM FUNDAMENTALS bined with the recommendations from ISO/TR15489-2. It outlines the benefits of records management and sets requirements for: Considering the needs of the organization s regulatory environment Developing, implementing, and maintaining policies and responsibilities Establishing principles for records management requirements, including records creation, records form and structure, and the use of technologies; establishing authentic, reliable, and trustworthy records systems; business process analysis; creation and management of metadata; compliance with regulations and laws; determining how long to retain records; and the protection and preservation of records Designing and implementing a records system Creating records management processes and controls Establishing and conducting monitoring and auditing of the program Launching and conducting training in all aspects of the program Supporting the Foundation Once the basic program is determined based on the requirements of ISO 15489-1, other key standards and guidelines can be applied to support it. A detailed matrix listing the requirements of ISO 15489-1 and the key standards that support them is on pages 40-41. For example, ISO 15489-1 says in section 7.1 that to support the continuing conduct of business, comply with the regulatory environment, and provide necessary accountability, organizations should create and maintain authentic, reliable and useable records, and it should protect the integrity of those records for as long as required. To do this, organizations should institute and carry out a comprehensive records management program, which includes determining what records should be created in each business process and what information needs to be included in the records, thus ensuring that records are retained only for as long as needed or required. The matrix shows seven standards, guidelines, and technical reports that support designing and implementing retention and disposition in a records program. Building out the Structure The following is by no means a comprehensive list of all available standards that might pertain to a RIM program. But these key standards, technical reports, guidelines, and best practices form a nucleus of support for any RIM program. General RIM Concepts General RIM concept standards aid in establishing a RIM program. They include requirements and guidelines for basic RIM principles, such as records retention and disposition programs, inactive records management, active records management, and the care and handling of recordkeeping media. Establishing Alphabetic, Numeric, and Subject Filing Systems aids in the selection and application of a filing system that will enable users to retrieve information. It describes three principal systems: alphabetic filing, subject filing, and numeric filing and contains standard rules for indexing alphabetic data. ARMA TR01-2011 Records Center Operations, 3rd Ed. assists organizations with selecting an appropriate records center site and designing, equipping, staffing, operating, and managing a records center. Additional sections discuss vaults, security, records center software, and commercial records storage facilities. Contracted Destruction for Records and Information Media (ARMA International) identifies the critical components that must be addressed so no records or information in any format are compromised during any part of the destruction process. It is designed to guide organizations when contracting for destruction services. Glossary of Records and Information Management Terms, 3rd Edition (ARMA International) includes nearly 500 terms from numerous disciplines that have an impact on the profession. [Editor s Note: The fourth Standards are available from: www.arma.org, www.ansi.org, www.iso.org edition of the glossary is set for publication this fall.] Guideline for Evaluating Offsite Records Storage Facilities (ARMA International) assists organizations with evaluating storage needs, determining whether business practices make outsourcing the best decision, and assessing the ability of vendors to meet storage requirements. Guideline for Outsourcing Electronic Records Storage and Disposition (ARMA International) provides information to assist organizations in making decisions about outsourcing electronic records storage, retrieval, disposition to third-party providers and evaluating and selecting a service provider. ISO 18923:2000 Imaging materials Polyester Base Magnetic Tape Storage Practices provides recommendations concerning the storage conditions, storage facilities, enclosures, and inspection for recorded polyester base magnetic tapes in roll form. It covers analog and digital tape and includes tape made for audio, video, instrumentation, and computer use. NIST SP 500-252 Care and Handling of CDs and DVDs A Guide for Librarians and Archivists provides JULY/AUGUST 2012 INFORMATIONMANAGEMENT 39

RIM FUNDAMENTALS 2012 ARMA International www.arma.org 40 JULY/AUGUST 2012 INFORMATIONMANAGEMENT

2012 ARMA International RIM www.arma.org FUNDAMENTALS guidance on how to maximize the lifetime and usefulness of optical discs, specifically CD and DVD media, by minimizing chances of information loss caused by environmental influences or physical handling. NIST SP 800-88 Guidelines for Media Sanitization assists in implementing a media sanitization program with proper and applicable techniques and controls for decision making when media require disposal, reuse, or when they will be leaving the effective control of an organization. Retention Management for Records and Information (ARMA International) provides guidance for establishing and operating a retention and disposition program. RIM Technical Issues RIM technology standards are appropriate for managing the technical aspects of RIM programs. They include requirements and guidelines for electronic records issues, digitization programs, recordkeeping issues resulting from the use of Internet and intranet, and recordkeeping issues resulting from the use of new technologies. ANSI/ARMA 19-2012 Policy Design for Managing Electronic Messages JULY/AUGUST 2012 INFORMATIONMANAGEMENT 41

RIM FUNDAMENTALS 2012 ARMA International www.arma.org sets forth the requirements for a policy guiding the management of text-based electronic messages or communications (including e-mail [and related attachments/metadata], instant messaging, and text messaging) as records throughout their life cycle. ARMA TR-02-2007 Procedures and Issues for Managing Electronic Messages as Records addresses concerns typically confronted during the implementation and management of any text-based electronic messaging system or communication, such as e-mail or instant messaging, not including voice mail. [Editor s Note: This technical report is undergoing revision and is scheduled for publication during summer 2013.] Controlled Language in Records and Information Management (ARMA International) describes what controlled language is and how it benefits organizations by reducing search time and increasing the reliability of search results, improving organizational communication, avoiding duplication, and reducing corporate risk exposure in legal and other discovery processes. ISO 10244:2010 Document management Business process base lining and analysis specifies the detailed information associated with the activities organizations perform when documenting existing work or business processes (business process base lining), defining the level of information required to be gathered, methods of documenting the work or business processes, and the procedures used when evaluating or analyzing the work or business processes. ISO 23081-1:2006 Information and documentation Records management processes Metadata for records Part 1: Principles covers the principles that underpin and govern records management metadata. ISO 23081-2:2009 Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1:2006. ISO 13008:2012 Information and documentation Digital records conversion and migration process provides guidance in understanding recordkeeping requirements, the organizational and business framework for conducting the conversion and migration process, technology planning issues, and monitoring/controls for the process. [Editor s Note: This publications supersedes ANSI/ARMA 16-2007 The Digital Records Conversion Process.] ISO/TR 13028:2010 Information and documentation Implementation guidelines for digitization of records establishes guidelines for creating and maintaining records in digital format only and establishes best practice guidelines for digitization to ensure the trustworthiness and reliability of records. ISO/TR 22957: 2009 Document management Analysis, selection and implementation of electronic document management systems (EDMS) presents a recommended set of procedures and activities that are advisable when performing analysis, selection, and implementation of project phases associated with electronic document management systems technologies. ISO/TR 26122: 2008 Information and documentation Work process analysis for records provides guidance on work process analysis from the perspective of the creation, capture, and control of records. Legal, Protection, and Preservation RIM Issues These publications include requirements and guidelines for meeting legal and regulatory obligations, protecting records and information from loss or damage, and preserving records and information of historical value. ANSI/AIIM TR31-2004 Legal Acceptance of Records Produced by Information Technology Systems addresses laws that affect personal or business recordkeeping practices. In particular, it addresses laws contain- 42 JULY/AUGUST 2012 INFORMATIONMANAGEMENT

2012 ARMA International www.arma.org RIM FUNDAMENTALS ing recordkeeping provisions that require records to be kept available for government audit, require records to be submitted to the government, or establish the form of records. ANSI/ARMA 5-2010 Vital Records Programs: Identifying, Managing, and Recovering Business-Critical Records sets the requirements for establishing a vital records program including requirements for: identifying and protecting vital records, assessing and analyzing their vulnerability, and determining the impact of their loss on the organization. ANSI/ARMA 18-2011 Implications of Web-Based, Collaborative Technologies in Records Management provides requirements and best practice recommendations related to policies, procedures, and processes for an organization s use of internally facing or externally directed (public or private), web-based, collaborative technologies such as wikis, blogs, mash-ups, and classification (tagging) site. Guideline for Evaluating and Mitigating Records and Information Risks (ARMA International) provides a framework for establishing systems to evaluate information risks and describes a process for framing a risk management system using a risk quadrant of administrative risks, records control risks, legal/regulatory risks, and technology risks. Guideline for Outsourcing Electronic Records Storage to the Cloud (ARMA International) addresses information management issues related to cloud-based records storage, including benefits and risks of using cloudbased records storage, how to mitigate legal risks, issues related to retention, disposition, privacy, and security, standards and best practices, and vendor selection. ISO 11108:1996 Information and documentation Archival paper Requirements for permanence and durability contains requirements for unprinted archival paper intended for documents and publications required for permanent retention and frequent use. ISO 19005-1:2005 Document management Electronic document file format for long-term preservation Part 1: Use of PDF 1.4 (PDF/A-1) specifies how to use the portable document format (PDF) 1.4 for long-term preservation of electronic documents. ISO/IEC 27002: 2005 Information Technology Security techniques Code of Practice for Information Security establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. It outlines objectives that provide general guidance on the commonly accepted goals of information security management. [Editor s Note: This was formerly numbered ISO 17799:2005.] ISO/TR 15801:2009 Document management Information stored electronically Recommendations for trustworthiness and reliability describes the implementation and operation of document management systems that can be considered to store electronic information in a trustworthy and reliable manner. (ISO) NFPA 75 Standard for the Protection of Electronic Computer/ Data Processing Equipment provides the minimum requirements for the protection of electronic computer/data processing equipment and computer areas from damage by fire or its associated effects. NFPA 232 Standard for the Protection of Records provides requirements for records protection equipment and facilities and recordshandling techniques that provide protection from the hazards of fire. NIST SP 800-34 Contingency Planning Guide for Information Technology System assists organizations in understanding the purpose, process, and format of an information system continuity plan development through practical, real-world guidelines. It provides guidance to help personnel evaluate information systems and operations to determine contingency planning requirements and priorities. Records Management Responsibility in Litigation Support (ARMA International) helps records managers identify the steps of a typical litigation and defines their roles in the process. Website Records Management (ARMA International) explores how information posted on websites may Standards provide a benchmark for evaluating RIM practices based on proven best practices from a variety of sources. constitute records. It offers records and information management advice and best practices recommendations for managing website records. Evaluating the RIM Program Standards provide a benchmark for evaluating RIM practices based on proven best practices from a variety of sources. They can create measurable methods of accomplishing work processes and tasks and allowing interoperability and compatibility of equipment and products. Just as when developing or enhancing a RIM program, when evaluating the program, standards should be considered a basic resource. Even if not required by a regulatory body or governing requirements, organizations should consider adopting pertinent standards, guidelines, and technical reports as internal requirements and as benchmarks against which to assess their RIM programs. END Virginia A. Jones, CRM, FAI, can be contacted at vjones@nngov.com. See her bio on page 47. JULY/AUGUST 2012 INFORMATIONMANAGEMENT 43

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback