Standards: building blocks for a strong RIM program: multinational organizations require records retention programs that are founded on the international records management standard and ensure global coverage.

• Author: Brumm, Eugenia K.

[ILLUSTRATION OMITTED]

Because the advent of standards is a relatively recent phenomenon in the records and information management (RIM) profession and most records managers have not operated in standards-driven environments, the realization of both the significance of standards and how to apply them has been slow in coming. Like other professional standards, the records management standards, if correctly applied, lead to results that are consistent, predictable, and desirable. This article focuses on translating segments of several records management standards to develop foundational components of a RIM program. Working together, ISO 15489 and certain ANSI/ARMA standards provide guidance and direction in developing elements of a comprehensive RIM program and improving existing programs using the best thinking in the RIM field as contained in the standards.

Why Use Standards?

In scientific and technical fields, it is common to mention in research reports that certain practices were followed according to a particular standard. Moreover, international standards transcend geographical boundaries. Such an attestation provides credence to the practice, whether it is a chemical analysis, a particular test method, or a calibration procedure. Many product specifications require adherence to such technical and scientific standards, thus leading to a systematized approach and one that is replicable (i. e., scientific).

Following standards also leads to a commonality of understanding across industry and organizational types. If a testing laboratory states that it has conducted a specific test according to, say, an American Society for Testing and Materials standard, those who review the results immediately understand the protocols that were followed, and this provides validity to the test results themselves. The protocols in the testing procedure were determined by a relevant body to be the "standard" method for conducting that particular test.

Standards carry more weight than best practices. While best practices may be useful points of comparison, they actually carry authority only for their own organization. They represent the viewpoint of that organization and its culture, business requirements, and practices. By contrast, standards are requirements, voluntarily agreed upon by professionals and experts representing officially sanctioned national and/or international bodies, whose job is to oversee the development of external, non-biased, and broadly applicable requirements.

As a profession, RIM essentially operated without standards until 2001, when ISO 15489-1 2001:--Information and Documentation--Records Management--Part 1: General was issued. This was a major groundbreaking event for the entire profession. This international standard was followed in quick succession by the issuance of five ANSI/ARMA standards that address key records management functions:

* Records Center Operations--ANSI/ARMA TR-01-2002

* Vital Records Programs: Identifying, Managing and Recovering BusinessCritical Records--ANSI/ARMA 52003

* Requirements for Managing Electronic Messages as Records-ANSI/ARMA 92004

* Retention Management for Records and Information--ANSI/ARMA 82005

* Establishing Alphabetic, Numeric and Subject Filing Systems--ANSI/ARMA 12-2005

In combination, the ISO and ANSI/ARMA standards define the key elements of a records management program and outline more specific requirements for each of the program elements.

Practically Applying Standards

Before deciding which standards to apply, it is important to understand the organization's overall goals and to assess how RIM can contribute to those goals. It is equally important to establish a baseline of an organization's RIM program--what exists in the current RIM configuration, what does not exist, and what needs to be strengthened. Conducting a gap analysis grounded in program goals, corporate strategy, and organization focus, provides such a baseline. [See Figure 1, above: Gap Analysis.]

The following sources, among others, assist in identifying program elements that should be in place: ISO 15489, Part 1, selected records management textbooks, and ARMA International's Advanced Records and Information Management home study course. In comparing what exists with what should exist, assessment tools, such as activity lists, checklists, and so forth are helpful. One such checklist is ARMA's Risk Profiler Self-Assessment for RIM, which uses ISO 15489 as the foundation for a program stir-assessment. Other checklists can be located on the Internet or can be developed in-house by extracting key requirements from the text of the standard. Once gaps are identified, goals should be prioritized based on the following criteria:

* Is there a RIM emergency that must be addressed, such as litigation or an investigation?

* Can RIM be a key contributor to the goals and initiatives enunciated by the chief executive officer (CEO) and other executive managers?

* Are there new RIM requirements imposed by recent legislation or legal mandate, such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), or privacy legislation?

* Are any core program elements missing, such as a RIM policy, a retention schedule, or a vital records and disaster recovery program?

Once the RIM unit understands the organization's priorities, has identified the gaps in the existing program, and defined which gap(s) have top priority, it is time to select the standards most applicable for the situation. The balance of this article focuses on using standards for four different types of efforts:

* Developing policies

* Developing procedures

* Establishing an overall implementation process

* Continuously improving the RIM program

Developing Policies from Standards

In using standards for practical application, it is important to begin by understanding the text of the standards and extracting the needed requirements and recommendations. This should be followed by a review of existing policies and procedures to determine if they cover what the standards require. This process is a more detailed comparison of...