The business case for records management.

• Author: Saffady, William
• Position: INFORMATION: MANAGEMENT BONUS CONTENT

In nongovernmental organizations and the private sector, systematic records management is mandated by policies and executive directives rather than by law, if it is mandated at all. In such organizations, the business case for systematic records management depends on its contribution to the organization's effectiveness, for which recorded information is essential.

Records management must provide demonstrable, quantifiable benefits for essential business operations or activities. These benefits include reduced operating costs, risk avoidance, and increased revenues. The following sections provide an overview of records management principles, program components, and benefits.

Programmatic Principles

The need for recordkeeping is indisputable; it is an ordinary and necessary component of virtually all business operations, but there is a difference between keeping records and managing them in a planned, systematic manner. A comprehensive records management program includes policies, procedures, and processes that address significant recordkeeping issues, specifically:

* Determining how long recorded information needs to be kept to satisfy an organization's requirements

* Ensuring compliance with recordkeeping laws and regulations in all locations where an organization has business operations

* Managing inactive records in a cost-effective manner

* Organizing active records for retrieval when needed

* Protecting recorded information that supports mission-critical business operations

These programmatic aspects are embodied in the Generally Accepted Recordkeeping Principles[R] (Principles), which were issued by ARMA International in 2009 to foster general awareness of records management systems and standards and to assist organizations in developing effective programs for records management programs and information governance. The Principles provide a set of eight recordkeeping principles, which are paraphrased below:

1. Accountability. A senior executive should be in charge of the records management program. The accountable executive will delegate program responsibility to appropriate individuals, adopt records management policies and procedures to guide program personnel, and ensure that the program can be audited for compliance. A governance structure must be established for program development and implementation.

2. Transparency. An organization's recordkeeping processes and activities must be documented in an open and verifiable manner. Such documentation must confirm that the organization's recordkeeping policies and practices comply with applicable legal requirements and accurately and completely reflect the organization's activities. The documentation must be available to employees and appropriate interested parties.

3. Integrity. An organization's records must have a reasonable and suitable guarantee of authenticity and reliability. Recordkeeping processes including audit processes, must provide reasonable assurance that the origin, time or creation or transmission, and content of recorded information are what they are claimed to be.

4. Protection. An organization's records management program must protect records that are private, confidential, privileged, secret, or essential to business continuity. Recordkeeping procedures must provide appropriate protection controls from creation through final disposition of recorded information.

5. Compliance. An organization's records management program must comply with applicable laws, regulations, industry-specific rules of conduct, and other binding authorities related to creation, storage, retrieval, retention, disposition, dissemination, and protection of recorded information, as well as with the organization's own recordkeeping policies, procedures, and rules.

6. Availability. An organization's records must be organized, indexed, stored, and maintained in a manner that ensures timely, efficient, and accurate retrieval of information when needed.

7. Retention. An organization must retain records for an appropriate period of time to satisfy legal, regulatory, fiscal, operational, and historical requirements.

8. Disposition. An organization must provide secure and appropriate disposition for records that no longer need to be kept. In this context, disposition may involve destruction of records, transfer of records to another organization as part of a divestiture or other transaction, transfer of records to an archives or other scholarly repository, or transfer of records to clients or other parties who are the subjects of the records.

Records Management and Information Governance

Information governance can be viewed as a system for directing and controlling an organization's information assets. As such, information governance is a component or subset of organizational governance.

ARMA TR 22-2012 Glossary of Records and Information Management Terms defines information governance as "a strategic framework composed of standards, processes, roles and metrics that hold organizations and individuals accountable to create, organize, secure, maintain, use, and dispose of information in ways that align and contribute to the organization's goals."

An information governance framework, sometimes described as an information governance model, defines strategies, policies, decision-making structures, and accountabilities for creation, storage, use, analysis, distribution, disclosure, retention, disposition, and protection of information. Records management is involved, to some degree, with all of those information-related activities. Records management is an important component of an information governance program, but it is not the only component.

Information governance is a collaborative initiative that requires the involvement and expertise of multiple stakeholders. Adapting a definition presented in ISO/Guide 73, Risk Management--Vocabulary, a stakeholder is a business unit or a functional area that is involved with or affected by an organization's information assets.

In addition to records management, information governance stakeholders include, but are not necessarily limited to, information technology, information security, risk management, legal affairs, compliance, risk management, and the individual departments or other organizational units that have recorded information in their custody or under their supervisory control.

An information governance framework specifies roles and responsibilities that promote interaction, cooperation, and consultation among the following stakeholders, which are widely acknowledged to play key roles in defining the strategic direction for management of information assets in government agencies, companies, not-for-profit entities, and...