1 / 29

Generally Accepted Recordkeeping Principles SM Where it’s at, what it means, and what to look for

Generally Accepted Recordkeeping Principles SM Where it’s at, what it means, and what to look for. What is GARP SM ?. GARP SM is an Acronym for Generally Accepted Recordkeeping Principles

gerda
Download Presentation

Generally Accepted Recordkeeping Principles SM Where it’s at, what it means, and what to look for

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Generally Accepted Recordkeeping PrinciplesSMWhere it’s at, what it means, and what to look for

  2. What is GARPSM? GARPSMis an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be created, organized, secured, maintained, and used in a way that effectively supports the activity of that organization.

  3. Quotation “As to methods there may be a million and then some, but principles are few. The man who grasps principles can successfully select his own methods. The man who tries methods, ignoring principles, is sure to have trouble.” • Ralph Waldo Emerson

  4. What Are They? A common language and imperative to use with executive management when describing the tenets of a solid program A model for program development A benchmark against your peers A legislative and judicial roadmap to best practices

  5. Where Did They Come From? Committee of 7 widely-respected professional practitioners on the task force Using standards, best practices, and practical experience Sent to public review by ARMA International members and stakeholders Finalized and released March 31, 2009

  6. How will GARPSM be Used? By Regulators… To protect the public by assuring access about the operations, policies and procedures of regulated companies By RIM Professionals… To measure the records management programs of a companies in a consistent and systematic manner By Businesses… To document to regulators and the public that information will be available from these companies if ever needed

  7. Generally Accepted Recordkeeping PrinciplesSM • Availability • Retention • Disposition • Transparency http://www.arma.org/garp/ Accountability Integrity Protection Compliance

  8. Principle of Accountability • An organization • assign a senior executive to oversee recordkeeping program • delegate program responsibility to appropriate individuals • adopt policies and procedures to guide personnel, and ensure program auditability

  9. Principle of Accountability • Senior executive • Establish method to design and implement a structure to support recordkeeping program • Establish governance structure for program development and implementation • Recordkeeping program • Have documented and approved policies and procedures to guide implementation • Auditability enables program to validate its mission

  10. Principle of Integrity • Recordkeeping program • Construct so organizational records and information have a reasonable and suitable guarantee of authenticity and reliability

  11. Integrity of Records Should include the following: • Correctness of and adherence to the policies and procedures of the organization • Reliability of information management training • Reliability of records created • Acceptable audit trail • Reliability of systems that control the recordkeeping

  12. Principle of Protection Recordkeeping Program • Construct to ensure protection to records and information that are: • Private • Confidential • Privileged • Secret • Essential to business continuity

  13. Protection Controls for Information • Systems must have appropriate security so only approved personnel can access to information • Sensitive records must be safeguarded from inadvertent or malicious leaks • Security and confidentiality must be integral parts of final disposition • Audit program must have a clear process to determine whether sensitive information is being handled in accordance with the principle of protection

  14. Principle of Compliance • Recordkeeping program • Comply with laws and other binding authorities, as well as the organization’s policies

  15. Principle of Availability • An organization • Maintain records to ensure timely, efficient, and accurate retrieval of information

  16. Principle of Availability • Organizations must have the ability to identify, locate, and retrieve the records and information required to support its business activities • Information must be described during the capture, maintenance, and storage processes to make retrieval effective and efficient • Routinely back up electronic information • Manage availability of information assets at a reasonable cost from creation through disposition

  17. Principle of Retention Organization must maintain its records and information for an appropriate time, taking into account • legal • regulatory • fiscal • operational • historical requirements

  18. Principle of Retention • Records retention program based on information life cycle • Time period from record creation to disposition • Retention decisions based on content and purpose of records • Retention periods determined by legal and regulatory, fiscal, operational and historical requirements • Organization must conduct a risk assessment to determine retention period for each record type • Minimize risks and costs associated with records retention, by immediately disposing of records after their retention period expires

  19. Principle of Disposition • An organization • Provide secure and appropriate disposition for records that are no longer required to be maintained by laws and organizational policies

  20. Principle of Disposition • Records must be designated for disposition • Organization must make reasonable effort to ensure all versions of the records are included in disposition • Disposition of records must be suspended for pending or ongoing litigation or audit • Destruction of records must be performed in a secure manner • Transfer of records to historical archives, library, or museum should be documented as part of the organization’s records retention policy

  21. Principle of Transparency • An Organization’s • Recordkeeping program shall be documented and be available to all personnel and appropriate interested parties

  22. Principle of Transparency • In best interest for all parties to understand that an organization conducts its activities in a lawful and appropriate manner by having recordkeeping systems that accurately and completely record the activities of the organization • An organization that is subject to open records laws may need to make all records available to any person upon request, and other organizations may have a legitimate need to protect confidential or proprietary information • Every organization must create and manage the records documenting its recordkeeping program to ensure the structure, processes, and activities of the program are apparent and understandable to legitimately interested parties

  23. The Value of GARPSM to Your Organization Regulatory requirements Maturity model Benchmark among peers

  24. Regulatory Requirements Provide common framework among jurisdictions and industries Demonstrate reasonable adherence to best practices

  25. Maturity Model • Apply proven methodology to measure progress toward optimization • Measure current state and identify gaps against common framework • Develop remediation plan • Audit and test against metrics

  26. Benchmark Among Peers Establish industry norms Calibrate resources accordingly Maintain competitive advantage

  27. GARPSM Roadmap ARMA is introducing GARPSM to regulators ARMA is promoting GARPSM awareness ARMA is providing training sessions on GARPSM Measurements and testing are being developed GARPSM compliance will become a barometer of records management health

  28. What’s Next? The September / October Hot Topic supplement to the Information Management magazine will focus on the principles Look for more resources to help measure your organization against GARPSM Look for resources from ARMA International that directly connects each principle to related resources and education And more!

  29. Thank You!

More Related