510 likes | 650 Views
Electronic Records Management. July 2005. Why have an e-records management program?. Compliance with federal, state or local regulations HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, FACTA, FERPA, CFR, IRS Control over “rogue” systems Support mission-critical decisions
E N D
Electronic RecordsManagement July 2005
Why have an e-records management program? • Compliance with federal, state or local regulations • HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, FACTA, FERPA, CFR, IRS • Control over “rogue” systems • Support mission-critical decisions • Reduce low-quality decisions • Improve system performance • Reduce risk and potential for liability
Legal status of e-records as records Burst.com v. Microsoft Zubulake v. UBS Warburg LLC Value to organization for administrative, historical, evidential or longitudinal purposes Ease of manipulation and mishandling
Program Elements: • Planning • Policy development, implementation and compliance • Technology as “de-incentivizer” • The User: behavior, demands and perceptions
“The primary benefit of not planning is that failure will come as a complete surprise rather than being preceded by a period of worry and depression.” --Harold Kerzner
When should planning occur? • Before e-systems are built • When other planning initiatives are taking place • When identifying objectives for programs
Who should participate? • Important players • Users • IT administrators • Decision-makers / resource allocators • Records managers • Cross-functional team if system is to be implemented organization-wide
Planning—Justification • Prepare business case: • Align with other organizational goals for managing records • Provide cost / benefit data • Provide realistic timeline for program implementation • Enumerate the risks and potential costs of not having the program • Be able to back up your request with data
Planning—Scope • Define the scope of the e-records management program • Individuals, departments, entire organization? • Email, desktop, intranet / extranet, websites • Instant messaging • Define documentation tools for amending the program
Planning—Project team • Must be accountable for planning and developing the program • Should be cross-functional • Executive—solves monetary concerns • Project manager—leads team, tracks budget, reports to executive • IT analyst—provides technical expertise and necessary system support • Functional area representatives (users)
Planning—Selection • Will software be used to manage e-records? • Research vendors • Requests for information • Define functional requirements • Vendor demos using large data sets • Select application
Planning—Validation • Depending on your environment, you may need to validate that e-records have not been tampered with and are authentic • Plan for these validation and security needs early on
Planning—Training • How will users be trained in e-records management? • Will training include management of records in original, digital form?
Planning—Implementation • How will the e-records management program be phased in? • Incrementally • Organization-wide • By site • Who is on call to answer questions? • Anticipate resistance to new system
Planning—Change Control • How will changes in retention requirements of e-records be handled? • Are requests for changes formal or informal, and what sort of approval process must they go through? • How are changes to the program documented?
Planning—Retention and disposition • Retention and disposition is affected by: • Corporate policy • IT infrastructure and management • E-records management program must attempt to overcome the “retain forever” mentality
“We currently have no guidelines on retention of records since we do not purge them. We have experienced unusual requests over the years to reconstruct statistics from work order data going back a number of years. It is best that when your Director asks for something that you don't have to say we deleted those records last week. We might be interested in a more formalized archiving system, but probably not purging the records. The only reason I could see for even archiving records would be if system performance deteriorates, or the number of records created some inefficiency in an application process.”
The Planning Obstacle... • Going through these steps requires time and financial investment. • To succeed, e-records management must remain a top priority, or resources shift to other projects leaving the planning phase incomplete.
Statement of purpose clarifies the reason for the policy Scope clarifies record types included—should be exhaustive Aids in consistency and reducing variation Do records-related policies and definitions include electronic records?
User discretion Inconsistent application Arbitrary / subjective retention and disposition decisions Having no policy is a “policy”
“Employees with limited perspectives on management and legal issues should not be relied upon to make decisions that could affect the entire business.” --Steven C. Burnett
Websites / blogs / wikis Email and instant messaging Unified messaging Versioning Imaging Computer forensics and “destruction” E-commerce Are policies keeping pace withtechnology?
Depends on your environment Depends on “newness” of the policy and users’ familiarity with other records management principles When and how policies are applied can be critical….. Will policies conflict or coincide with culture?
“This is not something you get to decide. This is company policy. Do not archive your mail. Do not be foolish. 30 days.” http://www.timesonline.co.uk/article/0,,2095-1367433,00.html
The Policy Obstacle... • Policies governing e-records management must be comprehensive, addressing as many formats as your organization handles. • If not following the policies creates unnecessary risk for your organization, sanctions must be in place. • The policy obstacle may change based on your environment.
“It costs you more to think about whether to delete something than simply to leave it on your computer.” Tom Burt, Deputy General Counsel at Microsoft http://www.businessweek.com/magazine/content/04_51/b3913099.htm
IT and Records • IT community is hard to convince that records management and e-records preservation are important • Move toward systems capable of saving everything • Does technology sneak up on us? • It is planned, built, and installed BUT • If not planned people develop own solutions • Technology is the “go to” solution
Different paradigms • Record series is not such a clear delineation with e-records unless consciously designed • Filing / organizing becomes moot
Are the technologically savvy allies or adversaries for e-records management? • 10 years worth of data can be kept just as easily as 1 year’s worth • Gmail (“Search, don’t sort” and “Don’t throw anything away”) • Perceived irrelevance of records managers and archivists
Storage is cheap… • …but e-records management applications are not • Creates over-abundance of electronic information • Digital landfills contain obsolete data, irrelevant data • Overabundance increases risk of low-quality decisions
Transport mechanism for business data Example: email attachments Effect of technology on workflow Duplication dilemma Productivity
RMA or EDMS? Not transparent Turned on or off? Expensive
Databases: Transactional A/P or A/R Registrations Library books Reference LexisNexis Retention information Image banks
Databases: Research Rich Durable Data Relational Longitudinal
Databases are powerful tools used to compile statistics or research data, or to track / find other types of records Typically can’t apply traditional records management principles to database records
The Technology Obstacle… • Acts as a “de-incentivizer” because it installs the ability to store vast amounts of data and e-records. • There are fewer reasons to purge e-records once technology is in place. • The behaviors affected by technology become part of the organization’s culture
Some questions asked • What criteria do you use to decide to keep and electronic document? • To delete one? • Do you follow a schedule for retaining/destroying files or records? • Do you ever weed files (e.g., word processing documents) or folders from the hard drive?
Retention criteria • Keep • Anticipated use – 40% • Save everything – 40% • Delete • No further use anticipated – 20% • Print then delete – 5%
Follow a schedule? • No – 63% • Yes – 30%
Weed files or folders? • Yes -- 64% • No – 33%
So what needs to happen? Planning: • Ideally before e-systems are built • As part of other planning initiatives • Strategically (strategy drives structure) • Planning requires data
So what needs to happen? Policy: • Reduce user discretion • Broadcast widely • Provide justification for policy (legal or regulatory, efficiency, etc.)
So what needs to happen? Technology: • Recognize the behaviors it installs • It can reduce or eliminate incentive to manage e-records • It will usually be part of the solution, not the entire solution • Identify where technology fits in the entire system
So what needs to happen? Users: • Identify users’ perceptions & behaviors • Surveys • Interviews • Training, especially for new employees • Take every opportunity to educate • Understand how e-records are used and for what purposes before trying to develop your e-records management program