1 / 51

July 2005

Electronic Records Management. July 2005. Why have an e-records management program?. Compliance with federal, state or local regulations HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, FACTA, FERPA, CFR, IRS Control over “rogue” systems Support mission-critical decisions

Download Presentation

July 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Electronic RecordsManagement July 2005

  2. Why have an e-records management program? • Compliance with federal, state or local regulations • HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, FACTA, FERPA, CFR, IRS • Control over “rogue” systems • Support mission-critical decisions • Reduce low-quality decisions • Improve system performance • Reduce risk and potential for liability

  3. Legal status of e-records as records Burst.com v. Microsoft Zubulake v. UBS Warburg LLC Value to organization for administrative, historical, evidential or longitudinal purposes Ease of manipulation and mishandling

  4. Program Elements: • Planning • Policy development, implementation and compliance • Technology as “de-incentivizer” • The User: behavior, demands and perceptions

  5. Planning...

  6. “The primary benefit of not planning is that failure will come as a complete surprise rather than being preceded by a period of worry and depression.” --Harold Kerzner

  7. When should planning occur? • Before e-systems are built • When other planning initiatives are taking place • When identifying objectives for programs

  8. Who should participate? • Important players • Users • IT administrators • Decision-makers / resource allocators • Records managers • Cross-functional team if system is to be implemented organization-wide

  9. What should planning cover?

  10. What should planning cover?

  11. Planning—Justification • Prepare business case: • Align with other organizational goals for managing records • Provide cost / benefit data • Provide realistic timeline for program implementation • Enumerate the risks and potential costs of not having the program • Be able to back up your request with data

  12. Planning—Scope • Define the scope of the e-records management program • Individuals, departments, entire organization? • Email, desktop, intranet / extranet, websites • Instant messaging • Define documentation tools for amending the program

  13. Planning—Project team • Must be accountable for planning and developing the program • Should be cross-functional • Executive—solves monetary concerns • Project manager—leads team, tracks budget, reports to executive • IT analyst—provides technical expertise and necessary system support • Functional area representatives (users)

  14. Planning—Selection • Will software be used to manage e-records? • Research vendors • Requests for information • Define functional requirements • Vendor demos using large data sets • Select application

  15. Planning—Validation • Depending on your environment, you may need to validate that e-records have not been tampered with and are authentic • Plan for these validation and security needs early on

  16. Planning—Training • How will users be trained in e-records management? • Will training include management of records in original, digital form?

  17. Planning—Implementation • How will the e-records management program be phased in? • Incrementally • Organization-wide • By site • Who is on call to answer questions? • Anticipate resistance to new system

  18. Planning—Change Control • How will changes in retention requirements of e-records be handled? • Are requests for changes formal or informal, and what sort of approval process must they go through? • How are changes to the program documented?

  19. Planning—Retention and disposition • Retention and disposition is affected by: • Corporate policy • IT infrastructure and management • E-records management program must attempt to overcome the “retain forever” mentality

  20. “We currently have no guidelines on retention of records since we do not purge them. We have experienced unusual requests over the years to reconstruct statistics from work order data going back a number of years. It is best that when your Director asks for something that you don't have to say we deleted those records last week. We might be interested in a more formalized archiving system, but probably not purging the records. The only reason I could see for even archiving records would be if system performance deteriorates, or the number of records created some inefficiency in an application process.”

  21. The Planning Obstacle... • Going through these steps requires time and financial investment. • To succeed, e-records management must remain a top priority, or resources shift to other projects leaving the planning phase incomplete.

  22. Policy Development...

  23. Statement of purpose clarifies the reason for the policy Scope clarifies record types included—should be exhaustive Aids in consistency and reducing variation Do records-related policies and definitions include electronic records?

  24. User discretion Inconsistent application Arbitrary / subjective retention and disposition decisions Having no policy is a “policy”

  25. “Employees with limited perspectives on management and legal issues should not be relied upon to make decisions that could affect the entire business.” --Steven C. Burnett

  26. Websites / blogs / wikis Email and instant messaging Unified messaging Versioning Imaging Computer forensics and “destruction” E-commerce Are policies keeping pace withtechnology?

  27. Depends on your environment Depends on “newness” of the policy and users’ familiarity with other records management principles When and how policies are applied can be critical….. Will policies conflict or coincide with culture?

  28. “This is not something you get to decide. This is company policy. Do not archive your mail. Do not be foolish. 30 days.” http://www.timesonline.co.uk/article/0,,2095-1367433,00.html

  29. The Policy Obstacle... • Policies governing e-records management must be comprehensive, addressing as many formats as your organization handles. • If not following the policies creates unnecessary risk for your organization, sanctions must be in place. • The policy obstacle may change based on your environment.

  30. Technology…

  31. “It costs you more to think about whether to delete something than simply to leave it on your computer.” Tom Burt, Deputy General Counsel at Microsoft http://www.businessweek.com/magazine/content/04_51/b3913099.htm

  32. IT and Records • IT community is hard to convince that records management and e-records preservation are important • Move toward systems capable of saving everything • Does technology sneak up on us? • It is planned, built, and installed BUT • If not planned people develop own solutions • Technology is the “go to” solution

  33. Different paradigms • Record series is not such a clear delineation with e-records unless consciously designed • Filing / organizing becomes moot

  34. Are the technologically savvy allies or adversaries for e-records management? • 10 years worth of data can be kept just as easily as 1 year’s worth • Gmail (“Search, don’t sort” and “Don’t throw anything away”) • Perceived irrelevance of records managers and archivists

  35. Storage is cheap… • …but e-records management applications are not • Creates over-abundance of electronic information • Digital landfills contain obsolete data, irrelevant data • Overabundance increases risk of low-quality decisions

  36. Transport mechanism for business data Example: email attachments Effect of technology on workflow Duplication dilemma Productivity

  37. RMA or EDMS? Not transparent Turned on or off? Expensive

  38. Databases: Transactional A/P or A/R Registrations Library books Reference LexisNexis Retention information Image banks

  39. Databases: Research Rich Durable Data Relational Longitudinal

  40. Databases are powerful tools used to compile statistics or research data, or to track / find other types of records Typically can’t apply traditional records management principles to database records

  41. The Technology Obstacle… • Acts as a “de-incentivizer” because it installs the ability to store vast amounts of data and e-records. • There are fewer reasons to purge e-records once technology is in place. • The behaviors affected by technology become part of the organization’s culture

  42. The User…

  43. Some questions asked • What criteria do you use to decide to keep and electronic document? • To delete one? • Do you follow a schedule for retaining/destroying files or records? • Do you ever weed files (e.g., word processing documents) or folders from the hard drive?

  44. Retention criteria • Keep • Anticipated use – 40% • Save everything – 40% • Delete • No further use anticipated – 20% • Print then delete – 5%

  45. Follow a schedule? • No – 63% • Yes – 30%

  46. Weed files or folders? • Yes -- 64% • No – 33%

  47. So what needs to happen? Planning: • Ideally before e-systems are built • As part of other planning initiatives • Strategically (strategy drives structure) • Planning requires data

  48. So what needs to happen? Policy: • Reduce user discretion • Broadcast widely • Provide justification for policy (legal or regulatory, efficiency, etc.)

  49. So what needs to happen? Technology: • Recognize the behaviors it installs • It can reduce or eliminate incentive to manage e-records • It will usually be part of the solution, not the entire solution • Identify where technology fits in the entire system

  50. So what needs to happen? Users: • Identify users’ perceptions & behaviors • Surveys • Interviews • Training, especially for new employees • Take every opportunity to educate • Understand how e-records are used and for what purposes before trying to develop your e-records management program

More Related