Ask the Expert: Who Is Taking Care of Your Records?

These questions are from the audience of “Who’s Taking Care of Your Records" (click here to listen to the archive), an AIIM Webinar from November 11, 2009.

Q: What existing standards are you talking about?

MR: This question arose while we were discussing the aging of "current" records management standards. In that context, the primary standards discussed are US DoD 5015.2, European MoReq, and ISO 15489. A few others such as the standard promoted by the Australian government standard are also available.

Q: My Firm understands this is necessary and has appointed someone to be responsible with a well-rounded background of the environment, but could use some training, where would one go to get the necessary training?

MR: Training for records management www.aiim.org/training is available via organizations such as AIIM and ARMA. Technology-specific training can be provided by records management and ECM vendors like Allen Systems Group, Inc.

Q: Should an organization be Centralized or decentralized for their records management needs?

MR: This will depend on the type of company, geographical and regulatory implications, resources available, and many other factors specific to any company. In terms of responsibility, there should be a leader responsible for the global records management program, policies, and resource allocation. Once again, some companies may delegate to regional or foreign branches some of the record keeping work, while others can be fully centralized. In terms of IT and physical management of records, there are infrastructure, operational, and practical cost considerations when you decide what route you should take. In the end, it boils down to your own organization's situation. The selection of technology, or limitations of a given vendor, should not be drivers or limiting factors in the decision of pursuing a centralized strategy, fully distributed and decentralized strategy, or a mix of both. In the case of the City of Toronto, the problem is a lot more controllable than in organizations that have operations in multiple cities, provinces, or even countries. We know there are multiple sources of records and systems in place that can be integrated and managed from a central records retention and management top-down view or simply define what each source and container of records is able to do and manage them in few or in a dedicated scalable record repository.

Q: How can we realistically calculate ROI when implementing an electronic records management application/system?

MR: There is currently no true rule of thumb, as there are many "un-measurable" variables as well as risks in not having a proper records management program and polices in place. That said, there are also multiple areas in which ROI can be calculated, such as physical or electronic storage cost controls, and potential ediscovery expenses considering extra-time used by legal and paralegal teams searching and analyzing records (or non-managed records)

Q: How much RM should cost (2 or 3% of total revenue)?

MR: There truly is no way to provide a general guideline. Your budget will depend on the nature, size, vertical, infrastructure, and other factors in place in your specific organization. In some cases, it can be also important to estimate the potential cost of not pursuing records management may mean to your organization.

Q: Any suggestions for a government agency in which no one in Records, Legal, or IT wants to take responsibility for electronic data

MR: It has to start from the top; if there is no leadership, no accountability, and if no-one really cares or can be held responsible, no matter who writes a policy, or who implements a system, it is not going to work well. Top management has to support and endorse a records management program, with an individual responsible who has enough knowledge and influence to dictate who does what, when, and how.

Q: Any suggestions for organizations that have different, multiple records in different locations?

MR: It all depends on particular circumstances for each organization and location. The availability and need to frequently use records, laws and local regulations, technology, as well as storage, transportation, or transmission costs may help in defining the best approach. In the case of multi-national locations, local laws and practices may prevent you from taking the records to a central location in another country. Further, the retention, access, and disposition rules might be different from country to country. Once all of those variables have been identified, the Chief Records Officer (or equivalent) should take the steps to ensure that there is a consistent organization-driven directive to manage records, but at the same time the set of policies and directives are adapted to each particular location. Records need to managed within the law and organization's needs from capture (creation) to disposition.

Q: Where does records management fit within centralized process management?

MR: There is a lot in common and each one can leverage functionality of the other to enhance the usability and governance inside the organization. Any process managed in a BPM, workflow, or similar engine is using and generating information. It might be full application-based and automated, or human centric. In any case, the result is a process is performed based on information, decisions, interactions, and even documents or records that participate in the process. As such, the process can use existing records, but it also generates records. At the end of the day, a record is some kind of evidence that a transaction, decision, communication or action was made in the course of business, and it is exactly what process management does. Audits and information generated in each process qualify as records. But to go more into automation and control, the simple fact of completing a step in a process may implicitly mean that a document becomes a record, so the declaration or archiving of that document can be integrated and automated by the workflow engine. Further, some processes may trigger events that can be consumed by the records management system to control record retention (given that your RM system allows such integration); for example a process to approve the payment of a life insurance policy may set the event of policy paid that controls how many years after the policy has expired or is paid off, the records related to that policy have to be retained. On the other side, many records management process can take advantage of simple and advanced processes implemented via your BPM solution. Vital record review, disposition approvals by multiple stakeholders, etc., may be automated and tracked in the corporate centralized process management solution. This approach has the added benefit that processes and decisions are tracked within the same central system according to corporate defined (and enforced) policies, and the process engine itself can feed the process audit records to the records management system.

Miguel Rodriguez has worked in the software industry for more than 20 years, with more than 15 years of experience related to content management, including imaging, check processing, email and records management. He is a senior product manager with ASG-Mobius, responsible for several solutions: including ASG-ViewDirect E-mail Manager and ASG-TCI for MOSS.