Record Management

Records management, also known as records and information management, is an organizational function devoted to the management of information in an organization throughout its life cycle, from the time of creation or receipt to its eventual disposition. This includes identifying, classifying, storing, securing, retrieving, tracking and destroying or permanently preserving records.[1] The ISO 15489-1: 2001 standard ("ISO 15489-1:2001") defines records management as "[the] field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records".[2]

An organization's records preserve aspects of institutional memory. In determining how long to retain records, their capacity for re-use is important. Many are kept as evidence of activities, transactions, and decisions. Others document what happened and why.[3] The purpose of records management is part of an organization's broader function of governance, risk management, and compliance and is primarily concerned with managing the evidence of an organization's activities as well as the reduction or mitigation of risk associated with it.[4] Recent research shows linkages between records management and accountability in governance.[5]

Record Management

Download File

The concept of record is variously defined. The ISO 15489-1:2016 defines records as "information created, received, and maintained as evidence and as an asset by an organization or person, in pursuit of legal obligations or in the transaction of business".[2] While there are many purposes of and benefits to records management, as this definition highlights, a key feature of records is their ability to serve as evidence of an event. Proper records management can help preserve this feature of records.

Recent and comprehensive studies have defined records as "persistent representations of activities" as recorded or created by participants or observers.[6] This transactional view emphasizes the importance of context and process in the determination and meaning of records. In contrast, previous definitions have emphasized the evidential and informational properties of records.[7] In organizational contexts, records are materials created or received by an organization in the transaction of business, or in pursuit of or in compliance with legal obligations.[8][9] This organizational definition of record stems from the early theorization of archives as organic aggregations of records, that is "the written documents, drawings and printed matter, officially received or produced by an administrative body or one of its officials".[10][11]

Not all documents are records. A record is a document consciously retained as evidence of an action. Records management systems generally distinguish between records and non-records (convenience copies, rough drafts, duplicates), which do not need formal management. Many systems, especially for electronic records, require documents to be formally declared as a record so they can be managed. Once declared, a record cannot be changed and can only be disposed of within the rules of the system.

Just as the records of the organization come in a variety of formats, the storage of records can vary throughout the organization. File maintenance may be carried out by the owner, designee, a records repository, or clerk. Records may be managed in a centralized location, such as a records center or repository, or the control of records may be decentralized across various departments and locations within the entity. Records may be formally and discretely identified by coding and housed in folders specifically designed for optimum protection and storage capacity, or they may be casually identified and filed with no apparent indexing. Organizations that manage records casually find it difficult to access and retrieve information when needed. The inefficiency of filing maintenance and storage systems can prove to be costly in terms of wasted space and resources expended searching for records.

An inactive record is a record that is no longer needed to conduct current business but is being preserved until it meets the end of its retention period, such as when a project ends, a product line is retired, or the end of a fiscal reporting period is reached. These records may hold business, legal, fiscal, or historical value for the entity in the future and, therefore, are required to be maintained for a short or permanent duration. Records are managed according to the retention schedule. Once the life of a record has been satisfied according to its predetermined period and there are no legal holds pending, it is authorized for final disposition, which may include destruction, transfer, or permanent preservation.

A disaster recovery plan is a written and approved course of action to take after a disaster strikes that details how an organization will restore critical business functions and reclaim damaged or threatened records.

The format and media of records is generally irrelevant for the purposes of records management from the perspective that records must be identified and managed, regardless of their form. The ISO considers management of both physical and electronic records.[2] Also, section DL1.105 of the United States Department of Defense standard DoD 5015.02-STD (2007) defines Records Management as "the planning, controlling, directing, organizing, training, promoting, and other managerial activities involving the life cycle of information, including creation, maintenance (use, storage, retrieval), and disposal, regardless of media".[12]

Examples of records phases include those for creation of a record, modification of a record, movement of a record through its different states while in existence, and destruction of a record.

Throughout the records life cycle, issues such as security, privacy, disaster recovery, emerging technologies, and mergers are addressed by the records and information management professional responsible for organizational programs. Records and information management professionals are instrumental in controlling and safeguarding the information assets of the entity. They understand how to manage the creation, access, distribution, storage, and disposition of records and information in an efficient and cost-effective manner using records and information management methodology, principles, and best practices in compliance with records and information laws and regulations.

Records-management principles and automated records-management systems aid in the capture, classification, and ongoing management of records throughout their lifecycle. ARMA International defines records management as "the field of management responsible for establishing and implementing policies, systems, and procedures to capture, create, access, distribute, use, store, secure, retrieve, and ensure disposition of an organization's records and information". Such a system may be paper-based (such as index cards as used in a library), or may involve a computer system, such as an electronic records-management application.[13]

While defensibility applies to all aspects of records life cycle, it is considered most important in the context of records destruction, where it is known as "defensible disposition" or "defensible destruction," and helps an organization explicitly justify and prove things like who destroys records, why they destroy them, how they destroy them, when they destroy them, and where they destroy them.[15]

Records managers use classification or categorization of record types to logically organize records created and maintained by an institution.[16] Such classifications assist in functions such as creation, organization, storage, retrieval, movement, and destruction of records.

At the highest level of classification are physical versus electronic records. (This is disputable; records are defined as such regardless of media. ISO 15489 and other best practices promulgate a functions based, rather than media based classification, because the law defines records as certain kinds of information regardless of media.)

Classification of records is achieved through the design, maintenance, and application of taxonomies, which allow records managers to perform functions such as the categorization, tagging, segmenting, or grouping of records according to various traits.[17]

Enterprise records represent those records that are common to most enterprises, regardless of their function, purpose, or sector. Such records often revolve around the day-to-day operations of an enterprise and cover areas such as but not limited litigation, employee management, consultant or contractor management, customer engagements, purchases, sales, and contracts.

Industry records represent those records that are common and apply only to a specific industry or set of industries. Examples include but are not limited to medical industry records (e.g., the Health Insurance Portability and Accountability Act), pharmaceutical industry records, and food industry records.

Legal hold records are those records that are mandated, usually by legal counsel or compliance personnel, to be held for a period of time, either by a government or by an enterprise, and for the purposes of addressing potential issues associated with compliance audits and litigation. Such records are assigned Legal Hold traits that are in addition to classifications which are as a result of enterprise or industry classifications.

Legal hold data traits may include but are not limited to things such as legal hold flags (e.g. Legal Hold = True or False), the organization driving the legal hold, descriptions of why records must be legally held, what period of time records must be held for, and the hold location.

38c6e68cf9