|
1
|
|
|
2
|
- Understand why an Information Lifecycle Management approach is critical
to effective RIM
- Learn why privacy and data security laws must be part of a RIM program
- Learn the newest strategies in Email management
- Understand how RIM is incorporated into a content management system
- Discover the essential elements in any RIM program
|
|
3
|
- Information Lifecycle Management
- How to Achieve Business Benefits and ROI from Your RIM Solution
- ECM and RIM – The Touch Points and How They Work Together
|
|
4
|
|
|
5
|
- IM is a continual process
- IM is more than Records Management
- i.e. privacy considerations
- IM incorporates policies and processes to meet
- preservation obligations
- IM manages documents as well as records
|
|
6
|
|
|
7
|
- Federal Privacy Legislation
- HIPAA, GLB
- FACTA – Consumer Disposal Rule
- State Data Breach Consumer Notification Laws
- Texas SB122 (Sept. 1, 2005) - Must implement reasonable procedures to
protect sensitive personal information.
Destroy by shredding, erasing or making it unreadable or
undecipherable.
- Similar duty in Arkansas, Nevada, Montana
- See National Conference of State Legislatures for list of state laws http://www.ncsl.org/programs/lis/cip/priv/breach.htm
|
|
8
|
- Include a definition of “Personal Information” (or “Personally
Identifiable Information”) in the Legend.
- Include a definition of “Secure Disposal” in the Legend (“Shredding,
erasing or otherwise modifying the information or data to make it
unreadable or undecipherable through any means”).
- Include a column in the schedule to indicate whether the records in the
class/series may require Secure Disposal.
|
|
9
|
|
|
10
|
- Electronic Records Management (ERM)
- Using automated processes to manage any records regardless of format:
paper, electronic, microform, etc.
- Electronic Recordkeeping (ERK)
- Using automated processes to manage the electronic records of an
organization.
- ERK should preserve the content of electronic records, and their context
and structure, over time.
|
|
11
|
- Enables future accessibility of records in legacy systems, including the
migration of records throughout their lifecycle as systems, software,
and storage media change.
- Ensures the authenticity and reliability of records, helping ensure the
security of critical information resources.
- Can aid in business dispute resolution, providing fast access to records
of an organization’s transactions with customers, suppliers, partners,
etc.
|
|
12
|
- Can improve productivity, especially if ERK is incorporated into overall
improvements to the organization's workflow involving record creation
and management.
- Provides long-term cost savings, reducing the need for parallel
recordkeeping systems (i.e., paper and electronic).
- Reduces cost of compliance with Freedom of Information Act (FOIA)
requests (for government agencies) and legal discovery for all
organizations.
|
|
13
|
|
|
14
|
|
|
15
|
|
|
16
|
- Productivity & Processes: Content Management addresses issues of
speed, efficiency and workflow improvement
- Policies & Procedures: Records Information Management addresses
required disciplines of legal/regulatory enforcement & record
disposition
|
|
17
|
- CM Key Benefits:
- Improved Employee Efficiency
- Elimination of Redundant Processes
- Elimination of Paper and Associated Storage/ Retrieval Costs
- Improved Access to Information (Electronic)
- RIM Key Benefits:
- Reduction in Potential Risk of Records-Related Litigation
- Improved Access to Information (esp. Hardcopy)
- Satisfaction of requirements mandated by Government or other Agencies
(e.g., DoD 5015.2, HIPPA, CFR 21.11, Freedom of Information Act)
|
|
18
|
- Content Management
- Scan Documents
- Classify & Index Electronic Records & Email
- Search & Report
- Manage Workflow & Collaboration
- Act as Repository for Electronic Records
- Declare Electronic Documents as Records when Inactive
|
|
19
|
- A primary module typically within an ECM application set
|
|
20
|
|
|
21
|
|
|
22
|
- Effective Electronic Records Management Strategies
- How to Choose the Right RIM Technology Solution
- Five Essential Elements of Records and Retention Management
|
|
23
|
|
|
24
|
- Evidence of business transaction or communication
- How long? It depends…
- Legal requirements
- Preservation obligations
- Records management best practices
|
|
25
|
- A record is…
- Information in any tangible or electronic medium that is created,
received, or used in the transaction of business, or that the
organization is legally obligated to maintain.
- Electronic Records…
- NARA Final Rule on the Disposal of Transitory Email Records effective
March 23, 2006
- Authorizes agencies to dispose of short-term email records (i.e., those
with a retention period of 180 days or less) without creating a separate
paper or electronic recordkeeping copy.
- Agencies may maintain and delete transitory email records from their
live email systems without transferring these records to a recordkeeping
system, provided that
- (1) users do not delete any records before the expiration of their
NARA-approved retention period, and
- (2) the email system's automatic deletion rules ensure the preservation
of records for the duration of their NARA-approved retention period.
|
|
26
|
- A transitory record is…
- A record that has business value for only a short period, up to a
maximum of two years, and that is not required to be kept under a
statute or regulation.
- Transitory records should be discarded once they are no longer needed,
and should never be kept for more than [one year.] Transitory records
are typically not listed on the Retention Schedule.
- Examples include phone messages, meeting and departmental notices,
calendars, information relating to business proposals that are
abandoned, and drafts of documents that have been superseded.
|
|
27
|
- E-mail systems (i.e., Outlook, Notes) are record management systems
- All e-mail are business records
- All e-mail should be automatically deleted after
30-60-90 days
- Classify e-mail business records according to the organization’s records
retention schedule
|
|
28
|
- Policies and procedures should be reasonable.
- Policies and procedures should be realistic, practical and tailored to
the circumstances of the organization.
- No obligation to retain all electronic information ever generated or
received.
- Lifecycle management of records: include procedures that address the creation,
identification, retention, retrieval and ultimate disposition or
destruction of information and records.
- Must suspend ordinary destruction procedures as necessary to comply with
preservation obligations related to actual or reasonably anticipated
litigation, governmental investigation or audit.
- www.thesedonaconference.org
|
|
29
|
|
|
30
|
|
|
31
|
|
|
32
|
- Sample E-Communications Policy Language:
- Employees must use one of the
following options for handling e-mails as business records:
- Option A: Generate a hard copy printout of the message (including any
and all attachments and metadata) and place it into the proper file for
further retention; or
- Option B: Migrate the message (including any and all attachments and metadata)
to an electronic recordkeeping system, if one is available, for further
retention.
|
|
33
|
- Suddenly potentially relevant “documents” become “evidence”
- Litigation Hold is issued
- Destruction is suspended
- Potential evidence is identified and preserved
|
|
34
|
|
|
35
|
|
|
36
|
|
|
37
|
|
|
38
|
|
|
39
|
|
|
40
|
|
|
41
|
|
|
42
|
|
|
43
|
- KM
- IM
- ECM
- UCM
- CRM
- ERP
- BPM
- ILM
- RMS
- ERM
- EDMS
|
|
44
|
- Process Collection – Occurs when a process owner is assigned to a
process and needs to populate the process with supporting documentation
- Testing & Monitoring – Occurs when a process is routed for
evaluation and testing of controls
- Approval Routing – Can occur when an administrator would like a review
of the process
- Issue Resolution – Occurs when an issue has been generated for a given
business process
- Edit – Occurs when the process owner revises a process to update
procedures, risks, or controls
|
|
45
|
|
|
46
|
|
|
47
|
- Who manages and/or is responsible for the documents or records
(organizational ownership)?
- What value do they consist of or represent to the business? (series/doc
type)?
- Where are they maintained (physical or other location)?
- When does their business purpose cease (retention)?
- Why are they maintained by this organization (business purpose)?
- How are we going to protect and maximize the value of these valuable
business assets?
|
|
48
|
- Set retention periods based on records appraisal and legal research,
while considering the costs, risks, and benefits.
- Records metadata should be captured with as little involvement from the
end user.
- If records creators must capture data:
- Find out how much data entry they can accept
- Find out how much delay they can accept
- Make sure the integrity of the captured data is enforced
- Determine if users can change objects without changing the associated
classification metadata
- Ensure the RIM software, CM system, hardware, or network security
enforces data integrity.
|
|
49
|
- Never require an end-user to make more than two mouse clicks to declare
a document as a record.
- “Research indicates that the highest quality and accuracy occurs when
records management is as non-intrusive to the desktop end user as
possible and does not interfere with the normal work routines of
professional staff.”
- - Information Management Journal
|
|
50
|
- Authorization Required – (positive option)
- Requires specific approval via hard-copy or email
- Generally not recommended
- Notice of Destruction – (negative option)
- Gives a listing of records ready for destruction
- Allows for exceptions
- No Notice or Approval – (no option)
- Acceptable but only when supported by an efficient discovery and
litigation hold system
- This methodology results in the most timely and consistent retention
- Key Principle: the more automated
and the less user intervention required, the better the system (within
legal guidelines).
|
|
51
|
- Components of a good physical RIM system:
- Space Management
- Defines the warehouse layout
- Searches for empty space
- Reserves space
- Tracks occupied vs. empty space
- Circulation Services
- Reserves and checks out physical content
- Maintains a due date for checked out items
- Sends notification when items are overdue
- Bar Code Reading / Writing and label printing
- Manages contained-within relationships
- Charge-backs
- Tracks charges for actions within the warehouse
- Generates reports indicating how much is owed by entities (e.g.
departments)
|
|
52
|
- Keep Retention Schedule in one central application
- Manage content in multiple repositories, without moving them, for both:
- Federated search/discovery
across multiple repositories
- Litigation/Audit holds apply to
other repositories
- Single disposition interface
through the application
- Designed for minimal impact to end-user productivity:
|
|
53
|
|
Notes
