Reducing Risk For The Life Cycle of Your Information
Records can be either tangible objects, such as paper documents like birth certificates, driver’s licenses, and physical medical x-rays, or digital information, such as electronic office documents, data in application databases, web site content, and email.
Not all documents are records. A record is a document consciously retained as evidence of an action. Records management systems generally distinguish between records and non-records (convenience copies, rough drafts, duplicates), which only need a disposal requirement and do not need more formal management. Many systems, especially for electronic records, require documents to be formally declared as a record so they can be managed. Once declared, an audit trail showing all access and changes can be maintained to ensure the integrity of the records. A record can only be changed, and can only be disposed of, within the rules of the system.
Records may be covered by access controls to regulate who can access them, and under what circumstances. Physical controls may be used to keep confidential records secure – personnel files, for instance, which hold sensitive personal data, may be held in a locked cabinet with a control log to track access. Digital records systems may include role-based access controls, allowing permissions (to view, change and/or delete) to be allocated to staff, depending on their role in the organization.