Defining a Business Record and Developing a Records Management Framework
Since we are starting a new year, I thought it might be nice to start with some information helpful to creating a records management system. Since information is the most import asset an organization has, the beginning seemed like a great place to start.
The International Standard on Records Management defines records as such:
ISO 15489: “information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business”.
This definition makes it clear that we are not just talking about our old archival records but about everyday information that we create in our work situations. This information may take several forms and include audio files, photographs, video, emails, and any form of social media.
ARMA International has created a framework referred to as “The Principles” which are generally accepted recordkeeping principles. These guidelines were examined by legal and IT professionals who reviewed and distilled global best practice resources. These included the international records management standard ISO15489-1 from the American National Standards Institute and court case law. The principles were vetted through a public call-for-comment process involving the professional records information management (RIM) community.
This framework supports organizations immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.
The Principles have eight points for creating information governance best practices:
Principle of Accountability – An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel and ensure program audit ability.
Principle of Transparency – The processes and activities of an organization’s recordkeeping program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties.
Principle of Integrity – A recordkeeping program shall be constructed so the records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability.
Principle of Protection – A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity.
Principle of Compliance – The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization’s policies.
Principle of Availability – An organization shall maintain records in a manner that ensures timely, efficient, and accurate retrieval of needed information.
Principle of Retention – An organization shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational and historical requirements.
Principle of Disposition – An organization shall provide secure and appropriate disposition for records that are no longer required to be maintained by laws and organizational policies.