Скачать презентацию Records Management Basics Bill Neale IBM Corporation ECM Скачать презентацию Records Management Basics Bill Neale IBM Corporation ECM

9afd2b041218acbeafef6a6b8ba441a6.ppt

  • Количество слайдов: 43

Records Management Basics Bill Neale IBM Corporation, ECM, Compliance Product Marketing wneale@us. ibm. com Records Management Basics Bill Neale IBM Corporation, ECM, Compliance Product Marketing [email protected] ibm. com © 2009 IBM Corporation

Overview of RM Basics • RM Fundamentals • RM Roles • Evolution of RM Overview of RM Basics • RM Fundamentals • RM Roles • Evolution of RM • RM Drivers • Corporate Trends • RM Standards © 2009 IBM Corporation

RM Fundamentals © 2009 IBM Corporation RM Fundamentals © 2009 IBM Corporation

RM Fundamentals • Key Terms File Plan • File Plan • Security & Access RM Fundamentals • Key Terms File Plan • File Plan • Security & Access • Disposition Authority Security & Access Records Operations © 2009 IBM Corporation

RM Fundamentals—Key Terms • RIM (Records & Information Management) Monitoring Software & Processes Training RM Fundamentals—Key Terms • RIM (Records & Information Management) Monitoring Software & Processes Training Audits Reporting Preservation Security Transfers Legal Policies Retention and Disposition Records Organization Vital Records Field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records © 2009 IBM Corporation

RM Fundamentals—Key Terms • ISO 15489 Definition of a Record • Recorded information, regardless RM Fundamentals—Key Terms • ISO 15489 Definition of a Record • Recorded information, regardless of medium or characteristics, made or received by an organization that is evidence of its operations, and has value requiring its retention for a specific period of time. Recorded information in any format, that is created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business. © 2009 IBM Corporation

RM Fundamentals—Key Terms • Active Record • A record which is regularly referred to RM Fundamentals—Key Terms • Active Record • A record which is regularly referred to and required for current use • Usually referred to records that are accessed more than once a month • Inactive Records • Records that are referred to less than once a month • Records that are not needed frequently, but which must be kept for administrative, fiscal, legal, historical, or governmental purposes © 2009 IBM Corporation

RM Fundamentals—Key Terms • Authenticity • An authentic record is one that can be RM Fundamentals—Key Terms • Authenticity • An authentic record is one that can be proven: • To be what it purports to be • To have been created or sent by the person purported to have created or sent it • To have been created or sent at the time purported • Reliability • The contents can be trusted as a full and accurate representation of the transaction, evidence, or facts. • Integrity • The record is complete and unaltered. (Note: any additions, annotations, and deletions should be explicitly indicated and traceable—audit trails. ) • Usability • The record can be located, retrieved, presented, and interpreted—including links to process activities. © 2009 IBM Corporation

RM Fundamentals—Key Terms • Classification • Systematic identification and arrangement of business activities and/or RM Fundamentals—Key Terms • Classification • Systematic identification and arrangement of business activities and/or records into categories (sometimes referred to as the file classification scheme, record plan, or file plan). The ABC Company 1. 0 Sales 2. 0 Marketing 3. 0 Engineering 1 st Tier Categories Business Functions 4. 0 Administration © 2009 IBM Corporation

RM Fundamentals—Key Terms The ABC Company 1. 0 Sales 1. 1 Northwest 1. 2 RM Fundamentals—Key Terms The ABC Company 1. 0 Sales 1. 1 Northwest 1. 2 Northeast 1. 3 Southwest 1. 4 Southeast 2. 0 Marketing 2. 1 Product A 2 nd Tier Categories Business Activities 2. 2 Product B 2. 3 Conferences 2. 4 Advertising © 2009 IBM Corporation

RM Fundamentals—Key Terms The ABC Company 3. 0 Engineering 3. 1 Product A 3. RM Fundamentals—Key Terms The ABC Company 3. 0 Engineering 3. 1 Product A 3. 2 Product B 3. 3 Help Desk Operations 3. 4 Research and Development 4. 0 Administration 4. 1 Legal 2 nd Tier Categories Business Activities 4. 2 Finance 4. 3 Human Relations 4. 4 Internal Support © 2009 IBM Corporation

RM Fundamentals—Key Terms The ABC Company 4. 0 Administration 4. 1 Legal 4. 1. RM Fundamentals—Key Terms The ABC Company 4. 0 Administration 4. 1 Legal 4. 1. 1 Compliance 4. 1. 2 Claims 4. 1. 3 Investigations 4. 1. 4 Agreements 3 rd Tier Categories Business Transactions 4. 1. 5 Criminal 4. 1. 6 Civil 4. 1. 7 Policies © 2009 IBM Corporation

Using the File Plan • Organizes, describes, and links records The ABC Company 1. Using the File Plan • Organizes, describes, and links records The ABC Company 1. 0 Sales 2. 0 Marketing 3. 0 Engineering 4. 0 Administration • Links and shares interdisciplinary records • Provides improved access, retrieval, use and dissemination of records • Attributes may be defined at higher levels and inherited at lower levels (i. e. retention, vital record, security, etc. ) © 2009 IBM Corporation

RM Fundamentals—Key Terms • Taxonomy • Structures that provide a way of classifying things RM Fundamentals—Key Terms • Taxonomy • Structures that provide a way of classifying things -- living organisms, products, books -- into a series of hierarchical groups to make them easier to identify, study, or locate • Thesaurus • A list of synonyms, often including related and contrasting words and antonyms. • Subject-specific thesauri often include the specialized vocabulary of a particular field, such as medicine or education. © 2009 IBM Corporation

RM Fundamentals—Key Terms • Disposition • Those actions taken regarding records no longer needed RM Fundamentals—Key Terms • Disposition • Those actions taken regarding records no longer needed for the conduct of the regular current business of the organization. n y e at re C C la sif s se U w ie v Re is D itio os p Destroy Transfer Time © 2009 IBM Corporation

Initiating Disposition • Triggered on Time and Events Date Closed Date Discharged Claim Settled Initiating Disposition • Triggered on Time and Events Date Closed Date Discharged Claim Settled e Cr a te la C s ify s se U w ie v Re Di s e os p Destroy Transfer Time © 2009 IBM Corporation

RM Fundamentals—Key Terms • Retention Schedule • Organization’s policy stating the retention period of RM Fundamentals—Key Terms • Retention Schedule • Organization’s policy stating the retention period of the record • May vary by record type and/or business unit (i. e. general correspondence records for the CEO versus general correspondence records for a lower-level department manager) • Determined by: • Legal Statutes • Business Requirements • Historical and/or Research Value © 2009 IBM Corporation

RM Fundamentals—Sample Retention Schedule © 2009 IBM Corporation RM Fundamentals—Sample Retention Schedule © 2009 IBM Corporation

RM Fundamentals—Sample Retention Schedule © 2009 IBM Corporation RM Fundamentals—Sample Retention Schedule © 2009 IBM Corporation

RM Fundamentals—Key Terms • Transfer • Custody—change of custody, ownership, and/or responsibility for records RM Fundamentals—Key Terms • Transfer • Custody—change of custody, ownership, and/or responsibility for records • Movement—moving records from one location to another © 2009 IBM Corporation

RM Fundamentals—Key Terms • Preservation • Processes and operations involved in ensuring the technical RM Fundamentals—Key Terms • Preservation • Processes and operations involved in ensuring the technical and intellectual survival of authentic records though time • Content—that which conveys information • Structure—appearance and arrangement of the content • Context—background information that enhances understanding of technical and business environments to which the records relate (metadata) © 2009 IBM Corporation

RM Fundamentals—Key Terms • Vital Records • Records required for essential business operations. • RM Fundamentals—Key Terms • Vital Records • Records required for essential business operations. • Should the business entity suffer a major disaster (manmade or natural) these are the records that are required to conduct essential business operations. • Employee payroll records • Accounts receivable • Articles of Incorporation • Provide for the continuity of operations. • Organizations need to take appropriate measures to ensure the survival of the vital records or copies of vital records in case of emergency or disaster. © 2009 IBM Corporation

RM Fundamentals—Key Terms • Spoliation • This term broadly refers to the intentional, reckless, RM Fundamentals—Key Terms • Spoliation • This term broadly refers to the intentional, reckless, or negligent destruction, loss, material alteration or obstruction of evidence that is relevant to litigation. • Courts and litigants are becoming increasingly concerned with the spoliation of evidence. The loss of evidence required for trial may prevent a party from adequately proving or defending a claim. • The most severe sanctions are generally reserved for the willful destruction of digital evidence. • Nevertheless, numerous courts have shown a willingness to issue harsh sanctions for the negligent destruction of data. © 2009 IBM Corporation

RM Fundamentals—Key Terms • Legal Hold • An intentional suspension of the disposition processing RM Fundamentals—Key Terms • Legal Hold • An intentional suspension of the disposition processing to ensure the preservation of specific records in response to litigation, audit, investigation or other important matters • Often directed by the organization’s legal authorities in response to court-ordered discovery processes • Often initiated in advance of any formal directives • May be applied at the individual record level or at a higher level within the file plan • Holds must be enforced at all levels within the organization © 2009 IBM Corporation

The Legal Hold Process Notification of Litigation or Audit Event Legal Review Records Search The Legal Hold Process Notification of Litigation or Audit Event Legal Review Records Search Records Identification Records Hold Legal Review Distribute/Use of Records © 2009 IBM Corporation

RM Fundamentals--Security & Access • Access to records may be restricted to protect: • RM Fundamentals--Security & Access • Access to records may be restricted to protect: • Personal information and privacy • Intellectual property rights • Commercial confidentiality • State security • Legal and other professional privileges • Applies to: • Content • Metadata or attributes describing content • RM functions (delete, add, modify, move) © 2009 IBM Corporation

RM Fundamentals--Audits • Systematic collection of designated records management activities • Initiated by investigators, RM Fundamentals--Audits • Systematic collection of designated records management activities • Initiated by investigators, compliance officers, and records staff • Provides a history of the record, file plan, retention schedules, disposition actions • Used to detect trends—positive and negative • Used to discover/investigate potential threats • Validates the trustworthiness of records • Provides evidence of compliance with RM policies © 2009 IBM Corporation

RM Fundamentals—Records Centers Ø A low cost, high density centralized area for housing and RM Fundamentals—Records Centers Ø A low cost, high density centralized area for housing and servicing inactive or non-current physical records with reference rates that do not warrant their retention in the office §In-house §Commercial Ø Typical Operations §Storage §Check-In §Check-Out §Delivery/Pick-Up Services §Destruction © 2009 IBM Corporation

RM Roles © 2009 IBM Corporation RM Roles © 2009 IBM Corporation

Records Management - Users • “Passengers” • Create and use records • Identify, declare Records Management - Users • “Passengers” • Create and use records • Identify, declare and classify • Search and request • Review and approve • Vital records • Record disposition and destruction • “Pilots” • Custodian of corporate records and archives • Create and manage File Plan, retention schedules and overall records program • Oversee records lifecycle and disposition • Inventory, accession, transfer, destruction, etc. • Implements legal hold / freeze orders. • Participates in legal discovery and can be called for testimony. • Sometimes has CRM industry certification © 2009 IBM Corporation

Records are Content and Process Driven • The media centric active - inactive records Records are Content and Process Driven • The media centric active - inactive records model has changed. User Process • Create • Retain - Store • Edit • Migrate • Use LOB RM Process • Defend Produce • Publish Transact Time • Search Request • Audit • Expunge Archive • The model is now content centric, driven by the business process, and the line between documents and records is very fuzzy … it’s the actual process that matters most. Most Get Destroye d (~95%) • Manage the process not just the users or records. © 2009 IBM Corporation

Evolution of Records Management © 2009 IBM Corporation Evolution of Records Management © 2009 IBM Corporation

Evolution of records management The old methods do not work! • Built for paper Evolution of records management The old methods do not work! • Built for paper • Physical document/folder/box tracking • Rely on end users • Do not address the “process” • At cross purposes with today’s requirements • e-mail storage • Born digital records • Instant Messages © 2009 IBM Corporation

Evolution of Records Management • The old methods of dealing with corporate information do Evolution of Records Management • The old methods of dealing with corporate information do not and cannot comply with the stringent requirements of today’s business • Built primarily for a paper-based environment • Relied heavily on the judgment of individuals to determine importance and consistent application • Are primarily focused on the “record” and not the “process” • Have not fundamentally changed over the past century • Have functioned at cross purposes in today’s business environments (i. e. IT’s limit on e-mail storage vs. the need to capture and retain relevant information) • Low perception of RM in the organization • RM staff may influence but typically are not decision makers © 2009 IBM Corporation

And the Repercussions are Staggering • Inability to enforce RIM policy (and defend) are And the Repercussions are Staggering • Inability to enforce RIM policy (and defend) are common in most landmark lawsuits. • Opposing council attacks the process and makes spoliation claims. • Repercussions are the same whether malfeasance or lack of RIM enforcement. • Government officials are being held in contempt. • Stock prices go down and trust is destroyed. • Huge penalties and fines are levied. • Companies have dissolved, careers have been destroyed and people are going to jail. • Companies are bearing unnecessary storage costs. • Exploding electronic discovery costs. • Subject to spoliation claims. Enron and Arthur Andersen World. Com Microsoft Antitrust Hearings Bureau of Indian Affairs Wal-Mart Stores Dell Computer Prudential Insurance General Nutrition Trigon UBS Warburg AH Robins Freddie Mac Proctor and Gamble The White House Tyco © 2009 IBM Corporation

The Problem is People • Records capture dependant on user interaction simply doesn't work The Problem is People • Records capture dependant on user interaction simply doesn't work … • Not all records get declared • Many records get misfiled • Many records are lost • Multiple copies and versions add to confusion • Records administration dependent on user interaction also doesn't work … • Records are destroyed too soon • Records are kept too long • In short, people make mistakes Large organizations lose a document every 12 seconds 67% of data loss is directly related to user blunders 2 -7% of all records are typically misfiled by business workers. Source: PRISM International, File. Net and National Archives and Records Administration Law of Small Numbers: Business workers take on average, 5 -15 seconds to declare a single record. 50 records per day = Approximately 1 hour per day or 1/8 th of a persons productive time spent declaring records. © 2009 IBM Corporation

RM Drivers © 2009 IBM Corporation RM Drivers © 2009 IBM Corporation

Why Do You Need Records Management? • Records management has forever changed. It is Why Do You Need Records Management? • Records management has forever changed. It is now a “C” level business issue • Continued explosion of content will place ever increasing demands on today’s companies for compliance • Landmark litigation has and will continue to create a legal feeding frenzy • Risk of non-compliance is high • The impact and cost of document reconstruction, legal costs, fines, company and professional reputation, investor confidence, stock price, and incarceration • Total cost of failure can be devastating © 2009 IBM Corporation

Why Do You Need Records Management? • Never in the history of business has Why Do You Need Records Management? • Never in the history of business has the capture, control, storage and timely destruction of records had the impact it has on the success and future of a business • Reliance on electronic information in dispersed data management systems • The Internet (e-mail and web content) • An ever growing amount of hard copy information • A need which has been brought to light through advances in technology, the proliferation of information, and many recent events • Increased cost of corporate litigation due to the vast amounts of information • 9/11 disaster (Vital and Corporate Records lost) • The size and scope of Corporate failures (Enron, World. Com, Arthur Anderson, etc. ) © 2009 IBM Corporation

The Laws have Changed Worldwide Ø International: ØISO 15489 ØDo. D Standard 5015. 2 The Laws have Changed Worldwide Ø International: ØISO 15489 ØDo. D Standard 5015. 2 ØBasel II ØANSI/ARMA 9000/4 Ø UK: ØThe National Archives ØMetadata Framework Ø European Union: ØMOREQ Ø US: Over 8, 000 Legal and Ø France: ØSarbanes-Oxley Regulatory Requirements ØCRFB ØCFR 21 Part 11 North America Ø Germany: ØHIPAA ØDOMEA ØSEC 17 a-3 & 17 a-4 ØBa. Fin ØFOIA Ø Australia: ØNARA CFR 36 ØVERS ØPatriot Act ØAS 15489 ØFERC Part 125 ØGLBA in © 2009 IBM Corporation

Business Risks • Records not captured by business users • Process information not captured Business Risks • Records not captured by business users • Process information not captured • Metadata not captured • RIM policy not enforced 85% have records management program 47% do not include e-records 38% do not follow own RIM policy 46% no formal process for holds 93% believe outcome of future litigation based on e-records policy • Records lost or destroyed too soon 62% doubt they could defend own records • Records kept too long or never destroyed 67% doubt IT department understands RIM policy • Lack of an audit trail Survey data from Cohasset Associates “A Call To Action” AIIM and ARMA 2003 study © 2009 IBM Corporation

RM Standards • Do. D Standard 5015. 2 • ISO Standard 15489 • UK RM Standards • Do. D Standard 5015. 2 • ISO Standard 15489 • UK National Archives • ANSI/ARMA 9 -2004 • VERS • DOMEA • MOREQ © 2009 IBM Corporation

Domestic Records Management Professional Organizations • ARMA International (Most RM officers are members) • Domestic Records Management Professional Organizations • ARMA International (Most RM officers are members) • www. arma. org • AIIM International • www. aiim. org • Institute for Certified Records Managers • www. icrm. org • National Archives and Records Administration (NARA) • www. nara. gov • National Association for Government Archives and Records Administrators (NAGARA) • www. nagara. org • Nuclear Information and Records Management Association (NIRMA) • www. nirma. org © 2009 IBM Corporation