Articles

Records management articles

COR Concepts publishes a number of articles on various aspects of Document and Records Management.  Read our latest articles here.

This article should be read in conjunction with our earlier article US DoD publishes guidance on Technology planning for Electronic Records Management (ERM). Please read that article first if you haven't already done so, as this Part 2 provides some additional context and information.

Insights from the US DoD Records Management and IT teams.

An extremely informative and valuable webinar hosted by AIIM and including key members of the US DoD Records Management and IT staff provided clarity and insight on the new guidance document US DoD 8180.01 (See the article above for a summary). I believe the following insights are critical in order to understand the usage of the document, and also how it impacts on the Records and Information Management profession, and National Archives Regulatory authorities globally. NOTE. We have been saying many of these things for years, but the guidance documents puts everything into stark, blunt perspective.

  1. The most striking and (terrifying for some) thing to note about the guidance is that it replaces the DoD 5015.02-STD, “Electronic Records Management Software Applications Design Criteria Standard. This is big news as many National Archives and Records Management regulatory bodies rely on this as the gold standard. Any Electronic Records System which was certified against US DoD 5015-2 STD was deemed to have the necessary functional capability to protect records. The big challenge always was that the best system, with the best functionality, is useless if not implemented properly. 8180.01 moves beyond this focuses more on outputs. Please note that the DoDI 5015.02-2017 instruction is still in place and forms part of the implementation going forward. This is currently being revised.
  2. The relationship between IT, Records teams, procurement and Business is pivotal in implementing ERM. Understanding who the stakeholders are and ensuring that they are included in the design of systems up-front is absolutely essential. This is true Information Governance by design. What this means in essence, is the move away from records as an afterthought, to a more holistic approach, where records (and other) considerations are built into system and process design, up front. If anyone isn't fully conversant with the topic, here is further information on Information Governance
  3. The happy distinction between structured and unstructured data which formed the basis for ECM for so many years no longer exists. AIIM have for years now being referring to Intelligent Information Management rather than ECM, and we need to take cognisance of the fact that this is a reality. Not only because of Privacy or data protection, but litigation, content search, e-discovery, knowledge management, all require that we look beyond electronic and paper records as we used to know them but must recognise that data in databases forms an integral part of the "records" or evidence of the activities of the organisation. The emphasis has moved away from dedicated records management systems to IT solutions. 
  4. Whilst many industry pundits for years pushed for a single ECM repository, the reality is that this seldom exists as the single source of evidence. Transactional systems hold electronic records, collaboration environments such as Teams hold files, conversations and chats and all could be important. Content services emerged as a concept years ago, and AIIM's Intelligent Information Management moves us even further beyond that. The AIIM Information Governance certification (CIP) is valuable in helping understand what this new world looks like. 
  5. Combined, the US DoDI 5015.2, 8180.01 and the US DoD data strategy, the focus is more on output, rather than functional requirements. Authoritative records are what matter, and these must be created, stored, used, shared, transferred and disposed correctly to ensure that they can be trusted. The emphasis is on data quality which emphasises that information, data, records, must be "Visible, Accessible, Understandable, Linked, Trustworthy, Interoperable, and Secure (VAULTIS)" and the pillars that need to in place include focus on Curation, Automation and Governance.

This is a major step forward and needs to be studied by all in the industry, especially, but not limited to those responsible for implementing national or corporate policy. 

 Image for US DOD 8180 article

US DoD publishes guidance on Technology planning for Electronic Records Management (ERM)

This may be one of the most important guidance documents published in years. For many years, the US DoD 5015.2 Functional Requirements specification stood alongside the DLM forum’s MoReq (and MoReq 2010) and ISO 16175 as one of the key standards against which to benchmark Functional requirements for Electronic Records Management Systems. One thing which was missing however, was an internationally available set of implementation guidelines for ERM other than ISO standards, and documents requiring membership of organisations such as AIIM and ARMA.

In August 2023, the DoD published DoD manual 8180.01 information technology planning for electronic records management. This article provides a summary of the primary areas of the guidance document. Note: The document is designed for the US DoD, hence imposes no obligation on other organisations to implement it in part or in whole. If you are part of a USA organisation that is required to comply, then you should refer directly to 8180.01. I have made no attempt to re-write the document as you can download it from a link provided at the end of the article. Rather I have extracted the main headings and provide a simple description and my own interpretation of the requirements. I have used the main headings as provided in the guidance document. 8180.01 should be read in conjunction with 5015.2 (US Components) or other functional requirement specifications.

1          POLICY

Any development, acquisition, improvements or decommissioning of any IT system should consider records management requirements. Think of this in the context of Records Management by Design, which should include IT, Business and Records Management requirements throughout the lifecycle of an IT system. Privacy by Design should also form part of that thinking. Both records management and privacy have requirements for the retention of the data included in those systems.

2          RESPONSIBILITIES

The responsibilities described in this apply to US Government Agencies (Components), hence is out of scope of this article.

3          Building Blocks.

The document focuses on nine building blocks focusing on records management and each will be explored.

3.1       Retention planning.

The information contained in IT systems must be understood and included in retention schedules. This should happen regardless of whether these retention periods and schedules are imposed by a National Archival and Records Management Organisation (such as NARA in the USA) or internally through a formally designated process. IT systems in this case include formal EDRMS, ECM, EDMS, or ERM systems as well as business systems such as ERP or Line of Business systems which contain records.

3.2       Metadata

Metadata is a fundamental part of authoritative records and must be created and for all aspects of managing the records, including records controls such as referencing and disposition. Metadata regarding other aspects such as business processes, information security and findability are essential. Where records management or business processes are automated, metadata used or created during automation must be captured. As a side note, the rapid rise of AI requires further consideration of the metadata used specifically by AI and/or generated through the AI processes.

Metadata should include the following categories:

  1. Identity
  2. Description
  3. Use
  4. Event plan
  5. Event history
  6. Relation

For organisations outside the ambit of the US DoD, the ISO 23081 family is a useful set  of metadata standards and Guidelines.

3.3       Capture

The guideline highlights an aspect that many records managers do not focus enough attention on. The fact that records could be structured as lines of data in a database, or as an electronic document, a physical document, or in a number of other unstructured formats. All of these need to be included in the records programme.

3.4       Storage

Records can be stored in the creating or receiving system, a system which supersedes the original system, a formal electronic records repository, or any combination of these. When considering records, it includes any metadata, retention schedules, status, all of which must be inextricably associated with the record such that its integrity, authenticity, reliability, usability, remain intact. Storage must consider the original system, and any transfers to archival repositories.

3.5       Find and Update

Records must be findable throughout their existence, which requires solid use  of accurate metadata. This needs to include metadata related to or generated through records hold processes.

3.6       Disposition

Disposition includes either disposal or transfer to a repository. Systems need to be able to store, allocate and apply retention and disposition rules to records stored therein.

3.7       Maintain

Information must be “authoritative” which means it must have integrity, authenticity, and usability regardless of any changes to it, its metadata or the system creating or managing it. This must remain intact throughout the information lifecycle and include aspects of digital preservation.

3.8       Access control

Formal access control rules, controls and permissions must be in place. Roles need to be identified and implemented to ensure that all aspects of records management are included.

3.9       Reporting and metrics

Oversight and reporting on records are essential. Thus, analysis of records, where they reside, and the actions taken on them all need to be recorded and reported upon.

4          Purpose-built versus utility IT

The guideline distinguishes between purpose-built systems, where the organisation can build records rules and metadata requirements such as metadata into the design. Utility systems such as word processing applications or spreadsheet systems may not have those controls.

The organisation must ensure that these controls are in place regardless of which types of systems generate, create, or maintain records.

5          Stakeholders

Emphasis is placed on the fact that IT and Records professionals need to work together to implement systems as each bring distinct levels and type of expertise to the implementation. There are also other stakeholder groups that need to be considered, which include:

  1. IT Vendors
  2. IT providers (and implementers), including outsourced IT services.
  3. Customers
  4. Users

I would add other stakeholders such as National Archives agencies, and regulatory bodies such as Data Protection of Privacy Regulators to this list.

6          Summary and usage

The guideline goes into greater detail on each of these aspects and the full guideline is available on the Directives Division Website at https://www.esd.whs.mil/DD/

It includes a useful checklist which can be used to determine compliance. In addition, it has a table showing the required functionality with considerations for IT service providers and execution responsibilities.

7          Need help?

Please contact us if you need further information or are planning or currently in the process of implementing an Electronic Records Management system. We can assist with any of the strategy, design, architecture development, in addition to the records management policy, procedures, classification scheme or file plans, and retention and disposition schedules, rules and processes. Look at our services and training options at www.corconcepts.co.za or contact us at Contact Us (corconcepts.co.za)

 Corporate Governance

 

Documentation is the core of most evidence relating to business activities. Since the introduction of the ISO 30300 Management System for Records series of standards, and the 2016 version of ISO 15489, the concept of "Documented Information" has become important, going beyond our traditional definition of a record. Changes, including the way that information is created, the vast volumes of documented information which include AI generated documents, webpages, e-mails etc, our need as information governance professionals to become extra vigilant becomes greater. And we need to take on an even greater advocacy role, educating business on how to and why they should create accurate, trustworthy documentation, which can be trusted as the authoritative source.

Many people don't know about the ISO 30300 family, so here is a brief introduction and how and why it should be used, with some key terms that stem from the standard.

It is a Management System Standard at the same level as some more familiar standards such as ISO 9001, 14001, 18001, 27001 etc. It is written in different language to the Records Management Technical standards such as ISO 15489. The audience is different. Mangement Systems are designed to be at a management level, understandable to the executive of an organisation. Technical standards are for practitioners, although they also need to be involved in and implement the Management System standards.

A few essential terms from the standard that should be understood are:

Authoritative records

record which possess the characteristics of authenticity, reliability, integrity and useability.

The purpose of this was to create a term that could be used once, incorporating all the characteristics without having to re-write again and again which tended to make documents cumbersome to read.

Documented Information

information required to be controlled and maintained by an organization and the medium on which it is contained.

Note 1: From a records management viewpoint, documented information is a type of record. It is created and named as documented information when any management system standard is implemented by an organization.

Note 2: Documented information refers to the information required to be controlled and maintained by the organization when implementing a management system.

Information

data in context with a particular meaning

Data

set of characters or symbols to which meaning is or could be assigned.

Information system

system that processes, provides and distributes information together with associated organizational resources.

Some things are immediately apparent:

Is it a Document or a record? Who cares?

As industry professionals we have spent decades debating the differences between a "document" and a "record" and maybe it's time to move beyond that. If information has value to an organisation, regardless of whether it is a draft, or copy, it should be included in our information governance processes, even if it is to identify, find and dispose of it. The concepts of "information as an Asset" and "Information Capital" highlight the value of information to the organisation, regardless of whether it comfortably fits into our definition of record.

Is it data or information? Who cares?

As above, so much time has been wasted on debating and arguing whether "data" or "information" is the superior term. The old "Data, Information. Knowledge, Wisdom" (DIKW) model has/had value, but it changes depending on the lens from which it is viewed. I have read too many papers, models, or frameworks from different perspectives which contain alternative views. They all contain the proviso as one of the first sentences that "data includes information, physical or digital" or alternatively "Information includes data, physical or digital".

Which of course leads to the discussion as to whether we should be implementing "Data Governance" or "Information Governance". Way back in 2009, the concept of Information Governance was described on Wikipedia as

Information governance may refer to:

Later that year I created the first definition of Information Governance on Wikipedia which has clearly evolved since then. Regardless of whether your organisation prefers the term "data" or "information", use the term which works for the organisation and stick with it. Just much sure it includes all the elements of managing and governing all the data/information you have in the organization regardless of format, medium, or whether it sits structured in databases or unstructured in some other form.

Information Governance Strategist @ CORConcepts | Analytical ECM Consulting and training
 

Cropped UNESCO Board

In December last year I was privileged to attend and facilitate sessions on #digitaltransformation and ##dataprotection #Culturalheritage in Addis Ababa, Ethiopia. What was unique about this conference that it wasn't held in a hotel, but rather was hosted at the The Ethiopian National Archives and Library Agency https://nationalreadingcampaign.org/nala/. A very special thanks must be given to the Ministry of Innovation and Technology and especially Yikunoamlak Mezgebu who really went out of their way to support the event.

But this post goes beyond that. In the reading library where the event was held, built by Emperor Haile Selassie, and where he used to read, the Archives presented a number of astounding manuscripts which are recognised by UNESCO as World Cultural heritage. Here are the key learnings for me of a deeply profound experience:

  1. Firstly, these manuscripts are absolutely beautiful. Many were made from sheep skin, others from parchment, but all are magnificent pieces of art and heritage. This introduces its own challenges. They are fragile, and need to be preserved, as valuable museum pieces, as heritage artifacts of great beauty and historical value. The National Archives is doing this, and they are wonderfully preserved, even though they carry the natural damage expected after many hundreds of years.
  2. The next one is more challenging. In addition to the heritage value, the content itself has value, and needs to be made available. The physical originals are clearly too valuable to be made available to researchers, but the content needs to be, and thus has been digitised.
  3. This brings me to the most important point. Whilst I am a strong advocate of digitising, there will always remain the fact that some objects have more than one value. Historical, cultural, research, business or legal value. So even when digitising, part of the project, especially for archives, is to ensure that the originals (where they have historical or cultural value in their own right), must always be preserved, even if the content is digitised and made available for researchers and others.

Below are images and descriptions of some of the UNESCO World Heritage Documents at the Library.

Click the thumbnail to view all the images.

IMG20231211094837

For information, the specific artifacts declared as UNESCO World Heritage Documents are:

  1. The Four Gospels. the Gospel of Matthew, Luke, Mark and John which was written in the 14th AD in Geez language on a parchment
  2. The book of the prophet Enoch written in Geez language in 14th AD on a parchment
  3. The 14 Epistles of St.Paul, a book written in a Geez language in the 15th AD
  4. Psalms of king David, a book written in Geez in the 16th AD
  5. The Book of Justice, a book that served as a source of law in Ethiopia and was written over parchment
  6. The Book of Liturgy, a book written on parchment during the 17th century AD
  7. The book of chronicles, a book written on parchment and narrates the story of kings and queens of Ethiopia since the 10th century BC
  8. The history book of Emperor Menilk II King of Kings Ethiopia, a book written in the 20th AD
  9. The book of the passion week, a book written on parchment with horse skin in the 15th AD
  10. The letter of Emperor Menilik II to the Russian king Nicholas. This is a letter written in Amharic to address Italy’s aggression on Ethiopia
  11. The letter of King Sahleselasie of Shewa to the Queen of England. A letter written in the 19th century AD in Amharic to the Queen regarding the status of British who were living in Ethiopia
  12. The letter of Emperor Tewodros to Queen Victoria of England. The letter is written in Amharic which expresses the Emperor’s aspirations for modernization.

Information Governance - Certified Information Professional (CIP)

It is with great pleasure that we can announce that COR Concepts has been granted approval to train on the various AIIM courses. AIIM is widely recognised as the global industry body for:

  1. Enterprise Content Management (ECM),
  2. Electronic Document and Records Management Systems (EDRMS), 
  3. Intelligent Information Management
  4. Certified Information Professional Certification. (CIP), which is an Information Governance Certification and is highly recommended for anyone embarking on a digitalisation or Digital Transformation journey.

We are able to provide training on all of these. Most importantly, the CIP, and you can find details at CIP Preparation and Certification.

 

 

This article was published in African Mining Brief - July/August 2018

 

Information Governance Requires alignment between a number of functions and strategies.  At the very least these include:

  • Alignment to corporate strategy, ensuring that benefits of information governance are clearly understood and communicated, showing how they directly assist the business in achieving its strategy
  • Close integration with Corporate Governance, and especially as it relates to "Information and IT Governance" as is described in King IV
  • Records management, with specific focus on  classification, accountability, security, retention and disposal
  • Risk Management overall, .with specific emphasis on Information Risk
  • Information Security and ensuring that information in all formats and locations is identified, classified and protected throughout its lifecycle
  • Privacy.  In South Africa this means Protection of Personal Information (POPIA), but there could be GDPR or other privacy implications for organisations spanning multiple countries.   Read more information on Compliance with POPIA 
  • Enterprise Content Management, and ensuring that all "unstructured information" is correctly managed, ensuring that duplication is minimised or eliminated, and that information is shared appropriately.
  • e-discovery, and the ability to easily identify, locate and retrieve information which may be required for any purpose.  All information relating to a case or subject must be identifiable.
  • Master data management and data quality.  The "structured data" residing in corporate ICT systems needs to be managed as an integral component of Information Governance.

 

Read The complete article - A holistic approach to Information Governance in the Mining Industry

Page 1 of 2