We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byLuke Sinclair
Modified over 2 years ago
© 2004, R.E.Barry 1 Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesnt Get Blindsided Rick Barry, Principal, Barry Associates Virtual
© 2004, R.E.Barry 2 About Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesnt Get Blindsided Major systems that produce records recordmaking systems How these relate to systems that properly manage records recordkeeping systems Options for getting them into line How compliance requirements and standards can help Futures
© 2004, R.E.Barry 3 Stats Stats: Indicative trends; Hide standard deviations Information production: World population: 6.3 billion. ~ 800 MB of recorded information produced p.c., p.a. Equivalent: ~ 30books Print, film, magnetic, optical storage media produced ~ 5 exabytes of new info in % magnetic mediamostly HDs 1 exabyte = 1024 petabytes, each of which = 1024 terabytes 1 exabyte = 1024 petabytes, each of which = 1024 terabytes 5 exabytes? If digitized with full formatting, the 17,000,000 books in the Library of Congress contain about 136 terabytes; 5 exabytes is equivalent to info contained in 37,000 new libraries the size of Library of Congress 5 exabytes? If digitized with full formatting, the 17,000,000 books in the Library of Congress contain about 136 terabytes; 5 exabytes is equivalent to info contained in 37,000 new libraries the size of Library of Congress Average users in US spend 25+ hrs per month on Internet at home and 74 hours at work. 19% use to do research for work IM: 31% U.S. business Internet users used IM >/ once in May 02 WWW: 2000 estimated public (surface) Web volume: 20 to 50 terabytes; 2003 measured volume: 167 terabytes - 3X BrightPlanet estimates deep web ~ 66,800 and 91,850 terabytes. Blogs: 2003: ~ 2.9 million active weblogs containing about 81 GB Source: How Much Information? 2003, UC Berkeley's School of Information Management and Systems, 2003/execsum.htm 2003/execsum.htmhttp://www.sims.berkeley.edu/research/projects/how-much-info- 2003/execsum.htm
USS Blue Action Report Re Dec 7, 1941: Excerpt
© 2004, R.E.Barry 5 Recordmaking systems Create documentation that meet commonly accepted definitions of records Virtually all digital systems used to create, communicate and record business in support of business processes (BPs) Human to human Human to human Human to system Human to system System to system System to system System to human System to human
© 2004, R.E.Barry 6 Core Recordmaking Systems Old fashioned office systems, , EDMS; new fashioned instant messaging (IM) systems Back room – Enterprise Resources Planning (ERP) (SAP/PeopleSoft/Oracle/JDE)finance, HR Indiana Univ. project OneStart/EDEN – A Description of IU's Transaction Processing/Recordkeeping Environment" by Rosemary Pleva Flynn mybestdocscom Guest Authors Front room – CIM, CRM Integrated voice/text/data systems Integrated voice/text/data systems Workflow, forms management Facility Management (CAD/CAFM/CMMS) Business intranets, extranets, websites, blogs
© 2004, R.E.Barry 7 Survey of IT Directors Association 23 CIOs, CTOs, IT Directors of South Carolina State Agencies What functions and systems were they responsible for? What kind of systems had their organizations implemented? What did they see as the major issues, including electronic record
© 2004, R.E.Barry 8 CIO Organizations With/Without Responsibility For: n = 23
© 2004, R.E.Barry 9 Major Systems Implemented n = 23
© 2004, R.E.Barry 10 Topics Deemed Major Concerns What main concerns face your IT Departments? 1=not at all/minor2=somewhat3=Major Other: Continuing operations under current Legislative Budget Priorities n = 23
© 2004, R.E.Barry 11 CIO Organizations With/Without Responsibility for Recordkeeping 30% 70% Q: What main concerns face your ITD? Electronic Records? 1=not at all/minor2=somewhat 3=Major Is your organization responsible for records management? n = 23
© 2004, R.E.Barry 12 Findings/Conclusions E-recs tied for 2 nd place among concerns About 30% felt that the balance in their org was too much on IT, too little IM About 90% responsible for IM, 70% RM and ~½ for web content Nearly all operating websites & intranets; few had EDMS, ERP systems or EDMS+ (EDMS ) Directors with RM responsibility for RM saw e-recs as major issue Directors without RM responsibility saw e-recs as a minor or no issue Responsibility for e-recs brings respect for issues
© 2004, R.E.Barry 13 Recordkeeping Systems ( RKS) ISO defines records as: information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business with following characteristics: authenticity, integrity and usability. It defines records system: information system which captures, manages and provides access to records through time.
© 2004, R.E.Barry 14 Recordkeeping Systems ( RKS) Most, not all, business communications = records What characterizes records? Content, context, structure. Not technology platform. Importance of the BP determines the value of records they produce. Assessment of BPs is how: value is determined value is determined disposition management policy is applied disposition management policy is applied Keep or not? If so, how long? Specified # yrs/Indefinite? disposition is carried out disposition is carried out All records can constitute legal evidence. They can also be challenged as legal evidence.
© 2004, R.E.Barry 15 Trustworthy Recordkeeping Systems Systems with robust archives & records management (ARM) functionality for records capture, maintenance of integrity, long-term preservation & disposition management: Univ.of Penn. Functional Requirements for Evidence in Recordkeeping: Systems with robust archives & records management (ARM) functionality for records capture, maintenance of integrity, long-term preservation & disposition management: Univ.of Penn. Functional Requirements for Evidence in Recordkeeping: s.pitt.edu/~nhprc s.pitt.edu/~nhprc Trustworthy Electronic Recordkeeping Systems are generally accepted as maintaining the integrity, accuracy, authenticity and accessibility of electronic records. Information Nation, Seven Keys to Information Management Compliance, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004 Information Nation, Seven Keys to Information Management Compliance, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004 Best Practices for Document Management in an Emerging Digital Environment by R.Barry,1994, Other Papers section Best Practices for Document Management in an Emerging Digital Environment by R.Barry,1994, Other Papers section
© 2004, R.E.Barry 16Ergo: A trustworthy recordkeeping system: Maintains and permits continuing management of records in a manner consistent with rigorous recordkeeping requirements and standards Maintains and permits continuing management of records in a manner consistent with rigorous recordkeeping requirements and standards Maximizes likely acceptance as evidence Maximizes likely acceptance as evidence A records management application (RMA) is the software component of a broader recordkeeping regime to facilitate management of records Most RMS are not RKS
© 2004, R.E.Barry 17 DoD Records Management Applications standard Meets minimal requirements for trustworthy recordkeeping Meets minimal requirements for trustworthy recordkeeping Recommended by Archivist of US for all federal agencies ulletin_2003_03.html Recommended by Archivist of US for all federal agencies ulletin_2003_03.html ulletin_2003_03.html ulletin_2003_03.html Most portions are applicable to private sector Most portions are applicable to private sector About 60 products, product partnerships certified under About 60 products, product partnerships certified under
© 2004, R.E.Barry 18 What Requires RMAs shall provide capabilities to: Define file plan - record categories/series and their associated disposition schedules Define file plan - record categories/series and their associated disposition schedules Identify/declare records, provide context Identify/declare records, provide context Store, preserve, protect electronic records Store, preserve, protect electronic records Search for and retrieve electronic records Search for and retrieve electronic records Track records disposition schedule status Track records disposition schedule status Execute disposition instructions - cutoff, transfer, destroy Execute disposition instructions - cutoff, transfer, destroy
© 2004, R.E.Barry 19 Beyond (V2 June 2002) Beyond (V2 June 2002) Possible topics for inclusion in V3 Incorporation of standard data elements Incorporation of standard data elements Interoperability within enterprise environment/among disparate RMAs Interoperability within enterprise environment/among disparate RMAs Manual transfer of electronic records to NARA Manual transfer of electronic records to NARA Direct transfer of electronic records to archives Direct transfer of electronic records to archives Minor changes in security section reflecting recent amendment to Executive Order on national security Minor changes in security section reflecting recent amendment to Executive Order on national security Migration of some non-mandatory features to mandatory, e.g., extraction/redaction, more DM Migration of some non-mandatory features to mandatory, e.g., extraction/redaction, more DM
© 2004, R.E.Barry 20 FUTURES Not necessarily a world of our making Not necessarily one we want to see emerge But one that is changing the way we must do business and manage records Few people are asking for our advice And no one is asking our permission
© 2004, R.E.Barry 21 Futures Business: Business: Increased focus on BPs as links between strategic aims & assets: human, financial, facilities, technology, information More multi-national/international business transactions & operations Greater emphasis on post-911 info security needs Further globalization of business transactions under multiple RK/FOI practices and laws Continued concerns over privacy issues Legals: Legals: Growing court discovery judgmentse-records Efforts to harmonize e-bus laws/regulations internationally De facto changes in business law definitions of records by lawyers with no ARM background
© 2004, R.E.Barry 22 Futures Technology: Tighter integration of BP & technology Greater consolidation of business-process based: records, compliance, information security and risk management Greater consolidation of business-process based: records, compliance, information security and risk management More standards: IM, RM, IT; increased use of open source platforms (Linux OpenReader Ubiquitous recordkeeping Burgeoning of wireless, natural language and video business applications. More multimedia records Computer-aided records detection, capture, classification More advanced personal electronic records tools Business, government take-up of hip technologies IM, blogs, integrated mobile phones/PDAs, game technologies for business purposes
© 2004, R.E.Barry 23 For more on blogs and other such things…see
© 2004, R.E.Barry 24
© 2004, R.E.Barry 25 Recordmaking Implications Technology doesnt (yet) change recordness of documents/objects Technology dramatically changes the ways we must manage records Hands-off recordmaking by computers Location-independent computing – universal workspace Records created in homes, hotels, temporary offices & outsourced organizations Records created in homes, hotels, temporary offices & outsourced organizations Employees need remote access to records; security Employees need remote access to records; security Workers need records in different renditions/formats Workers need records in different renditions/formats
© 2004, R.E.Barry 26 ARM Implications Large-scale system replacement of legacy recordmaking systems 1 ERP supplants many legacy paperful systems Systems producing massive volumes of records without own recordkeeping capabilities Web pages very dynamic Public- or customer-facing Web pages often reflect changing enterprise understandings or commitments to public or other clients. Often only place where records exist ( See Web Sites as Recordkeeping and Recordmaking Systems, by R.E. Barry, Information Management Journal, Nov/Dec 2004.) New systems may use /instant mail interface; no humans involved Records produced but not managed = risk
© 2004, R.E.Barry 27 Which way to turn?
© 2004, R.E.Barry 28 CEOs Get up on top of the issues. Number of stakeholders requires CEO to make it happen. Put recordkeeping on your strategic agenda. Take another look at organization/staffing of ARM Call for risk analyses Revisit Y2K risk analyses, audits Revisit Y2K risk analyses, audits Do it in-house: See Best Practices paper with checklist at in Other Papers Do it in-house: See Best Practices paper with checklist at in Other Papers Provide management mandate to make high-risk recordmaking systems into trustworthy recordkeeping systems Build alliances to keep you informed of risks, options Representative program managers, CIO, ARM manager, general counsel, auditor, facility manager Representative program managers, CIO, ARM manager, general counsel, auditor, facility manager Adopt as enterprise standards: Adopt as enterprise standards: ISO for regime-level records management ISO for regime-level records management DoD for ECM system-level records management DoD for ECM system-level records management Metadata, document-access standard Metadata, document-access standard Others standards and regulations appropriate to business Others standards and regulations appropriate to business
© 2004, R.E.Barry 29 Standards Unlike laws, regulations, standards are voluntarily adopted or mandated by organizations as policy ISO Records Management Standardbroad recordkeeping regime standard Records Management Applications (RMA) Standard (US DoD)software standard Metadata standards required for information discovery Dublin Core W3C Recommendation 10 Feb Dublin Core W3C Recommendation 10 Feb Australian National Archives AGLS Metadata Australian National Archives AGLS Metadata XFML Core - eXchangeable Faceted Metadata Language elements XFML Core - eXchangeable Faceted Metadata Language elements Long-term document access standards TIFF + ASCII; PDF, PDF-A, OpenReader TIFF + ASCII; PDF, PDF-A, OpenReader
© 2004, R.E.Barry 30 Chief Counsels Compliance Laws/Regulations CFR 21 Part 11 Title 21 Federal Regulations Code: Electronic Records; Electronic Signatures Freedom of Information Freedom of Information HIPAAHealth Insurance Portability & Accountability Act ADA Section 508Americans with Disabilities Act SOXSarbanes-Oxley Act of SEC Rule 17a-4 -- Records to Be Preserved by Certain Exchange Members, Brokers and Dealers
© 2004, R.E.Barry 31 Whats wrong with this picture? HR Legal Finance Published here with the kind permission of Kevin Lindeberg.Kevin Lindeberg
© 2004, R.E.Barry 32 CIOs/ITDs, ARM Managers: Getting recordmaking systems into line ECMS+: also tested, certified/approved RMA Centralized IT is back; but scalability remains an issue Centralized IT is back; but scalability remains an issue Pairing: Port products of ECMS, EDMS, ERP and other recordmaking systems into a trustworthy RMA or ECMS + /EDMS + recordkeeping Upgrade recordmaking system to become a trustworthy RK systemsembed recordkeeping in business processes Hybrid of above Whichever way: implement at enterprise IM-IT architecture level Whichever way: implement at enterprise IM-IT architecture level Implement small. Plan enterprise. Implement small. Plan enterprise.
© 2004, R.E.Barry 33 Procurement/Acquisition Managers Require bidding documents to require bidders to : Commit to maintain certification Commit to maintain certification Specify which Additional Baseline Requirements, (C2.2.10) features are supported by its product(s) vs. expected of the user organization Specify which Additional Baseline Requirements, (C2.2.10) features are supported by its product(s) vs. expected of the user organization Specify other compliance requirements supported by its product(s) Specify other compliance requirements supported by its product(s) Include costs of data conversion from legacy information (including electronic records) to proposed system Include costs of data conversion from legacy information (including electronic records) to proposed system
© 2004, R.E.Barry 34 Developers of B2E, B2B, B2C Design systems for ARM compliance Partner with a certified RMA until you get your own Gain or similar certification for use in other countries Provide further functionality for major compliance requirements Adopt ISO/DoD standards for own internal operations
© 2004, R.E.Barry 35 CIOs and IT Directors Take your archivist/records manager to lunch
© 2004, R.E.Barry 36 Archivists & Records Managers Pay for the lunch Ask the CIO to pay for the system
© 2004, R.E.Barry 37
© 2004 R. E. Barry 1 ARMA-Winnipeg Transacting e-Business: Is Records Management Being Passed By? 22 April 2004 Rick Barry, Barry Associates Virtual Handout.
SharePoint Governance Questions January 2014 ©2014 SUSAN HANLEY LLC.
Welcome to Washington, DC Accessibility Forum Meeting June 2002.
1 IAPP Privacy Certification Government Privacy Certified Information Privacy Professional/Government (CIPP/G) Julie Smith McEwen, CIPP/G, CISSP Principal.
1 Unified Communications and Collaboration Campaign MM TI-BDM Deck User Guidance Purpose of this deck: –Show how Microsoft ® Unified Communications and.
The Importance of Information Systems Management Chapter 1 Information Systems Management In Practice 7E McNurlin & Sprague PowerPoints prepared by Michael.
Digital preservation: an introduction Michael Day UKOLN, University of Bath, UK University of the West of England,
Copyright Davis Wright Tremaine LLP - Jan Working with the HIPAA Privacy Manual and Forms --- HIPAA Summit West II Clark Stanton & Tom Jeffry Davis.
1 ITIL in the Real World: Leveraging ITIL Best Practices for Service Improvement at NYU Presented by Ben Maddox, NYU Information Technology Services
Presented to the Fifth HIPAA Summit October 30, 2002 HIPAA Assessment and Implementation.
Enterprise Information & Content Management | London 2001 | Dr. Ulrich Kampffmeyer | PROJECT CONSULT Unternehmensberatung | 2001
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1 Improving Statewide.
1 © Copyright 2009 EMC Corporation. All rights reserved. Electronic Discovery & Compliance: Meeting the Challenges - Avoiding a Trial by Fire…. Timothy.
1 Information Systems Using Information (Higher).
1 Are You Ready for IT Control Identification & Testing? The Institute of Internal Auditors February 10, 2004 Moderator: Xenia Ley Parker, CIA, CISA, CFSA.
Strategies LLCTaxonomy May 22, 2005Copyright 2005 Taxonomy Strategies LLC. All rights reserved. Workshop: Why and How to Use Dublin Core for Enterprise-Wide.
Knowledge Management Thomas J. Froehlich, Ph.D. Program Director, IAKM Professor, SLIS.
Managing the Unimaginable: A Practical Approach to Petabyte Data Storage Randy Cochran, Infrastructure Architect, IBM Corporation,
Manchester Computing Cross Council ICT Conference For e-Science & GRID May 2004 End to End Services to support an e-Science Community Professor M.
Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving.
You Cant Build a House Without Blueprints: Creating a Communication Strategy and Plan for Change Presenter: Adrienne Schutte.
Implementing Business Driven Information Management Practices From Policy to Metadata.
School Board Audit Committee Training Module 1 Roles, Responsibilities and Relationships 1.
1 Network Security Workshop BUSAN 2003 Rahmat Budiarto
1 Schools financial value standard Welcome. 2 Aims The aims of the day are to: provide guidance on the requirements of the Schools Financial Value standard.
Prentice Hall, Chapter 1 Overview of Electronic Commerce.
© 2016 SlidePlayer.com Inc. All rights reserved.