Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004, R.E.Barry 1 Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesnt Get Blindsided Rick Barry, Principal, Barry Associates Virtual Handouts.

Similar presentations


Presentation on theme: "© 2004, R.E.Barry 1 Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesnt Get Blindsided Rick Barry, Principal, Barry Associates Virtual Handouts."— Presentation transcript:

1 © 2004, R.E.Barry 1 Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesnt Get Blindsided Rick Barry, Principal, Barry Associates Virtual Handouts @ www.mybestdocs.com

2 © 2004, R.E.Barry 2 About Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesnt Get Blindsided Major systems that produce records recordmaking systems How these relate to systems that properly manage records recordkeeping systems Options for getting them into line How compliance requirements and standards can help Futures

3 © 2004, R.E.Barry 3 Stats Stats: Indicative trends; Hide standard deviations Information production: World population: 6.3 billion. ~ 800 MB of recorded information produced p.c., p.a. Equivalent: ~ 30books Print, film, magnetic, optical storage media produced ~ 5 exabytes of new info in 2002. 92% magnetic mediamostly HDs 1 exabyte = 1024 petabytes, each of which = 1024 terabytes 1 exabyte = 1024 petabytes, each of which = 1024 terabytes 5 exabytes? If digitized with full formatting, the 17,000,000 books in the Library of Congress contain about 136 terabytes; 5 exabytes is equivalent to info contained in 37,000 new libraries the size of Library of Congress 5 exabytes? If digitized with full formatting, the 17,000,000 books in the Library of Congress contain about 136 terabytes; 5 exabytes is equivalent to info contained in 37,000 new libraries the size of Library of Congress Email: Average users in US spend 25+ hrs per month on Internet at home and 74 hours at work. 19% use to do research for work IM: 31% U.S. business Internet users used IM >/ once in May 02 WWW: 2000 estimated public (surface) Web volume: 20 to 50 terabytes; 2003 measured volume: 167 terabytes - 3X BrightPlanet estimates deep web ~ 66,800 and 91,850 terabytes. Blogs: 2003: ~ 2.9 million active weblogs containing about 81 GB Source: How Much Information? 2003, UC Berkeley's School of Information Management and Systems, http://www.sims.berkeley.edu/research/projects/how-much-info- 2003/execsum.htm http://www.sims.berkeley.edu/research/projects/how-much-info- 2003/execsum.htmhttp://www.sims.berkeley.edu/research/projects/how-much-info- 2003/execsum.htm

4 USS Blue Action Report Re Dec 7, 1941: Excerpt

5 © 2004, R.E.Barry 5 Recordmaking systems Create documentation that meet commonly accepted definitions of records Virtually all digital systems used to create, communicate and record business in support of business processes (BPs) Human to human Human to human Human to system Human to system System to system System to system System to human System to human

6 © 2004, R.E.Barry 6 Core Recordmaking Systems Old fashioned office systems, email, EDMS; new fashioned instant messaging (IM) systems Back room – Enterprise Resources Planning (ERP) (SAP/PeopleSoft/Oracle/JDE)finance, HR Indiana Univ. project www.indiana.edu/~librarch/phase.html www.indiana.edu/~librarch/phase.html OneStart/EDEN – A Description of IU's Transaction Processing/Recordkeeping Environment" by Rosemary Pleva Flynn mybestdocscom Guest Authors Front room – CIM, CRM Integrated voice/text/data systems Integrated voice/text/data systems Workflow, forms management Facility Management (CAD/CAFM/CMMS) Business intranets, extranets, websites, blogs

7 © 2004, R.E.Barry 7 Survey of IT Directors Association 23 CIOs, CTOs, IT Directors of South Carolina State Agencies What functions and systems were they responsible for? What kind of systems had their organizations implemented? What did they see as the major issues, including electronic record

8 © 2004, R.E.Barry 8 CIO Organizations With/Without Responsibility For: n = 23

9 © 2004, R.E.Barry 9 Major Systems Implemented n = 23

10 © 2004, R.E.Barry 10 Topics Deemed Major Concerns What main concerns face your IT Departments? 1=not at all/minor2=somewhat3=Major Other: Continuing operations under current Legislative Budget Priorities n = 23

11 © 2004, R.E.Barry 11 CIO Organizations With/Without Responsibility for Recordkeeping 30% 70% Q: What main concerns face your ITD? Electronic Records? 1=not at all/minor2=somewhat 3=Major Is your organization responsible for records management? n = 23

12 © 2004, R.E.Barry 12 Findings/Conclusions E-recs tied for 2 nd place among concerns About 30% felt that the balance in their org was too much on IT, too little IM About 90% responsible for IM, 70% RM and ~½ for web content Nearly all operating websites & intranets; few had EDMS, ERP systems or EDMS+ (EDMS + 5015) Directors with RM responsibility for RM saw e-recs as major issue Directors without RM responsibility saw e-recs as a minor or no issue Responsibility for e-recs brings respect for issues

13 © 2004, R.E.Barry 13 Recordkeeping Systems ( RKS) ISO 15489 defines records as: information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business with following characteristics: authenticity, integrity and usability. It defines records system: information system which captures, manages and provides access to records through time.

14 © 2004, R.E.Barry 14 Recordkeeping Systems ( RKS) Most, not all, business communications = records What characterizes records? Content, context, structure. Not technology platform. Importance of the BP determines the value of records they produce. Assessment of BPs is how: value is determined value is determined disposition management policy is applied disposition management policy is applied Keep or not? If so, how long? Specified # yrs/Indefinite? disposition is carried out disposition is carried out All records can constitute legal evidence. They can also be challenged as legal evidence.

15 © 2004, R.E.Barry 15 Trustworthy Recordkeeping Systems Systems with robust archives & records management (ARM) functionality for records capture, maintenance of integrity, long-term preservation & disposition management: Univ.of Penn. Functional Requirements for Evidence in Recordkeeping: Systems with robust archives & records management (ARM) functionality for records capture, maintenance of integrity, long-term preservation & disposition management: Univ.of Penn. Functional Requirements for Evidence in Recordkeeping: http://web.archive.org/web/20000818163633/www.si s.pitt.edu/~nhprc http://web.archive.org/web/20000818163633/www.si s.pitt.edu/~nhprc Trustworthy Electronic Recordkeeping Systems are generally accepted as maintaining the integrity, accuracy, authenticity and accessibility of electronic records. Information Nation, Seven Keys to Information Management Compliance, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004 Information Nation, Seven Keys to Information Management Compliance, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004 Best Practices for Document Management in an Emerging Digital Environment by R.Barry,1994, www.mybestdocs.com, Other Papers section Best Practices for Document Management in an Emerging Digital Environment by R.Barry,1994, www.mybestdocs.com, Other Papers section

16 © 2004, R.E.Barry 16Ergo: A trustworthy recordkeeping system: Maintains and permits continuing management of records in a manner consistent with rigorous recordkeeping requirements and standards Maintains and permits continuing management of records in a manner consistent with rigorous recordkeeping requirements and standards Maximizes likely acceptance as evidence Maximizes likely acceptance as evidence A records management application (RMA) is the software component of a broader recordkeeping regime to facilitate management of records Most RMS are not RKS

17 © 2004, R.E.Barry 17 DoD 5015.2 Records Management Applications standard Meets minimal requirements for trustworthy recordkeeping Meets minimal requirements for trustworthy recordkeeping Recommended by Archivist of US for all federal agencies www.archives.gov/records_management/policy_and_guidance/b ulletin_2003_03.html Recommended by Archivist of US for all federal agencies www.archives.gov/records_management/policy_and_guidance/b ulletin_2003_03.html www.archives.gov/records_management/policy_and_guidance/b ulletin_2003_03.html www.archives.gov/records_management/policy_and_guidance/b ulletin_2003_03.html Most portions are applicable to private sector Most portions are applicable to private sector About 60 products, product partnerships certified under 5015.2 http://jitc.fhu.disa.mil/recmgt About 60 products, product partnerships certified under 5015.2 http://jitc.fhu.disa.mil/recmgt http://jitc.fhu.disa.mil/recmgt

18 © 2004, R.E.Barry 18 What 5015.2 Requires RMAs shall provide capabilities to: Define file plan - record categories/series and their associated disposition schedules Define file plan - record categories/series and their associated disposition schedules Identify/declare records, provide context Identify/declare records, provide context Store, preserve, protect electronic records Store, preserve, protect electronic records Search for and retrieve electronic records Search for and retrieve electronic records Track records disposition schedule status Track records disposition schedule status Execute disposition instructions - cutoff, transfer, destroy Execute disposition instructions - cutoff, transfer, destroy

19 © 2004, R.E.Barry 19 Beyond 5015.2 (V2 June 2002) Beyond 5015.2 (V2 June 2002) Possible topics for inclusion in V3 Incorporation of standard data elements Incorporation of standard data elements Interoperability within enterprise environment/among disparate RMAs Interoperability within enterprise environment/among disparate RMAs Manual transfer of electronic records to NARA Manual transfer of electronic records to NARA Direct transfer of electronic records to archives Direct transfer of electronic records to archives Minor changes in security section reflecting recent amendment to Executive Order on national security Minor changes in security section reflecting recent amendment to Executive Order on national security Migration of some non-mandatory features to mandatory, e.g., extraction/redaction, more DM Migration of some non-mandatory features to mandatory, e.g., extraction/redaction, more DM

20 © 2004, R.E.Barry 20 FUTURES Not necessarily a world of our making Not necessarily one we want to see emerge But one that is changing the way we must do business and manage records Few people are asking for our advice And no one is asking our permission

21 © 2004, R.E.Barry 21 Futures Business: Business: Increased focus on BPs as links between strategic aims & assets: human, financial, facilities, technology, information More multi-national/international business transactions & operations Greater emphasis on post-911 info security needs Further globalization of business transactions under multiple RK/FOI practices and laws Continued concerns over privacy issues Legals: Legals: Growing court discovery judgmentse-records Efforts to harmonize e-bus laws/regulations internationally De facto changes in business law definitions of records by lawyers with no ARM background

22 © 2004, R.E.Barry 22 Futures Technology: Tighter integration of BP & technology Greater consolidation of business-process based: records, compliance, information security and risk management Greater consolidation of business-process based: records, compliance, information security and risk management More standards: IM, RM, IT; increased use of open source platforms (Linux www.linux.org/, OpenReader www.openreader.com) Ubiquitous recordkeeping Burgeoning of wireless, natural language and video business applications. More multimedia records Computer-aided records detection, capture, classification More advanced personal electronic records tools Business, government take-up of hip technologies IM, blogs, integrated mobile phones/PDAs, game technologies for business purposes

23 © 2004, R.E.Barry 23 For more on blogs and other such things…see WWW.MYBESTDOC.COM

24 © 2004, R.E.Barry 24 www.mybestdocs.com

25 © 2004, R.E.Barry 25 Recordmaking Implications Technology doesnt (yet) change recordness of documents/objects Technology dramatically changes the ways we must manage records Hands-off recordmaking by computers Location-independent computing – universal workspace Records created in homes, hotels, temporary offices & outsourced organizations Records created in homes, hotels, temporary offices & outsourced organizations Employees need remote access to records; security Employees need remote access to records; security Workers need records in different renditions/formats Workers need records in different renditions/formats

26 © 2004, R.E.Barry 26 ARM Implications Large-scale system replacement of legacy recordmaking systems 1 ERP supplants many legacy paperful systems Systems producing massive volumes of records without own recordkeeping capabilities Web pages very dynamic Public- or customer-facing Web pages often reflect changing enterprise understandings or commitments to public or other clients. Often only place where records exist ( See Web Sites as Recordkeeping and Recordmaking Systems, by R.E. Barry, Information Management Journal, Nov/Dec 2004.) New systems may use email/instant mail interface; no humans involved Records produced but not managed = risk

27 © 2004, R.E.Barry 27 Which way to turn?

28 © 2004, R.E.Barry 28 CEOs Get up on top of the issues. Number of stakeholders requires CEO to make it happen. Put recordkeeping on your strategic agenda. Take another look at organization/staffing of ARM Call for risk analyses Revisit Y2K risk analyses, audits Revisit Y2K risk analyses, audits Do it in-house: See Best Practices paper with checklist at www.mybestdocs.com in Other Papers Do it in-house: See Best Practices paper with checklist at www.mybestdocs.com in Other Papers Provide management mandate to make high-risk recordmaking systems into trustworthy recordkeeping systems Build alliances to keep you informed of risks, options Representative program managers, CIO, ARM manager, general counsel, auditor, facility manager Representative program managers, CIO, ARM manager, general counsel, auditor, facility manager Adopt as enterprise standards: Adopt as enterprise standards: ISO 15489 for regime-level records management ISO 15489 for regime-level records management DoD 5015.2 for ECM system-level records management DoD 5015.2 for ECM system-level records management Metadata, document-access standard Metadata, document-access standard Others standards and regulations appropriate to business Others standards and regulations appropriate to business

29 © 2004, R.E.Barry 29 Standards Unlike laws, regulations, standards are voluntarily adopted or mandated by organizations as policy ISO 15489 Records Management Standardbroad recordkeeping regime standard 5015.2 Records Management Applications (RMA) Standard (US DoD)software standard Metadata standards required for information discovery Dublin Core http://dublincore.org/; W3C Recommendation 10 Feb 2004 www.w3.org/TR/rdf-primer/ Dublin Core http://dublincore.org/; W3C Recommendation 10 Feb 2004 www.w3.org/TR/rdf-primer/ www.w3.org/TR/rdf-primer/ Australian National Archives AGLS Metadata www.naa.gov.au/recordkeeping/gov_online/agls/metadata_element_set.html Australian National Archives AGLS Metadata www.naa.gov.au/recordkeeping/gov_online/agls/metadata_element_set.html www.naa.gov.au/recordkeeping/gov_online/agls/metadata_element_set.html XFML Core - eXchangeable Faceted Metadata Language http://xfml.org/spec/;+RK elements XFML Core - eXchangeable Faceted Metadata Language http://xfml.org/spec/;+RK elements http://xfml.org/spec/ Long-term document access standards TIFF + ASCII; PDF, PDF-A, OpenReader TIFF + ASCII; PDF, PDF-A, OpenReader

30 © 2004, R.E.Barry 30 Chief Counsels Compliance Laws/Regulations CFR 21 Part 11 Title 21 Federal Regulations Code: Electronic Records; Electronic Signatures www.fda.gov/cder/gmp/index.htm www.fda.gov/ora/compliance_ref/part11/ www.fda.gov/cder/gmp/index.htm www.fda.gov/ora/compliance_ref/part11/ www.fda.gov/cder/gmp/index.htm www.fda.gov/ora/compliance_ref/part11/ Freedom of Information Freedom of Information www.usdoj.gov/oip/foia_updates/Vol_XVII_4/page2.htm www.usdoj.gov/oip/foia_updates/Vol_XVII_4/page2.htm HIPAAHealth Insurance Portability & Accountability Act www.hhs.gov/ocr/hipaa www.hhs.gov/ocr/hipaa ADA Section 508Americans with Disabilities Act www.section508.gov/ www.section508.gov/ SOXSarbanes-Oxley Act of 2002 www.law.uc.edu/CCL/SOact/soact.pdf www.sec.gov/divisions/corpfin/faqs/soxact2002.htm www.law.uc.edu/CCL/SOact/soact.pdf www.sec.gov/divisions/corpfin/faqs/soxact2002.htm www.law.uc.edu/CCL/SOact/soact.pdf www.sec.gov/divisions/corpfin/faqs/soxact2002.htm SEC Rule 17a-4 -- Records to Be Preserved by Certain Exchange Members, Brokers and Dealers www.law.uc.edu/CCL/34ActRls/rule17a-4.html www.law.uc.edu/CCL/34ActRls/rule17a-4.html

31 © 2004, R.E.Barry 31 Whats wrong with this picture? HR Legal Finance Published here with the kind permission of Kevin Lindeberg.Kevin Lindeberg

32 © 2004, R.E.Barry 32 CIOs/ITDs, ARM Managers: Getting recordmaking systems into line ECMS+: also tested, certified/approved RMA Centralized IT is back; but scalability remains an issue Centralized IT is back; but scalability remains an issue Pairing: Port products of ECMS, EDMS, ERP and other recordmaking systems into a trustworthy RMA or ECMS + /EDMS + recordkeeping Upgrade recordmaking system to become a trustworthy RK systemsembed recordkeeping in business processes Hybrid of above Whichever way: implement at enterprise IM-IT architecture level Whichever way: implement at enterprise IM-IT architecture level Implement small. Plan enterprise. Implement small. Plan enterprise.

33 © 2004, R.E.Barry 33 Procurement/Acquisition Managers Require bidding documents to require bidders to : Commit to maintain 5015.2 certification Commit to maintain 5015.2 certification Specify which Additional Baseline Requirements, (C2.2.10) features are supported by its product(s) vs. expected of the user organization Specify which Additional Baseline Requirements, (C2.2.10) features are supported by its product(s) vs. expected of the user organization Specify other compliance requirements supported by its product(s) Specify other compliance requirements supported by its product(s) Include costs of data conversion from legacy information (including electronic records) to proposed system Include costs of data conversion from legacy information (including electronic records) to proposed system

34 © 2004, R.E.Barry 34 Developers of B2E, B2B, B2C Design systems for ARM compliance Partner with a certified RMA until you get your own Gain 5015.2 or similar certification for use in other countries Provide further functionality for major compliance requirements Adopt ISO/DoD standards for own internal operations

35 © 2004, R.E.Barry 35 CIOs and IT Directors Take your archivist/records manager to lunch

36 © 2004, R.E.Barry 36 Archivists & Records Managers Pay for the lunch Ask the CIO to pay for the system

37 © 2004, R.E.Barry 37 www.mybestdocs.com


Download ppt "© 2004, R.E.Barry 1 Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesnt Get Blindsided Rick Barry, Principal, Barry Associates Virtual Handouts."

Similar presentations


Ads by Google