Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Records Management

Published byBryce May Modified over 6 years ago

Similar presentations

Presentation on theme: "Electronic Records Management"— Presentation transcript:

1 Electronic Records Management
An Introduction Georgia GMIS Conference 2018

2 Who am I? Amelia Winstead, CA, CRM
Division Manager, Archives & Records Center Department of Information Technology Clayton County Board of Commissioners Responsible for the efficient and effective management of the records of Clayton County government, regardless of format or media 29 years of experience in two state governments, one corporation, and currently employed in county government Let me give everyone a heads – up: I use try to use a lot of examples. But, equally, I try not to use Georgia government examples so that I do not embarrass anyone. I will use corporate and other state governments for examples during this presentation. So, don’t be disappointed that I do not refer to specific Georgia examples.

3 There is No Silver Bullet
So, before we get started, let me go ahead and tell you that there is no silver bullet for this issue. Although you may need a beer by the time I’m finished.

4 What’s our topic? Records Management Electronic Records Management
Information Management Information Governance Changing times, changing terms. -- I’ve been in the professional long enough, that the terms used have changed and actually become more descriptive of what is happening. Records Management: The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records. Electronic Records Management: The management of electronic and non-electronic records by software, including maintaining retention schedules for keeping records for specified retention periods, archiving, or destruction. Information Management: The application of management principles to the acquisition, organization, control, dissemination, and us of information relevant to the effective operation of the organization. Information here refers to all types of information of value. Information Governance: An all encompassing term for how an organization manages the totality of its information. IG encompasses the policies and leveraged technologies meant to dictate and manage what information is retained, where and for how long, and also how it is retained (eg, protected, replicated, and secured). IG spans retention, security, and life cycle management issues.

5 What are we managing? Records Information Universe
The information universe for a typical government entity consists of website sites, social media sites and twitter feeds, post-it notes, telephone messages, body camera video, draft documents and markups, audio tapes, maps, plans, books, and a wide range of finished documents. Records are only a small portion of the information collected and maintained by a government entity. Yet, this is the only portion of our information universe that is addressed by the Georgia Records Act and to a certain extent the Open Records Act. Managing the remaining portion of the pie is up to the government entity and must be done through policy and technology.

6 What is our goal? legally defensible disposition
The ability to demonstrate compliance with known laws, rules and regulations in the management and destruction of information and records. Our goal is to winnow down the volume of information we retain and do it in a compliant, accountable way so that when asked for information by a reporter, we can respond with the information, if we have it, and if we don’t, we can respond with why.

7 Defensible Disposition Framework
State Law Local Ordinance Retention Schedules Technology Organization Policy & Procedure Technology Policies Procedures Management Controls At the core of a defensible destruction is the ability of the organization to demonstrate that it has legally defensible records management practices that can hold up in court.

8 Law, Regulations and Rules
Georgia Records Act Georgia Open Records Act Individual laws requiring retention of records Code of Federal Regulations (For federally funded projects and grants)

9 Georgia Records Act (O.C.G.A §50-18-90 et seq)
O.C.G.A (5) Define Records as: "Records" means all documents, papers, letters, maps, books (except books in formally organized libraries), microfilm, magnetic tape, or other material, regardless of physical form or characteristics, made or received pursuant to law or ordinance or in performance of functions by any agency. The Records Act provide the primary mandate for records management in the state.

10 Georgia Records Act (O.C.G.A §50-18-90 et seq)
O.C.G.A (2) and (c) further refine the definition for local records: "Court record" means all documents, papers, letters, maps, books (except books formally organized in libraries), microfilm, magnetic tape, or other material, regardless of physical form or characteristics, made or received pursuant to law or ordinance or, in the necessary performance of any judicial function, created or received by an official of the Supreme Court, Court of Appeals, and any superior, state, juvenile, probate, or magistrate court. "Court record" includes records of the offices of the judge, clerk, prosecuting attorney, public defender, court reporter, or any employee of the court. All records created or received in the performance of a public duty or paid for by public funds by a governing body are deemed to be public property and shall constitute a record of public acts.

11 Georgia Records Act (O.C.G.A §50-18-90 et seq)
Requires State Agencies to: Create and preserved records containing adequate documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency and designed to furnish the information necessary to protect the legal and financial rights of the government and of the citizens Establish and maintain an active records management program Implement records management procedures and regulations issued by the Archives Recommend a retention schedule for the agency’s records to the State Records Committee Establish necessary safeguards against the removal or loss of records Designate an agency records management officer who shall establish and operate a records management program. The Records Act is very clear as to the responsibilities of state agencies for records management. It requires the development of a program and retention schedules, and also establishes the requirement to implement the regulations of the Georgia Archives.

12 Georgia Records Act (O.C.G.A §50-18-90 et seq)
Requires Local Governments to: Recommend to the governing body a retention schedule. This schedule shall include an inventory of the type of records maintained and the length of time each type of record shall be maintained in the office or in a record-holding area. Approve by resolution or ordinance a records management plan which shall include but not be limited to: The name of the person or title of the officer who will coordinate and perform the responsibilities of the governing body under this article; Each retention schedule approved by the governing body; and Provisions for the maintenance and security of the records. For local governing bodies and the courts, the law is not as - shall I say – confining? Look at the last bullet – “provisions for maintenance and security of the records”. This is your local policy structure for managing specific record types and specific sets of information – such as your social media site

13 Georgia Records Act (O.C.G.A §50-18-90 et seq)
O.C.G.A (b) Requires the courts to: Recommend to the State Records Committee and the Administrative Office of the Courts retention schedules for records of that court. The committee, with the concurrence of the Administrative Office of the Courts, shall adopt retention schedules for court records of each court. The destruction of court records by retention schedule shall not be construed as affecting the status of each court as a court of record.

14 What’s in it for IT? What does records management bring to the table?
Reduces legal risk and legal liability exposure Improves Information Governance by enforcing uniformity and standardization Improves search quality and reduces search time Improves security of confidential record assets Reduces and minimizes the costs of storage Saves hardware, utility, and labor costs by deleting records after their lifespan Optimizes the use of online storage and access resources Yea, yea, yea, all these discussions start out telling me the law, but what’s in it for me? Use of technology and retention schedules to manage information systems and electronic records can -

15 Defensible Disposition Framework
State Law Local Ordinance Retention Schedules Technology Organization Policy & Procedure A defensible disposition framework is an ecosystem of technology, policies, procedures, and management controls designed to ensure that records are created, managed, and disposed at the end of their life cycle.

16 Getting Organized, or - Going on an Information Diet
So, let’s think of our information universe (all of the information and records within our organization) as a tasty, cheap, fast food loaded with sugar, salt and fat. We have gotten very, very good at maximizing available calories, at a staggering cost: $190 Billion per year in additional medical spending as a result of obesity in the US, greater than the costs of smoking. Calories are not inherently bad. We would literally die without them. But too many calories make us sick. The analogy to information is clear. Information is the lifeblood of our organizations and is central to our survival. But too much unmanaged unstructured information leaves us fat, slow, coughing, and wheezing.

17 The “Storage is Cheap” Myth
Storage Devices: Shared Drives systems smartphones Tablets Facebook Twitter Google Docs Thumb Drives Cloud Storage Costs to Operate: Costs of systems that run storage devices Costs of the building they sit in Costs of energy to run and cool them Costs of licenses for software and maintenance Costs of back-up processes Costs of staff to manage it Costs to produce for litigation But, I love Big Macs, Amelia. I can’t possibly cut back and anyway - is ‘Storage is cheap. So, why not let staff keep whatever they want?’ It is true that the price of storage media has gone down drastically over time. But if you consider the total costs of storing an ever increasing amount of content – both hard and soft – you find that the costs have in fact gone up, and continue to rise. While hardware per terabyte is less expensive than it was last year, and the year before, and the year before that, when you add in the associated costs to operate the systems, you realize just how expensive it is to storage all this information. Maybe you think you’re avoiding these problems by storing your organization’s data in the cloud, but you must think beyond the cost per terabyte and consider all the costs associated with data access, retrieval, production, etc. if you want to figure out the true costs of cloud storage. Not to mention the costs of migrating the data to a new cloud provider, which is inevitable sonner or later.

18 Why People Keep Everything Forever – or, the KEF approach
Some uncomfortable truths about KEF: IT professional often see themselves as the custodian of content and perceive their mission as ensuring that any needed data is available and that nothing is lost. Business managers want employees spending time on creating or analyzing information, not managing it. Some lawyers want to preserve anything that might be needed for potential lawsuits. Many employees suffer from “packrat-itis” – believing they need all their documents, , and spreadsheets forever. In spite of the costs, some people think the KEF approach is viable and the only sensible way to deal with information management. IT professional often see themselves as the custodian of content and perceive their mission as ensuring that any needed data is available and that nothing is lost. They avoid destroying data (or backups of data) so that anything needed “someday” can always be recovered. Perhaps some think the more data they have to store, the bigger their budgets will become. They may not perceive any data as empty calories or as debris to be destroyed. Business managers want employees spending time on creating or analyzing information, not managing it. They may see tasks such as classifying information and deciding which data needs to be retained or purged as outside of their core business function. KEF is, they believe, a more productive approach. Some lawyers want to preserve anything that might be needed for potential lawsuits. Since you don’t know what litigation or audits might be coming, if you KEF, the information will be there is you ever need it. Many employees suffer from “packrat-itis” – believing they need all their documents, , and spreadsheets forever. They might want to refer to an old project when working on a new one. They might need this information to justify or explain something to management. They might just like to KEF to have a historical record of all the work they’ve done.

19 Destruction: The Top 10 Reasons Not to Keep Everything Forever
The law does not require it. Maintaining outdated documents only increases an organization’s legal risk and legal exposure. Required maintenance of “legacy” system is expensive. Aged storage media must be refreshed and data migrated to ensure continued access – an expensive and time consuming process. Data tends to grow exponentially, making it increasingly difficult to locate what you are searching for. No where is there a law, rule or regulation making us keep everything forever

20 Destruction: The Top 10 Reasons Not to Keep Everything Forever
Costs associated with discovery in litigation increase with the volume of data that must be reviewed. Purchasing, managing, maintaining, and migrating excess storage media is expensive. Business processes and systems are slower and less effective when bogged down with too much useless information. Makes it hard to respond to GORA requests and the courts, which require quick turnaround times for providing specific information. Makes it impractical and cost-prohibitive to apply controls and technology to information that requires special handling – such as PII.

21 Going on an Information Diet – Changing Behavior
Once you’ve acknowledged the KEF approach and its implications: Find ways to reduce the employee burden of information management so they can focus on their core jobs Make employees aware of how their “packrat-itis” impact efficiency and costs. Engage legal counsel to help guide the organization in what can be legally disposed of. Limit the use of technologies and storage areas for anything designated as a “record.”

22 Going on an Information Diet – Changing Behavior
Get Creative Educate executives, legal counsels, and employees about the cost of information mismanagement Show employees their information footprint by regularly exposing them to the amount of data storage they are using in , shared drives, content management systems, and other environments they work in.

23 Going on an Information Diet- Changing Behavior
Get Creative Design systems to minimize information calories. Prevent employees from exporting to .pst files. Turn off the ability to store documents on desktop hard drives to encourage the use of managed collaboration environments. Turn off the ability to download documents to a thumb drive. Require employees to send links to content rather than creating yet another attachment.

24 Going on an Information Diet- Clean up the Past to Gain Current Efficiencies
Where are the risks? Where is your immediate pain? Where is the low-hanging fruit? What solutions can be implemented quickly? What environments are just noise and hold no or very few records? Where is your organization spending a lot of money responding to litigation, audits, or investigations?

25 Prioritizing System Cleanups
Backup tapes – You have many backup tapes from years ago, the contents of which are unknown. Active system – all copies of all , sent or received, currently reside in the system, unless manually deleted by the user. SAN drives – Every department has a file share and some have been collecting content for almost two decades. Thousand of offline individual storage files are located on them. Retired system – The organization’s first system was retired in 1999 but a server with all journaled messages ha been retained. Decommissioned HR system – The system was used by HR for a dozen years and contains one-of-a-kind records related to past and current employees. Accounting dataset – 45 terabytes of structured database record containing accounting records from 1976 – 2000 is still being retained. Voice mail system – The voice mail server used from containing all saved messages was kept when the new system was implemented.

26 Going on an Information Diet- Three Steps Toward Cleanup
Step 1: Create a defensible and compliant method of purging the unneeded “calories” and for retaining records and information that have ongoing value. Step 2: Determine what information may be ready to be destroyed and how to implement the destruction. Step 3: Assess the content in a more granular way considering business value, the legal and regulatory retention needs, and the risk of destroying the information. At least I didn’t say 12!

27 Going on an Information Diet- Three Steps Toward Cleanup
Step 1: Create a defensible and compliant method of purging the unneeded “calories” and for retaining records and information that have ongoing value.

28 Going on an Information Diet- Three Steps Toward Cleanup
Step 2: Determine what information may be ready to be destroyed and how to implement the destruction.

29 Going on an Information Diet- Three Steps Toward Cleanup
Step 3: Assess the content in a more granular way considering business value, the legal and regulatory retention needs, and the risk of destroying the information.

30 Going on an Information Diet- Purging Old Calories
Documentation. Make sure you can show The information was no longer supporting any business issue or need and the data assessment was conservative and reasonable. The affected business unit head(s) agreed that content was not needed for business purposes any longer. We have their approval in writing. The legal counsel reviewed our process and ensure the information was no longer needed for any ongoing litigation, audit or investigation and the retention period were satisfied before signing off on the appropriateness of destruction. We have their agreement in writing. The IT department affirmed in writing the actions taken to dispose of any electronic content.

31 Going on an Information Diet- The New You, or, Moving Forward
Keep only what you can access, and be sure you can access what you keep.

32 Backups have One Purpose and It’s Not Retention
Backups and archives are not the same thing. An effective backup policy should: Deal with the past. Use sampling so you don’t have to look at everything before zapping. Separate records from backup. Check your policies to ensure disaster recovery is the only reason for backup.

33 The New You – Use Technology to Help Remove Debris
Backup media is only one of the storage environments that need to be evaluated Structured databases systems Document and records management systems Collaboration environments Cloud service and storage providers Desktop computers Mobile deices (laptops or phones) Mobile storage (flash drives or DVDs) File servers, NAS or SANs

34 The New You – Strive for Reasonableness, Not Perfection
Build Programs and Policies That Promote the Control of Information Resist quick fixes and simplistic analyses Don't just think about costs; think about making business better Test first, roll out later Before you roll it out, figure out how to sell it.

35 The New You – Who’s In Charge of Information Governance?
It takes a Team Different groups have different agendas. Records manager Functional Business Units Information Technology Legal Counsel In many organizations it isn’t clear who is responsible for governing and managing information, and different groups or individuals will have different agendas and knowledge. Even if there is a records manager, he or she cannot be expected to actually manage all the content created enterprise-wide by the organization. The various functional business units may not have the overarching enterprise point-of-view needed to manage information effectively and efficiently. They likely won't manage it in a consistent manner. Business personnel may not fully consider the risks related to managing content that may contain sensitive information. IT does not, and should not be expected to understand all the laws and regulations related to retention and security of information. Legal counsel may not be knowledgeable about where data is stored and the different approaches and technology that can be applied to unearth and retrieve data on demand, even after end users have deleted it. Specific responsibilities should include: Creation of effective lines of accountability, responsibility, and authority for information governance and compliance. Serving as the data steward for all sensitive information and maintaining a current list of sensitive data element, thereby ensuring that appropriate controls are in place to safeguard this information, according to the organization's security policies. Serving as the steering committee for significant information security and data-driven decision making. Recommending enterprise-wide policies, procedures, and guidelines related to information governance for approval by senior management. Monitoring operational performance of the information security and business intelligence functions. Serving as the arbiter for reconciling conflicting information se4ucirty/business intelligence requirements among units, including issues related to data flow, data coordination, data definitions, and data ownership and authority. Tracking the progress of remediation on risk items related to data (audit findings, non-compliance with policies, and other areas of risk).

36 The New You – Policy must come Before Technology
Establishing Policies for Technology: Say “Yes, BUT…” Things to consider before introducing new technology: Bottom Line (Costs) Data Controls Access Disposal Risks Training Auditing and enforcement Technology Proliferation can result in Information Chaos

37 The New You – Preparing for New Information
Create a governance structure Prepare for downstream data creation Create a group that is responsible for “reducing calories” Require employees to take ownership

38 The New You – Manage Information from Creation to Disposal
Who Owns the Information? Copycats on the Loose Creative Chatter Collaboration Technologies

39 The New You – Manage Information from Creation to Disposal
Simplify retention rules: Make rules at a high-level. Make it simple to understand the rule. Keep the rules few in number so any employee can apply them without more than a three-second contemplation. Have legal research consistently applied behind the scenes so employees don’t need to see or care about the details. When you think you’ve made it simple enough, simplify it even more.

40 The New You – Manage Information from Creation to Disposal
Apply retention rules, and other policies, to all content, in all system, in all departments, in all units. Build the rules once and use them continuously – not just for cleanup. Use technology to assist in implementing retention rules.

41 The New You – Automate Information Management Away from People
TECHNOLOGY QUIZ Technology can de-dupe huge volumes of content to help reduce “calories.” Technology can help deal with the emotional underpinnings of why your employees suffer from packrat-itis. Technology can help craw content to find the valuable business records to augment disposal of unneeded content. Technology can help classify business records. Technology can be used to better find responsive information for a lawsuit. Technology can be used to better manage and archive business records to all excess calories to be removed. Answer True or False to the following statements. If you answered true to all six, you are correct!

42 The New You – Don’t Live in Fear of Discovery
Be Prepared with a Discovery Response Plan – Create a Data Map What are the data assets? Who has them? Where are they? How are they stored? How are they backed up? Don’t preserve everything unless ordered by the court Make sure you have a systematic and thorough process for preserving information for litigation

43 Going on an Information Diet- Start Anywhere – But Do Start
Create appropriate, consistent, defensible policies that are easy for employees to follow Train and teach to create a culture of compliance State where the need is greatest Create a comprehensive retention schedule Create a steering committee Control the data in your information systems Govern new technology at the outset – it beats retrofitting Leverage technology to get rid of excess calories Measure progress, enforce policies, and continue to improve.

44 Questions? Amelia Winstead, CA, CRM Clayton County Board of Commissioners Department of Information Technology Division of Archives & Records Center

Download ppt "Electronic Records Management"

Similar presentations

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906.

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Document &Record Control/Management Workshop Presenter: Gail Nelson Coffee Industry Board July 18,2008 Central St. Catherine Coffee.

Document &Record Control/Management Workshop Presenter: Gail Nelson Coffee Industry Board July 18, Central St. Catherine Coffee.
Review Questions Business 205

Review Questions Business 205
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
 Email Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.

 Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Records Management at UW-Green Bay Or, I am out of space and just want to throw some things away!

Records Management at UW-Green Bay Or, I am out of space and just want to throw some things away!
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.

1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.
RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”

RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”
Department of Commerce Records Management Training.

Department of Commerce Records Management Training.
Created May 2, 20081 Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?

Created May 2, Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Public Records Management Advanced Real Property Seminar September 15, 2010 Presented by: Tom Vincent, NCDCR Local Records Management Analyst.

Public Records Management Advanced Real Property Seminar September 15, 2010 Presented by: Tom Vincent, NCDCR Local Records Management Analyst.

Similar presentations

Ads by Google