Records Management, or RM, is the practice of identifying, classifying, archiving, preserving, and destroying records. The ISO 15489: 2001 standard defines it as "The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records".
The ISO defines records as "information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business". The International Council on Archives (ICA) Committee on Electronic Records defines a record as, "a recorded information produced or received in the initiation, conduct or completion of an institutional or individual activity and that comprises content, context and structure sufficient to provide evidence of the activity. While the definition of a record is often identified strongly with a document, a record can be either a tangible object or digital information which has value to an organization. For example, birth certificates, medical x-rays, office documents, databases, application data, and e-mail are all examples of records.
Practicing Records Management
The practice of records management involves all of the following activities:
- Creating, approving, and enforcing records policies, including a classification system and a records retention policy
- Developing a records storage plan, which includes the short and long-term housing of physical records and digital information
- Identifying existing and newly created records, classifying them, and then storing them according to standard operating procedures
- Coordinate the access and circulation of records within and even outside of an organization
- Executing a retention policy to archive and destroy records according to operational needs, operating procedures, statutes, and regulations
Often, a records management system helps to aid in the capture, classification, and ongoing management of records throughout their lifecycle. Such a system may be paper based (such as index cards as used in a library), or may be a computer system, such as an electronic records management application.
ISO 15489:2001 states that records management includes:
- setting policies and standards;
- assigning responsibilities and authorities;
- establishing and promulgating procedures and guidelines;
- providing a range of services relating to the management and use of records;
- designing, implementing and administering specialized systems for managing records; and
- integrating records management into business systems and processes.
Managing Physical Records
Managing physical records involves a variety of diverse disciplines. At the simplest, physical records must be organized and indexed. In more complex environments, records management demands expertise in forensics, history, engineering, and law. Records management then resolves to being a coordination of many experts to build and maintain the system.
Records must be identified and authenticated. In a business environment, this is usually a matter of filing business documents and making them available for retrieval. However, in many environments, records must be identified and handled much more carefully.
- Identifying records. If an item is presented as a record, it must be first examined as to its relevance, and it must be authenticated. Forensic experts may need to examine a document or artifact to determine that it is not a forgery, or if it is genuine, that any damage, alterations, or missing content is documented. In extreme cases, items may be subjected to a microscope, x-ray, radiocarbon dating or chemical analysis to determine their authenticity and prior history. This level of authentication is rare, but requires that special care be taken in the creation and retention of the records of an organization.
- Storing records. Records must be stored in such a way that they are both sufficiently accessible and are safeguarded against environmental damage. A typical contract or agreement may be stored on ordinary paper in a file cabinet in an office. However, many records file rooms employ specialized environmental controls including temperature and humidity. Vital records may need to be stored in a disaster-resistant safe or vault to protect against fire, flood, earthquakes and even war. In extreme cases, the item may require both disaster-proofing and public access, which is the case with the original, signed US Constitution. Even civil engineers must be consulted to determine that the file room can effectively withstand the weight of shelves and file cabinets filled with paper; historically, some military vessels were designed to take into account the weight of their operating procedures on paper as part of their ballast equation (modern record-keeping technologies have transferred much of that information to electronic storage). In addition to on-site storage of records, many organizations operate their own off-site records centers or contract with commercial records centers.
- Circulating records. Records are stored because they may need to be retrieved at some point. Retrieving, tracking the record while it is away from the file room, and then returning the record, is referred to as circulation. At its simplest, circulation is handled by manual methods such as simply writing down who has a particular record, and when they should return it. However, most modern records environments use a computerized records management system that includes the ability to employ bar code scanners for better accuracy, or radio-frequency identification technology (RFID) to track movement of the records from office to office, or even out of the office. Bar code and RFID scanners can also be used for periodic auditing to ensure that unauthorized movement of the record is tracked.
- Dispositioning of records. Disposition of records does not always mean destruction. Disposition can also include transfer of records to a historical archive, to a museum, or even to a private party. When physical records are destroyed, the records must be authorized for destruction by law, statute, regulation, and operating procedure. Once approved, the record must be disposed of with care to avoid inadvertent disclosure of information to unauthorized parties. The process to dispose of records needs to be well-documented, starting with a records retention schedule and policies and procedures that have been approved at the highest level of an organization. An inventory of the types of records that have been disposed of must be maintained, including certification that the records have been destroyed. Records should never simply be discarded as any other refuse. Most organizations use some form of records destruction including pulverization, paper shredding or incineration.
Managing Electronic Records
The general principles of records management apply to records in any format. Digital records (almost always referred to as electronic records) raise specific issues however. It is more difficult to ensure that the content, context and structure of records is preserved and protected when the records do not have a physical existence. Guidance on the management of electronic records can be found on the websites of National and State Archives authorities listed below.
Unlike physical records electronic records cannot be managed without a computer or other machine. Functional requirements for computer systems that can be used to manage electronic records have been produced by the US Department of Defense DoD 5015.2, the National Archives of England & Wales and the European Commission MoREQ. It is noteworthy that the Moreq specification has been translated into at least twelve languages and is used beyond the borders of Europe. Development of MoReq was initiated by the DLM Forum, funded by the [MoReq European Commission].
Particular concerns exist about the ability to retain and still be able to access and read electronic records over time. Electronic records require appropriate combinations of software versions and operating systems to be accessed, and so are at risk because of the rate at which technological changes occur. A considerable amount of research is being undertaken to address this issue, under the heading of digital preservation. The Public Records Office of Victoria (PROV) located in Melbourne, Australia published the Victorian Electronic Records Strategy (VERS) which includes a standard for the preservation of, long-term storage and access to permanent electronic records. The VERS standard has been adopted by all Victorian Government departments. A digital archive has been established by PROV to enable the general public to access permanent records.
Current Issues in Records Management
As of 2005, records management has increased interest among corporations due to new compliance regulations and statutes. While government, legal, and healthcare entities have a strong, historical records management discipline, general record-keeping of corporate records has been poorly standardized and implemented. In addition, scandals such as the Enron/Andersen scandal, and more recently records-related mishaps at Morgan Stanley, have renewed interest in corporate records compliance, litigation preparedness, and issues. Statutes such as the US Sarbanes-Oxley Act have created new concerns among corporate "compliance officers" that result in more standardization of records management practices within an organization. Most of the 90s has seen discussions between records managers and IT managers, and the emphasis has expanded to include the legal aspects, as it is now focussed on compliance and risk.
Privacy, data protection, and identity theft have become issues of interest for records managers. The role of the records manager to aid in the protection of an organization's records has often grown to include attention to these concerns. The need to ensure that certain information about individuals is not retained has brought greater focus to records retention schedules and records destruction.
The most significant issue is implementing the required changes to individual and corporate culture to derive the benefits to internal and external stakeholders. Records management is often seen as an unnecessary or low priority administrative task that can be performed at the lowest levels within an organisation. Publicised events have demonstrated that records management is in fact the responsibility of all individuals within an organisation and the corporate entity.
Education and Certification
Records management, being a complex practice, involves many years of education and practice for full mastery. Many colleges and universities offer degree programs in library and information sciences. Furthermore, there are professional organizations such as the Records Management Association of Australasia (RMAA), Association of Records Managers and Administrators (ARMA International), and the Institute of Certified Records Managers which provides a separate, non-degreed, professional certification for practitioners, the Certified Records Manager designation or CRM. Additional educational opportunities are also available from AIIM International and from the Records Management Society of the UK and Ireland. Education and training courses and workshops on scientific and technical records full lifecycle management and the Quality Electronic Records Practices Standards (Q-ERPS) are available from CENSA, the Collaborative Electronic Notebook Systems Association.
Records Management Systems
A records management system is a computer program (or set of programs) used to track and store records. The term is distinguished from imaging and document management systems that specialize in paper capture and document management respectively. Records management systems commonly provide specialized security and auditing functionalities tailored to the needs of records managers.
The National Archives and Records Administration (NARA) has endorsed the U.S. Department of Defense 5015.2-STD as an "adequate and appropriate basis for addressing the basic challenges of managing records in the automated environment that increasingly characterizes the creation and use of records." Records Management Vendors can be certified as compliant with the DoD 5015.2-STD after verification from the Joint Interoperability Test Command (JITC) which builds test case procedures, writes detailed and summary final reports on 5015.2-certified products, and performs on-site inspection of software.
The National Archives (UK) has published two sets of functional requirements to promote the development of the electronic records management software market (1999 and 2002). It ran a programme to evaluate products against the 2002 requirements. Whilst these requirements were initially formulated in collaboration with central government, they have been taken up with enthusiasm by many parts of the wider public sector in the UK and in other parts of the world. The testing programme has now closed; The National Archives is no longer accepting applications for testing. The National Archives 2002 requirements remain current.
The European Commission and the DLM Forum issued the standard MoReq Model Requirements for Electronic Records and Document Management in 2001 as a result of the IDA programme of the European Commission. The update of the MoReq standard (MoReq2) will be completed by the end of 2007.
Commercial Records Centers
Commercial records centers are facilities which specialize in the storage of paper and electronic records for organizations. Commercial records centers provide high density, secure storage for paper records and can provide climate controlled storage for sensitive non-paper media. The trade organization for commercial records centers is PRISM International.