The Caldeson Records Management Policy model

Introduction

The organisation is convinced, the bosses are eager for results and the staff is apprehensive …  the records manager has won the battle for a recordkeeping policy, but where to turn next?

The Caldeson Records Management Policy model is offered encouragingly to all recordkeepers so stricken.  It is a first step towards success, a moral-boosting leg-up into the saddle for the wildest brumby 1 ride any records manager is likely to undertake: ingraining new rules for the creation, application, retention and maintenance of an organisation’s fourth resource  …  its information.

A records management policy document is first base and foundation stone for recordkeepers planning the introduction of an organisation-wide system whether that be paper or image based, electronic or any combination these.  It is developed with the knowledge gained from consultations across the organisation, the process that identifies pressure points and shortcomings in existing systems and raises user “ownership” of the planned new procedures.

Users, records management personnel, and IT managers, where appropriate, need to agree on a great number of factors to ensure a successful launch and long-term use of the new applications.  The Caldeson Policy Model provides a checklist of requirements to help ensure that evangelising recordkeepers miss nothing.

The Model derives, in part, from work done by The Caldeson Consultancy’s Principal, Michael Steemson, during his membership of the Australian delegation to the International Standard Organisation’s committee developing the world Records Management Standard ISO15489 and its accompanying Technical Report.  The Standard and Technical Report are due to be published in the latter part of 2001.

The Model draws heavily on the guidance and recommendations of the Standards Australia Records Management Standard, AS4390.  Throughout its text, the Model points to AS4390’s detailed guides to aspects of the policy-making processes that will help build an all-inclusive system.

The Model also indicates where, when it is published, the ISO15489 Technical Report will be of special help  …  small comfort to recordkeepers before its publication, of course, but at least an indication that the international group has also thought particular matters to be of importance.

Finally, the Policy Model contains a World Wide Web Bibliography of sources of special value when planning a policy document.  The Web provides a huge number of programmes for the development of electronic recordkeeping systems, but fewer for systems employing the so-called “low tech” approaches.

Words of encouragement

Recordkeepers with designs on such a system need not be downhearted.  Firstly, their systems will almost certainly be created with electronic portals or, at least, with an eye on the electronic potential.  Secondly, recordkeeping principals hold good in any environment  …  perusal of the draft of ISO15489 in the hands of ISO national member bodies at the time of writing will demonstrate this.  E-mail to Michael Steemson or any executive of a national society of information management professionals will establish the whereabouts of the Draft International Standard (DIS)15489 (or “Diss”, as ISO calls it, from the acronym).

Finally, a word of encouragement to recordkeepers setting out on the records round-up:  Take heart.  You are not alone.  Many have taken this wild ride and will say that, at worst, it was exhilarating, at best, life-changing.

1.  General

The Records Management Policy document is the primary reference point for the implementation, application and effectiveness of any record management system, whether paper based, electronic or a combination of the two.

It should contain sufficient detail to carry out and sustain the project and the running of the resultant processes.  Users, records management personnel, and IT managers, where appropriate, need to agree on:

  • How the processes will be managed,
  • What functions are to be provided,
  • How they will be operated,
  • Who will be accountable for the operations,
  • What staffing changes are required,
  • What changes are required to work patterns and processes,
  • Laws and regulations to be observed and
  • Expected outcomes and deliverables.

Where large management changes are planned, analysis of business systems may be beneficial.  In preparation for all projects, studies should discover information sources, quantities and requirements to allow informed decisions on system size and scope.

Whatever decisions are taken, they should be made with the knowledge and understanding of all sectors of affected staff.

Note: Requirements for a Records Management Policy are to be set out in the ISO15489 Technical Report Clause 6: Policies and responsibilities.

2.  The Policy Document

A dozen principles for records management form the basis of every policy document.  The following list is in approximate timetable order, but the application of records management processes is not dependent on maintaining any particular sequence.

Capturing records into a record management system

  • Business processes and systems will capture evidence of all business activities required.
  • Responsibility for capturing records of these activities to rest with individuals within the Organization and with the Organization as a whole.

Designing and building a record management system

  • Manages content, context and structure of records securely and reliably.
  • Facilitates re-use of information contained within records.
  • Complies with standards and best practices.
  • Provides a single interface to records relating to any particular business activity, regardless of the records’ media.
  • Provides for future system amendments or re-design.

Retaining records

  • Records to be retained for as long as they are needed in the form required.
  • Electronic records to be retained on media that permit reliable data migration and/or system modifications.

Keeping records accessible and safe

  • Access to records, irrespective of their location.
  • Provision of access to meaningful evidence within records.
  • Protection of records from inappropriate access and usage.

Note: Processes for establishing an organisation’s records management needs are described in the ISO15489 Technical Report Clause 7: Records Management Requirements.

3.  Implementing Records Management systems

Policies for the implementation of a records management system should include strategies for:

  1. 3.1 Designing records management systems,
  2. 3.2 Establishing staff responsibilities,
  3. 3.3 Setting performance and compliance benchmarks,
  4. 3.4 Undertaking staff training,
  5. 3.5 Converting records to new processes,
  6. 3.6 Controlling the roll-out programme, and
  7. 3.7 Establishing on-going controls.

Note: AS4390 has a Model Implementation plan (Part 3: Strategies, Appendix A).

3.1  Designing records management systems

Introduction of new records management procedures may be forced on an organization by new technologies or new business demands.  To other organisations, the formal adoption of records management principles may simply be recognition of them as operationally and financially beneficial.

In any case, a survey of the organisation’s business processes, sometimes referred to as “business system analysis”, confirms and clarifies information objectives and reveals management gaps and pressure points.  The process begins with a checklist like the following:

  1. Identify organization’s business aims and competencies.
  2. Identify core operations required to fulfil aims.
  3. Identify supporting business processes.
  4. Combine 2) and 3) logically.
  5. Identify and develop definitions for each new process.
  6. Identify contributing work units for new business processes.
  7. Identify the information that each business process requires.
  8. Identify the information that each business process will produce.
  9. Map processes into major business areas: operations, finance, personnel, etc.
  10. Simplify this with visual graphic of the new business process “families” and the information links.
  11. Confirm and refine results by undertaking executive interviews.
  12. Create a business model  – a document, a chart and/or a policy  – for the Organization.
  13. Design information systems to support new business processes.
  14. Maintain on-going audit of business process aims, responses and relevance.

Note: For more guidance, see Linking Information Assets to Core Business Processes in workshop presentations by U.S. ERK consultant Rick Barry in the U.S., New Zealand and elsewhere, from which this section derives.

Change management

A concern in implementing a records management system will be the effect on other work processes and on the staff/clients who will work with them.  This aspect of change management requires careful consideration, most particularly for the open-ended period after implementation when early care and interest may decline.

Users can find expected work patterns onerous or more time consuming than expected and prefer the old system.  Dissatisfaction can be avoided by training and consultation sessions both before and after implementation.

Note: Procedures for designing records management systems will be described in the ISO15489 Technical Report Clause 8: Strategies, design and implementation.

3.2  Establishing staff responsibilities

Staff responsibilities for operating and maintaining the new processes need to be set out plainly, agreed with management and individuals and monitored regularly thereafter to ensure proper and effective control of records.

Users should know what is filed and be able easily to retrieve information from the records keeping system and other systems.  They should be able to make information available efficiently and effectively.  All staff members, up to the Chief Executive, have information management duties

Executives and Senior Managers need to:

  1. Keep abreast of record keeping practices, rules and legislations.
  2. Oversee the creation of policies, practices and guidelines for records management.

Line managers and records management department staff should:

  1. Keep abreast of record keeping practices, rules and legislations.
  2. Create policies, practices and guidelines for records management.
  3. Know user needs; work with departments to get them built into system processes.
  4. Train and advise users in records management systems, principles and practices.
  5. Monitor, audit and, where necessary, amend records management system applications and practices.
  6. Apply and review and retention schedules appropriately.
  7. Undertake management and statistical reporting.

System managers and administrators have to:

  1. Support users.
  2. Monitor proper functionality of the system
  3. Create and maintain security rights.
  4. Provide systems administration.

Operating staff should:

  1. File what should be filed.
  2. Identify final versions.
  3. Send information to the relevant people.
  4. Ensure documents can be accessed as needed.
  5. Maintain a personal security level appropriate for access to information.
  6. Protect security-designated information.
  7. Apply appropriate retention periods.

Note: Responsibilities of staff in relation to records management systems are to be set out in the ISO15489 Technical Report Clause 6.3: Responsibilities.

3.3  Setting performance and compliance benchmarks

Benchmarking is required to first establish and then maintain the quality of records and the efficiency of the records management system.

Each organisation should establish its own requirements and expectations during its survey of business processes.

Each organisation’s standards depend on its concern or need for compliance with

  • Business objectives,
  • Industry practices and standards,
  • National and international standards,
  • Regulations and
  • Legislation.

Note: Standards, codes and legislation that may affect organisations are to be detailed in the ISO15489 Technical Report Clause 5: Regulatory Environment.

Benchmarks should cover concerns including

  • Organisations’ policies and objectives, business rules, information system requirements, staff duties, legal obligations.
  • The records management system scope, how much and what information is to be recorded, amount and purpose of statistical data to be generated, extent of recorded metadata, usage levels estimated, security process efficacy.
  • Record management practices and processes, standards for classification, registration, indexing, storage, handling, movement and disposition.
  • Staff efficiency, process accuracy rates, training objectives, usefulness of user manuals, measurement of extra work imposed on actioning staff, staff acceptance levels.
  • Implementation strategies and procedures, training processes.
Electronic records management systems

Electronic records management systems may be tested by deliberately creating faults, overloads, and software and system conflicts, to force worst-case responses.  These can include:

  • Monitoring of multi-tasking carried out at both timed intervals and simultaneously.

  • Response times across slowest and/or most distant link to central control
  • Comparison with response times to create, view and retrieve an object or document with standard file transfer/copy/retrieve times.
  • Test of network operations like automated backup procedures, system fault and failure recovery.

Notes: Recommendations on benchmarking and system monitoring may be found in the ISO15489 Technical Report Clause 10:  Monitoring and Auditing.

AS4390 has a model checklist for Performance Testing of Records Management Systems plan (Part 3: Strategies, Appendix C).

3.4  Undertaking staff training

To achieve full benefit from new records management systems, all affected staff should be thoroughly trained in its use.  New work patterns and techniques and training procedures need to be identified and agreed with staff and, where appropriate, staff associations or representatives.  The formation of staff work groups to agree training processes and appraise their progress can be beneficial.

Training projects should take into account:

  • Extent of changes to current work processes.
  • Level of expertise of existing staff.
  • Variety and levels of training required.
  • Training resources and time required.
  • Revision training after implementation.
  • On-going training for new staff.
Records management staff

Changes in the role of the records managers could mean a much greater technical and computer literacy for them.  The speed of improvement in technology means that records management skills will require regular review, especially in the field of quality control.  Consideration should be given to the establishment of routine technical up-dating for records management staff, either in-house or externally.

Note: Details of training techniques and scopes are being set out in the ISO15489 Technical Report Clause 11: Training.

3.5  Converting records to new processes

Conversion requires careful planning to minimize costs, risks and personal irritation.  Elements to be considered are:

Scope of conversion:

  • Full or partial,
  • Paper and/or electronic,
  • Manual and/or automatic.

Conversion phases:

  • Selection and design of new process: Analysis of needs, outcome benchmarks identified.
  • Pre-conversion system testing
  • Implementation strategies: piloting/phased introduction, progress auditing.
  • Post-implementation review procedure.

Note: AS4390 has a Model Conversion of Records Management Systems plan (Part 3: Strategies, Appendix B).

3.6  Controlling the roll-out programme

Roll-out may be planned in phases, perhaps began by a pilot scheme to expose faults in process or implementation before general release of the programme.  Staff affected by changes should be advised of implementation strategies.

The roll-out programme should include:

  • Issue of user manuals and guides.
  • Establishment of “help desks”.
  • Testing of each system, practice and/or process.
  • Auditing of records location, accessibility, usage.
  • Collection of performance data.
  • Assessment of performance against benchmarks.
  • Appraisal of staff acceptance and competences.
  • Review of policies, user manuals and guides.
  • Review of user and system staff training processes.
  • Corrective action, and review and monitoring of that action.

Planner may continue reviews of staff and system competencies indefinitely following implementation.

Note: Implementation and post-implementation procedures are outlined in the ISO15489 Technical Report Clause 8.3: DIRKS – Design and implementation of recordkeeping systems

3.7  Establishing on-going controls

Routines should be established for regular quality checks on the record keeping system.  These should cover maintenance of the quality of both existing and of newly-captured records and the efficacy of current records management processes.

Audits should be carried out on the records management system as a whole, on its constituent parts – creation or capture, processing, accessing, storage and disposition — and on the competence of operating staff.

Some of the on-going quality control processes will follow those outlined in Clause 3.3:  Setting performance and compliance benchmarks, above.

Organisations will decide the frequency of such tests and audits, based on their perception of the level of evidential integrity required for their records.  Results of the audits should be appraised and any modifications made.

Records of these quality audits, and any remedial actions taken as a result, should be documented and held in the system against any future legal or other challenge to the integrity of the records or the system.

In electronic records management systems, audits should include:

  • Software functionality and efficiency.
  • Hardware redundancy.
  • Network efficiency and workload levels.
  • Data integrity in workflow and storage media.
  • Back-ups integrity

Disaster risk management
Plans for dealing with major system failures or loss of records must be made and kept up to date as records management systems are modified during the course of time.

The plans should involve processes to ensure that, in the event of system disruption a breakdown, records are either:

  1. Protected from loss or damage, or
  2. Able to be restored.

Organisations will decide their levels of records security, based on their perception of the:

  • Value of the records
  • Likelihood of loss or damage
  • Cost of back-up and/or restoration processes
Vital Records

Organisations may need to identify Vital and Precedence Records.  These would include:

  • Records without which the organisation would be jeopardised,
  • Records listing important precedents, and
  • Disaster recovery plans

Special, exceptional arrangements may be considered necessary to protect such records.

Notes: Recommendations for disaster recovery planning are made in the ISO15489 Technical Report Clause 9.2: Determining how long records are required to be kept.

AS4390 has a model Disaster Response plan (Part 6: Storage, Appendix B).

4.  W.W.W. Bibliography

A short list of World Wide Web sites, listed alphabetically and nationally, where more information on recordkeeping policy-making may be found. Many of these sites carry links to further informative sources. The Caldeson Consultancy would very much appreciate information on other useful on-line recordkeeping guides and on any changes to the details given below. To make contact, please e-mail the consultancy principal, Michael Steemson, at steemson@caldeson.com.

Australia

Designing and Implementing Recordkeeping Systems (DIRKS Manual), National Archives of Australia and State Records Authority of New South Wales manual for government agencies to design and implement recordkeeping systems for any technological or paper-based environment, Sydney, February 7, 2000. URLs: http://www.naa.gov.au/recordkeeping/dirks/dirksman/dirks.html or http://www.records.nsw.gov.au/publicsector/dirks/exposure_draft/title.htm.

Keeping Electronic Records: Policy for Electronic Recordkeeping in the Commonwealth Government, National Archives of Australia, guidance to users and managers of computer systems in the Commonwealth public sector, Canberra, 1995. URL: http://www.naa.gov.au/recordkeeping/er/keeping%5Fer/contents.html.

Britain

Public Record Office Records Management Standard, Public Record Office, a series of standards on all aspects of records management in government, Kew, March 1998. URL: http://www.pro.gov.uk/recordsmanagement/standards/default.htm

Electronic Records from Office Systems Project (EROS), Public Record Office, 2nd edition, a series of guides on management, appraisal and preservation of electronic records in government, Kew, Surrey, 1999. URL: http://www.pro.gov.uk/recordsmanagement/eros/default.htm.

Canada

Record Keeping in the Electronic Work Environment, National Archives of Canada, “EWE” guide to records management in an electronic work environment and its application consistently within institutions and across government, Toronto, May 1996. URL: http://www.archives.ca/exec/naweb.dll?fs&0603&e&top&0 .

European Union

Guidelines on best practices for using electronic information, DLM Forum, European Commission, multidisciplinary guidelines for strategies in managing and conserving electronically stored data, Brussels, Belgium, 1998. URL: http://www.ispo.cec.be/dlm/documents/guidelines.html.

New Zealand

Managing Your Information: Justice Sector Information Management Policy Guidebook, New Zealand Ministry of Justice, good practice principles for document lifecycles and a model information management policy, Wellington, July 1997. URL: http://www.justice.govt.nz/pubs/reports/1997/infopolicy/index.html.

Recordkeeping Framework: Draft 1.1, New Zealand National Archives development document for Government and the public sector; underlying principles of good recordkeeping informing the development of standards, policies, advisory notices and other products, Wellington, 2000. URL: http://www.archives.govt.nz/statutory_regulatory/frameworks/recordkeeping_frame.html.

United States of America

Archives and Records Management Handbook, Oregon State University Archives, administrative policies and procedures handbook of the university’s archives and records management programme, Corvallis, Oregon, April 1996. URL: http://osu.orst.edu/dept/archives/handbook/.

Best Practices for Document Management in an Emerging Digital Environment, U.S. consultant Rick Barry’s guide to legal admissibility and defence against legal challenge, London, 1996. URL: http://www.mybestdocs.com/barry-r-bestpract-3.htm.

Fast Track Guidance Development Project, U.S. National Archives and Records Administration (NARA) guide to electronic records management, January 1999. URL: http://www.nara.gov/records/fasttrak/fthome.html.

__________________

Footnote

  1. Australian wild horse