What is Records Management? | Definition from TechTarget
Records management is the supervision and administration of digital or paper records, regardless of format. Records management activities include the creation, receipt, maintenance, use and disposal of records. In this context, a record is content that documents a business transaction.
Records are documents, such as contracts, memos, paper files, electronic files, reports, emails, videos, instant message logs and databases. Paper records are stored in physical boxes or file cabinets on premises or at a storage facility. Electronic records are stored on storage media in-house, off-site or in the cloud.
How does records management work?
The goal of records management is to help an organization keep necessary documentation accessible for both business operations and audits. Spreadsheets are often used to track where records are stored.
Alternatively, software is available that uses both a taxonomy and a records retention schedule. Such software is marketed as enterprise information management applications that can help an organization address information governance, which is the formal management of both records and other content.
Records management is a key component of an information governance plan. The records lifecycle management process involves five steps:
- Creating or receiving the records.
- Using or modifying the records.
- Maintaining and protecting records.
- Disposing and destroying records that are no longer needed.
- Archiving and preserving permanent records or ones that need to be kept long term.
Why is records management important?
Records management ensures records are stored, accessed and managed in a secure manner. It also ensures compliance with legal requirements and regulations regarding the storage, access and use of information.
Records management is important for the following reasons:
- Historical value. Proper record keeping lets organizations easily access past documents and track their evolution. Historical records provide insight into how business operations were conducted in the past. This helps businesses stay organized and consider historical data in decisions rather than relying on guesswork and intuition when planning future strategies.
- Security. Records administration prevents the loss of documents because of improper storage practices. This includes the physical destruction of paper-based files and digital records breaches, such as hacking attempts that can lead to confidential information being exposed online without authorization.
- Compliance. By having a regulatory compliance system in place organizations ensure they’re following all applicable laws related to document retention, including those governing privacy rights. This protects businesses from fines and lawsuits that can result from mishandled documents.
- Access control. Effective recordkeeping systems give organizations control over who has access to particular types of data. They can limit employee access based on job roles and responsibilities while simultaneously enforcing security protocols across multiple departments.
Pros and cons of records management
A records management program simplifies the process of identifying, locating and capturing paper and electronic documents that are related to specific topics, incidents or events. It makes it easier to retrieve specific documents covered by a legal action, such as a subpoena. It also assists in complying with regulatory and client requirements for content access and management.
Some of the downsides of records management include the following:
- Cost. The cost in time and effort to set up a formal program can be high. Automated records management systems as well as storage facilities, including file cabinets, records centers, storage media and cloud services, also require significant investment.
- Staffing. Finding trained personnel to handle an organization’s records management tasks and the complex systems involved can be difficult.
- Policies and procedures. Records and data retention policies must be developed to address issues related to document lifecycle, disposition of records, retention and disposition schedules, management of inactive records, and managing public records as well as business records.
Records management standards
ARMA International, which was originally called the Association of Records Managers and Administrators, is the largest global organization addressing records and document management. ARMA provides numerous services to members, including training, conferences, standards and best practices, and professional certifications.
ARMA and IT professionals developed the Generally Accepted Recordkeeping Principles, a framework of eight principles for records management developed in 2009 and updated most recently in 2017. The eight principles are the following:
- Accountability to ensure senior management delegates authority for managing records to trained employees.
- Transparency to provide a program that’s documented and available for review by all employees.
- Integrity to protect the accuracy, reliability and authenticity of records in the program.
- Protection to ensure records are secure and kept private and confidential.
- Compliance to make sure applicable laws, regulations and other requirements are met.
- Availability to ensure records can be made available when needed, including when disruptive events happen.
- Retention to guarantee that records are maintained for time frames required by law and industry standards and practice.
- Disposition to provide appropriate ways to get rid of records that are no longer needed.
The International Organization for Standardization (ISO) has developed several records management standards. The two most prominent ones are the following:
- ISO 15489-1:2016, Information and documentation — Records management — Part 1: Concepts and principles. Provides a detailed description of the various elements of records management, information and documentation.
- ISO 15489-2:2016, Information and documentation — Records management — Part 2 Guidelines. Provides guidance on how to develop, deploy and manage a records management system.
Other standards related to information and records management include the following:
- ISO 22310:2006, Information and documentation. Provides guidelines for stating records management requirements when developing standards.
- ISO 30301, Records Management Systems Package (2019-2022). Includes three records management standards that cover core concepts and vocabulary; guidance for setting up a management system for records; and guidelines for developing, deploying and managing an MSR.
- ISO/TR 21965:2019, Information and documentation — Records management in enterprise architecture. Provides guidance on how to embed records management considerations throughout an enterprise.
- American National Standards Institute (ANSI)/ARMA 8-2005, Retention Management for Records and Information. Describes principles and practices for establishing a records retention and disposition program addressing all kinds of media and content formats.
- ANSI/ARMA 5-2003, Vital Records Programs: Identifying, Managing, and Recovering Business-Critical Records. Provides guidance and practices for establishing a vital records program in a records management initiative.
- ANSI/ARMA TR-01-2002, Records Center Operations. Defines principles and practices for setting up and managing a records center.
Achieving compliance with records management standards
Compliance with relevant standards demonstrates how an organization is adhering to key data protection regulations. The General Data Protection Regulation (GDPR) and the California Consumer Protection Act are examples of such regulations. Both mandate records officers take actions to protect personal data that individuals and organizations collect, use and process.
Compliance can be demonstrated several ways:
- Establishing and managing a records management program, such as an MSR as defined in ISO 30301.
- Establishing and enforcing policies for records management and data protection.
- Establishing and regularly reviewing records management procedures.
- Addressing records management controls with the results of compliance audits.
Failure to demonstrate compliance with these regulations can result in fines and other penalties, making compliance essential.
Records management training and certification
Several organizations offer training programs in records management, including the Association for Information and Image Management (AIIM), ARMA, Institute of Certified Records Managers (ICRM), the National Archives and the Society of American Archivists. Courses range from entry-level programs for general education to advanced programs for senior-level professional records managers seeking specific credentials.
The following are examples of records management certifications:
- AIIM Certified Document Imaging Architect. Awarded to individuals who complete training and demonstrate the skills and knowledge necessary to design, implement and manage document imaging systems.
- AIIM Certified Enterprise Content Management (ECM) Professional. Certification for individuals who demonstrate ECM expertise.
- AIIM Certified Information Professional. Awarded to individuals who demonstrate advanced proficiency in the management of information capture, storage, retrieval and use.
- ARMA Advanced Records and Information Management Professionals Program. Multilevel certification program in records and information management.
- ARMA Certified Electronic Records Manager. Recognizing expertise in electronic records management.
- ARMA Certified Information Governance Professional. Recognizes the expertise and necessary skills for information governance professionals.
- ICRM Certified Records Manager. Recognizing expertise in records management.
- ISO 15489-1:2016 Records Management Certification. Awarded to individuals who have completed training on the ISO 15489 standard for records management.
Establishing a records management policy
Ideally, a records management function should have as its foundation a formal records management policy. The document should define how records of all types and formats are to be managed and specify decision-making steps for creation, usage, storage and disposal.
Guidance for creating a policy can be obtained from standards like ISO 15489, Parts 1 and 2. The policy should define an MSR as defined in ISO 30301 plus penalties for noncompliance. A records management policy is a key piece of evidence when an audit is initiated.
A records management case study
When a Washington -based federal government agency evolved its records management capabilities from mostly paper records to electronic documents, it opted for KwikTag’s automated document management system. (KwikTag has since been acquired by Paymerang.) It also went from having one person serving as records officer to establishing a records management department.
Among the challenges the agency faced was securing storage space for the many boxes of paper records that needed to be scanned into the new system. It also had to acquire long-term storage space for important paper documents that had to be kept for archival and legal requirements.
The records officer developed a records management policy that was approved by agency leadership. Ongoing challenges included ensuring employees were adequately trained on the new system and that they followed the new document handling policies. New procedures had to be implemented as well to ensure the system was managed correctly.
Cybersecurity and sustainability in records management
Records management programs must be closely aligned to two important enterprise initiatives: cybersecurity and sustainability. Considering the threats to information systems, networks and data, security teams must be familiar with records management requirements and ensure cybersecurity systems can protect all types of records.
Similarly, an organization’s environmental protection and sustainability programs must consider the effect of records on the environment. If most records are in digital format, the records management department must coordinate with environment and sustainability teams to determine issues and risks. This can include the power and data center floor space required to store digital records, disposal and destruction of data storage equipment such as hard disk drives and solid-state storage.
Records management systems and vendors
Numerous records management systems are available, such as the following examples identified by TechTarget research:
- Box. This document storage and records management platform has advanced security features, audit logs, retention periods, permissions, metadata support and tools for demonstrating compliance with regulations such as GDPR.
- DocuPhase. This cloud-based document management and records management system uses artificial intelligence (AI) technology to enhance its many functions.
- Laserfiche Document Management System. This is an ECM platform that incorporates document and records management functions such as classifying metadata and automating workflows.
- Microsoft SharePoint. This popular records management system offers a range of features including document storage, version management, retention schedules and support for many different document formats.
- Newgen Enterprise Document Records Management System. This system delivers numerous content management services, such as its Records Lifecycle Management module that handles a full spectrum of records management activities.
- OpenText Extended ECM. While this AI-based system is primarily for ECM activities, it has numerous records management functions such as workflow automation.
- Revver. Formerly known as EFileCabinet, this records management system automates document workflow, provides an automated storage structure with file templates and offers security policies and access controls.
Technology and the future of records management
Records management isn’t going away; it will be increasingly important as more information is generated that requires effective management techniques. As we enter the second half of the 2020s, the following are some important records management considerations:
- AI and machine learning. Since many vendors of records and document management systems are building AI and machine learning capabilities into their products, functions like records management automation and document classification and retrieval will be greatly enhanced.
- Blockchain. Blockchain technology is being used to independently verify and authenticate digital records to prevent unauthorized changes or deletion; this will become more pervasive in coming years.
- Cloud storage. Records managers must be prepared to work with cloud storage vendors and understand the value and risks of storing data in the cloud.
- Data backup and recovery. Records managers should coordinate their efforts with internal disaster recovery and data backup teams to ensure continued protection and retrieval of records in an emergency.
- Encryption and access controls. Records managers need to closely coordinate with cybersecurity teams to ensure that records are encrypted and access controls are kept up to date to protect digital records in the future.
- Metadata management. Records managers must be prepared to coordinate with cybersecurity and other teams to protect metadata in digital records that provide important details about the record.
- Robotic process automation. RPA is an emerging, advanced technology that uses robots or bots to automate the performance of repetitive rule-based tasks in records management, such as moving files to a storage location.
Learn about the stages of enterprise content lifecycle management and how business process management and content and records management intersect.