A records management strategy is vital to the life cycle of your organization’s information. At an organizational level, a records management strategy governs how information is created, stored, shared, tracked and protected.
Electronic records management (ERM) software simplifies the application of this strategy, helping to manage the life cycle of business records without interfering with your line of business. A records management application supports the automatic enforcement of consistent, organization-wide records policies, simplifying compliance with federal, state and industry regulations.
Once you’ve decided to make the switch to an ERM system, there are four important points to consider.
1. Develop an information governance strategy
Before switching to electronic records, it is essential to design a comprehensive information governance strategy. An information governance strategy outlines all of an organization’s content, how it is organized and who should have access to it.
A good governance structure:
- Enables staff to work in the most efficient and effective way possible by giving them access to information when they need it
- Outlines which user groups have access to which record types, simplifying the actual application of appropriate security within the ERM system
- Takes into account any state or regulatory requirements for record access or retention
“Records management is a critical component in information governance, and organizations need information professionals who can incorporate records retention and management principles into all storage media architectures, automated systems and emerging technologies,” says Allen Podraza, Director of Records Management & Archives for the American Medical Association.
2. Evaluate certified records management systems
When switching to an ERM system, you may want to look at systems that are certified, particularly by the Department of Defense (DoD) 5015.2. The Department of Defense has rigorous requirements for ensuring that records are properly organized and managed. The DoD 5015.2 standard outlines requirements for managing classified records and includes requirements to support the Freedom of Information Act (FOIA), Privacy Act and interoperability.
Unless an organization provides services to the United States Department of Defense or one of its components, it is not typically required to meet the DoD 5015.2 certification. However, an ERM system that has been certified to meet stringent requirements for organizing file structures—and reliably preserving data— offers some the highest levels of records compliancy and integrity.
3. Ensure the electronic document can be legally presented as an official record
Before you switch to an electronic system, you must ensure that the electronic document can be legally presented as the official record. To meet state regulations, it is often important that the ERM software is compatible with a wide range of hardware components, such as optical, tape and magnetic-based WORM (write once, read many) storage.
Depending on where you live, the requirements may differ. In California, this happens when the electronic records management software is a trusted system.
A trusted system must:
- Utilize both hardware and media storage methodologies to prevent unauthorized additions, modifications or deletions during the approved life cycle of the stored information.
- Be verifiable through independent audit processes ensuring that there is no plausible way for electronically stored information to be modified, altered, or deleted during the approved information life cycle.
- Write at least one copy of the electronic document or record into electronic media that does not permit unauthorized additions, deletions, or changes to the original document and that is to be stored and maintained in a safe and separate location.
4. Track the actions taken on the document
To form a complete record of organization-wide activity, the ERM system should track every action taken on each document throughout its life cycle, including what information was added and deleted. These reports should not only track each action, but also when and by whom it was performed.
These reports can be run regularly or on an as-needed basis. This whole process can also be automated and reports emailed to the appropriate people on a schedule.
Learn more about selecting an electronic records management system for your organization by downloading a complimentary copy of the Ultimate Guide to Records Management.