Electronic Records Management ERM 101 Dana D. Simpson, CRM Vice President and Manager Records and Information Management BBVA Compass Bank Dana.Simpson@BBVACompass.com Today’s Presentation It’s ERM - 101 Open discussion Informal atmosphere All questions are good questions If I don’t know the answer I will get you an answer General Housekeeping Categorize/Classify yourself – – – – Technical Records Managers Legal Non participants Records Management Listserv RECMGMT-L (Records Management and related topics) To subscribe to the RECMGMT listserv: – – – Send an e-mail message to: listserv@lists.ufl.edu In subject line of your message, type Subscribe In the body of the message, type sub RECMGMTL Your Name e.g. sub RECMGMT-L John Smith would subscribe someone named John Smith. DO NOT type in your e-mail address. Electronic Records Management Listserv ERECS-L, (Management and Preservation of Electronic Records) To subscribe to the Electronic Records Management Listserv: – send mail to LISTSERV@LISTSERV.ALBANY.EDU with the command: SUBSCRIBE ERECS-L RIM Advice for Success …According to Dana 1. 2. 3. 4. 5. 6. 7. 8. A Record is a Record is a Record Good is Good Enough Do your homework. Just because it has feathers doesn’t mean it’s a duck Never drink from a fire hose Read! Now read some more Credibility is everything Document, Document, Document Be consistent! Records and Information Management Administration IT Records and Information Management Risk Compliance Legal Physical Security Electronic What is Electronic Records Management? Records Management is the systematic process of analyzing and controlling data in all formats (paper, photographic, electronic) See #1 A Record is a Record is a Record Manage electronic records with or without an EDRM system See #2 Good is Good Enough Does ERM include Email? Yes Email creates an electronic document Email is the most difficult data to manage Email is the most prolific type of data Email is the most sought after data in litigation What about Duplicate and Draft Electronic Documents? Duplicates Replicates the content and functionality of the official copy May or may not be in same format or medium as the official copy Drafts Preliminary version of a document. May contain information that is omitted from or otherwise different than information contained in the final version When created in the preparation of company records, the final version is considered the official copy for retention purposes What are the Benefits of ERM? Financial Compliance Risk Operational Rewards REDUCE RISK INCREASE COMPLIANCE 1. Laws and Regulations 2. Policies and Procedures INCREASE EFFICIENCIES 1. Data Discovery 2. Information Lifecycle 3. Forms and Reports Management 1. Litigation 2. Reputation REDUCE OPERATING COST 1. Records Storage 2. Records Maintenance 3. Enterprise contracts and centralized management Where to Begin Build a Solid Foundation Foundation With or Without EDRMS Policies and Procedures Define Responsibilities – IT, RIM, LOB/User (see example) Define Your Approach Categorization (see example) Metadata RIM Credibility Policies and Procedures Must be written and published – – – – – – – – Company Ownership Retention of Company Records Duplicate Records and Drafts Destruction of Company Records Access to Company Records Protection of Vital Records Retention of Electronic Messages Media Handling and Disposal Policy See #7 Document, Document, Document Define Responsibilities for Each Policy and Procedure Information Systems and Technology (IS&T) Records and Information Management (RIM) Employee/Manager/Line of Business (LOB) See #7 Document, Document, Document Define Your Approach Example: Managing Email – – – – – Do nothing Keep everything forever Big Buckets – delete all messages older than 2 years Use mailbox quotas – force users to delete regardless of content Declare it a record and manage accordingly See #1 A Record is a Record is a Record Classification/Categorization SAM=Sales and Marketing ADM=Administration\Facilities Classifying products and standardizing descriptors also helps in finding it later Example of a classification “system” – Made up of codes (letters or numbers) UPC – Universal Product Code – Food, Health, Automotive parts Using Categories/Classification To: Dana Simpson From: Cindy Trinidad Subject: SAM Attachment:SWRGiftCards.pdf Dana, Here is the latest product idea for the southwest region. With your approval we will begin offering on Oct 1, 2010. Controlled Vocabulary A restricted list of words Used to categorize or label Ideal for Corporations where lots of people use the list (for use in metadata fields like “subject” of an email) Controlled Vocabulary vs Free Tagging See #8 Be consistent Hooray for Consistency! Taxonomy (Type of Controlled Vocabulary) The word actually means “The science of classifying/categorizing things” Hierarchical structure that share similar characteristics – Industry Financial Services – – – Banking Insurance Wealth Management Health Care Manufacturing Thesauri Type of controlled vocabulary that is very structured and provides relationships between words – – – Hierarchical (broadens or narrows a term) Associative (related but non-hierarchical) Equivalence (use – synonyms and near synonyms) Hierarchical Thesauri Shows how words relate as they broaden or narrow (start with a broad class and use narrow term - NT or broad term - BT to show relation) – Automobiles Cars – 2 door Red Trucks Associative Thesauri Related terms - shows relationships across hierarchies – – – Category (group, class, type) Class (category, group, rank) Type (category, class, kind) Equivalence Thesauri Synonyms indicating the preferred term – Aged person – Bovine – Use: elderly person Use: cow Home loan Use: mortgage Metadata Legal needs for ediscovery RIM needs for disposition IT needs for archiving Proves authenticity and ownership Provides guidance to consultants and system designers Provides a rich description of information (Who What When Where Why) Automate as much as possible Publish a controlled vocabulary or thesauri RIM Credibility Credibility=Trustworthiness and Expertise Program Credibility – Personal Credibility – – – Customized and comprehensive Know your stuff Know when to bring in experts Never over-promise or over-commit See # 1, 2, 3, 4, 5, 6, 7, 8 Standards ERMS Standards DOD 5015.2 – – – – Functional requirements for systems to manage electronic records This is the only standard we have Use this standard to find potential vendors then do your homework See # 3, 5 Do your homework. Just because it has feathers… Read! Now read some more Data/Content Management Storage Versioning Metadata Security Indexing Retrieval Workflow Collaboration Records Management Creation Maintenance Use Identifying Categorizing Archiving Preserving Disposition ISO ISO=International Organization for Standardization – – National Standards Institutes from 163 countries Made up of member bodies (subject) Technical committees are created TR and TS TR= Technical Report TS= Technical Specifications ISO 15489 ISO/TR 15489 -2 Part 1 General – specifies the fundamentals of records management and defines the results to be achieved Part 2 Guidelines – Implementation guide to Part 1. One methodology to accomplish ISO 15489-1 See #5 Read. Now read some more! TR48-2004 Framework for Integration of Electronic Document Management Systems and Electronic Records Management Systems – EDMS plus ERMS equals EDRMS ISO/TS 23081-1 (Metadata) Part I Principles – – – Information and documentation Records management processes Metadata for records Guide to: – – – – Understanding metadata Implementing metadata Using metadata All within the framework of ISO 15489 Narrow the Target Need to know… Determine data type within your organization – – Structured Unstructured Determine the risk of NOT managing Structured versus Unstructured (type of data) Databases SQL Oracle – – XML format (spreadsheet) Email Shared Drive Decisions Prioritize by Risk (review data map) – Big surprise here - usually turns out to be Email Define your approach To use ERMS or not Data Map of Email General Principles With permission - Slide created by Jesse Wilkins, Access Sciences Email management is part of time management Email is a medium, not an action Email should not be used for everything Email should be kept as long as needed – and no longer Who captures the message? With permission - Slide created by Jesse Wilkins, Access Sciences YOU have to capture an email: – – You receive from outside the organization You send, either internally or to someone outside the organization Designate someone to capture messages sent to groups/lists Emails that are not captured With permission – Slide created by Jesse Wilkins, Access Sciences Transitory messages that are not timely Personal messages unrelated to business “Me-too” messages Messages already captured by someone else Non ERMS Repository Mailbox Userhome or shared drive File drawer Trash ERMS Repository User categorizes mail – If it’s a record - Mail moves to content repository – If it’s not a record - Mail remains on server Mail is managed according to server rules Legal can perform ediscovery – Mail is kept according to retention schedule Place records on hold RIM can run reports and assist with managing According to AIIM - Association for Information and Image Management “…removing emails from the server and saving them to a repository isn’t enough. Email must be classified, stored, and destroyed consistent with business standards-just as any other document or record.” Foundation With or Without EDRMS Policies and Procedures Define Responsibilities Define Your Approach Categorization Metadata RIM Credibility