Print

Print


>I’d like to invite you to share your experience in using standards (or similar >resources) for the promotion of RIM.

Hi Natasha-

Thanks for asking this question, and I'd like to state the examples you cited relative to DoD 5015.2 and ISO 17799 as excellent opportunities (in the correct business climates) to promote RIM's added value to an organization.

A part of the problem in being able to use these (and other Standards) alone to bolster RIMs case in business is increasingly, we are seeing organizations that do not have formal RIM Programs, but rather, may have someone with the title "records manager" that is in some quasi-administrative role and may not have a strong understanding of the field of records management.  They may have advanced up the ranks in their organization due to a "time in grade" scenario and over time, have a few employees reporting to them, and have been assigned a title without having formal responsibilities or training enabling them to seek to promote the value of the function to their organization beyond managing the physical assets, and responding to requests in a reasonable time frame.

This is not intended as an attack on people in those roles, as I see them as viable Records Managers and think they should be able to gain the skills necessary to allow them to rise to that next level, and this is part of what I believe ARMA is trying to achieve through the development of the "Strategic Radar Screen of Issues" that was drafted a few months ago, and is still being refined.  There are a limited number of viable "tools" available to people in these positions to address the need for RIM to be a part of the development of policies and best practices related to the management of information assets within their organizations... and hopefully, this will be remedied.

As you have mentioned, the use of standards is one way of accomplishing this... especially in organizations where there is heavy regulation of practices, processes and products.  To a large degree, the success or failure of these types of organizations depends on their ability to prove how well they've managed their processes and how it's documented, and what better way to achieve this than through a well-established RIM Program?

>DoD 5015.2 standard (2002 edition) is my favorite...and in detail explain that >the Records Manager is the true boss of the electronic records management >system.

While there is a lot ot truth in what you've said here about DoD 5015.2, the ability to gain the greatest success in dealing with this is not to present the case in the manner of "who the boss is", but in what the benefits to the organization are of assigning the responsibility of the function to a specific department, to achieve greater consistency, compliance and control.

The problem is, in many cases, IT is the department who is assigned this responsibility, which is sort of like putting the "fox in charge of the henhouse", in that they are not frequently familiar with the laws, regulations and/or statutory requirements related to the retention and most of their decisions on the management of information are incorrectly based on a combination of chronological age and frequency of access.

>One more standard may be useful. It’s the respected by the IT community ISO >17799 “Code of practice for information security management. And there is >section 12.1.3 “Safeguarding of organizational records” (p.61) which every IT >person definitely should read!

And they MAY read it, but that doesn't mean they will interpret it as we might. =)

There are other standards that are of value to furthering the position of the RIM Program, and they include:

ANSI/ARMA 5-2003 "Vital Records: Identifying, Managing and Recovering Business-Critical Records"

NFPA 232-2000 "The Standard for the Protection of Records"


NFPA 75-2003 "The Standard for the Protection of Electronic Computer/Data Processing Equipment"

UL 72 "Tests for Fire Resistance of Record Protection Equipment"

ANSI/ARMA 9-2004 "Requirements for Managing Electronic Messages as Records"

ANSI/AIIM TR31, Parts 1-4 "Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems"


ISO 15489 "Information and Documentation- International Records Management Standard"

ISO/DIS 18921.2 "Imaging materials -- Compact discs (CD-ROM) -- Method for estimating the life expectancy based on the effects of temperature and relative humidity"



ISO/DIS 18925.2 "Imaging materials - Optical disk media - Storage"



ISO/DIS 18927 "Imaging materials -- Life expectancy of information stored in recordable compact disc systems -- Method for estimating, based on effects of temperature and relative humidity"



The object is to evaluate these standards and determine IF they are applicable to your organization and HOW they should best be applied to the advantage of the organization, then to come up with a plan for implementing them, citing them as the need for developing policy and best business practices to take advantage of the guidance they offer.


Larry

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance