Ten Years After: RIM Standards Evolve Slowly

By Gordon E.J. Hoke, CRM

 

Ten years ago, the tech world was still exhaling in relief and self-congratulations on dodging the Y2K bullet. Leading-edge records managers joined the techies, smiling that their fledgling stock of electronic records was largely intact; disaster recovery tactics went unused.

 

Bookmark and Share

 

In this heady environment, a group of records and information management (RIM) luminaries adapted Australia’s Design and Implementation of Recordkeeping Systems, better known to most as DIRKS, to worldwide applicability. In 2001, the International Organization for Standardization (ISO) published the international records management standard, ISO 15489-1 Information and Documentation – Records Management: Part I: General, and its complementary technical report, ISO 15489-2 Information and Documentation – Records Management – Part II: Guidelines, that remain an important reference and guide for measuring RIM success today.

 


ISO 15489

ISO 15489 Information and Documentation – Records Management is about the methodology, processes, and the resulting data storage or electronic records management system. Badly managed records and information have an impact across an organization on a number of levels, and whilst periodic assessment of data storage might not be number one on a list of fun things to do, its benefits can make a huge difference in a competitive market. The guidance contained within ISO 15489 bears this premise at its core.

Companies achieving ISO15489 compliance will be able to demonstrate an approach to file management that’s recognized internationally as being at the forefront of best practice.

  The documents that comprise the ISO 15489 are split into two sections:

  • Part 1 takes a general overview of records and information management and examines the principles and methodology behind its adoption.
  • Part 2 is more involved with the practicalities of moving towards records management compliance. It provides an in-depth, often step-by-step approach to implementing electronic records and information management.
ISO 15489 states that records management includes:
  • Setting policies and standards
  • Assigning responsibilities and authorities
  • Establishing and promulgating procedures and guidelines
  • Providing a range of services relating to the management and use of records
  • Designing, implementing, and administering specialized systems for managing records
  • Integrating records management into business systems and processes

 

Eight years later, ARMA International published its Generally Accepted Recordkeeping Principles® (GARP®), which owes much to ISO 15489. To call it derivative is not quite accurate. Think of it more as a re-interpretation that reflects the changes, the evolution of RIM over a 10-year period.

 

 

That GARP® and 15489 have much in common is not surprising. The discipline of records management dates back, at least, to 4th Century BCE, and it evolved slowly, befitting its heritage and longevity. Unlike practices based on ephemeral developments, RIM wears technology like a runway model at a fashion show: She shows dress after dress, but the walk never changes. Records’ value is in the content, not the visible format or medium. The best practices of records management evolve with the needs of the records users, and those practices morph slowly over the years. Records managers rarely say, “Gee whiz!” to mercurial novelty.

 

(It is possible that the current buzz words, such as cloud computing, Web 2.0, and others that rapidly multiply the entry-points and touch-points for records, may accelerate the evolution of RIM, but that is prognostication.)

 

Ten years offer only a narrow perspective of changes in RIM practices. Nonetheless, there is value in comparing ISO 15489 and GARP®. The differences help us see how the role of the records management professional has changed.

 

There is considerable, basic congruence between ARMA International’s GARP® and ISO’s 15489. Six fundamental areas overlap: availability, retention, disposition, protection, compliance, and integrity. While the wording varies a bit, ARMA International and ISO agree on these, basically.

 

Both encourage improvement, not perfection. Each records program, no matter how good or bad, can get better. Improvement, however, can be subjective and ill-defined without measurements. These standards provide benchmarks for realizing RIM programs’ growth. The GARP® Maturity Model is a facilitating measurement tool.

 

As for differences, ISO 15489 lacks GARP’s® first two principles. Accountability and transparency describe RIM’s governance and explicitly stated organization, policies, and strategies. This is analogous to metadata. It is not about the mechanics of keeping records, but, rather, the structure, politics, budget, and administration of organizing and sustaining records’ usefulness within an organization.

 

GARP’s® addition of accountability and transparency to the canon reflects the different roles records management filled in organizations in 2000 (when 15489 coalesced) and GARP’s® natal year, 2009. At the millennium, records management was a disciplined service. It was largely paper-based, and its roots in library science were apparent. By 2009, it was RIM, a technology-infused hybrid striving for recognition as a full-fledged corporate component, parallel to legal and finance.

 

While GARP® presents two unique principles, ISO 15489 offers guidance in two areas that GARP® largely ignores.

 

First, ISO 15489 addresses risk management, articulating the use of records management to measure and reduce organization’ risks. GARP®, and its derivative Maturity Model, imply that as recordkeeping practices grow in scope and sophistication, organizations will inherently lower their records risk. However, it offers no guidance for the kinds of decisions that records managers make regularly, balancing needs and costs to find an acceptable level of risk.

 

Similarly, ISO 15489 gives considerable attention to records management’s role in organizations’ operations. It requires records programs to continually contribute to the improvement of business processes. This tends to cost-justify a records program based on improved efficiency. GARP® alludes to improved operations in its principle of availability, but the Maturity Model mentions return-on-investment only at the highest, or transformational, level. Making the case that implementing GARP® makes good economic sense requires help from 15489.

 

In a decade, the discipline of records management “rose from the basement to boardroom,” to quote ARMA workshops. While still a business service, today’s records leaders carry consultative and strategic responsibilities as well. Part of GARP’s® raison d’être is to give chief records officers a tool, language, and model easily understood by other management professionals. Intentionally, GARP® was modeled after the financial world’s Generally Accepted Accounting Principles. It is both content and packaging. In 2000, such a need was only a glimmer.

 

ISO 15489 and GARP® are complementary – different, but without contradiction. Both serve records managers well. In 2010, records programs need to meet internationally accepted standards more than ever. Simultaneously, records managers strive to make their programs, as GARP® puts it, transformational. The RIM program that subscribes to both GARP® and ISO 15489 will be full-featured and effective.

 


GARP ®

It has not always been easy to describe what “good recordkeeping” looks like. Yet, this question gains in importance as regulators, shareholders, and customers are increasingly concerned about the business practices of organizations.

ARMA International recognized that a clear statement of “Generally Accepted Recordkeeping Principles®” (GARP®) would guide:
  • CEOs in determining how to protect their organizations in the use of information assets;
  • Legislators in crafting legislation meant to hold organizations accountable; and
  • Records management professionals in designing comprehensive and effective records management programs.

    The GARP® principles identify the critical hallmarks of information governance, which Gartner describes as an accountability framework that “includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” As such, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. Multi-national organizations can also use GARP® to establish consistent practices across a variety of business units.

Read more on GARP® and the Maturity Model for Information Governance at www.arma.org/garp/index.cfm.

 

Gordon E.J. Hoke, CRM, can be contacted at ghoke@mindspring.com or http://gejhoke.googlepages.com.