For example, ISO 15489-1 says in section 7.1 that to support the continuing conduct of business, comply with the regulatory environment, and provide necessary accountability, organizations should create and maintain authentic, reliable and useable records, and it should protect the integrity of those records for as long as required.To do this, organizations should institute and carry out a comprehensive records management program, which includes determining what records should be created in each business process and what information needs to be included in the records, thus ensuring that records are retained only for as long as needed or required.
General RIM concept standards aid in establishing a RIM program. They include requirements and guidelines for basic RIM principles, such as records retention and disposition programs, inactive records management, active records management, and the care and handling of recordkeeping media.
Establishing Alphabetic, Numeric, and Subject Filing Systems – aids in the selection and application of a filing system that will enable users to retrieve information. It describes three principal systems: alphabetic filing, subject filing, and numeric filing and contains standard rules for indexing alphabetic data.
ARMA TR01-2011 Records Center Operations, 3rd Ed. – assists organizations with selecting an appropriate records center site and designing, equipping, staffing, operating, and managing a records center. Additional sections discuss vaults, security, records center software, and commercial records storage facilities.
Contracted Destruction for Records and Information Media (ARMA International) – identifies the critical components that must be addressed so no records or information in any format are compromised during any part of the destruction process. It is designed to guide organizations when contracting for destruction services.
Glossary of Records and Information Management Terms, 3rd Edition (ARMA International) – includes nearly 500 terms from numerous disciplines that have an impact on the profession. [Editor’s Note: The fourth edition of the glossary is set for publication this fall.]
Guideline for Evaluating Offsite Records Storage Facilities (ARMA International) – assists organizations with evaluating storage needs, determining whether business practices make outsourcing the best decision, and assessing the ability of vendors to meet storage requirements. Guideline for Outsourcing Electronic Records Storage and Disposition (ARMA International) – provides information to assist organizations in making decisions about outsourcing electronic records storage, retrieval, disposition to third-party providers and evaluating and selecting a service provider.
ISO 18923:2000 Imaging materials – Polyester Base Magnetic Tape – Storage Practices – provides recommendations concerning the storage conditions, storage facilities, enclosures, and inspection for recorded polyester base magnetic tapes in roll form. It covers analog and digital tape and includes tape made for audio, video, instrumentation, and computer use.
NIST SP 500-252 Care and Handling of CDs and DVDs – A Guide for Librarians and Archivists – provides guidance on how to maximize the lifetime and usefulness of optical discs, specifically CD and DVD media, by minimizing chances of information loss caused by environmental influences or physical handling.
NIST SP 800-88 Guidelines for Media Sanitization – assists in implementing a media sanitization program with proper and applicable techniques and controls for decision making when media require disposal, reuse, or when they will be leaving the effective control of an organization.
Retention Management for Records and Information (ARMA International) – provides guidance for establishing and operating a retention and disposition program.
RIM Technical Issues
RIM technology standards are appropriate for managing the technical aspects of RIM programs. They include requirements and guidelines for electronic records issues, digitization programs, recordkeeping issues resulting from the use of Internet and intranet, and recordkeeping issues resulting from the use of new technologies.
ANSI/ARMA 19-2012 Policy Design for Managing Electronic Messages – sets forth the requirements for a policy guiding the management of text-based electronic messages or communications (including e-mail [and related attachments/metadata], instant messaging, and text messaging) as records throughout their life cycle.
ARMA TR-02-2007 Procedures and Issues for Managing Electronic Messages as Records – addresses concerns typically confronted during the implementation and management of any text-based electronic messaging system or communication, such as e-mail or instant messaging, not including voice mail. [Editor’s Note: This technical report is undergoing revision and is scheduled for publication during summer 2013.]
Controlled Language in Records and Information Management (ARMA International) – describes what controlled language is and how it benefits organizations by reducing search time and increasing the reliability of search results, improving organizational communication, avoiding duplication, and reducing corporate risk exposure in legal and other discovery processes.
ISO 10244:2010 Document management – Business process base lining and analysis – specifies the detailed information associated with the activities organizations perform when documenting existing work or business processes (business process base lining), defining the level of information required to be gathered, methods of documenting the work or business processes, and the procedures used when evaluating or analyzing the work or business processes.
ISO 23081-1:2006 Information and documentation – Records management processes – Metadata for records – Part 1: Principles – covers the principles that underpin and govern records management metadata.
ISO 23081-2:2009 Information and documentation – Managing metadata for records – Part 2: Conceptual and implementation issues – establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1:2006.
ISO 13008:2012 Information and documentation – Digital records conversion and migration process –provides guidance in understanding recordkeeping requirements, the organizational and business framework for conducting the conversion and migration process, technology planning issues, and monitoring/controls for the process. [Editor’s Note: This publicationssupersedes ANSI/ARMA 16-2007 The Digital Records ConversionProcess.]
ISO/TR 13028:2010 Information and documentation – Implementation guidelines for digitization of records –establishes guidelines for creating and maintaining records in digital format only and establishes best practice guidelines for digitization to ensure the trustworthiness and reliability of records.
ISO/TR 22957:2009 Document management – Analysis, selection and implementation of electronic document management systems (EDMS) – presents a recommended set of procedures and activities that are advisable when performing analysis, selection, and implementation of project phases associated with electronic document management systems technologies.
ISO/TR 26122:2008 Information and documentation – Work process analysis for records – provides guidance on work process analysis from the perspective of the creation, capture,and control of records.
Legal, Protection, and Preservation RIM Issues
These publications include requirements and guidelines for meeting legal and regulatory obligations, protecting records and information from loss or damage, and preserving records and information of historical value.
ANSI/AIIM TR31-2004 Legal Acceptance of Records Produced by Information Technology Systems – addresses laws that affect personal or business recordkeeping practices. In particular, it addresses laws containing recordkeeping provisions that require records to be kept available for government audit, require records to be submitted to the government, or establish the form of records.
ANSI/ARMA 5-2010 Vital Records Programs: Identifying, Managing, and Recovering Business-Critical Records – sets the requirements for establishing a vital records program including requirements for: identifying and protecting vital records, assessing and analyzing their vulnerability, and determining the impact of their loss on the organization.
ANSI/ARMA 18-2011 Implicationsof Web-Based, Collaborative Technologiesin Records Management – provides requirements and best practice recommendations related to policies, procedures, and processes for an organization’s use of internally facing or externally directed (public or private), web-based, collaborative technologies such as wikis, blogs, mash-ups, and classification (tagging) site.
Guideline for Evaluating and Mitigating Records and Information Risks (ARMA International) – provides a framework for establishing systems to evaluate information risks and describes a process for framing a risk management system using a risk quadrant of administrative risks, records control risks, legal/regulatoryrisks, and technology risks.
Guideline for Outsourcing Electronic Records Storage to the Cloud (ARMA International) – addresses information management issues related to cloud-based records storage, including benefits and risks of using cloud-based records storage, how to mitigate legal risks, issues related to retention, disposition, privacy, and security, standards and best practices, and vendor selection.
ISO 11108:1996 Information and documentation – Archival paper – Requirements for permanence and durability – contains requirements for unprinted archival paper intended for documents and publications required for permanent retention and frequent use.
ISO 19005-1:2005 Document management – Electronic document file format for long-term preservation – Part 1: Use of PDF 1.4 (PDF/A-1) – specifies how to use the portable document format (PDF) 1.4 for long-term preservation of electronic documents.
ISO/IEC 27002: 2005 Information Technology – Security techniques – Code of Practice for Information Security – establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. It outlines objectives that provide general guidance on the commonly accepted goals of information security management. [Editor’s Note: This was formerly numbered ISO 17799:2005.]
ISO/TR 15801:2009 Document management – Information stored electronically – Recommendations for trustworthiness and reliability – describes the implementation and operation of document management systems that can be considered to store electronic information in a trustworthy and reliable manner. (ISO)
NFPA 75 Standard for the Protection of Electronic Computer/Data Processing Equipment – provides the minimum requirements for the protection of electronic computer/data processing equipment and computer areas from damage by fire or its associated effects.
NFPA 232 Standard for the Protection of Records – provides requirements for records protection equipment and facilities and records-handling techniques that provide protection from the hazards of fire.
NIST SP 800-34 Contingency Planning Guide for Information Technology System – assists organizations in understanding the purpose, process, and format of an information system continuity plan development through practical, real-world guidelines. It provides guidance to help personnel evaluate information systems and operations to determine contingency planning requirements and priorities.
Records Management Responsibility in Litigation Support (ARMA International) – helps records managers identify the steps of a typical litigation and defines their roles in the process.
Website Records Management (ARMA International) – explores how information posted on websites may constitute records. It offers records and information management advice and best practices recommendations for managing website records.
Evaluating the RIM Program
Standards provide a benchmark for evaluating RIM practices based on proven best practices from a variety of sources. They can create measurable methods of accomplishing work processes and tasks and allowing interoperability and compatibility of equipment and products.
Just as when developing or enhancing a RIM program, when evaluating the program, standards should be considered a basic resource. Even if not required by a regulatory body or governing requirements, organizations should consider adopting pertinent standards, guidelines, and technical reports as internal requirements and as benchmarks against which to assess their RIM programs.
Download the complete PDF version here.
Virginia A. Jones, CRM, FAI, can be contacted at email@example.com.
From July - August 2012