While the policy provides the roadmap, and the technology provides the underlying engine, the journey depends upon a series of individual contributions to ensure no one gets lost, runs out of fuel or crashes.
The concept of a journey is pertinent, since many organisations unfortunately focus only on the destination. They take the view that defining who has responsibility for what is a one off activity - once done, we're there - but the reality is this is not the case, since some people find they are not well suited to some responsibilities, others take on commitments that become more important or they don't have the right skills at the right time. They also get promoted, fired or leave. Roles have to be dynamic to deal with the various requirements of records during the lifecycle of their creation, usage and disposal.
To start to assign roles, it's best to take a step back and understand why anyone should want to define roles for records management. Is it for the sake of the data itself? No. Is it to reward (or punish) individuals for their contribution so far? No, or at least it shouldn't be.
There are two main reasons to clearly identify roles:
- To define to outside bodies - partners, customers, and legislative bodies - who has accountability for the practices that are externally defined and required to abide by codes of conduct, published guidelines and laws.
- To make clear internally where responsibility lies, partly for accountability, but more importantly for the efficiency and effectiveness of business processes.
For some organisations, too much emphasis is placed on accountability, and less on responsibility for getting things done in an effective manner. Understandably, this is not always a great motivator for the individual, and since the process depends on them, this is not a good starting point.
Accountability is, however, very important for external stakeholders - for example shareholders, school governors, government councillors etc - where explanations of actions and consequences have to be given. It is also vital where there are responsibilities defined by legislation, such as in data protection or privacy laws and other standards where compliance is mandatory. However, information and records are being managed for a purpose - to benefit the organisation in question - and those taking responsibilities for records management can significantly improve the effectiveness of business processes.
Rather than an obstacle, records management should be an enabler, so roles can be presented as positive information ‘curators' rather than simply ‘gaolers' or gatekeepers. Overall, these different roles are fairly similar in most organisations, although they are sometimes given different names to fit in with industry norms or to align to terms used in standards or legislation:
- - Content creators or owners, who have responsibility for ensuring that from the start, information is accurate, relevant and useful.
- - Records curators, who are responsible for the processes and practices of filing, storing, archiving, disposal and access.
- - IT curators, who provide the technical implementation of processes and practices necessary to safely and securely manage the information infrastructure.
- - Management, who are responsible for setting out the overall policy and ensuring that external responsibilities and accountability are met.
To see how this digital curatorship intersects with the business needs, it is useful to consider the lifecycle of electronic records, and what responsibilities apply at each stage. The importance of individual roles varies over the lifecycle of the records being managed, but each stage has important criteria that need to be addressed, and for which someone must be responsible:
- - Creation needs good practices to ensure accuracy, completeness and value in the content
- - Active usage requires suitable indexing or filing along with versioning for ease of access, and policies to control access for security, privacy and confidentiality.
- - Archival selection depends on assessments of usage and value, combined with the relative costs associated with online, nearline and offline storage systems.
- - Archiving has to take into account longer term business policies based on legislation, governance and continuity planning, balanced with preserving out of use information and data formats.
- - Re-use and mining of longer term information stores for future unpredictable uses requires hybrid labelling, referencing and metadata models to be developed and used.
- - End-of-life disposal or destruction ensures that policy decisions are carried out with finality within the timeframes dictated by legislative and industry best practices.
During each phase, all of the roles will play a part, and need to be orchestrated by the policies and practices set out by management to ensure that the organisation meets its obligations. But rather than a negative and restrictive regime, this can be approached from a positive and pro-active viewpoint. Even adherence to standards can be approached in a positive manner. The four key characteristics of records management identified for the BS/ISO standard 15489 are authenticity, reliability, integrity, usability. Or to put it in every day terms - is it real? Can it be trusted? Is it complete and un-tampered? Can it be used?
While these are requirements for compliance, they are also the cornerstones for effective use. Records management has to be seen as a positive benefit for the business, not simply seen as a way of punishing misdemeanours. This is important for the organisation, but more so to those individuals who take on the roles and responsibilities. It is their commitment that makes the processes work, and the correct application of available skills that will ultimately define success.
