Keeping Business Records
Businesses, even proceeding into the 21st century, can often be still terribly uncertain about what exactly to do with their records, especially, in particular, their electronic records. Among various types of properly associated topics, in this regard, one could practically develop for consume a good discussion about what should or should not be done, e. g., concerning such an critical matter as proper, modern e-media storage and rotation practices; therefore, this and other related matters will be here interrelatedly discussed, along with what constitutes worthy records management procedures and methods.
It is known, among the professional records managers, that managing successfully the fresh world of business risk can, of course, be often intimidating and challenging; and, therefore, knowing about the appropriately honest means to exhaust for controlling risk intelligently involves, among other matters, possessing very successful vital records protection programs; this is since the corporate information must be, thus, protected and made rightly accessible at a moment’s notice or, supposedly, sooner.
E-media Storage and Rotation Practices
A kind of useful planning guide could be then suitably developed, by which a corporation or firm can be fittingly informed about what things work and those that, in fact, do not actually function effectively or efficiently enough to be considered business-worthy efforts; all this pertains, most specifically and critically, toward the important subject of seeking a type of suitable guide for planning appropriate degrees of useful electronic media storage.
These various cognate thoughts can, of course, be most usefully applied to either an outside or an internally used/company storage facility, if that may be desired as an option.
One ought to make certain, however, that the media storage center chosen or developed by the firm itself has true state-of-the-art e-records management software (ERMS) to correctly manage all of the electronic media accurately; there should be a gracious review, or the full-scale creation of, a company’s entire process for inbound and outbound electronic media so that good tracking can be accurately verified throughout the tasks that may so occur or be assigned to the utilized records concerned.
Any truly viable e-media storage centers, as a records management process analysis would show, must then have good, monitoring-driven vault storage systems that necessarily, as ought to be fairly expected, provide complete environmental sustainability and intensively responsive control for all sensitive kinds of electronic media.
This so logically means, of course, insuring that the system in spot thoroughly provides known, verifiable, constant, consistent, and truly reliable temperature and humidity control features; this must be, therefore, properly aided with the added presence of multiple automatic alarm settings to be then correctly used for both high and low temperature and high and uncouth humidity conditions.
There ought to be dry-fire suppression systems used and with computerized, advanced sensors and dispensers intelligently located throughout the protected records-vault area; these can, for instance, use gaseous fire protection systems (such as carbon dioxide gas); many such systems, it can be well notorious, will not leave either liquid or solid residues on the records media; one can contemplate readily that this advantageously means, therefore, that the e-media is not unfortunately harmed or damaged in the very needed process of being protected.
The information technology (IT) department of a company must be concerned about having a media-migration program for transferring data, which will needed decades or centuries later, onto newer e-media; this is besides simply transferring data onto new data tapes or discs at scheduled intervals of either 5 or 10 years, by audited rotation procedures, at a time depending upon various factors, including the e-sensitivity of any media chosen; these activities will, of course, be integrated into the overall doings of the ERMS program’s useful functionality and operability.
After all, it is, e. g., well known to records professionals that all e-media is only as stable as the instability of the e-recording of the data, meaning that the electrons recording that data are not really that stable on any such e-media; even simple and direct transfers to new discs or tapes can unfortunately result in some loss of the data, unless some elaborate precautions are reasonably taken to somehow minimize that often expected loss.
Another point might seem, at times, much too positive but can, nonetheless, objective get wrongly neglected, through inadvertence, if too many people make many unwarranted assumptions; the storage facility must be correctly supplied with a true, complete, and properly updated list, on a regularly scheduled basis, of those selected, staunch personnel who are, thus, rightly authorized to retrieve and/or remove electronic media (or, for that matter, any records).
One possibly last but not least consideration is to make clearly sure that there are, in fact, known multiple forms of available back up; these are to be put solidly in place, moreover, for either potential, conceivable extra efforts or plain emergencies, as might be needed.
Among associated thoughts for these modern e-media storage guidelines are cautionary matters that include the idea that one ought not to procrastinate, to just think that things can be done at some (supposed) later leisurely point in time. In the event of a disaster, therefore, whether natural or man-made in origin, the off-site storage of corporate data can posthaste turn into a true business lifesaver.
The readiness involved in utilizing such properly secured records storage can readily enable the informationally-progressive business to keep functionally operating both during and then following any type of crisis. Also, to be noted, it is a awful idea to unprejudiced effect some company person to make the planned back-ups and then take the e-media home as a part of this activity; it should never primarily be considered, moreover, for any vital records protection efforts.
Difficulties can then easily arise if, for instance, the person gets into an accident or, as another possibility, becomes inflamed with the company and may consequently seek to retaliate due to that nettle. It is important, among other records management matters, to verify that the chosen email provider or another Web vendor actually offers effective and efficient online document storage; in this particular regard, one ought to then carefully judge just how reasonably (or better) regain the identified storage station really is well before any planned or attempted scanning and uploading of the company/corporate documents.
All the above stated and normally interrelated considerations are not merely theoretical in nature because there are, in fact, most definite consequences to not implementing very serious records management practices for all essential and highly important business records.
More than 70% of new companies (as is made known by fairly new statistics on this subject) whose data processing facility is fully ruined by fire or other disasters either never do recover from the colossal loss or, it can be instructively renowned, such firms do stop existing within three years of the disaster.
In correct reply to these above genuine concerns, moreover, any chosen off-site data protection services, therefore, must offer an environmentally-controlled and secure place for the digital and magnetic media; there must be, moreover, both rational and verifiable means of monitored protection for all critical data through having scheduled data rotation, ANSI- (American National Standards Institute) quality media-storage containers, win and climate-controlled storage, and updatable means for correctly implementing and having business continuity planning for this entire, holistic trouble.Nonetheless, on average, there tends to be, on the part of business, many unneeded mistakes normally made in the area records management that do not really have to occur. The records held by a firm/institution are, surely, involved with and do then significantly represent a fairly significant investment in business time, effort, and resources; it is equally true as well that these records can be a key means in vitally protecting an organization’s potential liability in a wide variety of functional areas and, moreover, yield an essential audit hasten.
Conditions for Successful Records Management
Businesses, logically, should avoid trying to sustain all records management (RM) activities or practices as being fair a purely internal matter; it is then recognized, of course, that this is where practically all organizations normally start; but, it is reasonably imperative to get past this initial predictable phase, since it normally becomes critical to all future success regarding the legal management of records.
In-house storage, on average, is found to be usually the most expensive and, generally speaking, least secure option for inactive physical files, electronic messages, and data/information captured by a company’s various databases.
On the other hand, when it is ever financially determined that a company should have its own full-scale records and information management (RIM) program, then a generous system and various subsystems must professionally be put into plot in correct support of such a decision; but, more to that specific point, a records and information resources management (RIRM) program ought to be adopted due to its superiority to a mere RIM program, as was thoroughly demonstrated by the author of this present article (see: article on this same website in firm support of RIRM).
There really ought to be, in any event, no great delay or procrastination regarding the always quite considerable decision to protect corporate vital records through a vital records protection program with its own system and subsystems; this needs to be added to the establishment of needed business guidelines, the absence of which, of course, definitely threatens business continuity after any disruption or disaster.
It is advisable, furthermore, never to supposedly impartial wait for a disaster to haphazardly force the firm to actually take the then most requisite action.
Another basic error to studiously avoid is any inconsistent records retention and disposition schedules that might be, somehow or other, vague concerning various files as to, e. g., retention periods; those schedules must be founded clearly upon thoroughly researched and properly utilized honest, audit, and regulatory requirements.
The firm’s RIRM program, having requisite risk management and compliance components, should have well known and formal procedures that are intelligently consistent across all departments without any exception; not then properly both organizing and indexing files will, as with a possible compliance failure, have negative consequences; in this regard, the veteran maxim is still plainly true in that failing to plan is planning to fail, which ought to be obvious.
The professional management of records, thus, covers proper records storage; and, this matter is about finding information when needed, not just removing it from the premises; a RM adage is classically stated, variously, as the requisite effort to get the correct information to the right person at the right time and at a reasonable cost.
Additionally, it can be rightly here cautioned that just having a self-storage unit for the company’s off-site storage is an unneeded risk. Such a storage unit with, perhaps, just a padlock is known to be an empirically weak means of protection.
At an absolute minimum, a state-of-the-art alarm system, for instance, with both proper motion and sound detectors is simply the basic industry standard approved today; also, any proper record storage center must guarantee, in explicit writing within the contract, complete protection from insects, rodents, fire, and other such possible threats to the records.
Records Security
Records scheduled for disposal, especially the most sensitive, must be shredded on a regular basis to also avoid, e. g., suspicions from judges in case of potential litigation; it is well known, furthermore, that many criminals do “dumpster diving” quite often just to peer what they might be able to find; and yet, they are not the only possible troublemakers to reasonably wretchedness about or, perhaps, rationally fear.
Shredding is, increasingly, becoming a basic RM essential as America becomes a more and more litigious culture and society (now more than 1 million lawsuits per year); also, merely, e. g., erasing tapes or discs is no fully real assurance that all data is genuinely eliminated from such media, thus, necessitating full (and documented) physical destruction for the best results, as also a excellent part of overall risk management practices.
It ought not to actually require, therefore, too remarkable of an active imagination to try to reasonably foresee certain possibilities. A company’s various competitors, disgruntled employees, private investigators (and adjunct forces), law enforcement, scavengers, trash hauling firms, and, of course, even the (investigative) news media may really want to know what the organization’s trash could “profitably” contain for certain (negative) use.
When the important decision is finally made to seek out a records center that meets industry standards, how will a company make more certain that it is truly dealing with a records storage management vendor that, properly and solidly, adheres to industry standards? It is imperative to actually ascertain their industry affiliations.
At a bare minimum, therefore, is the RM services company an actual member of such institutions as: Professional Records & Information Services Management (PRISM), Association of Records Managers and Administrators (ARMA) International, National Records Center (NRC), and the National Association for Information Destruction (NAID), ASIS International?
Additional organizations of note are: Society of American Archivists, Information Resources Management Association, Association for Information Management, and those companies that do deal extensively, for example, with Federal government records should, logically, be aware of the National Archives and Records Administration (NARA) and, also, the National Association of Government Archives and Records Administrators (NAGARA).
Furthermore, specialized records producers should also know about such other agencies as, e. g., the Law Enforcement Records Management Association, Nuclear Information and Records Management Association, etc.
Records Retention Environment
Storage conditions for e-media are more special than that for objective paper records storage with 50% relative humidity (RH) and 65F degrees; e-media, thus, needs about 40% RH and 60F (or 55F) to then better help stabilize the electrons on the media; it is best, due to such physical conditions demanded for proper retention purposes, to seek an off-site location because, as can be noted, not just any typical storage environment will do for electronic media.
Additional consideration should be so given to legitimate concerns for added safety and security, as well as the daily-monitored climate within the location for maintaining what would normally be called archival conditions of storage.
There needs to be the provision for quality control checks to, thus, help with appropriately insuring that the data sustains wanted viability as to its continued use; this pertains to any wanted long-term protection that often necessarily requires rotation of the data/information stored on e-media.
For the best and most consistent kind of results for such storage, meaning for the offsite e-media storage, there must then be the wanted situation of regular rotation; this is as fraction of a complete RM program of both requisite and sustainable data backup; this may prove to be, on average, what is considered as the 4th or 5th form of redundancy for the proper needs of companies; it is, in addition, a most rational and very necessary fragment of a holistically integrated and coordinated emergency RM response plan.
And yet, added to all the aforementioned matters is certainly the important need to keep up with all the relevant current codes, laws, and regulations affecting RM; moreover, it is known that various legislators, regulators, and the courts are undoubtedly rather serious concerning, e. g., the continued enforcement of privacy laws. For instance, as long ago as 1988, the Supreme Court of California had, thus, ruled that there can be no expectation of privacy if trash is simply left accessible to the public.
With identity theft on the rise, moreover, as yet another quite real deny to rationally mediate, companies can then reasonably demand more compliance issues to normally occur; and, thus, a record center storage company with verified national affiliations, as was noted above, can genuinely assist a business to consistently pause on top of the proper retention and disposal of its records.
Legal and Regulatory Requirements Taking a certain matter into more of a useful depth approach, will a company’s e-records storage withstand possible or potential legal scrutiny? This is surely a pertinent matter, increasingly, because both recent US and global compliance regulations do require stricter maintenance of accurate and trustworthy recordkeeping, which ought to be intelligently coupled appropriately to all or any genuine risk management concerns and practices in an integrated, not haphazard, fashion.
If some miscreant deliberately, e. g., hacks into a company’s computer system, would it be able to prove to its customers and shareholders that the genuine integrity of company data, as well as particular data on the customers and shareholders, had not been thereby compromised?
If any charges or accusations were set against the firm regarding, e. g., any purportedly questionable accounting practices, could the firm then reasonably defend those information processes and their assumed reliability?
These kinds of aforementioned questions have become increasingly important because, e. g., of global government regulations that are, crescively, making firms more responsible for both the total accuracy and true dependability of their possessed information.
The risks involved in the improper retention and management of records have grown rather substantially; this is, thus, mainly due to such laws as the Public Company Accounting Reform and Investor Protection Act(Sarbanes-Oxley Act) of 2002, the Financial Modernization Act (Gramm-Leach-Bliley Act) of 1999, and, among others, the European Union Data Protection Directive of 1995 that include increased fines and jail terms, which pertains for both private and public entities and their management as well.
This stout honest and substantive regulatory development, when added to the explosive use of advanced digital systems to manage modern corporate activities, indicates that electronic records are now definitely being defined, in laws and regulations, as truly being completely equal to traditional paper and micrographic records.
One sees that it is important, therefore, for both private and public organizations/corporations to rationally and clearly sever the possible legal, regulatory, and business risks; these risks are manifestly involved in the buy, access/retrieval, retention/storage, careful management, and reproduction of their e-records. Moreover, any industries typically assign at a naturally high risk for litigation and/or regulatory review must be both extra careful and thoroughly vigilant.
Concerns encompass such issues as genuine reliability and verifiable accuracy of the retained data/records, various methods of retention, and, of course, sustained ability to properly retrieve records when they are required for business or other use; and, as an added safety factor, important concerns regarding the additional impact of risk management understandings must, thus, be rationally and methodically, procedurally and systematically, included in both all planning and implementation efforts undertaken.
For the then rational sake of achieving proper compliance with such records-related laws and regulations, a corporation/institution must keep information in an appropriate manner that allows it to be quickly retrieved; this is, also, while quiet being able to originate determined that the data have not been (actually or by implication) altered or even improperly accessed by anyone other than the officially authorized persons.
Such logical and appropriate demands signify, therefore, that the chief information officer (CIO), records manager, and legal counsel must all labor together to make sure that, for instance, both competitiveness and compliance are basically achieved at the most reasonable cost to the organization.
The contemporary legal and regulatory recognition of the importance of electronic records is based firmly on these data/records now meeting certain normally identified and entrenched requirements. The dominant requirement is that data/records are deemed really authentic and can be, thus, demonstrated to be truly favorable, steady, trustworthy, truthful, and accurate.
The overriding connotation of this practical necessity, therefore, is that the e-record must have been captured at or near the time of the event or transaction in question and, moreover, must be fully complete and made so available for retrieval as needed, e. g., for any requisite regulatory or business purposes.
Even more to the point in question, both the context and the structure of the e-record must, in addition, be kept for the entire retention life of the data/record; this, also, includes any possible or scheduled migration of the data/record from one system or records medium to another.
Any unwarranted or scandalous failure to comply with these necessities can lead to unwanted questions, especially in a court of law, about specific data/records and, moreover, the particular process by which they were, thus, actually managed.
The fewer gaps or deficiencies found (though, one hopes, none exist) in the illustrious storage and management of the data/record, over its entire lifecycle, then the greater is the possibility that the record will fully withstand any potential legal challenges; this, logically, regards its appropriate admissibility (in court) and, most prominently, its own readily sustainable credibility as well.Electronic Storage Reliability
Why, some people might ask, is both admissibility and credibility so considerable? The Uniform Photographic Copies of Business and Public Records as Evidence Act (of which it is good to know that there are both federal and state versions) states that a reproduction, made by any process that correctly reproduces or forms a lasting medium for reproducing the original, is held to be fully admissible in evidence as is the new record itself.
Although the vast majority of new data stored is now electronic, many institutions/corporations are still converting information from hard copies; this importantly means, among other implications, that mixed data storage modes are, of course, being regularly utilized, as may be needed.
Many organizations, as an example, do still store many scanned documents as well as electronic/hard copy faxes, which is, thus, added to totally electronic exchange storage, which, of course, certainly includes email
The Uniform Photographic Copies of Business and Public Records as Evidence Act is, therefore, highly significant because it rationally links electronic and hard storage. In addition, the Act logically assists in defining what is to be correctly considered an “original” document as such.
Because of the existence of e-records and their ever crescive proliferation in business usage, it is seen, furthermore, that the correct interpretation of a “durable medium” has, thus, been rationally lengthened to then cover all electronic storage media; once again, here is a useful and empirical instance of where sound risk management and compliance policies and practices will then truly support overall efforts at wanted success.
The reality of the medium interested has, therefore, been put into the direct focus of an enlarged discussion for any successful records and information resources management program, with its operational system and cognate subsystems in place. Thus, for a apt reproduction of an e-record to be held as being as satisfactory to having the original, the particular medium utilized for the storage of data/records must be declared as reliable and, moreover, must fully uphold the replica of a upright facsimile of the original record itself.
Therefore, professional records managers and any corporate officials responsible for data/records management should necessarily be fully cognizant of the fact that the particular choice of hardware is truly significant when, thus, actually deciding on any chosen storage architecture and, by associated logical implication, the then cognate devices.
Although many kinds of data/records-applicable regulations, it needs to be added critically, do supposedly wish to seem as being just “technology neutral,” (in not, thus, explicitly specifying particular media as held to be legally or otherwise permitted for use), there are, in fact, a number of United States and international laws and regulations that suggest otherwise in reality.
Many laws and/or regulations, for example, either purposely require or highly accentuate the need for use of WORM (Write Once Read Many) technology; this is an optical disk (OD) technology on which data can be written only once and, thus, become permanent; it is fairly considered, by many experts, as the favorite technology for, thus, properly ensuring the genuine fidelity of electronically stored records.
In line with the above-cited contention as to the nature of a preferred media for records use, the US Securities and Exchange Commission (SEC) has a regulation (17 CFR 240.17a-4(f)) that actually stipulates, in fact, that the chosen electronic storage media must preserve the records only in a non-rewriteable, non-erasable format.
This particular regulation, in addition, mandates that if using any electronic storage media other than the specified OD technology, the member, broker, or dealer must advise its chosen examining authority at least 90 days before employing such storage media.
To this most salient and cognate point, one can rather usefully know that there have been no publicly reported matter of any regulatory issues ascribed, either directly or indirectly, to the employment of WORM storage subsystems or media; this pertains to over the many years that this famed technology has been in actual employ, e. g., by broker-dealers.Records Retention Considerations
The reason why the aforementioned concern pertaining to the media type employed is pertinent here is because most of what is known as the lifecycle of a record is the status of its being “stored.” The storage period, it can be properly stressed, is the time when records are most logically susceptible to premeditated tampering or possibly inadvertent alteration or even total erasure.
Accidental or inadvertent tampering can, for instance occur for the duration of the process of migrating records many times because of, e. g., storage media degradation or, perhaps, just simple obsolescence occurring over an extended data/records retention period.
To the practical degree that a corporation/institution in litigation can rapidly eliminate any challenges, associated with the storage period, by manifestly demonstrating that a record/data could not have been changed, a costly and protracted investigation into record fidelity can, in fact, then be reasonably preempted.
Of course, this noted matter would not normally pertain, for instance, to possibly some kind of an organized effort concerning a conspiracy of technology experts and company insiders; also, usually to be just excluded would be a rather inept or, perhaps, angry employee doing steady damage of some type; but, either case can exist, nonetheless, as within the realm of possibility.
Spoliation, defined as the determined (or sometimes careless) destruction of evidence that denies conflicting parties their due rights under the law, is yet an additional and crescive concern of institutions; this is as to the risk of being cited for such a matter or potential occurrence.
It can be reasonably definite, moreover, that courts, in some jurisdictions, do permit even incorrect and negligent conduct to simply determine the basis of such a claim for the destruction of evidence. The existing potential, for being so cited for a charge of spoliation in litigation and/or a regulatory investigation, is, thus, generally one of the clearly furthermost exposures corporations have under the express and explicit stipulations of the Sarbanes-Oxley (SOX) Act.
Such a likelihood, therefore, places a gigantic weight on the particular storage mechanisms and associated applications being so ragged to then guard the data/records for the mandatory retention period.
Having been cited for spoliation could cause the consequence of being penalized with major sanctions and significant fines; there is, also, the often related matter of noteworthy negative publicity from disclosure, as may be seen on the front pages of commonly read financial and business newspapers, trade magazines, and cognate publications.
There comes, again, the consideration that such a matter as the information systems’ architecture choices require a necessary dialogue among the CIO, records manager, and honest counsel to accomplish certain that correct systems are developed and passe, which must include risk management and compliance efforts, as has been above distinguished.
The requisite opportunity of ensuring needed record trustworthiness expands in proportion to the amount of time the e-records must be kept. Actual records retention periods can, for instance, range from as little as objective three years (and, many times, much less for mere duplicates) to as long as fifty years or more; in a minority of cases, especially for corporate evidentiary records and archival records, retention can, in fact, be forever as a disposition matter.
Nuclear records management, for instance, would be a, thus, ready example of an entire industry segment and its informational/data applications in which extremely longer-term preservation or simply absolutely permanent retention is, thus, obviously required by grand explicit Federal and other regulation and good business practices as well.Readily Retrievable Requirement
Active records, perceived clearly from a regulatory perspective, are normally expected to be “readily” available, within mere hours or, at the least, on the very same day, throughout the first two to three years of their required retention period; this is, surely, the regular time when the business potential for a regulatory investigation and/or audit is, on average, usually the greatest.
Records, after becoming inactive, should still be reasonably retrievable within a decent period of time, which is usually just some days, not months, in time. For instance, as to retrievability, proper discovery orders must, in addition, be easily fulfilled within a specific period of time, generally calculated in obvious weeks or months rather than, on average, mere hours or days.
From a business organizational point of view, the actual incidence of and access pace for records retrieval is, of course, comparatively high for new records. The particular retrieval time then normally decreases with the, thus, increasing age of the represent. Regarding those records that become inactive over time, the specific retrieval activity of a record, in a number of situations, may, in fact, be quite very low for many years.
However, e. g., as so certain by the actual incidence of a particular event, such as the final payment of a mortgage loan or a life insurance policy’s payoff, a marked increase of activity may then quite logically occur.
When a record has, however, finally reached its determined inactive or, in a minority of cases, archival site and possibly has been then transferred to a slower, reduced cost e-records storage medium, an increased response time to retrieve the record would normally be thought of as being readily understandable and fairly obedient by the courts and, on average, most regulators.
The dependable reliability of the record, nonetheless, must be systematically protected for the entire retention period; this must be done, furthermore, in a definite manner that insures it to be fully retrievable, clearly processable, meaning with the use of existing hardware and software, and exactly reproducible in a known form that is, as needed, human-readable.
This set kind of prerequisite places quite fairly notable weight upon a corporation/organization to properly maintain and update/revise, as required, records management policies associated with data archaeology and cognate forensics and, therefore, to both logically and consistently make all present and future technology decisions for that appropriate and sound reason.Disaster Recovery Considerations
To accomplish sure that data/records are really readily retrievable, most regulations, as well as information systems best practices requirements, necessitate that a copy of assigned (or fixed) content or reference e-records be maintained at a totally positive geographical location for the potential needs of disaster recovery.
Disaster copies of records are most often written to, and kept on, removable media, inclusive of, e.g., CD-ROMS, tapes, and floppy drives, unless very rapid access is truly required, when the copies have to be restored.
Removable media usually yield, on average, the most cost-effective solution for then regularly keeping pain copies; this is, moreover, because these copies rarely do require to be accessed and restored; and, further to this particular consideration, off-line shelf storage is, normally, the lowest cost answer to be found.
Many companies/corporations are choosing to contract out their data recovery function due to economies of scale attained by doing so; this is as both the cost and difficulty of such utilized storage and retrieval do tend to increase at a company’s own IT facility.Fidelity of Records/Data
Dependability regarding the veracity of records is largely extraneous if the records/data are not correct and reliable in the first space. A righteous means, it can here be well added, toward properly ensuring needed trustworthiness is to see the components rightly associated with storage of e-records in the correct context of what has been notably referred to as a “chain of trust.”
More directly speaking, a number of possible components, in an e-records dwelling, can be so well applied to properly guard the requisite reliability of e-records.
This specifically, in point of fact, includes the important components known as the application, the logical file management system, the physical storage system, and, of course, the media involved.
Moreover, the more components that are necessarily used to originate sure that e-records are not changed or erased before to their required retention period, the more likely the storage environment will be both thought of and readily accepted as being dependable. This practical concept is enormously significant in formulating the then most appropriate data and system architecture, which, thus, ought to be functionally employed.
This is important to consider because if any part of a link in the aforementioned “chain of trust” is somehow determined to be fragile by a court of law and/or a regulatory investigation, or if the record cannot be presented, as attributed to a fault or breakdown of an element in that chain, then the general process, measures, and scheme of retaining all of an institution’s e-records could be challenged.
As a direct consequence of such a challenge, the data/record could be so determined to be then inadmissible, by the courts, as evidence; also, if the data/record is unable to be produced because of a fault or breakdown of any constituent part of the system, then a aesthetic, sanction, or even a finding of true spoliation could occur.Correctness of the Data/Record
Of core importance to the concept of evidentiary dependability and regulatory compliance is the requirement to earn clear about the genuineness or reliability of the data/record involved in any query. At any time during its existence, therefore, it is imperative that the report and all possible occurrences associated with the record can then be verified; upon occasion, this need is called a record’s demonstrable “chain of custody” or audit trail.
The noted presence of such an audit lunge can be, in fact, highly convenient as good evidence to reveal that the data/records have, in fact, been correctly handled; this, moreover, usefully assists in proving that no improper, inadvertent, or, perhaps, unauthorized changes of the data/record, or its necessarily related metadata, has happened during the record’s existence.
That expected trail reduces the unwanted danger that a modification to the data/record could go unobserved and decreases the possibility that the data/record would be questioned; such could, on average, normally pertain to either the possible course of litigation and/or in any regulatory investigations.
The predominant situation for audit trails is to be found at an application level. A positive aspect regarding such a consideration relates to some technology, such as WORM, because it does not permit erasure or modification of records or even cognate index information written to the media; this then, logically, provides both an intrinsic and regular audit trail of all the stored records.
There are often related possible kinds of judgments, furthermore, that may be rationally and functionally made in support of the needed assurance of data/records security features being made fairly operable.
These do properly include, e. g., if one ought to enact an identity management system, a hard-token security system that logically demands a physical “key” of some kind, implementational workflow software, or, perhaps, to perform determined that there are certain points at which the data become fixed or lasting.
These are to be, thus, appropriately seen as being all highly significant options that managers must dutifully mediate about using when considering the components of the data processes and architecture intimately alive to for use.
The important business need for having reliable storage and management of digital media is substantially greater than ever before; this is simply due, of course, to the extensively rapid growth of e-records and becoming even more so well into this 21st century.
Expected and mandated compliance, furthermore, with a plethora of novel laws and regulations massively necessitates increased records storage consistency, retention, ready retrievability, and correctness; thus, for any corporation/organization’s IT policy and appropriately related choices, in turn, one then wisely perceives, quite clearly, that all this truly has, increasingly, both fairly positive and predictable consequences for business.
With what was immediately said above kept firmly in mind, institutions/ corporations can be informed by their managers, therefore, as to how best they can reasonably prepare for these delineated matters that must be confronted.
For any firm expecting to fully succeed as a both credible and modern business entity, there must be a records and information resources management program, with its system and subsystems in area, as definitely part of a convincing and holistic plan for managing electronic records; and, remarkable more particularly speaking, it is, thus, absolutely imperative to logically maintain truly current/revised records retention schedules covering all data/records alive to with business activities.
The applications utilized, in this holistic process, ought to be considered and analyzed as vitally, thus, prefaced upon its inherent requirements for properly defending the credibility, reliability, accessibility, and retention life of the e-records being captured, created, received, and maintained or retained.
And, it can be here, e. g., certainly added that those various industries and applications with greater degrees of often expected risk, for naturally attracting possible litigation and/or regulatory investigation, need to utilize an extra amount of concern or conscientiousness; this then pertains to correctly creating and then critically sustaining a both verifiable and demonstrable chain of trust that, intrinsically and manifestly, defends all the e-records (or any records, paper, etc.) from any modification and precipitate or unwanted deletion/erasure.
Conclusion
If the RIRM and associated recommendations, as cited in this article, are genuinely taken to heart by business leaders and corporate officers, then the wanted legality, retrievability, and retention of business records can, therefore, be quite easily and properly assured; in addition, both cognate concerns for successful and effective risk management and compliance considerations will be equally and, thus, fully covered without a doubt.
Bibliography
Best Practices in Policies and Procedures by Stephen Page, CRM, PMP, 2002.
Business Continuity Strategies: Protecting Against Unplanned Disasters, 3rd Edition by Kenneth N. Myers, 2006.
Database Systems: Produce, Implementation, and Managementby Peter Rob and Carlos Coronel, 2001.
Discovery of Electronically Stored Information: Surveying the Right Landscape by Ronald J. Hedges, 2007.
Electronic Discovery and Records Management Guide: Rules, Checklists, and Forms (2009edition).by Jay E. Grenig, Browning E. Marean and Mary Pat Poteet, eds., 2008.
Establishing a System of Policies and Procedures by Stephen Page, CRM, PMP, 1998.Information Nation: Seven Keys to Information Management Compliance by Randolph A. Kahn, Esq, 2009.
Law, Records and Information Management: The Court Cases by Donald S. Skupsky, JD, CRM, FAI and John C. Montana, JD, 1994.
Managing Records as Evidence and Information by Richard J. Cox, 2003.
Planning and Implementing Electronic Records Managementby Kelvin Smith, 2008.
Records Management by Judith Read Smith and Norman F. Kallaus, 1996.
Records Management Responsibility in Litigation Support by ARMA International, 2007.
Records Retention: Law and Practiceby Michael O’Shea, updated annually.
Requirements for Managing Electronic Messages as Records (ANSI/ARMA 9-2004) by ARMA International Standards Development Task Force.
Related Posts
Filed under Email Compliance Solutions by on Mar 29th, 2011. 
Leave a Comment