Records management: Look beyond the NARA mandates
Although deadlines for accessible electronic records are approaching, forward-thinking agencies will seize the opportunity to get their records management house in order.
Mandates from the National Archives and Records Administration require agencies to manage email records in an accessible electronic format by the end of this year and manage all permanent electronic records in an electronic format by Dec. 31, 2019. This includes the ability to identify, store, retrieve and retain those records for as long as they are needed so agencies can locate and deliver them in a timely manner, knowing they are trustworthy and complete.
Many agencies still print and manually file all emails or use email archiving systems that save all emails, regardless of whether their retention is required. Other agencies use first-generation electronic records management systems that include multiple discrete solutions from different vendors. Although they meet the minimum needs for records management, these systems are costly and complicated and typically can’t handle unstructured data like content from mobile devices and social media or digital assets such as video.
The best way to meet the NARA mandates is to find a way to manage all records in a single records management repository. A single system would help agencies manage all electronic content: email and Word, PowerPoint, and Excel documents; but also mobile content, social media and digital assets such as video files.
In April, NARA released a new directive called Criteria for Managing Email Records in Compliance with the Managing Government Records Directive (M-12-18). The key success criteria outlined are:
- Policies: Agencies must identify policies that govern how long will the system retain different types of physical and electronic records and how it will handle content from other systems, such as email attachments.
- Systems: Systems must be able to produce, manage and preserve email records in an acceptable electronic format until disposition can be executed.
- Access: Email records must remain usable and retrievable throughout their lifecycle.
- Disposition: Agencies must have a NARA-approved schedule in place to be able to carry out the disposition of permanent and temporary email records.
While the looming deadlines are certainly a priority, agencies should not be diverted from overall records management planning. An enterprise approach to managing content can pay off in many ways, besides meeting the mandates. According to Gartner, it can reduce the operational costs associated with managing diverse repositories while also creating opportunities for optimizing business processes and making information easier to share.
Here are some areas agencies should focus on when modernizing their records management systems:
Federated search: The ability to search across multiple systems is critical. Not only does federated search save time, it also ensures that agencies don’t miss important content during the search. Searching through gigabytes or potentially petabytes of data takes time. With customizable filters, agencies can refine searches by various characteristics. The ability to extract, index and search metadata from documents, PDFs, email files and attachments as well as other records stored on legacy systems is also useful for hold, e-discovery and Freedom of Information Act requests.
Collaboration: A full-featured content management system will also help foster the type of inter- or intra-agency collaboration needed to fully respond to an e-discovery or FOIA request or any other inquiry.
Security: Security is a particularly critical aspect of records management, especially for federal agencies whose legacy systems don’t provide security classifications or marks, role-based access or permissions. Security classifications and security marks are the most important line of defense. With this structure, users with specific security clearances, such as Top Secret or Secret, can only view content marked at that level or below. The permissions take access to a more granular level.
Mobile: Extending security to mobile devices and mobile user access is also essential. That means making sure every device has appropriate profile and provisioning tools to ensure downloaded applications are secure and accessible to specific classes of mobile users. A secure provisioning capability also ensures users are only using a virtual private network, which encrypts transmission channels.
Open source: NARA and many agencies have rules in place to ensure electronic records will always be accessible and readable, no matter how much time passes or technology changes. The best way to ensure records remain accessible is to choose a records management system based on open standards and open source code. These systems are transparent, easy to integrate and allow contributors to improve everything from the repository to the web interface and mobile apps.
While having a plan in place to meet the 2016 deadline is imperative -- and NARA reports that about a third of federal agency leaders still don’t know how they will comply with the mandate’s requirements -- agencies must disregard the urge to concentrate on this single component of a modern records management system. Forward-thinking agencies will seize the opportunity to get their records management house in order.
Ultimately, the NARA mandate is not an end in itself, but rather a step towards a greater goal: improving the ability of government agencies to carry out their missions and more effectively meet the needs of the citizens they serve.
NEXT STORY: AT&T joins the Smart City Challenge