Records management: Look beyond the NARA mandates

Records management is about to get harder

Federal agencies must make a full transition to electronic recordkeeping by the end of 2022, at which time, the National Archives and Records Administration will stop accepting new paper records. While the shift will make government more effective and efficient, hitting the transition milestones laid out by the Office of Management and Budget’s M-19-21 memo will require agencies to rethink how they manage documents and electronic content.

PARTICIPANTS

  • Brett Abrams
    Electronic Records Archivist, National Archives and Records Administration
  • Claire Barrett
    Chief Privacy and Information Asset Officer, Department of Transportation
  • Lisa Haralampus
    Director, Records Management Policy and Outreach, National Archives and Records Administration
  • Cynthia Hilsinger
    Chief Knowledge Officer, Defense Health Agency
  • Glinda Hodgkin
    HA and DHA Records Management Officer, Defense Health Agency
  • Edward Horton
    Senior Advisor and Former Chief Administrative Officer, National Oceanic and Atmospheric Administration
  • John Mancini
    Former President, AIIM, and President, Content Results LLC
  • Jeanette Plante
    Director, Office of Records Management Policy, Department of Justice
  • Dave Simmons
    Senior Records Officer, General Services Administration
  • Scott Swidersky
    Vice President of Enterprise Content Management, Konica Minolta Business Solutions USA Inc., and President, Quality Associates Inc.
  • Bob Valente
    Project Manager, Office Management Category, General Services Administration

Note: GCN Editor-in-Chief Troy K. Schneider led the roundtable discussion. The June 30 gathering was underwritten by Quality Associates Inc., but the substance of the discussion and the recap on these pages are strictly editorial products. Neither QAI nor any of the roundtable participants had input beyond their June 30 comments.

A little more than a year into that process, GCN’s sibling site FCW gathered a group of federal records management specialists to discuss some of the challenges in the transition to electronic records management. The discussion was on the record but not for individual attribution (see sidebar for the list of participants), and the quotes have been edited for length and clarity. Here’s what the group had to say.

On track but lacking resources

Although agencies’ readiness levels varied widely, most participants said they were on track to meet the M-19-21 deadlines. Yet whether the available tools and resources are sufficient, however, is another matter.

“There never are enough resources,” one official said. “We’ve got great resources to the extent that we have them,” referring to the staff and the record schedules that have been developed, but the work will outstrip them -- and this year’s telework-driven embrace of collaboration tools has only increased the degree of difficulty.

Complicating that resource challenge in terms of staff and money is the rapidly growing suite of communication tools agencies use. Too often, participants said, the adoption and deployment of those tools is happening before Federal Records Act requirements are accounted for.

One official pointed to the SharePoint experience as a cautionary tale: “People spent millions and millions and millions of dollars cleaning up SharePoint over the course of a decade because they hadn’t thought of governance issues associated with it on the front end.” Yet with this year’s telework surge prompted by COVID-19, Microsoft saw its Teams collaboration suite go “from 31 million users to 44 million users to 75 million users in six weeks. There’s going to be a hell of a governance mess downstream.”

“Inevitably, as we shift to the cloud and particularly as applications shift to the cloud, the pace of change accelerates,” another executive said. “And I think that carries with it some risk of obsolescence and challenges in terms of third-party solutions that plug into cloud solutions because they’re not iterating at the same pace as the platform is. I don’t have an answer to that other than it’s something that worries me in terms of how that ultimately fits together.”

Even when a given application is nearly ubiquitous, there are complications. The group discussed the pros and cons of relying on Office 365’s built-in records management capabilities, for example. Several were skeptical that they were sufficient for their agencies’ requirements, and one noted that not all those capabilities were authorized under the Federal Risk and Authorization Management Program when first deployed.

Others, however, pointed to the broader ecosystem of tools that are available to do real records management within Office 365. “There are other players and partners that do exist out there to fill some of those gaps,” one said.

Ultimately, another official noted, “it’s a community of systems that support a business process. I think, as a community, we’re still struggling with how to catch up with the rapidity and ever-changing landscape more than we had been before. And we don’t have the luxury of time.”

One participant suggested that the Continuous Diagnostics and Mitigation Program — where the Department of Homeland Security and the General Services Administration have established an approved product list, governmentwide reporting requirements and even centralized funding for cybersecurity tools — might be mimicked for electronic records management.

“While I’m not looking to have NARA sponsor the same way that DHS does,” the official said, the idea of “leveraging the CDM model of how we buy tools and integrate them and have an integrated suite of tools is something that we are heavily invested in.”

Legacy archives vs. future data

Ultimately, the group agreed, fundamentals are more important than specific technologies.

“What I’ve seen in looking at my compatriots in other agencies is they spent incredible sums of money to deploy a technology,” one participant said. “And those solutions have not been nearly as effective as they have been sold as because some of the fundamentals hadn’t been done — like understanding your record schedule and the organizational and institutional changes around processes and capabilities that really need to be in place to feed the right records.

“My rule is no technology is going to last longer than three or five years,” another official said. “It’s going to change. And with that, you go into the realm of a higher level of policy and data structures and naming conventions automatically because you start to think: How am I going to take what we currently have and migrate it to the next tool, whatever it’s going to be?”

Additionally, agencies are sprinting toward two distinct M-19-21 deadlines: converting legacy records from paper to digital, and ensuring that current and future business processes produce digital records from the start.

“There are probably not enough resources in the world” to address each of those aspects individually, one participant said. “We have broadened our perspective” to establish governance, workflows and record schedules that can apply across the board.

“Although it seems like they’re disparate projects and at some level there are, it’s a big Venn diagram,” another official said. “There are a lot of things that you need to do for digitization that you also need to have to evolve to new technologies. So I think it is a mistake not to look at where there are common efforts that will address both.”

“It’s not going to be everything,” that official cautioned, and scope creep continues to be a concern. “I think there’s some rightsizing around expectations that has to happen. Just because the technology is out there, Congress was never going to give us the budget to meet their expectations in terms of reproducibility of all the flotsam and jetsam that we’ve created. We have to start having that honest conversation. Otherwise, we’re doing both sides of the house a disservice.”

This article was first posted to FCW, a sibling site to GCN.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected