In his presentation, “Defining and Implementing a Practical, Real-Life Information Governance Plan (IGP) for your Organization“, Bruce Miller (President, RIMtech) covered numerous topics such as policies, roles and responsibilities, change management, and performance measurement for electronic document and records management systems (EDRMS) in terms of qualification rate, declaration rate, and classification accuracy rate. He also presented an IGP as a crucial component of an EDRMS implementation.
A new category of recorded information
IM professionals are accustomed to categorizing recorded information as either a) non-records or b) records (be they official or transitory).
Bruce challenged that mindset by proposing that a recorded information object may – at any given time – be in one of three states: record, non-record, or unknown. Here’s how he defined those states in his presentation.
Record: Known to meet the criteria of a record. This does not, however, imply that the item is being managed as a record. Critical to this state is that it is ‘known’ by the RIM Manager so apppropriate management can be applied.
Non-record: Known to not meet the criteria of a record. Does not meet the criteria of a business record according to the organization’s definition of a record. Critical to this state is that it is ‘known’ by the RIM Manager so appropriate management can be applied.
[highlight type=”light”]Unknown: It is not known (for whatever reason) by the RIM Manager if this item is a record or a non-record. It may be either. Critical to this state is that it is ‘unknown’ by the RIM Manager. Items in this category may be unknown (i.e. not tracked, and not managed or declared) or they may be unmanaged records (i.e. records that are not tracked, and are not managed if a physical record or declared if an electronic record).[/highlight]
Deletion vs. Disposition
After introducing the concept of ‘unknown’ records, Bruce discussed ‘deletion’ and ‘disposition’ (two functions in any EDRMS) and presented his assertion that ‘disposition’ should be reserved only for records. Non-records and [highlight type=”light”]unknowns should be deleted as soon as they are no longer required[/highlight]. The key to deleting unknowns is being able to identify the end of their business need.
According to Bruce, ‘deletion’ is a machine-initiated and machine-driven process for which neither an authoritative source (e.g. a records retention schedule) or human oversight is required. That’s why it should be possible in his opinion to give a Chief Information Officer (CIO) the mandate to delete non-records and unknown (unmanaged) records at a pre-determined date (e.g. when those objects are 2 years old).
Conversely, ‘disposition’ is process-driven, initiated by humans, and dependent on an authoritative source (i.e. what is approved and by whom). Human oversight of disposition is assumed. According to Bruce, there are 3 stages in the disposition process:
- Stage 1: Qualify (which records are about to be deleted?)
- Stage 2: Review (see business owner approval for destruction/transfer)
- Stage 3: Destroy (delete and record audit)
Bruce also asserted that the goal of any EDRMS implementation should be to reduced the unknowns (or unmanaged) to zero. And that can be achieved by deleting the unknowns as well as non-records, leaving a much smaller (and managed) collection of records to be disposed of.
Is Deleting the Unknowns a Good Strategy?
There’s no question that deleting the unknowns would provide many business benefits. Untold amounts of staff time would be saved by not having to determine which of these items were records and then ensuring their appropriate management. Their deletion would free up lots of space (thus reducing storage and back up costs) and improve retrieval efficiency by reducing the volume to be searched. Some would also argue that deleting the unknowns would enhance risk management by reducing the volume of records to be searched during discovery or in response to freedom of information/access to information requests. Bruce believes their deletion would increase the success of any EDRMS implementation because so many EDRMS implementations have failed – typically, very few records are declared and few non-records are managed with the bulk of an organization’s recorded information falling into the unknown category which is neither declared nor managed.
However, this practice would also expose the organization to risk since some information in the unknown category is, in fact, a record of the organization. That means the organization won’t be managing all of its records according to industry standards (e.g. ISO 15489-1) and best practices (e.g. ARMA International’s Generally Accepted Recordkeeping Principles). Also, the courts and regulators may look unfavourably on this practice.
Consequently, I recommend an organization complete a comprehensive cost-risk analysis and consult with legal advisors before implementing the deletion of unknowns.