Records Management and the Recipe for Cost-Effective Compliance

Forty years ago, General Electric produced the first self-cleaning conventional oven, an innovation that, over the course of its creation, incurred 100 new patents. Over the next several decades, numerous other household and consumer items were issued under the self-cleaning standard—razors, windows, even clothes. Can similar self-reliant management mechanisms for enterprise content be far off?

As content volumes within organizations continue to grow at insurmountable rates, companies will increasingly look to ways of automating their enterprise content management (ECM) policies. By combining centralized records management and compliant archiving, is it possible to create ECM's version of the self-cleaning oven—using the content itself to make intelligent and defensible decisions about where it should live and when, eventually cleaning up servers and storage systems and ensuring that content is stored where it needs to be, when it should be?

Fortunately, organizations don't need to keep everything—just what's important. Certainly the definition of what is a record has broadened significantly in scope over the past few years. Among the "stalwarts" of records management, it becomes an exercise in semantics: Is it worthwhile to differentiate between an official record, like a lease agreement, and a potentially volatile document, such as a cautious correspondence between scientists about the test results of a new drug? It depends on to whom you're talking. In the simplest terms, a record is like a witness, and records management is all about being able to describe events that have happened. Different witnesses are suitable for different events, and important events will mandate a whole host of witnesses speaking to different elements.

Today, most organizations have many isolated enterprise applications with which users are creating some form or other of what is, or might one day be, considered a record. And behind all of that is a storage environment, which in some scenarios is also controlling the retention of this content. In such deployments, retention is often entirely date-based, and provides some semblance of static control over when to dispose content, but doesn't scale well within changing business and legal requirements.

In this article, we will examine some of the drawbacks of implementing retention management in the storage system. We'll consider an alternative approach: a centralized records management and archiving layer abstracted from the storage environment. And we'll discuss the possibilities to automate and secure content driven processes provided by such an approach.

When Does a Document Become a Record?

It's becoming clear that, formal record or not, organizations are concerned with content that represents a degree of risk or a degree of value. So let's consider the question of when a document assumes risk or value: when it's created, when it's approved, or when it's archived? If your storage infrastructure is handling content retention, consider the following questions: u

• Will you risk fines, sanctions or other penalties for being unable to respond to a discovery order or regulatory audit? Or for being unable to protect potentially responsive content from deletion in the event that litigation is impending?
• Will you risk non-compliance with statutes and regulations concerning document retention? Consider that many records have no fixed retention date until an event occurs (for example, a hospital record needing to be saved for 75 years after a patient's death).

When records and retention management is relegated to the archive, then, by definition, a document can only be managed as a record when it's archived. In other words, the act of archiving content is what designates it as a record. This approach will