Records Management:
The Content, Process and Connectivity Challenge

Until recently, records management programs have been dismissed as back-office cost centers with little or no business benefit.

However, the highly publicized failures and missteps of several notable companies in recent times have repositioned records management and corporate accountability to center stage, particularly in the areas of electronic records keeping and e-mail archival.

Industry and government regulations have been created or revised to provide "real teeth." Some examples include the Sarbanes-Oxley Act in North America and various e-government policies in the European Economic Community and Asia Pacific. Non-compliance can now lead to severe financial penalties and jail terms for CEOs and CFOs. On the upside, there are many advantages to be gained from implementing a corporate records management program. The private sector is beginning to recognize that, properly implemented and enforced, records management can reduce business risk, increase operational efficiency and save money.

Despite all of the recent media attention, records management is not new. For decades, the care-taking of important documents, files, contracts, films and physical objects has been largely taken for granted. Over the years, businesses and government agencies have relied upon traditional tools such as filing cabinets, file folders and off-site archives to meet their basic records management requirements.

Guided by law, regulations and business policy, the Corporate Records Manager is responsible for establishing proper record keeping guidelines, policies and procedures. A cottage software industry has been spawned to assist with records retention and disposition challenges; however, accurate recordkeeping has been difficult—if not impossible—to enforce outside of the recordkeeping department.

The unprecedented attention that records management is currently generating can be attributed to two main factors:

A recent epidemic of spectacular corporate blunders resulting in newly introduced or updated government and industry regulations which apply to every organization—from Fortune 500 corporations to sole traders; and

An explosive growth in the volume of electronic records as a result of the wide- spread use of electronic documents, the Internet and, most of all, e-mail.

The Compliance Challenge
As organizations struggle to cope with today's compliance challenges, it is clear that structured and repeatable processes that are backed by sophisticated and scalable automation must now drive corporate records management.

The quantity and complexity of new regulatory requirements is staggering:

U.S. Federal Government's Sarbanes-Oxley Act alone requires public companies to document all correspondence, transactions, policies and procedures that impact their financial models and controls. Further, they must retain these documents (both paper and electronic) for audit purposes and any potential investigation or lawsuit. Not to mention, it also provides protection for "whistleblowers" at publicly traded companies and new criminal penalties (including jail time) relating to fraud, conspiracy and interfering with investigations;

NASD (National Association of Securities Dealers) and SEC (Securities and Exchange Commission) regulations require agents, broker/dealers and investment firms to capture and retain all internal and external communication (including e-mail and instant messages) that are related to a customer and/or transaction; and

Every industry is affected, and often by more then one regulatory statute. For example, a healthcare company can be subject to both Sarbanes-Oxley and HIPAA¹.

What Makes a Record?
The term "Record' can be applied to any document, content or object that is important to your organization and must therefore be recorded. Records can be generated internally by employees via personal computer desktop applications, or received from other sources in a variety of formats including paper, microfilm and in the form of electronic documents such as e-mail and e-mail attachments.

"Records Management" describes the activity of ensuring that content is kept (retention) for the appropriate amount of time and then destroyed (disposition) in accordance with corporate policy, which is determined by law in most cases. Many FileNet customers are already using FileNet repositories to store vital company records. Many of these systems include retention and disposition rules held within workflow procedures and document class properties.

With the company's recent introduction of its new ECM architecture, FileNet P8, FileNet provides new and existing customers with a platform upon which to develop a corporate records management strategy. FileNet's Records Manager solution integrates records management into the FileNet P8 architecture, adding value to the customer's overall ECM implementation. This creates the ability to leverage ECM content and process management capabilities, and provides a framework to integrate with existing FileNet repositories, third-party repositories and other business systems.

FileNet Records Manager serves two distinct groups of users:
Business Users: Those responsible for declaring and classifying records. A key objective here is to minimize business-user intervention so these activities may be partially or fully automated; and
Records Managers/Administrators: Those responsible for administering the file plan and managing retention schedule, reporting and security requirements.

The Business Process Challenge
Records management is more than just managing content. Enforcement and proof are two of the most important aspects of recordkeeping. WorldCom and Enron had business policies in place to properly care for their records. The problem was that these polices were overridden or ignored. Records were altered or destroyed. These actions were not properly authorized—there was no enforcement! An electronic records management solution must employ process enforcement to ensure that records are destroyed (or archived) at the right time, for the right reason, and by the right person.

Gartner believes that Business Process Management (BPM) technology is key to enforcing records management policies and retention periods, typically the most challenging aspects of corporate records management programs.

For example, FileNet's Records Manager leverages the FileNet BPM suite, which provide a critical records management element by supporting content destruction, based on lifecycle status and disposition approval processes. And FileNet BPM provides pre-defined workflow operations (or components) that can be used in custom applications to automate the records declaration process.

In addition to managing the content properly, records management necessitates the implementation of business process management with defined records declaration and classification rules to drive the entire content and records management lifecycle. Records Manager helps solve regulatory compliance and record management issues by:

Reducing the risk of litigation and providing business continuity;

Enforcing corporate compliance procedures;

Organizing, securely storing and quickly retrieving essential company records;

Storing only records that are required for as long as they are required; and

Ensuring that expired records are destroyed in a legally acceptable manner.

In the current highly regulatory environment, organizations across all industries are facing unique and highly fluid compliance challenges. To satisfy both current and future challenges, organizations require a highly extensible architecture to capture, declare, classify, store and dispose of both electronic and physical records according to their fiscal, legal and regulatory requirements.

A single-system architecture assists organizations in achieving records management compliance through the management of content, business processes and connectivity to existing systems.

Content: Securely storing electronic content within a repository is a requisite for any records management program. With FileNet's P8 architecture, records can be stored in FileNet or other external repositories. Connectors to other external repositories ensure that customers can leverage their existing investment. FileNet Records Manager also allows customers to manage their physical records management requirements.

Process: BPM provides a solution to what is considered the most challenging element of a compliance program: enforcement. BPM ensures that content designated to be declared and classified as a record can be done so automatically as part of a business process. Disposition approval processes can also be automated to ensure that records retention policies are followed.

Connectivity: Out-of-the-box connectivity to leading e-mail systems, desktop applications and existing repositories can ensure that no matter where records are created or declared, information can be captured and managed as a record.

FileNet Corporation (NASDAQ: FILE) helps organizations make better decisions by managing the content and processes that drive their business. FileNet's ECM solutions allow customers to build and sustain competitive advantage by managing content throughout their organization, automating and streamlining their business processes, and providing the full spectrum of connectivity needed to simplify their critical and everyday decision-making.

Since the company's founding in 1982, more than 3,900 organizations, including 80 of the Fortune 100, have come to depend on FileNet solutions for help in managing their mission-critical content and processes.

Headquartered in Costa Mesa, California, FileNet markets its innovative solutions in more than 90 countries through its own global sales, professional services and support organizations, as well as through its ValueNet Partner network of system integrators, value-added resellers and application developers.

¹The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), also known as HIPAA, was enacted as part of a broad Congressional attempt at incremental healthcare reform. The "Administrative Simplification" aspect of that law requires the United States Department of Health and Human Services (DHHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients.

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Records Management:
The Content, Process and Connectivity Challenge

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

TRANSFORMING ENTERPRISE KNOWLEDGE: THE JOURNEY TO SAFE, SECURE, AND TRUSTWORTHY AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Records Management: The Content, Process and Connectivity Challenge

Records Management:
The Content, Process and Connectivity Challenge