Standing at the RIM chasm
Are we taking the right approach to closing the gap between records and information management (RIM)?
Many articles, blurbs, blogs, tweets, presentations and more over the years have discussed the need for a close working relationship between the providers/supporters of information technology and records management staff.
In the "old" days, a stark contrast existed between managing the electronic world and the paper world of records: Records management dealt with paper; information technology dealt with bits and bytes. But with the digital revolution, coupled with headline-grabbing legal cases such as Enron and the like, organizations soon realized that managing records had to include all records, regardless of format. To address that, many organizations expanded the records manager's role to include electronic records oversight to help ensure compliance with the laws and regulations of the appropriate governing bodies.
Since then, many organizations realized varying degrees of success in managing electronic records—assuming they can define what determines success. Is success defined as avoiding negative audits or fines, reducing e-discovery expenses, having happy users who can find what they want or reaching some other measure? Regardless of what quantification method is used (or not used), most organizations are still trying to close the knowledge gap between those charged with overseeing records and those supporting the technology infrastructure.
On one side are records managers who were told or took the initiative themselves to learn more about technology to fill the gap. On the other side are the IT staffers who needed to become more aware of the compliance factors affecting information management. It's easy to see why learning more about technology would help records managers manage e-records. But telling records managers to learn about technology gives as much direction as instructing a young adult to learn about life. Similarly, telling IT staff to make sure everything is compliant does not provide a clue about where to begin. Unfortunately, too often that is all the direction offered.
Managing the pipes and the content
Like a plumber who installs and manages the pipes in an organization, IT is primarily focused on the delivery channel and storage repositories-that is, the network infrastructure. Managing that infrastructure has proven demanding and often leaves little time to devote to the specific content flowing in the pipes.
While the CIO and his/her staff know about the primary systems used for the financial, human resource, customer relationship management and other enterprise applications, they have limited knowledge of the other information flowing in the pipes at any one time. That includes the smaller specialized departmental applications not supported by IT as well as all those unstructured documents (e.g. spreadsheets, word processing, PDF files, etc.) scattered across various workgroup drives and shared folders. And what about the Dropbox accounts used in sales and marketing or other cloud-based and social media apps staff may be using that the CIO doesn't know about?
And what about all the other content that may or may not become records (e.g., in process documents, drafts, reference material, supporting info, etc.) created, copied, stored and shared both inside and outside an organization? Who is managing that?
Who is paying attention?
Returning to the old days when records were found mainly in hardcopy format at some designated point in time (usually by staff within a particular department), a paper document was declared to be a record. Then the paper was placed in a box and given to the records manager to store in the records room. For the most part, that process worked—and is still working-in many organizations.
But as anyone who ever opened a box held in a records storage area can attest to, not all those documents are indeed records-regardless of what the box label states. While weeding the records from non-records has always proved challenging in the strictly paper world, the process could be improved through better oversight and user training of what was being transferred to storage.
But the weeding process in the digital world became much more daunting for a number of reasons, including the overwhelming volume and the ease of copying and distributing information (via e-mail attachments and other methods). While there is little arguing that business records are important and must be maintained, they amount to only a fraction of the total information maintained by organizations.
From shadow filing systems (i.e. those copies of files you keep in your own network folder structure outside the official repository or shared drive), to the endless copies created through e-mail distribution, to an untold number of document versions, the daily propagation of digital files is gobbling up storage space at an unparalleled rate. As a result, most organizations are faced with growing clutter—aka the permanent non-record—those files that never get deleted even though no longer needed. Clutter makes it harder to find something and increases the chance of making bad decisions based on outdated information. E-discovery costs can soar with the added volume of files that need to be sifted through and reviewed.
If for a moment we assume records managers can find some miraculous way to manage all records-both electronic and paper-throughout the organization, who is managing the non-records? In many cases, no one is—not even the users. Managing non-records usually falls to the bottom of the to-do list because storage is cheap, right? Plus, there are bigger concerns than worrying about miscellaneous word processing and spreadsheet documents—or so the thought process goes.
While content management systems have traditionally focused on managing documents declared as records, that leaves the vast majority of digital files left with no oversight. Now, I am not saying someone has to watch over everything being created (and potentially stifle innovation or hinder operational efficiency), but there must be more guidance for users and departments in how to store, share, retain and dispose of all the files they create. If left unchecked, the problem of trying to find a record grows exponentially more difficult every day.
Move to the front of the line
A colleague recently told me about a statement on Wikipedia (yes, I know you cannot always rely on this site—at least according to my kid's teachers) about the history of records management and information governance: "As data generation exploded in recent decades, and regulations and compliance issues increased, traditional records management failed to keep pace."
While the above quote may upset some records managers, it does help identify a fundamental issue: With the title of records manager, the job traditionally has narrowly focused on the backend of a process after the work was done—when a work-in-process document was declared a record. Often the filing methods in place—usually by the document creator or dictated by the structure of a department's existing shared folders or SharePoint library—were designed solely to help the in-process work with little regard to record retention, protection and the final disposition of the record. Someone already created the record in the normal course of work following whatever filing method was set up, and now someone has to figure out how to protect/manage the resulting record.
So as records managers are trying to cross the previously mentioned chasm, they are fighting upstream against two currents: 1.) learning what records departments are creating and how they are stored, and 2.) trying to adjust established practices and processes after the fact to better manage records. By focusing on managing records after they are created, we are making an already challenging job far more difficult as we continue to see new developments in technology every day.