Now, more than ever, in the business and government sectors it has become necessary to implement proper and robust procedures for the management of records. As organizations ultimately make the transition to a fully digital environment, it is important to ensure that processes and procedures are transparent enough to ensure ethical and legal obligations are met.
History has shown us that failure to implement proper record management procedures has been met with dire consequences. In December 2013, the Financial Industry Regulatory Authority (FINRA) fined Barclays Capital Inc. US $3.75 million for systematic failures in preserving electronic records, emails, and instant messages in an appropriate manner for a period of 10 years (2002 – 2012). FINRA stated that “Barclays failed to preserve many of its required electronic books and records including order trade ticket data, trade confirmations, blotters, account records and other similar records.” In other words, there was little to no record management in place.
Unfortunately, this is not an isolated incident and is not confined to the banking sector. In the wake of this and other corporate governance failures and scandals worldwide, two new ISO international standards have been developed (these are discussed later in this article).
The aim of these standards is to help organizations implement a management system for records, or MSR, by guiding them on how to properly manage their records and disclose corporate information quickly and effectively.
The content of this article is largely based on several presentations by Judith Ellis. Judith is the Convener of ISO/TC 46/SC 11/WG 8. She is also the owner and Managing Director of Enterprise Knowledge Pty Ltd, based in Australia.
What Is a Management System for Records (MSR)?
A management system is defined as a set of interrelated or interacting elements of an organization to establish policies, objectives, and processes to achieve those objectives. An MSR is a management system that is put in place to direct and control an organization with regard to records.
Why Use an MSR?
Following the repeated failures of record management mentioned previously, there was an increased demand for an overarching standard or statement of a set of guiding principles and requirements. An MSR promotes business efficiency, accountability, risk management, and business continuity.
It empowers organizations to capitalize on the value of their information resources as business, commercial, and intellectual properties. In addition, an MSR helps to contribute to the preservation of organizational memory in response to the exponentially growing challenges of the global and digital environment.
For organizations that implement an MSR, the benefits are numerous:
- Tight integration of records processes and business processes with the aim of providing a systematic and strategic approach to the creation and control of records. This will help to eliminate redundancy, optimize processes and resources, reduce maintenance, and improve decision-making.
- The ability to meet regulatory and business compliance. This includes effective monitoring of accountability, ethical, and corporate governance guidelines.
- Legal compliance and protection, including support for due diligence and effective preparation in cases of potential litigation.
- Demonstrated commitment to organizational governance, accountability, and integrity.
- Compatibility and interoperability with other commonly used Management Systems Standards; for example ease of integrating records management into the processes and practices required by ISO 9000 and ISO 14000.
- The potential to make organizations more cost-effective and efficient.
Management System for Records Standards
To guide organizations and their managers to the right path in implementing an effective MSR, the International Organization for Standardization (ISO) has created the ISO 30300 series of standards. The two standards discussed in this article (ISO 30300:2011 & ISO 30301:2011) were created in an effort to create a link to the management of records to organizational success and accountability.
The ISO 30300 series is a new addition to the Management Systems Standards (MSS) family and incorporates experiences gained in the implementation of the ISO 15489, Information and Documentation—Records Management. Below, we shall detail the contents of these MSR standards as defined by the International Organization for Standardization.
This international standard explains the rationale behind the creation of an MSR, as well as the guiding principles for its successful implementation, and provides the terminology which ensures that it is compatible with other management system standards. It also establishes the objectives for using an MSR, describes a process approach and specifies roles for top management.
ISO 30300:2011 is applicable to any organization that needs to establish, implement, maintain, and improve an MSR to support its business. It also provides assurance of conformity with a stated records policy.
This international standard specifies the requirements necessary to develop a records management policy. It also sets objectives and targets for an organization to implement systemic improvements.
These implementations are achieved through formulating the design of processes and systems, estimating the appropriate allocation of resources, and establishing benchmarks to properly monitor, measure, and evaluate outcomes. These steps will ensure that corrective action can be taken and continuous improvements are built into the system to support an organization in achieving its mandate, mission, strategy, and goals.
ISO 30301:2011 can be implemented with other MSSs. It is especially useful in demonstrating compliance with the documents and records requirements of another MSS.
The aim is for organizations to strategically utilize these standards in the following ways:
- Integrate records requirements into business processes, eliminate redundancy, establish consistency, optimize processes and resources, reduce maintenance, and improve decision making
- Use and exploit information resources as business, commercial, and intellectual property assets
How to Implement
There are several elements that contribute to the successful implementation of an MSR. It consists mainly of a combination of effort from top management and employees in an organization.
Firstly, the organization’s strategic direction needs to be established. A link between the MSR and the organization’s goals, requirements, and priorities has to be made. It is also the responsibility of management to assign a lead (or management representative) and resources to operational roles.
The resources (people, skills, training, technology, and cost) needed to develop an MSR need to be identified. This largely depends on the scope of implementation within each organization and is determined by business requirements and an assessment of risk. This investment can provide both short- and long-term returns as well as aid an organization in avoiding unnecessary expenditure.
Once the MSR is initially implemented by an organization, it will need to be adopted by the end users. The success of this will require management to lead by example. In addition, it must be ensured that proper and regular training sessions are available to employees to guarantee that all users are well educated in the MSR requirements.
Successful adoption and full benefits of the MSR can only be realized once there is a commitment to continuous systematic improvement. Tangible results must be evaluated and procedures put in place to ensure that the MSR is constantly reviewed and feedback received from users to ensure continuous improvement.
How eFileCabinet Can Help
While successfully implementing an MSR may seem like a daunting task at first, robust document management software (DMS) can help alleviate the associated frustration.
eFileCabinet provides solutions that are specifically tailored to records management. Tools such as our document management workflow templates, our document retention system, and other features can help automate the workflow and reduce the cost of compliance and long-term data preservation.
Our solutions and automated processes enable organizations to easily comply with the standards of regulatory bodies such as HIPAA and FINRA, which require the following:
- Being able to retrieve records on demand
- Maintaining your records in an unalterable format
- Having a system that has reasonable controls to ensure integrity, accuracy, and reliability
- Having a system with reasonable controls to prevent and detect unauthorized creation, addition, alteration, or deletion of records
- A system that possesses reasonable controls to prevent and detect records deterioration
Our support staff is always available to assist should you require further information on how your company can take advantage of eFileCabinet’s management system for records.