- By Timothy Sprehe
- Nov 09, 2003
Today the great majority of federal records are born electronic. That phrase has been commonplace for a decade, but few ask the follow-up question: If federal records are born electronic, where do they grow up and live?
The obvious answer is that electronic records live in the government's information technology systems. That being the case, we would suppose that the systems are designed to properly take care of electronic records.
But we would be dead wrong. Almost none of the tens of thousands of government IT systems are designed to properly maintain and dispose of the records they create or process.
The institutional weightiness of records leaped to public attention in recent years through the Enron Corp. and Arthur Andersen LLP calamities in the corporate world and the continuing saga of the Bureau of Indian Affairs in government.
The Sarbanes-Oxley Act of 2002 states, among other things, that heads of multinational corporations can go to jail when records are tampered with, altered or deleted. And, as few have noticed, federal employees can also spend time behind bars for tampering with records that are the subject of federal investigations.
In this altered climate, it stands to reason that heads of enterprises — government or private — want assurance their records are being properly managed.
One of the best ways to gain this assurance is to ask if proper records management is being designed into the enterprise IT systems. This is an issue never before addressed in government. Federal IT managers subscribe to the doctrine of life cycle management for IT systems, but until now, the life cycle in question pertained to systems, not the data generated or processed.
Now federal IT managers are beginning to hear the query: Have you provided for proper management of the federal records your systems carry such that you can guarantee that those records will stand up in a court of law?
The FBI is one of several agencies addressing this question systematically. Officials are creating a records management certification program for its IT systems.
Already the FBI records officer has clearance authority over new IT systems. Under the new program, both new and existing IT systems would have to pass through a certification process to ensure that federal records in the systems retain the authenticity, reliability, integrity and usability required.
The records management certification will go hand-in-glove with security certification. If new systems fail, they would go no further in the funding process. For existing systems, failure would mean systems redesign.
The situation presents an entertaining topsy-turvy. The lowly records officer, long toiling in the bowels of the agency, may suddenly receive the clout to tell the lofty IT managers they cannot have their new umpteen million-dollar toy until they toe the records management line.
Sprehe is president of Sprehe Information Management Associates Inc. in Washington, D.C. He can be reached at [email protected]