Kathleen Kummer | Another View: FEA Records Management—meeting the challenge without total upheaval
Complying with federal reporting regulations has emerged as a significant requirement for publicly traded companies in the private sector. Much has been said about corporate compliance risks and fears but a new twist in the tale is the federal government’s effort to set tougher compliance rules for its own managers.
Now, it turns out, the regulators are also becoming the regulated, with more formalized record-keeping mandates that affect information technology investments across the government enterprise.
Version 1.0 of the Federal Enterprise Architecture Records Management Profile (FEARM), produced by the National Archives and Records Administration (NARA), the Office of Management and Budget Architecture and Infrastructure Committee, and the Federal Chief Information Officers Council, specifies a consistent approach for governmentwide federal records management. In addition, the NARA regulations governing records management, 36 CFR 1234.10, were amended in February 2006 and part (d) specifically calls for agencies to establish procedures for addressing records management requirements, including record-keeping requirements and disposition, before approving new electronic information systems or enhancements to existing systems.
An effective records management system is critical to managing compliance-driven policies and procedures consistently across an organization. Organizations can no longer afford to have different rules and procedures from department to department.
The difficult challenge when trying to ensure this kind of enterprisewide consistency is that information is spread across multiple systems. For large government agencies, this is especially true. Information is generated by numerous applications at every government agency, each of which stores content in its own, isolated, disjointed manner. Content is frequently created in one format, archived in another and documented in a third.
How can government agencies meet the new FEARM requirements without operational or budgetary upheaval and considerable risk?
A solution lies in establishing a central repository that manages the records management rules for content from multiple systems. This “compliant repository” offers a way to consistently apply rules to content, no matter where it “lives” in the organization.
There are four key challenges when implementing such a program.
The first of these involves integrating native legacy systems within the government agency. Records management requires the system to support both paper and electronic business documents, and to apply proper controls when these become records. External documents may arrive at the agency or they may be generated internally using Microsoft Office applications such as Word and Excel, as Notes or Outlook e-mail message may be generated by Sharepoint or SAP applications, or even from a legacy archiving system.
Since electronic documents are created and used by a number of different applications, the records management platform must communicate with these applications in one form or another and act as the foundation or common point of control.
The second challenge is automating compliance requirements while making that automation as transparent as possible to the user. That is why it’s essential to embed records management into existing applications. Also, to act as the foundation for other document systems, the software must be enterprise-worthy—that is, capable of running on a number of operating systems, open to integration, and allowing users to access it from desktop and Web-based environments.
For large agencies, the records management system needs to be highly scalable and provide tight integration between records management and long-term archival and storage. In most cases, a Web-based interface is the preferred choice as it will enable all users to access all forms of information, such as images, paper, word processing documents, spreadsheets and e-mails from a standard Web browser and ubiquitous systems such as Microsoft Office applications.
It’s also crucial to map record classifications to retention schedules and fully automate the process of ensuring that records are kept as long as legally required. When a retention schedule expires, final decisions can be made to destroy the object, retain it for a period of time or keep it indefinitely.
The third challenge–one that is fundamental to the whole process–is establishing a digital-compliant repository. The ability to extract records into a secure, centralized repository and then execute enhanced search capabilities with metadata is key to the records management process. With the appropriate permissions, records managers can easily apply classification metadata to submitted documents to enhance search capabilities.
Metadata is then indexed and can be used to more easily find, retrieve and generate reports on documents based on custom criteria. Once a record is classified, it’s also possible to immediately synchronize retention and disposition rules. Records in external repositories can be managed as a record “in place,” or physically extracted and automatically replaced with a shortcut, enabling content to be securely archived in a centralized, compliant storage environment.
The fourth challenge involves developing a strategic plan for ongoing management of the compliant repository’s logical and physical lifecycles. The use of the FEARM as the common, governmentwide framework for meeting records management requirements makes it possible to identify the issues and records involved at the agency level and link them to their implementing technologies and business processes.
A scalable and flexible platform must support the specific aspects of both electronic and physical records along with retention and disposition of both electronic and physical records, as well as storage management and space allocation tools.
A secure repository with complete Web delivery of all records management functionality, customizable interfaces and strong search/retrieval capabilities can be coupled with other document repositories and e-business applications through integration. With a systematic and well-planned approach, agencies can deploy a single repository that can service core applications that meet or exceed FEARM protocol requirements. And, in the process, agencies can put structure around unstructured content.Kathleen Kummer is the government segment manager at Open Text Corp. in Chicago. She currently works with government agencies to help implement FEA guidelines and records management protocols in secure environments.
Connect with the GCN staff on Twitter @GCNtech.