The moving target of electronic records management

Under the requirements in the Office of Management and Budget’s M-19-21 memo, federal agencies must make a full transition to electronic recordkeeping by the end of 2022, and the National Archives and Records Administration will stop accepting new paper records at that time. The shift is essential to making government more effective and efficient, but hitting the milestones in the memo will require agencies to fundamentally rethink how they process and manage documents and electronic content.

A little more than a year into that process, FCW gathered a group of records management specialists from across government to discuss what’s needed to make a true transition to electronic records management. The discussion was on the record but not for individual attribution (see page 43 for the list of participants), and the quotes have been edited for length and clarity. Here’s what the group had to say.

On track but lacking resources

Although the readiness level ranged widely from agency to agency, most participants said they were on track to meet the M-19-21 deadlines. Yet several expressed apprehension about NARA’s timing in finalizing the standards and protocols for the transfer of permanent records.

“My philosophy has been to use the available tools and resources at hand and get right up to the border of where the agency is ready to hand them off to NARA,” one official said. “And then when those standards come in, we can conform to fit…but at least we’re working toward the line rather than waiting until we get full guidance.”

But another said NARA “has been a good partner to the agencies” in developing the standards and “has given them enough feedback to now go down the right lanes of figuring out where the gaps are.”

Whether the tools and resources at hand are sufficient, however, is another matter. “There never are enough resources,” one official said. “We’ve got great resources to the extent that we have them,” referring to the staff and the record schedules that have been developed, but the work will outstrip them — and this year’s telework-driven embrace of collaboration tools has only increased the degree of difficulty.

Dedicated funding for electronic records management has been difficult for most agencies to secure, although multiple participants said OMB is working to address that in the next budget cycle. For now, most said they are trying to weave the M-19-21 efforts into other projects that do have funding.

“Piggybacking on other initiatives” is the name of the game, one said. “I find that if I tell them I’m here to fix their information pain, I get their attention very quickly. And then also emphasizing e-discovery and the ability to search for your records across any platform get people’s attention — maybe not leadership but certainly people who have a need and are willing to articulate it up the flagpole for me.”

Not enough staff, not the right skills

Human capital is proving to be the toughest resource to secure, multiple officials said, because employees with records expertise often lack the data and technology skills that are now required.

“I love my records management staff,” one said. “They’re fantastic. But they are not database people. They are not technologists.”

There are headcount challenges, that executive added, but what agencies really need are records officers who can “understand the technology and be able to dig through it, as opposed to just giving it retention rules.”

“We are understaffed,” another participant agreed, but “more importantly, we don’t even understand the scope of technology that’s out there. There are so many things that are combined now with different kinds of formats together, and we can’t figure out how to actually save all that so that it could be wrapped up in a work file or in some other method. So we’re challenged every day by the stuff that comes in the door.”

Yet the most important gap, the first executive said, may be in “the respect that the job requires” and giving records management a voice in the development of business processes and systems.

A third official suggested that many records management teams have painted themselves into that corner. “We’ve used the same tired formulas of how to bring records management into the limelight of finding a champion — somebody who’s going to champion our cause, at least until they get promoted or move on,” that participant said. “And we’ve built a big structure of what [U.S. Chief Records Officer] Laurence Brewer called a very shallow structure of support, where we depend on custodians and liaisons that it isn’t part of their job, but we’re constantly training them. And so we build up a bureaucracy, a shadow group of people that this isn’t their main business. And all of our records management resources go toward training, supporting, monthly meetings, follow-up.” When his agency’s champion retired, the official said, “we lost all our money.”

The agency has since switched to more of a consultancy role, the official said. “Give us a call and we’ll figure it out case by case. And so we’re actually solving problems and building up that grassroots support for ongoing resources and identifying opportunities where we can insert ourselves at the records management level to help them with policy definition and fixing information pain.”

Too many tools?

Complicating that resource challenge in terms of staff and money is the rapidly growing suite of communication tools agencies use. Too often, participants said, the adoption and deployment of those tools is happening before Federal Records Act requirements are accounted for.

One official pointed to the SharePoint experience as a cautionary tale: “People spent millions and millions and millions of dollars cleaning up SharePoint over the course of a decade because they hadn’t thought of governance issues associated with it on the front end.” Yet with this year’s telework surge prompted by COVID-19, Microsoft saw its Teams collaboration suite go “from 31 million users to 44 million users to 75 million users in six weeks. There’s going to be a hell of a governance mess downstream.”

“Inevitably, as we shift to the cloud and particularly as applications shift to the cloud, the pace of change accelerates,” another executive said. “And I think that carries with it some risk of obsolescence and challenges in terms of third-party solutions that plug into cloud solutions because they’re not iterating at the same pace as the platform is. I don’t have an answer to that other than it’s something that worries me in terms of how that ultimately fits together.”

Even when a given application is nearly ubiquitous, there are complications. The group discussed the pros and cons of relying on Office 365’s built-in records management capabilities, for example. Several were skeptical that they were sufficient for their agencies’ requirements, and one noted that not all those capabilities were authorized under FedRAMP when first deployed.

Others, however, pointed to the broader ecosystem of tools that are available to do real records management within Office 365. “There are other players and partners that do exist out there to fill some of those gaps,” one said.

Ultimately, another official noted, “it’s a community of systems that support a business process. I think, as a community, we’re still struggling with how to catch up with the rapidity and ever-changing landscape more than we had been before. And we don’t have the luxury of time.”

A CDM model for records management?

One participant suggested that the Continuous Diagnostics and Mitigation Program — where the Department of Homeland Security and the General Services Administration have established an approved product list, governmentwide reporting requirements and even centralized funding for cybersecurity tools — might be mimicked for electronic records management.

“While I’m not looking to have NARA sponsor the same way that DHS does,” the official said, the idea of “leveraging the CDM model of how we buy tools and integrate them and have an integrated suite of tools is something that we are heavily invested in.”

Legacy archives vs. future data

Ultimately, the group agreed, fundamentals are more important than specific technologies.

“What I’ve seen in looking at my compatriots in other agencies is they spent incredible sums of money to deploy a technology,” one participant said. “And those solutions have not been nearly as effective as they have been sold as because some of the fundamentals hadn’t been done — like understanding your record schedule and the organizational and institutional changes around processes and capabilities that really need to be in place to feed the right records. And those have not been put in place in advance of the technology, meaning that what you get is management saying, ‘Well, we spent $5 million on this thing and it wasn’t any good.’”

“My rule is no technology is going to last longer than three or five years,” another official said. “It’s going to change. And with that, you go into the realm of a higher level of policy and data structures and naming conventions automatically because you start to think: How am I going to take what we currently have and migrate it to the next tool, whatever it’s going to be?”

Additionally, agencies are sprinting toward two distinct M-19-21 deadlines: converting legacy records from paper to digital, and ensuring that current and future business processes produce digital records from the start.

“There are probably not enough resources in the world” to address each of those aspects individually, one participant said. “We have broadened our perspective” to establish governance, workflows and record schedules that can apply across the board.

“Although it seems like they’re disparate projects and at some level there are, it’s a big Venn diagram,” another official said. “There are a lot of things that you need to do for digitization that you also need to have to evolve to new technologies. So I think it is a mistake not to look at where there are common efforts that will address both.”

“It’s not going to be everything,” that official cautioned, and scope creep continues to be a concern. “I think there’s some rightsizing around expectations that has to happen. Just because the technology is out there, Congress was never going to give us the budget to meet their expectations in terms of reproducibility of all the flotsam and jetsam that we’ve created. We have to start having that honest conversation. Otherwise, we’re doing both sides of the house a disservice.”

Making digital records part of IT modernization

Technology is part of the equation, though, and participants predicted long-term success would depend on better integrating electronic records management into their agencies’ broader IT modernization strategies.

“It’s my dream to seek sources of funding from the Technology Modernization Fund,” one said, “because a lot of what we’ve been discussing is how we process information, which is by definition records management.” Modernization should involve more than upgrading the pipes, the official argued, and extend to “how we manage processes for creating and contextualizing and storing information from soup to nuts.”

That goal goes back to piggybacking on other initiatives and having a true seat at the table, another official said. “It’s not records management and budget per se. It is finding the business need and attaching yourself to that need and getting a slice of the pie. And I think that is happening in modernization efforts. You just have to know that the modernization effort is happening.”