Need help managing your digital records in Office 365? Get expert advice with our free ebook “Best Practices Guide: Records Management for the Digital Era.” Download here!
Experienced records managers are likely intimately familiar with classification, retention, and file plan best practices. However, it’s important for IT, SharePoint administrators, and business leaders to understand the foundations of records management when evaluating the latest technology solutions how these foundations and best approaches work together to deliver successful information management outcomes.
These foundations include decisions based on:
- How to categorize business content (classification and taxonomy);
- How to set rules pertaining to handling this content including its retention and disposal
- The basics of creating and executing a file plan
- Reporting and auditing to prove the organization is in compliance
Terms: Classification and Taxonomy Best Practices
Simply put, a taxonomy in a business context is a pre-determined hierarchical system for content. It’s one of the key pillars of a modern records management strategy because, just like organizing a closet, classifying content into logical filing structures makes it easier to access what’s needed.
According to an ARMA survey, this type of taxonomy is recommended by ISO 15489 and bases its classifications on the high-level purpose and major tasks performed by the organization. Some organizations will adapt this type of taxonomy for their needs, thus creating a hybrid-based taxonomy.
For a function-based taxonomy or other information management taxonomies, best practices include:
- Listing about seven to twelve top-level functions and trying to avoid having more than two levels of classification.
- Using clear, concise and consistent terms that will be stable across time
- Making it easily interpreted and navigable for your Records Managers
- Making it easily applicable to both digital and physical records
Once a taxonomy has been created, you can start classifying content within this structure. For example, some disposal rules will be based on things like contract end date. This date needs to be captured as metadata in the system so the disposal rule can read it and perform the right actions after the appropriate period of time.
Vendors like AvePoint have solutions like Cloud Records that can discover and automatically classify all the content across your enterprise content management system (SharePoint, file shares, etc).
Rules: Retention and Disposal
Once your taxonomy is created and content classified, you’ll want to set rules for actions to be taken with the different groups or classes of content. This is also where having a well-structured taxonomy is vital. If there’s complexity, you should leave that in the rules and keep the taxonomy as simple as possible.
Rather than having to create 50,000 unusable rules for 50,000 pieces of content, organizations can create rules for each type of content classification in its taxonomy. A rolled-up approach, for instance, can reduce this number to less than 100 rules. This approach groups disposal rules with similar retention periods.
For example, an organisation might have multiple types of content that are required to be retained for 7 years. Instead of having many rules to cover each type of content, the rolled-up schedule “buckets” these into a single retention rule with a very detailed description. This ensures coverage for a lot of different information and content classes, but the complexity of managing many different rules is greatly reduced.
An extremely thorough understanding of how long specific types of content are relevant to each unit within the organization needs to inform retention and disposal rules. This may require a series of interviews with leaders across the organization.
Retention and disposal rules also need to be informed by industry and government regulations. Some organizations may find themselves subject to more than a dozen regulations that can impact how they retain their records.
Bringing it Together in a File Plan
File plans provide quick reference for how different types of content should be treated as well as an easy way to see what the lifecycle actions for different groups of content is. They need to include several factors such as who will be the record custodian, what the taxonomy will look like, and how the associated business rules factor in.
Auditing and Reporting
It’s not enough to create a records management approach on paper–you need to be able to prove that that approach has been integrated into the daily operations of the organization. Some key information for reporting includes:
- Content for upcoming action
- How terms are currently being applied
- Everything that has been created and destroyed
- Actions taken by users or items
- Auditing of an administrator and the actions they take
Defensible Deletion
The essential process of records management is pushing information through a lifecycle until you determine it’s not something that needs to be retained indefinitely and is no longer required for business. Once you destroy something, however, it is really important to be able to prove that you destroyed that information in accordance with the retention and disposal rules your organisation is subject to.
A defensible deletion program might consist of one, many or all of the following processes:
- The ability to record a disposal class or authority number as part of each disposal rule. The class or authority number is the official authorization to destroy and proves under what authority the action was taken.
- The ability to retain a metadata stub of the content following its disposal. This shows that the organisation did at one stage have the information, but that it was ultimately destroyed as part of an approval process with the metadata of the content retained.
- The ability to involve business decision-makers in disposal outcomes. This means asking the various business areas to determine if something is no longer required and take ownership in the disposal process.
- The ability to produce a disposal certificate following the process. This shows everything that was destroyed as part of a particular batch and can be saved back into the system as a record.
Once you have an understanding of records management foundations, you can explore solutions to help you deploy and automatically apply your terms and rules to content. Find out more in our ebook “Records Management for the Digital Era!”
Looking for more on records management? Be sure to subscribe to our blog!