Recordkeeping in Information Governance
Information Governance is by its very nature interdisciplinary. Of course it needs leaders, but great information governance leaders are those that enable a multi-disciplinary team approach to thrive. This is best done by allowing the distinct approaches to information brought by members of the team to exist in both cooperation and creative dissent. The organisational context and information culture determines exactly which skills are brought into the collective mix of information governance, but typically it includes compliance, risk, privacy, risk, security, recordkeeping, data management and analytics (and more in the American context, e-discovery). Each of these focus areas bring specific approaches to their patch of information governance – the trick is to get each to play to their strengths without drowning out or diminishing the important roles of others. Playing nicely across information disciplines is not a given, and fostering that capability is the skill of the information governance leader.
So what exactly does the recordkeeping discipline bring to the mix? The overwhelming focus is to ensure that authoritative traces of activity exist in order to document, defend and enable efficient business. Throw aside any preconceptions you may have of this discipline: in particular any misapprehensions that the focus is on paper, storage or cleaning up accumulated digital or paper remnants. The reality is that today’s recordkeeping professional is focussed on enterprise wide framework issues including mechanisms to manage authoritative information effectively with all existing and planned systems. The importance of inter-disciplinary working is drilled into the professional approaches, and today’s recordkeeping professional should be well versed in identifying and working with the specific professional concerns of cognate disciplines.
An emerging framework for understanding organisational recordkeeping is that of recordkeeping informatics, which stresses the need for agility, interdisciplinary focus and the need to adapt practices and requirements in ever-changing technological environments. Focussing approaches on two solid foundation blocks – continuum thinking and metadata, recordkeeping informatics uses three facets of analysis – organisational information culture, business analysis and access.
Continuum thinking is, in part, a sensibility and an orientation to information managed for specific evidential purposes. It brings an understanding that in order to keep, often fleeting, digital communications, a robust understanding of complex and often competing demands must be met. If the information is to provide the authoritative resource organisations require, it must be proactively designed as fit for purpose – whether it needs to last a nanosecond or a millennium. But information, particularly digital information, can be paradoxically fragile. If the preconditions are not consciously architected to enable contextual management of information over time, then the information will lose its authoritative nature very quickly, possibly only surviving as useful resources for the memory-span of an individual connected with its creation or management. Continuum thinking stresses connections with the future but also with the past, positioned in situated analysis of the organisation within its ever changing social environment, where multiple perspectives need to be identified and consciously incorporated into organisational approaches.
No information discipline can operate in today’s digital world without a solid appreciation and understanding of the role of metadata in the design and continuing implementation of management strategies. For recordkeeping, the metadata is not a post hoc add on, but a fundamental component of any digital recordkeeping approach. It is part of the record, which, while it may be stored separately is none-the-less an inherent component of the record, as important as, and arguably more important than, the content and its physical manifestation. Recordkeeping professionals deal in complexity and manage in context. This involves continuously ensuring relationships are defined and managed – including components needing to be bundled together, content objects managed in cascades of drafts, versions and multiple states of formality, identified roles and responsibilities for actions that are hugely dynamic and ever changing reflecting organisational realities. These are just a few of the organisational relationships managed through ever accumulating recordkeeping metadata. This metadata is used to make assertions about the reliability and trustworthiness of the state of the information resource managed as records.
A recordkeeping professional grounds their approaches in organisational context. The importance of knowing the regulatory and compliance environment is key as it determines the requirements for records to support the organisational responsibilities. The capacity to implement recordkeeping in systematic ways is driven by the information culture that derives from the organisational culture. Some organisations are risk takers, some are more than mindful of regulatory compliance, and sometimes multiple information cultures will exist within one organisation. Diagnosing the state of the information culture will determine where a successful recordkeeping intervention is likely – through technological mechanisms, through behaviour, through policy or other tactics.
Understanding the meaning of information over time is important. To do that in ways that support not only the current business, but future requirements including those imposed by external stakeholders and users, requires the construction of records in ways that reflect the business that was going on when the authoritative information was created and used. This locks recordkeeping informatics approaches into design strategies reflecting the realities of current business processes. Of course, making records creation and capture automatic, invisible, and able to operate as a continuing organisational resource to improve business practice is a major driver here. Locking the contextual understanding to the information created in, and supporting, the business process is a core requirement. And here too, the discipline of knowing how long information should be retained for comes into the mix. Defensible disposal is now an issue facing all organisations. The ‘keep everything, storage is cheap’ and ‘we’ll derive huge, but as yet unknown, value from accumulating our data’ approaches are beginning to loose viability as costs spiral, risks of exposure and unintended disclosures grow higher with uncontrolled and unknown data swamps, and information stored but contextless and unmanaged threatens to overwhelm. Coming to a more mature approach to managed information includes embracing defensible disposal and that is a long demonstrated recordkeeping skill.
Finally no organisation can manage information resources without an access and permissions framework. Notions that this is purely a responsibility of single sign ins, or something determined by cyber security experts ignore the complex multi-system, multi-participant nature of business processes. The notion that ‘information just wants to be free’ is not an organisational reality. Protecting that which needs to be secured is not only a technological requirement from the cybersecurity community of the information governance matrix. Who has permission to do what, and for how long, who they are, responsibiltiies and delegations – all this is part and parcel of documenting and enabling business which is immediately reflected in the information created to document that business.
Look again, with fresh eyes at the role of recordkeeping within information governance. Recordkeeping is a fundamental approach to architecting information management approaches within a governed information framework. It is not stand alone, nor are today’s recordkeeping approaches for information governance post hoc, retro-fitted or simply defensive. Rather it is a dynamic, participatory, tailored approach to effective management of authoritative information for today’s business environment, tailored to re-use, business efficiency and grounded in robust interdisciplinary collaboration.
Principal Consultant and Owner at Recordkeeping Innovation Pty Ltd