Record Management In IMS (ISO 15489)

by Maya G

Maintaining a company’s records may not directly impact the profitability, but negligence in handling them can lead to lawsuits or financial scams. Record management is meant to help ensure that documents are organized, accessible and secure while at the same time not hindering their use. ISO 15489 is a standard for records management created to ensure compliance with the principles of recordkeeping.

Objectives of record Management

This standard was developed by the International Organization for Standardization (ISO) and has been widely adopted as an international best practice in information management. It is essential to understand these standards if you are looking to manage your business records effectively, efficiently, and without errors or omissions.

Objectives of Record Management :

  • Transparency- Association of Records Managers and Administrators (ARMA) provides guidelines followed by custodians and other document personnel for effective record management to avoid any confusion. This builds trust among stakeholders, other business leaders, and employees, which helps them perform their duties effectively.
  • Data security- Data is one of the most important assets of an organization and protecting them from internal or external threats is a challenge for every organization. Record management mitigates the risk by controlling access to physical records or password encryption of digital documents.
  • Cost reduction- Managing and securing records either in physical or digital form will cost the company. Optimizing digital storage by deleting previous unwanted records and shredding physical documents will reduce the costs of storage infrastructure beard by the company.
  • Compliance- Various industries especially accounting firms, must provide the records whenever required by the legal authorities. Failing to do so will pull the company to lawsuits and impact the goodwill. Profit or nonprofit organizations must meet the regulatory requirements by legal entities.

Who is Responsible for Record Management?

  • Archivist –The Archivist is an individual who has been granted access to the records of a company and manages them as they are transferred from one location to another, such as when paper documents are scanned into digital form or computer data, it is backed up onto magnetic media. They also ensure that records are properly organized and labeled to be found easily if needed.
  • Record managers- Record managers in IMS keep track of changes made to data records and manage the versions according to your specifications. They allow you to apply updates with minimal downtime, perform backups, recover from disasters, create back-out plans, and audit what has happened since a specific point in time.
  • Custodian- The custodian, has the responsibility of obtaining, safeguarding, and providing access to records. Custodians for record management must identify key stakeholders, be aware of privacy laws and ensure compliance with retention schedules. They are also responsible for determining how records should be classified, where they will be stored, and who can access them.

Record Management Lifecycle :

The phase varies from one organization to another, but the following are the most followed practices in every organization.

Record Management Lifecycle

  • Creation- This is the first phase in the record management lifecycle. The receipt of the record is created and classified in the books of the company’s record system. Ensure you develop the correct records in their respective format.
  • Use/Modify- As the records are used and modified, you must protect them from misusing and editing with wrong information. Make it easier for the people to access the records which use it regularly and keep some security measures for those who don’t. Every organization has its duration of keeping its records. An active record can be updated or deleted at any time by anyone with access rights to it. Inactive records cannot be edited, but they can still be viewed and printed out. Retired records cannot be reassessed once they have been moved into this phase; however, if needed, they can be moved to active or inactive steps after some additional processing.
  • Dispose – At the end of the cycle, the record management team must decide whether to dispose of or preserve the records based on the organization’s needs. You can automate the process by keeping a duration for records based on the priority level and updating them at your convenience. Records can be preserved for a period ranging from days, months to years. Assign the task of disposing records to a designated person based on the approval of management.

When you need Records Management?

Suppose you are clueless about whether or not to have records management. In that case, the short answer is that every organization irrespective of its size, needs some type of facility to manage its records. Moreover, it can prevent many problems in the future that will arise due to mismanagement of records. The following checklist will help you decide if you face any of these issues due to mismanagement of records.

  • Managers, custodians, and employees spend more time searching for previous records or finding ways to record information.
  • Unauthorized removal or misinterpretation of records without approval.
  • Digital storage or file systems are no longer able to cope up with the growing volume of records.
  • Records are being maintained in unappropriated environments like basements and warehouses, making them prone to exposure to dust, rodents, pests, etc.
  • You are not able to provide accurate information to your client/customer due to misidentification of records.
  • Lack of security system for vital records.
  • No proper guidelines to create and manage records leading to facing lawsuits from legal authorities.

How to Implement Records Management ?

  • Records management needs to be handled by a record manager who is an expert in the record management lifecycle to maintain the privacy of records. A records manager can classify the type of department it belongs to, whether legal, IT, or audits depending on the organization’s structure.
  • One of the most effective ways is to implement record management in the entire organization instead of restricting it to specific departments. This requires the collaboration of every department to create and use the system.
  • Develop principles following the industry and ISO standards and work within those parameters. Keep limited access and decide who can access the records under the management authorization.
  • Another option is to outsource the task to third parties that specialize in records management. These companies may either provide cloud storage facilities or facilities for storage of physical records. They have offices across multiple locations away from earthquake and flood zones. This can save costs on hiring a record management team and creating storage facilities.
  • Create retention schedules as to how long you want to retain the records. Set the retention period based on priority level and dispose of them when no longer required.