The Records Management Plan
A well-designed records management plan is essential for your data-retention policies to mesh with your data-management processes. For example, if a retention policy specifies that a document should be purged and destroyed after one year, backups should be designed so that no backup older than one year has a copy of the file on it. On the other hand, for example, a retention policy that dictates that a document must be readily available for review for a period of three years requires that a live copy of it be kept in a storage location from which it can be pulled without restoring it from backup. These requirements dictate that organizations not only develop the appropriate policies but implement and enforce them as well. There have been cases in which organizations have not followed their own policies and were required to retrieve selective data from archive backups and restore it onto their network-a very time-consuming process.
A records management plan should contain the following elements:
-
A compliance requirements document that defines the policies that the organization must implement to ensure compliance with legal and regulatory requirements, along with the practices that employees must adhere to be in compliance with the policies.
-
A chart that identifies who will be responsible for the different roles involved in the records management process.
-
A file plan that identifies what types of information are considered records, where the records are stored, the permissions and policies that govern the records while they are active, and how and when the records will be disposed of.
| Note | These elements are described in detail in this section. |
The Compliance Requirements Document
The compliance requirements document explains the purpose of a compliance program and describes its benefits and its essential components. It identifies the legal and business criteria to which the compliance plan must adhere, as well as the metrics or other objective criteria that will be used to measure the effectiveness of the compliance plan. The compliance requirements document includes the formal policies that represent the organization's internal statement of the regulatory rules it must follow. The compliance requirements document should also include specifications for ongoing training for employees at all levels and guidelines as to the role and involvement by senior management in the compliance process. Although it might not be practical for every organization, a formal compliance audit should also be carried out at regular intervals to ensure that the records management plan is meeting its objectives.
Records Management Roles
When developing the records management plan, it is important to consider who will fill the various roles that are involved in the creation and implementation of the plan. Because SharePoint Server 2007 is a content-rich application, some of these roles will include the SharePoint administrators, content and records managers compliance officers, and information workers.
SharePoint Administrators
Administrators are responsible for the installation and configuration of the SharePoint Server 2007 servers that provide records management services to the enterprise. They create the Web applications and the Records Repository site and configure the connection to the official file that allows users to submit documents to the Records Center.
Compliance Officers
Compliance officers are usually associated with an organization's legal department and are often lawyers. They are responsible for understanding and interpreting the regulations and rules with which the organization must comply. They develop the formal compliance policies the company will implement, and as a result, they are the primary authors of the compliance requirements document and perform internal monitoring and auditing to ensure that the organization closely follows the records management plan.
Records Managers
Records managers are responsible for developing the file plan that applies the compliance requirements document to the different types of information items the organization produces. The records managers can also be members of the organization's legal department, or they can be senior administrative staff who have a thorough understanding of the organization's business practices and workflow. After the SharePoint administrators have created the Records Center site, records managers are in charge of configuring the document libraries and retention rules in the site. Records managers should be consulted at all points in the design of the records management system.
Content Managers
Content managers work on the teams that create information items that will be designated as records. Content managers configure team sites with the appropriate content types and workflows to facilitate documents being effectively and efficiently categorized so that they can be routed to the appropriate repository library.
Information Workers
Information workers are the employees in an organization who create new documents and e-mail messages that need to be classified and routed to the Records Repository for safeguarding. The goal of a reliable records management system should be to make it relatively easy for information workers to classify information accurately, or even automatically, as it is produced.
The File Plan
The file plan is a written document or set of documents that list all the types of information an organization receives or produces and details how it should be classified and handled. Some information will be classified as a record when it is created. Other information will be treated as a record only when it reaches a certain stage in its life cycle. Then there will be information that is either temporary or unimportant enough that it is not considered a type of record. The criteria used to classify a record will come from the compliance requirements document that is produced by the compliance officer.
| Note | As part of your effort to train and educate your users about their use of SharePoint technologies, be sure to instruct them on how to differentiate among document types. Users need to know when a document or record moves from being unofficial communication to being official communication, and they also need to know how official records are consumed and disposed of. |
Although the details of what enters into the file plan depends on the type of information your organization manages, there are usually some common elements in most plans. As shown in Table 10-1, these elements include a list of record types and the key information that must be associated with each record for it to be filed. Once an information item is classified as a record, it is copied or moved into a SharePoint Server 2007 site based on the Records Center site template. This site serves as the storage area for both active and inactive documents that must be readily available as an information resource for staff or as evidentiary material in litigation.
| Plan element | Purpose |
|---|---|
| Record type | The classification of the information item. Each Record Type corresponds to a set of typical documents or messages that need to be tracked and managed in the same way. |
| Required fields | Any additional information that will be required when the document is submitted to the Records Center. |
| Expiration | How long the document will be retained. |
| Disposal | How the document will be handled when it expires. |
| Audit | Whether access to the document will be tracked and logged. |
Open table as spreadsheet Active documents are those that are still in use as part of a project or an ongoing e-mail discussion. These documents might continue to be updated over time, and new versions will be submitted to the Records Center as they are generated. The file plan will specify whether older versions of the same document are retained and for how long. Inactive documents are those that have reached their final version or have been submitted formally to an agency. Although there are not expected to be any further versions of the document, the last version must be retained as an official record of the transaction.
At this point, it is important to distinguish between documents that are retained as records and those that are retained in an archive. Archived information either is not classified as a record or the period for which it needs to be retained as a record has expired. It is usually written off to tape, or printed out, and placed in long-term storage with the expectation that it will be kept mainly for historical purposes. Archived data is generally not readily available for search and retrieval; therefore, it is inappropriate for research and legal discovery.
In Table 10-2, you see an example of a standard file plan filled out for several record types in an organization. As you can see, different document types have different record management requirements. Whereas financial statements are kept indefinitely in archival storage because of their historical value to the company, e-mail correspondence is considered in this case too voluminous and of too little value to archive long term.
| Record type | Required fields | Expiration | Disposal | Audit |
|---|---|---|---|---|
| Financial statements | Statement Date (date field) | Retain for seven years after Statement Date | Archive and delete on expiration | Audit View events only |
| Invoices | Delivery Date (date field) | Retain for five years after Delivery Date | Archive and delete on expiration | None |
| E-mail correspondence | Subject (string property, single line of text) | Retain for three years from date created | Delete on expiration | None |
EAN: 2147483647
Pages: 299