We’ve always seen records management as something that occurs within a content system. We’ve carefully ensured that records were stored in the records management system, in the correct place, with the correct category and retention schedule. This way of thinking hasn’t changed much despite the advances in technology. But what if there is a better way to manage records? I’d like to propose a new way of thinking about records management systems, one that is easier to use, and built with modern technology in mind.
What is a System of Record?
The system of record is the way we are used to thinking about records management. It is the legal, auditable system that tracks records, categorizes them according to the file plan, applies the correct retention period, ensure records are not deleted prematurely, and facilitates defensible deletion when the retention period has passed. The overall goal of this system is to ensure compliance rules and regulations are being met and followed. Ideally there would only be one system of record to manage and maintain.
What is a System of Engagement?
The system of engagement is where end users do their work. It provides the toolset they need to collaborate, complete business processes, store data, or whatever else their jobs require. The overall goals of systems of engagement are to increase productivity and to create additional value from organization information assets. There might be one, 10, or 100s of systems of engagement in an organization, depending on the nature and size of the organization.
How do these systems work together?
Ideally, these systems are separate from one another, so that one does not interfere with the other. In this case, records management policies should be applied automatically, using rules, whenever new or updated content is detected. We call this “applying rules at the edge” because the original content isn’t modified. The content is managed in-place, in the original system of engagement.
What is the Risk of Not Using This Approach?
There are several risks present when the systems of record and the systems of engagement are not managed separately.
These are the risk of deletion, the risk of users not properly declaring records, and the risk of not deleting content when the retention period has passed. These risks expose your organization to the possibility of fines, a loss of trust with customers, or up to the dissolution of the business.
When regulated content is not managed as a record from the beginning of its lifecycle, then there is always a risk that it could be deleted before being declared a record. Auditors do not care if the content was still being actively used when it was deleted. In the past, we’ve thought about content as records only when it has been locked for editing, which means there is risk present for the entire period where users are modifying the content.
End users are not records managers. They are not trained in maintaining compliance, and it is not usually listed in their job descriptions. So why are we asking end user to categorize and declare records? This approach exposes us to the risk of users not declaring them properly or not moving records to the records management system when they are ready for archiving.
On the other side of the content lifecycle, there is a risk from not deleting content once the retention period has passed. This is mostly a risk from legal exposure during litigation or other situations where content needs to be passed to a third party. Any content that has not been deleted is fair game for the third party to use to strengthen their case. By deleting content as soon as the retention period is over you can eliminate this risk.
What are the Benefits of this Approach?
In addition to risk mitigation, there are other benefits to the separation of your system of record from your systems of engagement.
- Records as a service: This approach allows you to take advantage of a monthly subscription and centralized service for your records management needs. Costs can be spread out over many years, rather than as a larger project with a high capital expenditure. Having your records management solution centrally hosted and managed reduces the management burden for IT and ensures the system is always secure, up to date, and compliant.
- Data from any source: As mentioned above, using this approach allows you to connect to any data source and manage content in place. You have the option of using pre-built connectors from RecordPoint or our partners, or you can build your own using our connector framework. We’ve built the framework so you don’t need specialized developer skills; any developer should be able to build a connector in a short period of time.
- Platform agnostic: Since the system of record is only managing the content metadata and ensuring retention, it is agnostic about what content is under management. The content could be data from a CRM system, files from a file share, SharePoint, Box, Dropbox, Google drive, emails from Exchange, or anything else. As long as the data has some kind of structure, we can manage it for compliance and retention.
- Can grow with you: We do not know what systems of engagement will be invented in the next 3-10 years, and what impact they will have on your organization. This approach ensures that your records management system is future proof and able to consume content from any source. You will not need to revisit your records management system every 5-10 years to stay compliant.
RecordPoint has taken the approach of separating the system of record from systems of engagement when building our Records365 vNext product. We believe this is the best approach for most organizations to minimize risk and ensure flexibility. We would be happy to discuss this further with you. Please reach out to us to schedule a time to chat!