09 May 2023

Records and Information Management: What’s a BRO to do?

Ever heard of the Befuddled Records Officer (BRO) phenomenon? In this digital age of increasing amounts of data, a still-developing, cross-section of multi-national privacy regulations, internal compliance demands and consumer-driven expectations of privacy and data stewardship, the job of maintaining records has never been more difficult or stressful…

For active record and information management (RIM) officers today, having to navigate the competing narratives of ‘preserve’ versus ‘destroy’ is an all-too-common sanity straddle. On the one hand, there are retention requirements (duty to preserve) often driven by a confusing patchwork of multi-national, federal and sector-specific rules.

But then, there is still the need to answer to customer data expungement requests which arise out of a web of burgeoning privacy regulations underpinned by an overarching, governing philosophy of minimisation (or the right to be forgotten).

So, taking all this into account, just what is a BRO to do? The answer lies somewhere between insanity and what is known as ‘active lifecycle management’.

What exactly does ‘active’ mean? Pretty much what it sounds like! It means following through on the obligation to dispose of records under management when their disposition clock is ticking down. Sounds easy in principle but many organisations aren’t equipped with the discipline, know-how or confidence, to actually pull the plug on information that is no longer needed.

Despite the recent emergence of information architecture principles such as privacy by design, often lifecycle is an afterthought to the process of maintaining enterprise content systems. The technology might have moved on, but the mentality of keeping hold of everything in a filing cabinet whether literal or virtual, is still very much present in many organisations.

When an ‘active’ approach to records management is taken, all the obvious and common paradoxes are avoided and the baseline retention policy takes care of everything, which should include the enforcement of retention rules including legal hold and the orchestration of defensible disposition.

There is still a lot of planning and components that comprises these high-level processes, but as long as the RIM programme that’s in place has the corporate authority to do what it needs to do with regard to the organisation’s retention schedule, then the day-to-day management of records and information is in safe hands. Life is good.

Where most organisations slip up is either on the accountability side of the house (nobody wants to sign off on actually destroying stuff) or on the technical challenges of implementing a mechanism that works and doesn’t adversely affect the rest of the business.

So, what are the best mechanisms to achieve this? IBM’s flagship digital business automation canvas, FileNet is handsomely equipped to be able to accommodate these requirements. From a record management standpoint, IBM Enterprise Records (IER) is a FileNet platform add-on that gives a full suite of records management, recording and enhanced audit functionality.

Once the corporate retention schedule has been finalised and it checks all the legal and internal compliances boxes, it can be imported into the system to configure repetitive, consistent and event-driven disposition processes.

As a definitive records management application, IER can model the management of both physical and electronic records and even supports multiple data models (eg. DoD 5015.2) and vital records.

Something a little lighter is enChoice’s Content Lifecycle Management (CLM) for IBM FileNet P8 which provides automated protection and the destruction of regulated and non-regulated content in the FileNet P8 repository at the lowest possible resource requirement and cost.

CLM complements FileNet’s basic retention functionality, and its embedded dashboard and reporting capabilities offer a configurable overview of all documents to be deleted and their retention settings. Documents and even folders are deleted in a controlled and secure manner, in adherence to compliance guidelines, either manually or in automated batches and all deletions and modifications are logged for audited processes.

EnChoice is on hand to deal with data dilemmas and content conundrums, so get in touch today to find out how we can make worrying about the lifecyle of records and information, a thing of the past.