IRMS Public Sector Group Event
Westminster Archives, London
Friday 02 December 2016
Theme: A Records Manager’s Christmas List
The meeting started at 9.30 a.m. with a welcome address by the Chairperson of the Event, Elizabeth Barber, with a word of appreciation to the host Westminster Archives and the sponsors Objective.
This was followed by presentations from the various speakers who discussed on a broad range of issues relating to Records / Information Management.
10am - Key Note Speaker: Elizabeth Shepherd
An Overview of the Challenges for Records Managers in the 21st Century
Elizabeth defined records management and gave a list of job titles that may be involved in Records Management. The list included Information Governance, Data Security Officers, Data Protection/FOI Officers, Risk Managers, Digital Curators and Activists. She noted that whilst one would not particularly think of a Digital Curator as someone who would be involved in records management, they are in fact doing so. Records management is part of an Organisation’s broader function of governance, risk management and compliance, primarily concerned with managing the evidence of their activities as well as reducing the risk associated with it, Elizabeth went on to say that businesses have a corporate responsibility to groups or individuals who might be affected by their actions or inactions. She made a distinction between information management and records management. While the former deals mainly with policies, regulations, standards security and legislation, the later deals with details, protection and organization.
Elizabeth noted that allowing researchers better access to administrative data could lead to the uncovering of all sorts of problems in the data as the documentation of data is usually poorly done. This would help an organisation to rethink the way in which they document their activities. It all boils down to the question of trust between the data provider and those who are allowed access it. This begs the question of risk management. To manage these challenges Data Protection and FOI Officers would need to implement the EU General Data Protection Regulations (GDPR), which is similar to the existing UK Data Protection Act 1998 (DPA). Freedom of Information (FOI) requests need to be maintained and compliance with the Information Commissioner’s Office (ICO) best practice should be ensured.
10.30am – Speaker 2 – Gary Shipsey, Protecture
The General Data Protection Regulations
Gary spoke with regards to the amount of information a simple email address can reveal about the individual, such as gender, race and even religious background. He said those who collect data should be able to tell people upfront for how long they will be keeping their information and the purpose. They should also immediately delete this information once the intended purpose for collecting them has been achieved. Records of child abuse need to be kept throughout the person’s life which could be re-visited if the need arises. A tip to implementing records management includes; risk de-escalation, confidentiality, integrity and availability.
Emphasizing the need to have a standard for records management, Gary said, once there is a standard for records management, organisations will be able to measure whether or not that standard has been met. He also said information audit is about knowing the type of records an organisation has and in what format. Does your records management system support your business? What works and what does not work? Businesses should anticipate changes and prepare in advance to adjust. Records Managers cannot afford to work alone; there is the need to talk to different people, from Cleaners to Secretaries.
When we know our organisation and what it does then it becomes easier for us to effectively manage our records. Legislation should be used as a guide to setting retention schedules. An organisation should be able to tell whether or not they achieved what they initially set to achieve. He concluded by saying we will never get to the level of utopia records management but we can seek to improve. F
11.15am - Speaker 3 – John Wilson, JMW Mosaic Ltd
Implementing International Organisation for Standardisation (ISO) 15489
John noted that the International Organization for Standardisation (ISO) is a body that develops guidance for International Standards. They have developed a records management standard ISO 15489. Part 1 gives guidelines on managing the activities of businesses. The recommendations made by ISO in the standard enable the efficient creation, capture and management of records and its guides gives a methodology to facilitate its implementation. It also identifies some of the issues an organisation should consider when complying with the ISO standards. The organisation sets the fundamental concepts and principles of the records management process to meet the business requirements.
To effectively manage the records of organisations, there should be a preparatory investigation, an analysis of the activities of the business, an assessment of the existing systems, design and implement records system. All of these will serve as the business’ strategy of implementation.
Applying the ISO standards provides the following benefits;
• The standard’s record classification system reduces the burden of recording, retaining, retrieving and disposing of records.
• it also implies the business is meeting its legal obligation of records management
• Shows good practice and also enhances efficiency.
11.45am – Speaker 4 – Emily Overton
Compliance: The Bigger Picture
Emily noted that records management is not only about compliance with the law. It is also about knowing what you’ve got, why you’ve got it and for how long you will need to keep it. Inadequate knowledge of the information held by an organisation would lead to the failure of information governance and subsequence action by Information Commissioner’s Office (ICO). Some of Emily’s top tips to mitigate the risk involve in poor records management includes:
• Get senior management buy-in as they are accountable for handling records management risk.
• Seek ICO’s help through voluntary audit, if in any difficulties.
• Find out where records management strategy and task is within the business
• Hire a Record Manager who knows what they’re doing
• Collaborate with the IT team of your business
• Find out how your electronic records management systems and where your information is stored
• Train staff to enable them do their job efficiently and with confidence.
Every one of these tips can make a huge difference.
12.15pm - Sponsor Presentation: Objective.
The sponsor of the event made a presentation on behalf of Objective – Enterprise Content Management (ECM). ECM is an information management system that has facilitated electronic records management by creating an experience where users can access their information directly within core applications and reduces the cost related with traditional Electronic Data and Records Management System (EDRMS).
The developers of the product have partnerships with Organisations such as IBM and the Scottish Government. It was also noted the system provides users with a seamless user experience interacting with content and business processes. ECM-Objective has helped the governance of Australia’s information process by providing users with an experience where information governance is seen as a benefit rather than a hindrance to work progress. In addition, the product enables users to focus on outcome rather than information management and removes the overheads of governance and increases efficiency.
2pm – Speaker 5 – James Lappin
Managing Records in SharePoint
James began his presentation with an icebreaker generating a discussion over which records management system was better than the other. This included SharePoint v Email. It was agreed it all depends on the type of records involved. He said while SharePoint is corporate-wide, email deals with business line. SharePoint is better structured while and email is not. SharePoint’s records management capabilities improve compliance and reduce cost.
James noted that he has a correspondence library in SharePoint, which helps him managed email. Email has an Achilles Heel, which is its accessibility. The Achilles Heel of SharePoint is that people have to think about storage so it might even be an afterthought. It’s depended on people volunteering information.
2.30pm - Speaker 6 – Madi McAllister
The Independent Inquiry into Child Sexual Abuse (IICSA)
Madi noted that IICSA has a new chair, Professor Alexis Jay. In its recent event, the group examined the attitudes, behaviors and values of the institutions which prevented them from stopping child abuse. IICSA has just brought in an information management system and has tested how their records are going to be stored moving forward. They will also be revealing where their information is coming from and how it is being managed.
The Society offers four types of membership, from Corporate through to Student.
If you are not already a member and would like to join the Society, or if you know anyone who would be interested in joining, please complete the application form.