Modern Records and Information Management
Chat, voice, videos and other forms of media, help organisations make decisions in the modern workplace. At our recent round table to talk through the whitepaper they produced earlier this year, Matthew Dodd and Andrew Jolly chatted with attendees across the industry to discuss the challenges and opportunities for modern records and information management in the digital workplace. For privacy reasons this roundtable has not been made public, so we have broken down the key takeaways below which we hope you find helpful.
How are we doing so far?
This is how the numbers stack up, the National Archives of Australia Check-up PLUS Whole of Government, agencies reported 63% of digital material they hold is un-sentenced and has unknown disposal classifications. Only 12.4% of digital information records have been sentenced, compared to 54.3% of physical records. Yet in the same survey 81% of agencies work as digital by default.
Identifying & managing the risk
Taking a risk-based approach, organisations can identify low-risk mundane information to high-risk critical information.
Using modern platform tools organisations can start to implement mechanisms of defence:
- First line of defence: User based classification, rules-based auto-apply or AI enhanced classification
- Second line of defence: Broad retention policies to protect against deletion acting as a safety net
- Third line of defence: Supervisory management by exception. Records Management staff conduct reviews of labelled material and period reviews of non-retention labelled content and assist in classification either by:
- Encouraging business users to undertake remediation
- Remediation on behalf of the business groups
- Audit and detection made possible by regular reporting using search and audit tools
Isn’t M365/cloud managed by IT?
As more infrastructure go to the cloud, we sometimes see the role of records management being moved to the ownership of IT Services departments. For data governance policies, Microsoft m365 have specific Compliance roles to be granted for record managers. These are far different from the Azure and M365 Administrator roles which can put your IT team’s mind at ease. As per other on-premise digital record software, the infrastructure is maintained by IT and the information policies by records managers.
How safe is the cloud?
Making the tools available to employees leads to less information being stored in unmanaged places such as USB drives, desktops and 3rd party cloud storage. Adoption of a service like M365 allows conditions to be defined at the file level and at the boundary. The positive outcome is more information is managed and greater level of flexibility for sharing beyond the organisation’s boundary.
Where to go from here?
Automatic labelling and metadata are some great features within Microsoft M365 that require minimal intervention from the user. While these are not an exact replacement, it is an additional layer of defence to help reducing risk exposure. It is easy to get caught up in hundreds of disposal and retention rules, after all, 100% compliance was never the standard.