Book Image

Alfresco 3 Records Management

Book Image

Alfresco 3 Records Management

Overview of this book

The Alfresco Records Management feature set is so complete that it is one of the very limited number of systems, and the only Open Source solution, that has been fully certified for Records Management use by the US Department of Defense. Record keeping is important because accurate records are really the only way that organizations can demonstrate compliance with regulatory requirements. The amount of regulation that organizations must comply with has gone up dramatically over the last decade, and the complexity of record management has increased proportionally.Alfresco 3 Records Management is a complete guide for setting up records programs within organizations. The book is the first and only one that describes Alfresco's implementation of Records Management. It not only teaches the technology for implementing Records Management, but also discusses the important roles that both processes and people play in the building of a successful records program.Alfresco 3 Records Management starts with a description of the importance of record keeping, especially from a regulatory compliance perspective. It then discusses Records Management best practices and standards, and goes on to describe step by step how to identify documents that need to be managed as records, how to use Alfresco Records Management software to set up the File Plan structure for organizing the storage of records, and then how to manage the lifecycle of the records.The book provides detailed instructions for installing and configuring Alfresco Records Management. The topics covered include setting up a record File Plan, filing records, establishing record retention schedules, setting up security and permissions, assigning metadata, extending the content model, using advanced search techniques, and creating system activity audit reports. The book also provides "deep-dive" information from a developer's perspective about how the Records Management module was implemented within the Alfresco Share platform.Alfresco 3 Records Management covers features available in both the Community and Enterprise versions of Alfresco software. By the end of this book, you will be able to successfully develop a records policy and implement it within Alfresco Records Management.
Table of Contents (18 chapters)
Alfresco 3 Records Management
About the Author
About the Reviewer
Free Chapter
Records Management

What is a record?

Let's start with a definition of what a record is. The ISO 15489 definition of a record is as follows:

Records contain "information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business".


ISO 15489 is an international standard issued by the International Organization for Standardization (ISO) that specifies high-level best practices around Records Management. Many more prescriptive Records Management standards draw heavily on the basic concepts described in ISO 15489, like the US Department of Defense's (DoD) 5015.2 specification and the European MoReq specification. More information about ISO 15489 and the DoD 5015.2 can be found in Appendix A (which is available for download from the Packt Publishing website).

The ISO 15489 standard distinguishes a record from an ordinary document with this definition:

A document is "recorded information or an object which can be treated as a unit".

In short, records are a subset of all documents that enter or that have been created within an organization. Records are that group of documents which contain information about the actions, decisions, and operations that have occurred in the organization.

As a rule of thumb, if you can answer 'yes' to any of these questions, then the document being considered should be classified or declared as a record:

  • Does it support or document a transaction?

  • Does it provide information used in making a business decision?

  • Does it document actions taken in response to an inquiry?

  • Does it document the reasoning for creating or changing a policy?

  • Does it document your business process?

It is useful to note that some things are generally not considered to be records. These include such things as copies of records made for your reference, document drafts that have not been published, notes that have not been shared with colleagues, and envelopes used for routing. The specific records maintained by any one organization will differ based on the nature of the organization. Examples of records include items such as facility blueprints, bank records, board minutes, contracts, correspondence, deeds for property owned, general ledgers, insurance policies, meeting minutes, organizational charts, patents and trademarks, payroll information, personnel folders, policy and procedures, research data, protocols, quarterly reports, and technical system documentation.

Records can be stored on paper, electronic files, e-mail, microfiche, audiotapes, videos, databases, photographs, and other media. Information in voice mail and instant messaging can also be considered as records. Even information exchanged with Social Media tools and software can be considered as records, such as information stored in microblogs (for example, Twitter tweets), content posted to social networking sites like Facebook and LinkedIn, blog posts, and wikis.

Electronic Records Management (ERM) systems often separate records into two categories — electronic and non-electronic or physical. Electronic records can be stored directly in the repository of the Records Management system and have the advantage of being quicker and easier to search and retrieve. Non-electronic records, like those stored on paper or microfilm, are not stored digitally, and must be tracked by their physical location.

What is Records Management?

The ISO-14589 definition for Records Management is as follows:

"Records Management is the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records."

While Records Management is a vital tool for companies to address governance, compliance, and retention requirements, the benefits of Records Management go beyond government regulations. For example, the use of Records Management improves a company's overall data management processes, particularly in the areas of data security and data access.

Electronic Records Management

Records Management systems that use software to automate the management of records are called Electronic Records Management (ERM) systems. This book discusses Alfresco, which is an example of an ERM system. ERM systems are not limited to managing only electronic records; non-electronic records can also be tracked with ERM systems.

Record lifecycles

A distinguishing feature of a record, compared to a document, is that every record has a lifecycle. When a record is initially filed and declared, the lifespan of the record is implicitly defined. That definition includes how long it will be usable, and at what point in time will it be either moved to permanent archival or destroyed. Best practice Records Management, as derived from the ISO 15489 definition of Records Management above, defines the following steps in the lifecycle of a record:

  • Creation, receipt, and capture of a document

  • Classification, filing, and declaration of the document as a record

  • Maintenance, use, storage, and retrieval of the record

  • Disposal of the record

Throughout the course of daily business transactions, documents are typically received, created electronically, or captured by scanners and then converted into electronic image files. Documents are then filed within the Records Management system and declared to be records.

Within the Records Management System, on a daily basis, records will be searched for and retrieved, viewed, and used, as needed. Ultimately, the life of the record comes to an end and it is routed through its final disposition step. Typically, some small number of records, because of their long-term historical importance, will be moved to a long-term archival location for preservation. But most other records will be destroyed in the final step of their disposition.

Much of the remainder of this book discusses the specifics about how the Alfresco ERM system manages records and each of these steps in the record lifecycle. We'll go over these steps in much greater detail in later chapters.

The following figure summarizes the lifecycle of a record:

Until about 25 years ago, Records Management focused almost exclusively on the management of paper records. Microfilm and microfiche were occasionally used to store records, but the bulk of records were in paper. As offices were automated with desktop computers, electronic documents and records became more common. Today, most new documents created in offices are created electronically.

Electronic Records Management focuses primarily on the management of unstructured documents. While structured data has a rigid data structure, like the information stored in the schema fields of a database, unstructured data refers typically to documents that have been created without following a rigid data model. Because something unstructured is less predictable than something which has a structure, the management of unstructured data is a more complex problem. Document and Records Management systems were designed specifically for dealing with unstructured documents. AIIM found in a survey taken in mid-2009 that 70 percent of organizations have seen huge growth in the volume of the electronic records that they manage, while somewhat surprisingly, as many as 56 percent of organizations say that their volume of paper records are also continuing to increase, although not as quickly as their electronic records.

How does Records Management differ from Document Management?

If you already have a Document or Content Management System, you may wonder if that system can provide the same level of functionality and benefits that a Records Management System would provide. The two are similar, but Records Management offers unique capabilities not found in a standard Document or Content Management system.

The two types of systems are very closely related, but distinctly different. Document Management systems are typically deployed to enable departmental sharing of documents and to manage document revisions. Document Management systems often lack certain key functions that are needed to perform effective Records Management.


Because of the close relationship between Document and Records Management, a number of vendors combine the two types of systems into one, namely, an Electronic Document and Records Management system (EDRMS). This is usually a good approach, since not all documents are records and often a document may need to be rewritten and versioned multiple times (document operations) before it is ultimately filed and declared as a record.

Records are really a special kind of document and often a record begins its 'life' as a standard document. At some point, the document gets declared to be a record and thereafter takes on the special behaviors of a record. The relationships and differences between documents and records are summarized in the following table:


Document Management

Records Management

Stored Objects

A Document is stored information that contains structured and unstructured data. Documents are often associated with metadata; a set of properties or attributes that further describe or summarize document content.

Records are a special kind of document. Like documents, records can be structured or unstructured data. Records can also have metadata. Records contain information that is used for making business decisions. Lifecycle instructions get assigned to records that describe how long the record should be stored and how to dispose of the record at the end of the lifecycle.


Document Management

Records Management

Static versus Dynamic

Documents can be very dynamic and support frequent revisions and updates.

Records are generally static and are not intended to be altered unless and until the lifecycle of the record indicates that they need to be superseded.

Object Security

Most Document Management systems have capabilities for security and privileges, but it isn't strictly required.

Records Management is very strict in specifying the security of records — who can declare and access records, and who can approve final record disposition.


Document Management Systems provide audit capability to show the complete history of changes made by the authors of a document.

Auditability plays a key part in Records Management. This involves being able to see where records are in their lifecycle and who has accessed and modified them.

Management Software

Document Management software focuses on searching and retrieving document content. Document Management systems control the creation of document versions and support the locking of documents checked-out for revisions.

Record Management software is complementary to Document Management. Once a document is declared to be a record, the RM system will ensure that the record is not altered. Records are filed or categorized based on a file plan. Records are then disposed of at the end of the record's life, based on the record disposition schedule.


Workflows direct how documents flow through the organization and how users within the organization act on the data contained in the document.

The record disposition schedules are the instructions for a record lifecycle and are a special kind of workflow that is associated with a record. Compared to document workflow, record workflow is typically much simpler, usually involving just a few steps.

Object Disposal

Document Management systems don't have strict requirements about when documents should be deleted and often no documents are ever deleted.

The destruction of records is usually regulated by laws. Federal agencies often transfer records to be permanently archived to NARA, the National Archives.

Benefits of Records Management

Records Management provides the following benefits to organizations:

  • Legal compliance

  • Accountability

  • Preservation of assets

  • Efficiency

  • Preparedness

  • Security

  • Good business

Records Management is about complying with legal requirements

Records Management is an important support tool that enables organizations to comply with legal requirements. One of the most compelling reasons for adopting a Records Management system is to be able to produce evidence relative to litigation brought against an organization in a timely manner. Electronic Records Management can do just that. It can be used to quickly search and find the evidence that can help to either prove or disprove compliance with regulations or to supply information relevant to e-discovery requests.

Unfortunately, almost all companies will need to defend themselves against lawsuits at some point in time. It may seem hard to factor potential litigation into the Return on Investment (ROI) calculation for Records Management when there is no immediate litigation pending, but it is usually too late to implement a Records Management system once faced with a lawsuit.

Litigation can be extremely expensive. The average cost for defending a lawsuit in the United States exceeds $1.5 million per case and more than a quarter of that cost is IT-related. In 2009, 22 percent of all companies and 36 percent of companies valued at more than $1 billion had more than 20 lawsuits brought against them with only 27 percent of companies having no lawsuits.

Regulatory compliance

Regulatory compliance has continually been ranked as a very high priority for both business and IT. In the last decade, organizations have come under an increasing number of local, state, federal, and industry regulations. By some estimates, there are more than 8500 state and federal regulations in the United States that involve Records Management. The regulatory landscape is constantly changing with regulations being added, rewritten, or retired.

Non-compliance with these government regulations can result in severe penalties that include fines, customer and shareholder lawsuits, and negative publicity. In 2009, 34 percent of companies were involved in litigation due to regulatory proceedings brought against them.

Organizations are also often bound by compliance issues relative to internal business practices and corporate governance. Typically, any process, at some point, may need to be documented or audited to ensure that the correct operation falls in the realm of internal compliance. This might include, for example, documenting and enforcing standard operating procedures or documenting processes like those in accounts payable or with the steps of a hiring process. Corporate governance and compliance is relevant for any department within an organization like finance, engineering, IT, sales, and marketing.

Often, regulations don't specifically require the use of Records Management software for compliance, and Sarbanes-Oxley is one prominent example of this, but in order to cost-effectively satisfy the need for creating the audit trails requested by regulations, an automated system for Records Management almost becomes mandatory.

Authority Documents and compliance

Organizations are required to comply with numerous types of regulations, guidelines, policies, procedures, principles, and best practices. The documents in which the requirements for these many different types of compliance are written are called "Authority Documents".

It is not uncommon for certain types of records to fall under multiple authorities. Sometimes, even the policies suggested by two relevant Authority Documents will conflict. Typically, the conflict is with the length of the document retention period. In those cases, the longer of the two specified retention periods is typically used. But it is important to document the reasoning used in compiling the retention policies that you ultimately implement.

Without knowing what Authority Document requirements your organization is bound by, it isn't possible to fully set up and configure your Records Management System. You'll need to do some research. Exactly which Authority Documents your organization will need to comply with will depend on your type of business or operation. One of the first steps that you will need to do in setting up your Records Management system will be to find out which Authority Documents your business is affected by.

One group called the Unified Compliance Foundation (UCF) has compiled and cross-referenced requirements from most state and federal Authority Documents and mapped those requirements to different disciplines and industries. Their research is not free, but it can serve as a useful starting point when determining which Authority Documents are important for your organization.

Once you know which Authority Documents you are targeting to support your Records Management system, you will then need to map the requirements from those authorities back to the types of records that you will be storing. Many of the requirements from the Authority Documents will be realized by implementing them as steps of the disposition lifecycle schedule for the appropriately affected records.


In addition to regulatory compliance, Records Management is an important legal component of e-discovery. E-discovery is the process in civil and criminal litigation where electronic data is requested, searched, and produced for use as evidence.

There are similarities and even overlaps in the compliance and e-discovery processes. Often records are asked to be produced as evidence of regulatory compliance. Like compliance, failure to respond in a timely way to an e-discovery request can have significant consequences that include fines, monetary sanctions, and criminal penalties. In cases where records should have been preserved but which cannot be produced, the jury can be instructed that it is likely there was something bad to hide.

In December 2006, the Federal Rules of Civil Procedure (FRCP) were updated to consider electronic data as part of the discovery process. Basically, all of an organization's information is subject to e-discovery, unless it is "not reasonably accessible due to undue burden or cost". That includes all information that is stored in desktops, laptops, servers, and networked storage systems. The changes to the FRCP require that companies be able to access and search electronic information quickly in the event of litigation.

The following table summarizes some recent cases where significant fines were levied against companies because of lapses with the way e-discovery information was (or was not) produced. What stands out in these examples is that the organizations listed are some of the most venerable and sophisticated companies in the United States. It shows that no companies are immune from complying with e-discovery requests:


Reason for e-discovery fine

Fine and date

Morgan Stanley

E-mails created during a company merger were improperly deleted. Additional backup tapes found during the investigation were not later reported.

$1.58 billion fine May 2005 Later overturned, but not because of the e-discovery problems

UBS Warburg

E-mails were deleted in violation of a court order. Unable to produce backup tapes. Jury told that missing evidence may be a sign that something is being hidden.

$29.3 million April 2005

Lucent Technologies Inc.

Records produced for a Securities and Exchange Investigation were incomplete.

$25 million fine May 2004

Morgan Stanley

Failure to produce e-mail in a timely manner as part of a Securities and Exchange investigation.

$15 million fine May 2006

Banc of America Securities

Failure to produce e-mail in a timely manner and failure to preserve documents related to on-going litigation.

$10 million fine March 2004

Philip Morris USA (Altria Group)

Over two years, deleted all e-mails over 60 days old when under legal order to preserve documents related to on-going litigation.

$2.75 million fine July 2004

J. P. Morgan

Failure to produce e-mails requested by the Securities and Exchange commission related to stock analyst misconduct.

$2.1 million fine February 2005

Besides the fines that can be imposed for the inability to comply with e-discovery requests, the negative publicity that an organization receives from fumbles in responding can prove embarrassing to the organization. For example, in an investigation by the FTC of Countrywide, Bank of America's mortgage servicing unit, on risky lending practices and imposing misleading and excessive fees, the FTC chairman made the disparaging comment that was widely reported in the media that "the record-keeping of Countrywide was abysmal. Most frat houses have better record-keeping than Countrywide."

Often when an e-discovery request catches an organization totally unprepared, the organization is forced to respond reactively. A better and more pre-emptive approach is to be proactively prepared for any type of request that may come in. Being prepared allows you to reduce your risks and your ultimate costs. Having information and evidence in hand early on can give you time to review and understand your situation from the contents of the data. This allows you to be prepared for, and be able to appropriately defend yourself, if and when needed. A Records Management system can help you to be prepared.

Records Management is about ensuring accountability

Records Management is a powerful tool for providing accountability and transparency. Records contain the historical details and reasoning behind why certain policies and decisions were made. Records can prove that an organization acted responsibly and with good intent (or not).

But for records to be accepted, they must be trustworthy and believable. They must be accurate and complete. They must be verifiable. Good Records Management systems, practices, and processes are the vital elements that can ensure that records are trustworthy.

When speaking about accountability and transparency in government, Barak Obama declared that "The Government should be transparent. Transparency promotes accountability and provides information for citizens about what their Government is doing. Information maintained by the Federal Government is a national asset".

But while accountability is something that is often spoken of relative to state and federal governments, accountability is a concept that is not limited to just governments. Governments are accountable to their citizens. Non-government organizations are accountable to their members, their employees, their customers, their communities, and their environments.

Accountability mandates that organizations keep accurate records that can later be reviewed, accessed, and analyzed by individuals inside the organization, and sometimes external to it.

Records Management is about preserving assets

At the heart of Records Management is the idea that records are retained and preserved to ensure that information is available for continued use and reuse. The required retention time for records varies widely. While the majority of records typically have only short-term value and are ultimately destroyed, most organizations also have a category of records, often representing a fairly large fraction of their total number, that need to be retained and preserved for long-term financial, historical, or cultural reasons. This category of records often needs special consideration to ensure that records will remain usable for long periods of time.

Electronic Records Management offers clear benefits over paper-based record systems. The process automation capabilities of ERM make the capturing and ingestion of record data fast and efficient. ERM records can be searched and we can retrieve orders of magnitude more quickly than with paper systems, and backups or copies of the electronic data can be made easily so that data can be safely stored in off-site locations. Because of these benefits, organizations are increasingly abandoning paper and turning towards the digital storage of their information.

While ERM can offer impressive benefits in terms of efficiencies and cost savings, digital assets themselves can be quite fragile, if not properly maintained. Two main areas of concern about preservation of digital assets are the long-term viability of the storage media and the data formats used to store the records.

Magnetic and Optical storage devices are surprisingly short-lived. Both types of media are subject to bit rot, the process where bits become corrupted because they lose their magnetic orientation, or the disk material itself breaks down. Hard drives, for example, have only a three to six-year lifespan expectancy. Magnetic tapes are expected to last ten to twenty years, and the lifespan of CD-ROMs and DVD-ROMs is in the range of 10 to 100 years.

Properly maintained, despite being extremely fragile, some paper has been able to last for thousands of years, and no doubt with the right amount of scientific research, proper attention, and careful handling, the lifespan of digital media could be extended to go beyond the current expected lengths. Both paper and disks tend to do better in cool, dark environments with low humidity. But it should be a given that the lifespan of storage devices will be relatively short.

As ERM systems have centralized storage, storage media degradation for ERM systems isn't really an issue. Because all data is stored centrally, rather than needing to examine and treat the storage media of each asset as a special case, the storage and management of all records can be treated holistically.

However, Records Management systems aren't static. As time passes, ERM systems will obviously evolve. Records Management systems will be upgraded, hopefully on a regular basis, and data and records will be migrated to newer storage hardware and improved ERM software. Data migrations performed in support of regular maintenance and upgrades won't always be trivial, but with careful planning, the work involved to migrate records to new software and hardware should be straightforward.

So from a data preservation level, the worry is not so great that records stored in actively maintained and regularly backed-up Records Management systems would somehow be lost because of degradation of storage media. The real worry is whether the format that digital assets are stored in can continue to be readable.

Data file formats change very rapidly. With some software products, every new release may involve changes to the format in which the data is stored. Without the proper software reader to read a digital asset, the stored data becomes, in effect, useless. A common solution to reduce the size of this problem is to limit or convert the formats of data being stored to a small set of stable core data types. This is an important problem to be aware of when designing and planning for a Records Management systems that requires long-term record preservation. This is one topic that we'll expand on in greater detail in Chapter 4 relative to the Content Model, file content, and data types.

Records Management is about efficiency

Keeping records for a period past the necessary retention period results in inefficiencies. Storing expired documents simply takes up space and clogs up the Records Management system.

When records are kept longer than needed, those outdated records can be unnecessarily considered during the discovery process. When performing e-discovery key-word searches, outdated documents can be returned as possible search candidate matches, even though they are no longer relevant.

For example, consider an e-discovery request made to the chemical company DuPont. To respond to the request, the company found that it was necessary to review 75 million pages of text over a period of three years. At the end of the e-discovery, they realized that more than half of the documents they examined were outdated and past their retention period. If Records Management guidelines had been applied prior to the discovery, outdated documents would have been properly disposed of, and the discovery process could have been performed much more efficiently. That could have saved DuPont $12 million.

In this example, greater efficiency could have been achieved by eliminating obsolete records, thus minimizing the volumes of data examined during e-discovery. Eliminating obsolete records also reduces the legal risks that could result from obsolete content that may have been in those records.

Having a Records Management system in place prior to an e-discovery request can be an insurance policy that could ultimately save you many times over the cost of the system itself.

Records Management is about being prepared

Records Management is about being prepared, being prepared for the unexpected. No one can see the future, but disasters do happen, and unfortunately, on an all too regular basis.

On the morning of September 11, 2001, terrorists crashed airliners into each of the Twin Towers of the World Trade Center in New York City. The death toll that day was nearly 3000 people. The destruction was in the billions of dollars and the event seriously impacted the economy in New York City and affected the psyche of nearly every citizen in the United States. Lives and businesses were disrupted and changed.

One business directly affected by this disaster is the law firm of Sidley Austin Brown & Wood LLP (SAB&W), which occupied the fifth fourth to the fifty ninth floors of the North Tower. While 600 SAB&W employees worked in the Trade Center offices, the firm suffered only a single death that day. Unfortunately all physical assets at the location were lost.

Luckily SAB&W was prepared. The firm had a solid disaster recovery plan and within hours after the disaster, the plan was in full effect. By making use of vital records maintained offsite that included information about floor plans, personnel locations, procedures, clients, and vendors, the firm was able to spring into action. The vital records that they had access to included important insurance records. From these records, they were quickly able to determine that their total loss would be fully covered by their insurance and they were also able to quickly start the processing of their insurance payout.

Based on personnel records, an intensive search was immediately initiated to locate all employees from that location. A new office space of similar size was leased at another location in New York City hours after the event. Computers, networking equipment, and furniture were purchased.

Backup tapes kept in Chicago of e-mails and other data from the New York office were identified. Within three days, e-mail and voice mail were fully restored. On the fourth day, the document management system was available again and temporary office space was being set up. Somewhat unbelievably, within only one week, SAB&W was back up and running and in reasonable operational shape.

Unfortunately, most stories of disaster can't boast of such quick and successful recoveries. Consider what happened at Embry-Riddle Aeronautical University near Daytona Beach, Florida in late December, 2006. Four Christmas day tornadoes struck the area. With winds as strong as 159 mph, mobile homes were destroyed and apartment buildings in the area had their roofs torn off. Some of the worst damage from the tornadoes occurred at Embry-Riddle. The storm tossed one of the Embry-Riddle airplanes into the school's main administration building, Spruance Hall. The maintenance hangar, 50 of their 65 airplanes, and Spruance Hall were all destroyed. Total damage totaled $60 million.

Embry-Riddle's Spruance Hall housed the financial aid, the bursar, the president, and general administration offices. The day after the tornado, paper documents literally covered the campus grounds around the area. But in this case, unlike SAB&W, Embry-Riddle was not adequately prepared. They had no disaster or business continuity plan. The mentality had been that disasters are something remote and can never happen to us. But, unfortunately, when disasters do happen and you are not prepared, the results can be devastating.

Hurricane Katrina is another disaster that caught many unprepared with significantly worse consequences than that of Embry-Riddle. Katrina hit the Gulf Coast area in late August 2005 with torrential rains and flooding that caused widespread and serious damage. Katrina is considered to be one of the most catastrophic natural disasters in all of U.S. history. Damage was reported in Texas, Louisiana, Mississippi, and Alabama. Homes and businesses were destroyed, hundreds of lives were lost, and tens of thousands of lives were deeply disrupted.

The widespread loss and damage to documentation and records was a major tragedy of the Katrina disaster, and much of the damage was as a result of the heavy reliance on the use of paper records. It is another reminder that disasters like floods, fires, tornados, and hurricanes come with little warning and can bring about devastating results. The previous largest disaster prior to Katrina for losing historical documents happened in Florence, Italy in 1966 due to flooding.

In the case of Katrina, the loss or damage of records wasn't limited to individuals; institutions and government agencies were heavily affected too. Historical treaties and photographs were destroyed. Vital records of all kinds were affected by Katrina that included medical records, school records, law enforcement records, birth records, and marriage and driver's licenses.

After documents come into contact with water or moisture, it takes only 48 hours before mold starts growing, and after that, the deterioration of paper documents accelerates quickly. The flood waters in many areas hit by Katrina were several feet high, forcing many residents to evacuate and leave behind their belongings, only being allowed to come back into the area many days later. But by that time, for many documents that were damaged, it was too late.

Some buildings in New Orleans containing legal and vital records were bulldozed before the records could be removed. Emergency teams were initially told to discard damaged records to keep city residents safe from molds and other contaminants, a policy that was later retracted, but which resulted in the unnecessary loss of many valuable records.

The loss of legal documents in the Gulf region because of the Katrina disaster was stunning. One-third of the 5000 to 6000 lawyers in Louisiana lost all of their client files. The Louisiana state supreme court lost a significant number of their appellate files and evidence folders. Much of the problem resulted because records were often stored in basements or the lower levels of buildings. For example, court files in Mississippi and Louisiana were both stored in courthouse basements, and in both cases, many of the paper records were irrecoverably destroyed.

All told, an incredible number of records were simply lost. Many others, while damaged, were recoverable and needed to be painstakingly restored. But perhaps most frustrating was the fact that many of the documents that actually did survive the storm were inaccessible for weeks. For example, in New Orleans, the vital records office for Louisiana stored state birth certificates, death certificates, marriage licenses, and divorce papers. Most of the records at this location were paper and dated back over 100 years. But in the aftermath of the storm, the state records office was nearly shut down, being manned by only five percent of its normal staff, making records accessible only after very long waits.

Katrina hit medical records very hard too. Estimates are that tens of thousands and possibly millions of pages of healthcare records, files, and charts were lost in private-practice offices, clinics, and hospitals. More than one million people were separated from their healthcare records during the disaster, with many people forced to relocate to other parts of the country, and of those receiving treatment, many could not continue because the record of their diagnosis and treatment was lost.

Much of the damage from Katrina was as a direct result of the fact that most records were stored on paper. The Tulane Medical Center located in New Orleans presents an interesting contrast to most other New Orleans hospitals. The Tulane Medical Center maintained their medical diagnostic records electronically. Their electronic records included lab, radiology, cardiology, and nursing documentation. Because the data was stored electronically and not physically located in New Orleans, availability of this data was not affected at all because of the disaster.

Disasters are good teachers. After the event at Embry-Riddle, creating and maintaining a disaster recovery plan immediately became a top priority for the school. The school invested in Document Imaging and Records Management software, and after seeing firsthand what could happen when planning and preparation for worst-case scenarios aren't done, the faculty and staff of the university resolved that they did not want to see a repeat episode.

Similarly, less than one year after Katrina, officials, archivists, and records managers from nine Southeastern states affected by Katrina's destruction gathered to begin planning ways to be better prepared for future Katrina-scale disasters. A big deficiency noted in the emergency response to the disaster was the disconnection between archivists and state emergency planners. After meeting, the states resolved in the future to include state archives as part of any emergency response.

Whether they are man-made or natural, disasters happen. Preparation and planning are key for being able to successfully cope with disasters.

Records Management is about coming to grips with data volumes

The volume of data within organizations is growing at a phenomenal rate. In fact, International Data Corporation (IDC), a research and analyst group, estimates that the volume of digital data is doubling every 18 months. And that growth is having a huge impact on organizational IT budgets. For example, if we assume that the average employee generates 10 gigabytes of data per year, and storage and backup costs are $5 per gigabyte, a company with 5000 employees would pay $1.25 million for five years of storage.

Consider the costs of e-discovery. "Midsize" lawsuits that involve e-discovery typically result in the processing of about 500 GB of data at a cost of $2.5 to $3.5 million. Lawyers and paralegal staff must review the content of the data, determine which documents are relevant, redact, or black-out parts of the documents considered private or company confidential, and finally, output the data into a common data file format like PDF that will be used for delivery to the requester.

The goal of Records Management is to allow organizations to cut back on what information must be retained. Organizations with no Records Management policies in place have no clear guidelines for what documents to save and what documents to discard. The end result is that these organizations typically save everything.

And we've seen, trying to save everything comes at a steep cost. Keeping records that should have been destroyed earlier means that more storage space is required. It means that backup times are longer. It means that data searches are slower because there is more information to search. It means that people's time gets wasted when irrelevant records turn up in search results. Records Management helps clear the clutter and bring greater efficiency.

Records Management isn't going to be able to put a stop to the general upward trend of creating and storing more information, but by strictly following Records Management retention schedules, organizations should be able to significantly reduce the volume of data that they do keep.

Records Management is about security

The security of records is an important issue and the responsibility of the Records Management system. This is one area where an Electronic Records Management system really shines when compared to manual methods for managing records.

A major advantage of ERM is that the application of security and access controls over electronic records and folders is much easier to implement and can be applied in a much more granular way than over physical folders and records.

Records stored on paper and other non-electronic media are very hard to tightly secure, especially when the requirements for access control become even moderately complex. Physical records require that filing cabinets and storage locations be appropriately secured. They typically need to be controlled and managed by trusted records librarians. Physical Records Management requires far greater day-to-day supervision by people and, because of that, is subject to many more points of potential security lapses than with an automated system.

That is not to say that the physical security of the computer hardware used to run the Records Management system is not important.

With ERM, access rights can be changed or revoked, as needed, protecting records from unauthorized users. The system is able to validate that the data managed is accurate and authentic. An ERM system can also provide an audit trail of all activities for all records and thus demonstrate compliance.

Records Management is about good business

Regulations usually contain detailed instructions about how records should be handled, but often the regulations don't actually mandate that a formal Records Management system be used. But really, what's the alternative?

Not having a Records Management program at all is a recipe for problems, if not disaster. Without a Records Management system in place, tracking down the records that document policies, procedures, transactions, and decisions of an organization becomes extremely difficult or next to impossible.

We've discussed how Records Management can enable important business benefits like accountability, compliance, efficiency, and security. Taken as a whole, these benefits are really the characteristics of doing good business. And at its very essence, that's what Records Management is all about.