In 2014, an Australian local Council introduced SharePoint to replace its TRIM records management system. Like many Councils nationwide, the City has a wide spectrum of responsibilities, from rangers to rates, libraries to the public pool, with a diverse workforce and specialist skill sets to match.
In 2016, the city’s IT manager recommended to the Chief Executive Officer that the Records Management unit be abolished. This was approved by the Chief Executive Officer in late 2016. Shortly thereafter all positions within the Records Management Section were made redundant.
The rationale and justification for abolishing the Records Management function was that the city’s internal paper-based information has been progressively replaced by digital communications, and a SharePoint-only solution could be implemented and supported instead by the IT management team.
Recently, the city commissioned an audit report to check their compliance position. The report found that there was wide inconsistency in the storage, user experience and compliance of records across the Council, along with a lack of governance and management.
“Overall, the findings reported… are considered very serious as the City’s records are largely unmanaged and lack compliance with State Records Act 2000.”
Records are held in four separate SharePoint environments: intranet, extranet, controlled drives, and the collaboration environment (which is used as an intranet, for forms, as the HR system, and as the CRM). Council staff training on records management is limited to a part of their induction with some ad hoc on the job training, with no one area responsible for ensuring processes are met, or that proper record management is taking place.
The audit also found that there were still records in the legacy system, TRIM, that couldn’t be migrated across. And users had the ability to access and delete even Vital Records.
Further, basic record keeping processes were not being followed. There were no rules for retention or disposal, resulting in records either being kept too long, or deleted too soon.
Despite the system being “primarily configured to support the City’s recordkeeping practice…. There is no evidence of Retention and Disposal rules configured in SharePoint”.
Does it really matter?
The concept of transitioning to a SharePoint-based information management environment, and away from a traditional EDRMS, is a sound one. This move has been made by many organisations looking to make records management an integrated part of the information lifecycle, rather than an overhead for staff that interrupts their productivity.
However, making this move without a considered approach for compliance will always, eventually, backfire. The audit found that the Council was not only in breach of its compliance expectations, but that the outcome for staff was also detrimental. Governance was simply devolved to each business unit. Employees were made responsible for managing records compliantly, but now without a records team (or records system) to support them.
“SharePoint Search is struggling to present meaningful search results.”
The implications of the records management issues went beyond retention and disposal – they resulted in security risks, discovery impacts, increased storage costs, and the undermining of evidential processes. These types of issues go on to affect social license and trust with stakeholders.
Read the full audit here.
What could have been done differently?
There are two main issues here. Firstly, the wrong technology solution – SharePoint without continuum controls is not compliant against the International Standards, and it cannot be configured to be so without third party solutions.
Addressing the people and process recommendations of the… audit findings should precede any review and/or changes in the City’s IT systems required to underpin the City’s records management function. The people and process elements will effectively inform what IT system support is required and to what level.Audit and Risk Committee 2021
But the second key issues was the decision to make the records management function redundant. Even in a digital world, where modern collaboration systems make for a very user-centric experience of information management, we must have access to the expertise of records managers. They are the subject matter experts for not only how long to retain information, but how and when to dispose of it, and why. They are the trusted advisors for how to structure information architectures so that it content easy to find and reuse, and how to protect it and preserve it properly.
What will be done now?
The City has agreed to address all of the recommendations from the audits in the next 12 months. And they will start with the people:
Once the records management function is reassessed, the City will consider “assessment of suitable intelligent automation solutions, that are able to undertake some of the functional processes of records management and alleviate some reliance on staff resources.” The good news is, this capability is now accessible and widely available, and can, when overseen by people with records management knowledge, ensure full compliance without the impacts.