The statement: ‘that’s not a record’ is one of the most frequent fallacies related to records management, and can be uttered by users, executives, records managers, and even records-management product vendors.
A ‘record’ is defined as something showing ‘evidence of business’. In some (limited) cases, a document or a row of data in the environment is not a record.
For government, anything that shows the working and thinking behind a decision or outcome, as well as the end result, is considered a record, and must be formally managed.
For industry and community entities, there is some more leeway, usually based on risk-assessment, as to what must be strictly controlled and what can be managed ad hoc, but there is still a raft of legislation governing many types of information.
So, if most information that we store does actually constitute a record, and if there are laws controlling how we have to manage records, why do we encounter this sentiment so often?
The first reason is confusion about the requirements. But there is another reason – even for those who know the policy well. It’s simple practicality. For most agencies, it’s not possible to manage all their information as records in electronic records management systems. This leads to value judgements about what is and is not a priority for formal records management, which leads to judgements about what is and is not a record.
This subjective approach becomes policy-by-necessity, and flows down all the way from governance to technology configuration to user training.
What happens when we decide some types of content, or in some cases some entire systems, are not records? When we make the decision to treat information in an ad hoc way, instead of a formal way, we are effectively exposing that information to loss. By deciding that a piece of information is not important enough to control, we leave its fate to the mercy of users and system owners. It can be deleted, removed from its meaningful context, or ‘lost’ by being archived somewhere it can’t be searched for or accessed. This leads to compliance risks which may include penalties, reputational damage or make the organisation more vulnerable to cybercrime.
Castlepoint is unique in that it automatically manages records across systems and links related information across different repositories into a defined and managed ‘virtual record’, so that the meaningful aggregation can be found, discovered, sentenced, and secured as a cohesive unit, through a single pane of glass.