Be updated, subscribe to the OpenKM news

Record management and regulatory compliance

Ana CanteliWritten by Ana Canteli on 20 April 2018

Information management is crucial to any organization. In the digital age, the creation of information has increased exponentially. The volume of data has reached the point of jeopardizing the reliability, effectiveness, efficiency, and capacity of document management systems to ensure compliance with legal retention requirements, regulations in data integrity protection matters, or the implementation of security measures, which evolve with the applicable legal framework.

Business records are elements of operational and even strategic value. They can have, in turn, economic, legal and fiscal value concerning competitiveness; and they are essential in risk management.

However, many organizations fail in the practical and systematic application of the rules on records management in their business process. As a result, they keep their business records for a long time, or spend too many resources for record storage, or lose time and money in the search for incorrectly archived information. Moreover, they risk fines due to non-compliance with industry regulations; which can lead to loss of reputation or a negative image among other adverse consequences.

That is why compliance with regulations in business records management is vital for any private organization or public administration.

What is records management?

Record management is all tasks dedicated to information management throughout its life cycle - supported as records - that belongs to an organization; from the moment of its creation or insertion in the company to its eventual destruction or elimination (also called disposal) taking into consideration as well their role in business process management.

According to the international standard ISO 15489: Information and documentation - Records management, it defines the record as the information created, received and maintained as evidence and information of an organization or person, in compliance with its legal obligations or business transactions.

Organization’s records management solutions involve identifying, classifying, storing - document storage -; recovering, controlling and preserving or destroying records.

It is simultaneously a discipline and a function, focused on the systematic application of management techniques and control of the information created or received, as a result of a business operation.

Unlike many sources of information, records have a distinctive feature that is the life cycle; which includes the creation (or reception), processing, distribution, maintenance, evaluation and application of disposal - meaning the destruction of the record or the permanent conservation.

Not all document management solutions are designed or prepared to offer the coverage that companies need to assume record management consulting tasks.

In this regard, it should be noted that OpenKM is a document and electronic records management system, which provides the necessary tools for applying records management strategies. It lets the organizations comply with regulations while facilitating the use of records by the members of the company or public administrations.

Compliance with legal requirements

Compliance with legal requirements or applicable regulations means ensuring compliance with the records management policies, verifying that the company is aligned - for example - with the procedures for the retention of records, marked by law.

Records management can exist without an enterprise content management system, but it is much easier to manage them (especially if they are in digital format) with the help of an electronic records management system.

Compliance with regulations or legal requirements is something that, in essence, any organization has to do in its day to day.

The use of records management systems helps companies propose, apply and develop the necessary policies and procedures; since non-compliance with regulations can lead to significant penalties and affect the continuity of the organization. Electronic records management systems help mitigate financial responsibility and the risk of litigation when deviations are detected in compliance with applicable legal requirements.

By having a document management system, we can manage any audit or inspection with higher solvency and effectiveness. Besides, the growing number of regulatory initiatives and legal regulations is increasingly sophisticated and complicated to maintain.

Sarbanes-Oxley Act

In the United States, the Sarbanes-Oxley Act is one of the most important regulations, alongside the Gramm-Leach-Bliley Act (among others). It emerged in 2002 as the response to the financial scandals of large multinationals, which put the credibility of the accounting and auditing systems in check. This law:

  • Stipulates that the finance directors and executive directors of companies must personally certify the financial records and offer related information periodically.
  • Establishes guidelines for audit committees.
  • Obligates the retention of any relevant document control in the framework of government investigations. This obligation includes documents relating to audit activities, some of which may not be considered as records. These documents must be conserved for seven years.

The coordination of tasks related to records to support and reinforce business operations is fundamental for the proper administration of records and information management. The approval of the Sarbanes-Oxley Act invites executive directors to meet periodically with their financial directors and records managers to ensure that all required information is maintained, managed and destroyed following the law. Failure to comply with these and other regulations, including improved laws that protect personal information privacy in many countries, concerning the retention and removal of information; could result in:

  • Litigation.
  • Loss of prestige, credibility and bad public image.
  • Fines from 1 to 5 million US dollars.
  • Prison sentences of 10 to 20 years.

Another legal principle present in the Sarbanes-Oxley Act is that of spoil. The exploitation holder – it is understood by such activities leading to the destruction or alteration of records -, determines that any evidence will be taken as evidence against the spoiler or offender. Therefore, any damage, change (falsification) or error in the preservation of records, can be used against the organization in litigation and consequently be subject to penalties.

Due to all this, the records manager keeps track of the promulgated regulations and puts them into practice through new procedures. It is clear that the executive directors ask more questions and require more information governance from those responsible at the intermediate level. Some have initiated internal certification processes, in which managers attest to the accuracy of their reports.

The consequence of this legal framework is a new vision of the importance of records.

In Europe

In Spain, the Organic Law on Data Protection has applied since 1999, one of the most advanced regulations in the world regarding the protection of personal data. Together with the Law on services of the information society and electronic commerce, since then, offers one of the most advanced and developed legal frameworks in the world.

Moreover, as of May 25, 2018, the General Regulation of Data Protection will come into force, which incorporates significant fines and even jail sentences.

In Spain, it is the Spanish Data Protection Agency, which is in charge of processing all those complaints regarding non-compliance. If they are positive, the fines can reach of up to € 20 million.

Therefore, an organization must know the laws, norms, regulations, codes of good practices, etc., that they must comply to, apply and be able to maintain to avoid the negative consequences of its breach or lack of rigour.

The electronic records management system of OpenKM, allows the organization to use the software as a platform that guarantees the access of all authorized management consultants to the documents that define the policies, strategies, processes, and procedures that must guide the staff to comply with the legal and regulatory framework.

It thus becomes a handy tool to guarantee the integrity of the records management system. It contributes to the development of consistent policies for the retention and disposition of records. It also minimizes the risk of unauthorized access or unforeseen disclosure of confidential information. It also contributes to the creation of a corporate culture sensitive to the importance of records in the organization.

Records retention

The retention, or record keeping, requirements and regulatory schedules are created to protect against unauthorized access, loss or destruction.

The records retention system must, in turn, maintain the attributes of authenticity, reliability, accessibility, usability and allow the registry to be auditable, regardless of the system changes that may occur. The retention policies are defined, in many cases, by law or by regulations created for that purpose. No general legal requirement applies to all records retention cases, so the organization must become familiar with the specific regulations that apply in its sector; know the minimum and maximum retention periods that must be met. These requirements show the value of the information that the company has.

Records may have different retention or final disposal protocols, depending on how they are used. For example, information on logins, e-mail communications, and exchange of notifications can be useful information to track transactions. However, there will come a time when the file storage will involve an excessive cost, which on the other hand may not have legal value; since it has exceeded the legal preservation period. That is why the retention of records and final disposal is so important, given that the destruction or permanent preservation of records is an essential milestone in the definition of any document management system.

In this aspect, the granular level of security control offered by OpenKM is a significant advantage when applying the retention or final disposal policy. OpenKM can control any information node (document, email, folder) that is related to the record, at the granular or node level. Thus, the manager of records management can comply with the regulations and management policy, comprehensively. Besides, OpenKM's records management system allows the creation of a central repository of documentation, which allows a detailed control and audit of the accesses to it.

Effectiveness, efficiency, and accuracy

Users can apply simplified records management processes thanks to the use of process automation. Through automation, the OpenKM enterprise content management system can automatically present the authorized user with a window in which they have to define the dates of the retention calendar.

You can also automate the use of other tools available in OpenKM. Like the use of keywords, the assignment of categories or the insertion of metadata groups. On the other hand, users will have the possibility to subscribe to the record. In this way, they will receive notifications from OpenKM every time the record is subject to a change.

Authorized users can add notes to documents and use other communication tools available. Through the Preview tab, you can add comments while the current version and authorship of the record is respected. The Forum section allows users to share ideas or make queries related to the file. The Wiki tab serves to highlight the sources or rules that are followed for the preparation of the record. The Chat functionality makes it possible for the members of the company to have conversations in real time. Through the History tab, users can also consult the versions of the record, and they can compare the versions through which the file has passed, with the contributions of each author highlighted. The Activity Log tab allows you to perform complete traceability on what happened to the record. In this sense, the Reports feature can be very advantageous; since it will show us filtered information based on any aspect that is interesting to the firm. This information will help us to determine the deviations and therefore propose corrective measures.

When the record has reached the final version, it can change to locked status, for example depending on the retention schedule.

The fulfilment of these dates can lead to the activation of a business process (workflow- business process management-) that allows the detailed application of all the protocols that the human resources of the company have to carry out.

The OpenKM document management program allows, through the search engine, the ability to search for any information related to the records that may be necessary. We can search for a record using the free text search to find any word contained in the body of the record. OpenKM can limit the search for documents by their location within the repository (Context). If we have more data, it can be used to narrow down the search, including by name, title - an alternative name given to the document -, and Keywords assigned to the file. Searches can also be filtered by language, if the organization creates or receives records in several languages, by the user, by date ranges, and based on a specific repository route. If we have created different categories of records, this may be one more resource available to users. We can filter results according to the type of file, the extension or even based on the added notes.

The most advanced way to perform searches in general terms is from metadata; high-value information - obtained through zone OCR - (if the record has been scanned or digitized – OpenKM also provides a document scanning tool), stored in a database and automatically linked to the record by the document management system. This information may be contained in a third application. The OpenKM records management program offers SDK'S in Java, PHP and .NET that facilitate the integration of this management solution with other programs presents in the company.

The administrator of the platform will have access to all the events that occurred in the records management system so that they can perform a complete reconstruction of any event. It facilitates the tasks of auditing and the execution of activities related to e-Discovery.

Contact us

CAPTCHA ImageRefresh Image

Don't hesitate to contact us