Applied Research
Connect with AIM
UO AIM Program on Facebook UO AIM Program on Twitter UO AIM Program on LinkedIn UO AIM Program RSS feeds UO AIM Program on YouTube Contact the UO AIM Program
Feedback
Do you have a question or comment? We would love to hear from you. Get in touch.
Pictured Above
Amy R. Cissell ('12) receives the 2012 Capstone Award from Dr. Linda Ettinger for her research paper, Examining the Role of Information and Communication Technologies to Improve Food Security Management: The Case in Oregon at the AIM graduation luncheon.

Employing the Generally Accepted Recordkeeping Principles® (GARP®) to Identify Practices for Efficient and Compliant Electronic Records and Information Management

In Brief: Records and recordkeeping are essential to the operation of organizations. With the growing need to manage information correctly, recordkeeping practices are no longer a skill set exclusive to Records and Information Management (RIM) professionals. All members of the organization involved with the information lifecycle need to understand key recordkeeping requirements, skills, and practices.

All members of the organization involved with the information lifecycle need to understand key recordkeeping requirements, skills, and practices.

Unfortunately, IT professionals and RIM professionals rarely work together in pursuit of electronic RIM. Fewer than 15 percent of RIM and IT professionals share a reporting relationship to the same senior executive. Further, many RIM professionals complain that IT staff are unwilling to give up control to records management.

As a Certified Records Manager (CRM) and RIM professional at a Fortune 100 company, this researcher is painfully aware of the need to manage electronic records and information. The types of electronic information created and managed at my company, and others its size, are typically measured in terabytes and petabytes; the sheer volume of information is staggering. System administrators, application developers, information security professionals, network administrators, and other members of the IT organization must be involved. As noted by ARMA International, when it comes to the management of electronic records and information, RIM and IT professionals need to collaborate proactively.

In an effort to aid organizations and professionals, ARMA International drafted the Generally Accepted Recordkeeping Principles® (GARP®) in the spring of 2009. The intent of GARP® is to provide business leaders, legislators, the judiciary, and others with a framework necessary to implement information management programs.

Through the dissemination of the GARP® principles, the goals are to establish uniform RIM practices, increase the general awareness and soundness of RIM practices, and to offer guidance to both RIM and non-RIM practitioners in their pursuit of RIM initiatives.

Figure 1 summarizes twenty-three specific practices that meet the recordkeeping requirements derived from GARP®. A full description of the requirements and practices can be found in the complete paper, available at http://aim.uoregon.edu/research/



The Eight GARP® Principles Related Practices
Accountability
  • Employ technical architectures to improve accountability.
  • Log user information actions to perform audits.
  • Update and maintain accountability structures.
  • Implement usage controls.
Integrity
  • Capture metadata to validate record characteristics.
  • Use database watermarking to ensure record integrity.
  • Implement integrity checks.
  • Create detailed plans and manage metadata for record data migrations.
Protection
  • Implement an information security control framework.
  • Establish vital record and BC&R programs.
Compliance
  • Use control mapping to develop a compliance framework.
  • Conduct information system compliance audits.
  • Use digital audit trails, secure deletion, and authenticated encryption.
Availability
  • Adopt relevant DoD5015.2 design specifications.
  • Use well constructed file plans.
  • Plan for technology obsolescence.
Retention
  • Develop a retention schedule that includes electronic records.
  • Leverage records management application software.
Disposition
  • Combine IT and RIM support efforts.
  • Implement a litigation hold process.
  • Implement a discovery compliant records management policy.
Transparency
  • Establish data provenance queries.
  • Adopt the “Information Management Compliance” methodology.

Figure 1—Recommended RIM Practices

References

Research Paper Author: Jason C. Stearns, New York Life Insurance Company—2010 AIM Graduate

Abstract: Information Technology (IT) and Records and Information Management (RIM) professionals must work together to manage the expansion of electronic records and information (ARMA International, 2009e). This study, based on literature published between 2005 and 2010, employs the Generally Accepted Recordkeeping Principles® (GARP®) to identify twenty-three practices for effective and compliant electronic RIM. Practices, framed in relation to eight GARP® principles, are presented as a comprehensive guide for RIM and IT professionals tasked with recordkeeping responsibilities.

Share
Prospective Students

Applied Research
Current Students
Alumni

Faculty
About AIM