Applied Information Management

Employing the Generally Accepted Recordkeeping Principles® (GARP®) to Identify Practices for Efficient and Compliant Electronic Records and Information Management

In Brief: Records and recordkeeping are essential to the operation of organizations. With the growing need to manage information correctly, recordkeeping practices are no longer a skill set exclusive to Records and Information Management (RIM) professionals. All members of the organization involved with the information lifecycle need to understand key recordkeeping requirements, skills, and practices.

All members of the organization involved with the information lifecycle need to understand key recordkeeping requirements, skills, and practices.

Unfortunately, IT professionals and RIM professionals rarely work together in pursuit of electronic RIM. Fewer than 15 percent of RIM and IT professionals share a reporting relationship to the same senior executive. Further, many RIM professionals complain that IT staff are unwilling to give up control to records management.

As a Certified Records Manager (CRM) and RIM professional at a Fortune 100 company, this researcher is painfully aware of the need to manage electronic records and information. The types of electronic information created and managed at my company, and others its size, are typically measured in terabytes and petabytes; the sheer volume of information is staggering. System administrators, application developers, information security professionals, network administrators, and other members of the IT organization must be involved. As noted by ARMA International, when it comes to the management of electronic records and information, RIM and IT professionals need to collaborate proactively.

In an effort to aid organizations and professionals, ARMA International drafted the Generally Accepted Recordkeeping Principles® (GARP®) in the Spring of 2009. The intent of GARP® is to provide business leaders, legislators, the judiciary, and others with a framework necessary to implement information management programs.

Through the dissemination of the GARP® principles, the goals are to establish uniform RIM practices, increase the general awareness and soundness of RIM practices, and to offer guidance to both RIM and non-RIM practitioners in their pursuit of RIM initiatives.

Figure 1 summarizes twenty-three specific practices that meet the recordkeeping requirements derived from GARP®. A full description of the requirements and practices can be found in the complete paper, available for download from the UO Scholars' Bank.

The Eight GARP® Principles Related Practices
  • Employ technical architectures to improve accountability.
  • Log user information actions to perform audits.
  • Update and maintain accountability structures.
  • Implement usage controls.
  • Capture metadata to validate record characteristics.
  • Use database watermarking to ensure record integrity.
  • Implement integrity checks.
  • Create detailed plans and manage metadata for record data migrations.
  • Implement an information security control framework.
  • Establish vital record and BC&R programs.
  • Use control mapping to develop a compliance framework.
  • Conduct information system compliance audits.
  • Use digital audit trails, secure deletion, and authenticated encryption.
  • Adopt relevant DoD5015.2 design specifications.
  • Use well constructed file plans.
  • Plan for technology obsolescence.
  • Develop a retention schedule that includes electronic records.
  • Leverage records management application software.
  • Combine IT and RIM support efforts.
  • Implement a litigation hold process.
  • Implement a discovery compliant records management policy.
  • Establish data provenance queries.
  • Adopt the "Information Management Compliance" methodology.

Figure 1—Recommended RIM Practices


  • ARMA International. (2009a, April 1). ARMA International challenges organizations to implement better recordkeeping [Press release].
  • ARMA International. (2009d). The generally accepted recordkeeping principles (GARP®) [full version]. Retrieved March 30, 2010, from GARP®
  • ARMA International. (2009e). Records and information management for information technology professionals. Lenexa, KS. ARMA International.
  • Chosky, C. (2008). Where RM should report to ensure effective electronic records management. The Information Management Journal, 42(2), 58-61.
  • Marcella, A. (2008). Electronically stored information and cyberforensics. Control. The ISACA Journal [Online Edition], 5. Retrieved March 31, 2010 from Electronically Stored Information and Cyberforensics
  • Stephens, D. O. (2009). The ten biggest issues in records management today [PowerPoint slides].
AIM alumnus Jason Stearns

Research Paper Author: Jason C. Stearns, New York Life Insurance Company—2010 AIM Graduate

Abstract: Information Technology (IT) and Records and Information Management (RIM) professionals must work together to manage the expansion of electronic records and information (ARMA International, 2009e). This study, based on literature published between 2005 and 2010, employs the Generally Accepted Recordkeeping Principles® (GARP®) to identify twenty-three practices for effective and compliant electronic RIM. Practices, framed in relation to eight GARP® principles, are presented as a comprehensive guide for RIM and IT professionals tasked with recordkeeping responsibilities.

Download the entire Capstone research project