Federal agencies create, store, maintain, and share vast amounts of important permanent records. In 2019, M-19-21 directive issued by the White House included mandates to store those records electronically. It is important to know whether or not you are in compliance with current standards. Your records management strategy has both legal consequences and impacts the efficiency of your organization. This initiative not only encourages federal agencies to focus on a digital strategy now; it also results in saving time and money in the long run. There is no extension for this deadline due to COVID-19 and the transition is still required.
Is your current records management vendor up to the task of bringing your agency into compliance? Here are 10 things to ask your vendor to find out:
1) Is your records management solution secure from cyber attacks?
If you’re using shared drives or SharePoint, you are vulnerable without some robust overarching policies in place.
2) What is your backup policy? Are you maintaining regular backups off the network?
The most recent ransom attacks prey on systems that keep backups on the same network. They take both the Production and the backup copies hostage until the organization pays to have them restored. Even after restoration, it is often a nightmare to restore the lost content.
3) Are you records stored in multiple locations?
More databases, more problems. Consolidate.
4) Can access to certain kinds of documents be fully restricted natively or does it rely on an end user to properly assign and restrict access?
Relying on users to properly apply security means users who shouldn’t have access to documents often do. This could result in accidental deletions, revisions, and compliance lapses.
5) Is version control built into the software or does it depend on the user to properly name files?
Ensuring the document of record is maintained is critical for records management policy. Relying on users to identify the latest document through naming removes the ability for the system to automatically identify documents for destruction and leaves room for human error.
6) Can exporting and sharing files externally be restricted to ensure the integrity of the record?
If even one record exists, it can be eligible for a FOIA request. Disallowing the ability to export, print, or download archived records to an as needed basis protects your agency.
7) Is your records management component a thirty party “add-on” tool?
Having to deal with multiple vendors, multiple software, and multiple interfaces can be difficult to maintain.
8) Is your records management system or integration home-grown or custom coded? A home grown system can make upgrading either impossible or costly.
Most agencies are looking towards COTS (configurable off the shelf) products. This prevents vendor lock as many companies are capable of configuring a COTS product if your current vendor is not up to par.
9) Is metadata consistent or able to be modified by end users?
Drop downs, fixed data sets, and defined metadata values enforce consistency that allows records retention to be automated. Allowing users to free-type results in poor searches – the electronic equivalent of a misfiled paper documents.
10) Do you have an auditable, configurable destruction approval process that does not rely on email routing?
Just as important as the integrity of maintaining the record is the integrity of the destruction. Tracking who approved what when and making this process efficient to engage the appropriate parties makes destruction just a step in the process instead of a headache.
Need further help or a personalized assessment? We will provide both free of charge.
Next Phase Solutions is an 8(a) minority and woman-owned business that specializes in taking business paperless. Our products and services are available on GSA. We have experience with implementing solutions for federal agencies and are currently working with the Department of Defense to bring them to compliance. We can help you too. For any questions or cost-free assessment of your current state of compliance, fill out the form below or visit our website npsols.com.