LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Starting from Scratch
From:	Maureen Cusack <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 9 Jul 2009 17:53:29 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (46 lines)

IT functions are definitely unique to IT but how important is it to document
them and control them with a retention schedule? I think the rigour applied
to defining IT functions and assigning retention periods to IT records
depends on the litigation risk.

Federal and state discovery rules require better identification of ESI than
ever; who is going to do the identifying? The business unit can't; they
think IT 'manages' ESI and they asume IT documents this management
activity. IT documentation rarely describes the details required by state
and federal rules such as what the data is about, exactly where it is (what
application is on what server that then gets put on what backup tape), the
name of the IT person who manages it, retention and migration schedules. To
meet ESI identification rules, and to be able to preserve or produce
anything, the records manager has to spell out to IT what ESI details IT
must document, how often to update these details, what media is
'inaccessible'.

The business unit might own the intellectual content but that doesn't really
mean much since IT controls the systems and processes that process the data
(eg 'alter' it), store it, provide access to it, protect its authenticity,
make it accessible or 'inaccessible', and destroy it. If a record cannot be
produced for a law suit then evidence of those IT actions (eg change
management logs, batch upload reports, LAN/WAN security/intrusion logs,
backup tape procedures and inventories etc.) might be required or might be a
good idea to volunteer. Also, business decisions are embedded into system
functionality: people choose how to make a system process data and what data
to process. Those choices might be the contentious issues in a law suit.
Those choices are reflected in IT records like change logs etc.

But, on second thought, even if litigation is not a big concern, and it's
only customers and regulators who care about compliance with retention laws
or the retention schedule, IT are still the only ones who can provide proof
of that compliance by means of IT records. So some IT records are definitely
needed and IT needs help understanding what they need to identify.

maureen cusack
san francisco,ca

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US