Employing GARP to harness RIM (study by J. Stearns)
Jason Stearns, Director Information Governance at UBS (US, NJ), has published his study at ARMA 2013 (Las Vegas) entitled
"Employing the Generally Accepted Recordkeeping Principles® to Identify
Practices for Efficient and Compliant Electronic Records and Information
Management"
as part of the fulfillment of his master degree at the Univesity of applied sciences of Oregon 2010.
download: Stearns (pdf, 672 KB)
abstract:
This study, based on literature published between 2005 and 2010, employs the Generally Accepted Recordkeeping Principles® (GARP®) to identify 23 practices for effective and compliant electronic RIM. Practices, framed in relation to eight GARP® principles, are presented as a comprehensive guide for RIM and IT professionals tasked with recordkeeping responsibilities.
the 23 practices are:
Practice #1: Employ technical architectures to improve accountability
Practice #2: Log user information actions to perform audits
Practice #3: Update and maintain accountability structures
Practice #4: Implement usage controls
Practice #5: Capture metadata to validate record characteristics
Practice #6: Use database watermarking to ensure record integrity
Practice #7: Implement integrity checks
Practice #8: Create detailed plans and manage metadata for records data migrations
Practice #9: Implement an information security control framework
Practice #10: Establish vital record and BC&R programs
Practice #11: Use control mapping to develop a compliance framework
Practice #12: Conduct information system compliance audits
Practice #13: Use digital audit trails, secure deletion & authenticated encryption
Practice #14: Adopt relevant DoD5015.2 design specifications
Practice #15: Use well constructed file plans
Practice #16: Plan for technology obsolescence
Practice #17: Develop a retention schedule that includes electronic records
Practice #18: Leverage records management application software
Practice #19: Combine IT and RIM support efforts
Practice #20: Implement a litigation hold process
Practice #21: Implement a discovery compliant records management policy
Practice #22: Establish data provenance queries
Practice #23: Adopt the “Information Management Compliance” (IMC) Methodology. (R.Kahn, B. Blair , Information nation)
"Employing the Generally Accepted Recordkeeping Principles® to Identify
Practices for Efficient and Compliant Electronic Records and Information
Management"
as part of the fulfillment of his master degree at the Univesity of applied sciences of Oregon 2010.
download: Stearns (pdf, 672 KB)
abstract:
This study, based on literature published between 2005 and 2010, employs the Generally Accepted Recordkeeping Principles® (GARP®) to identify 23 practices for effective and compliant electronic RIM. Practices, framed in relation to eight GARP® principles, are presented as a comprehensive guide for RIM and IT professionals tasked with recordkeeping responsibilities.
the 23 practices are:
Practice #1: Employ technical architectures to improve accountability
Practice #2: Log user information actions to perform audits
Practice #3: Update and maintain accountability structures
Practice #4: Implement usage controls
Practice #5: Capture metadata to validate record characteristics
Practice #6: Use database watermarking to ensure record integrity
Practice #7: Implement integrity checks
Practice #8: Create detailed plans and manage metadata for records data migrations
Practice #9: Implement an information security control framework
Practice #10: Establish vital record and BC&R programs
Practice #11: Use control mapping to develop a compliance framework
Practice #12: Conduct information system compliance audits
Practice #13: Use digital audit trails, secure deletion & authenticated encryption
Practice #14: Adopt relevant DoD5015.2 design specifications
Practice #15: Use well constructed file plans
Practice #16: Plan for technology obsolescence
Practice #17: Develop a retention schedule that includes electronic records
Practice #18: Leverage records management application software
Practice #19: Combine IT and RIM support efforts
Practice #20: Implement a litigation hold process
Practice #21: Implement a discovery compliant records management policy
Practice #22: Establish data provenance queries
Practice #23: Adopt the “Information Management Compliance” (IMC) Methodology. (R.Kahn, B. Blair , Information nation)
jhagmann - 5. Jan, 11:16
