Is it your first time working in the cloud? Check out our webinar “Tips and Tricks: Successful Records Management in the Cloud” today!
This is the first post in our NARA series. Check out the other posts below!
- 7 Simple Steps Records Managers Can Take to Develop a Risk/Value Framework
- Retain or Destroy? How to Make Tough Records Management Decisions
- How to Start Optimizing Email Records Management ASAP
- Email Records Management Done Right: A Walkthrough of NARA’s Guidelines
I’m a parent. I have two children, six and a half (the half is important, don’t take that away from her) and almost one. I have to figure out where the toys are, if the teeth are brushed, and if that cough is persistent or if it’s just dusty in here. And if you recently heard how I almost destroyed my child’s imagination by listening to my favorite book on tape with her in the car (it was a Santa/Easter Bunny is/isn’t real kind of slip up), you’ll understand when I say “being a parent is hard.” Heck, you probably already know that.
Just like you probably also know how hard it is to be a Records Manager in the United States federal government.
To help prove this point and showcase the value of a proper reporting toolset, indulge me in using one of my all-time favorite workplace phrases (next to “see you in a couple weeks, I’m going to the beach”): “Say what you’re going to do, Do it, then Prove it!”
Say What You’re Going to Do
The job of Federal Records Managers is hard. They’re experts in comprehending regulations and laws written by lawyers. They read guidance that covers everyone from tax collectors to parks directors. They look at what the Department of State does, the Department of the Treasury implements, the Executive Office of the President requires, the Judiciary rules on, and Congress passes – just to name a few. They take all of this into consideration and somehow turn it into policies that support the employees, contractors, and politically appointed staff of their institution based on their specific mission.
The Records Manager creates taxonomies, informs security and privacy policies, and defines disposition rules for everything from 50-year-old paper manuals to emails and tweets and CAD drawings of nuclear-powered submarines. They, this small minority of staff, have the impossible task of sharing all of this with already-overburdened end users who simply want to meet their mission tasks.
On top of all this, consider the exponential growth rate at which content to be considered for records management is created, the ever-changing landscape of tools that this content is created on, and the incredible pace at which new regulations are being pushed out to protect our privacy and security.
And then the job of a records manager really starts.
The Records Manager must ensure all of this is implemented in a system that doesn’t burden the end user and delay mission completion. The tricky part is that a Records Manager is, generally speaking, not a technologist. They are not platform experts; they don’t code, and certainly don’t write database queries. They don’t know how to push out their taxonomy across seven SharePoint farms, Office 365, file shares, email, etc. And the content they care about is everywhere (like my daughter’s toys).
And once it is implemented against these systems, how do they know where the focus should be?
In comes reporting.
Where should I focus my efforts?
My daughter is now six, and we have an infant in the house. My wife and I simply can’t keep up with everything anymore. Without a regular report card, we can’t possibly know just how much she’s actually retaining in Math and English. Without the monthly progress report from Tae Kwon Do, I don’t know which areas she and I should focus on in the following weeks. Reports help us focus our time to make sure we use it the best we can with her.
In order to determine where to focus their manual resources and how to implement their technological resources, a Records Manager has to know what data to expect where.
To this end, an Enterprise Risk Management solution, like AvePoint’s Compliance Guardian solution, can help you get there by automating the creation and maintenance of data inventories, flow mappings, and impact assessments. The below Data Flow Map from Compliance Guardian, automatically generated through the completion of Data Inventories from across an organization, tells Records Managers what data is expected to be in what system. This enables Records Managers to set default record disposition policies based on the content location and informs information technology managers about the capabilities these systems need to support disposition requirements (we currently support SharePoint and Office 365).
Next, Compliance Guardian programmatically scans your content stores to compare what the Data Inventory tells us SHOULD be in those content stores to what actually is. The below heat map, generated post-scan, shows a sample of financial data and Personally Identifiable Information (PII) violations within the scanned data source. Further interactivity with the report shows a Records Manager where this content is, allows them to create and assign incidents, and further refine their business rules to ensure they eradicate false-positives.
With these reports a Records Manager can determine where their primary focus should be, allowing technology solutions to manage taxonomy and the disposition of much of their solutions.
What’s ready for disposition?
When it comes to parenting, this one is easy: everything is ready for disposition (as long as she isn’t around to see it). But, how does a Records Manager know what is scheduled to be exported to NARA and when? Where is a record in relation to its disposition approval process? In comes AvePoint Records’ Content Due for Disposal Report:
Configure your period of time and the content location you’re interested in reporting on, and you get a report showing all content ready for disposition. The best part about this report is its customizability. Change the viewable columns or export it to a spreadsheet or Power BI dashboard, and you can really start to manipulate what shows. Pull this data into Microsoft Flow and kick out a series of notifications and automated workflows around the upcoming disposals.
Here’s a tip: Standardize how you name your rules and you can use this for reporting! If your rule starts with “NARA Export” (e.g., NARA Export 10 years permanent record) then it’s as simple as filtering the content due for disposal to all results where “Rule” includes “NARA Export.”
And now for the heavy lifting. The daily grind. The lifeblood of the Records Manager. How do you prove you did what you said you would? How do you validate your assumptions from the “Say it” phase? How do you ensure people are doing what you NEED them to be doing? In comes the auditing and monitoring reports to keep you sane, organized, and ahead of the game.
Monitoring the Plan in Action
To start, how many records are we managing? How many records have we destroyed? What is waiting for approval? This dashboard is interactive – sort by date, click into the records waiting for approval and see which record owner needs to approve them.
These reports are especially helpful when managing content across multiple sources, such as a SharePoint 2013 farm, a SharePoint 2016 farm, and SharePoint Online. Add to that physical records and you’ve got a dashboard that will help you understand your records usage across all of these at once. Natively, you would need to setup reports similar to this dashboard in each farm.
But what are these records? When were they created (or destroyed)? You may want this information in a single report, or you may want to break it up based on the audiences you’re providing it to. Our Creation and Destruction Report allows you to do just this.
Here’s a tip: AvePoint Records Reporting module allows you to create Profiles – each profile lets you focus your report based on the audience. Does senior leadership want a report of all records created and deleted in the past six months across the entire solution? Does a content owner want a report of records created in the past week in their specific content area? These two separate profiles are easy to create and segregate content for regular report distribution!
Now that you’ve seen how many records you have, the next thing a records manager needs to understand is if the solution they setup is being used the way they expected. The primary tools of the Records Managers are the taxonomy (a.k.a. terms) and the rules applied to records with those terms.
The Term Usage Report allows you to display the quantity and location of records that have been classified using a specific term. You can look at a specific set of known terms, orphan terms, or retired terms across a specific instance of your solution or across all content areas.
The Rules Usage Report gives records managers a centralized repository of what terms are associated with which rules. Simply select a rule and receive a paginated (where appropriate) list of all terms that use it.
Auditing Records Activities
The Administrator Audit Report provides detailed information of activities, including operation records and export records performed, within the solution. Bar and line graphs display an overview of activity in the system over time. Click on a section of the chart and the details tab gives you a table view of said activities, exportable for reporting however you like.
Every activity that the system takes can be audited, and if you can’t prove who did it, when it happened, and if it succeeded or not, you can’t ensure your records system is doing what it needs to do. When did it happen? Who did it? Where did the action happen? Did it complete successfully?
In a world of compliance, these types of reports are the last line of defense in ensuring your organization is successful. The best part is that you don’t need to be a SharePoint administrator to see what your records solution is doing, and you don’t need to be a reports designer to pull it out in an easily digestible way.
Let’s Get Physical
One last bit: Of course all of these reports work for both electronic and physical records. However, with NARA saying “your physical records are your own” after 2022, there are a few things you need to be aware of.
First of all, you need to know where your physical records are and who is using them. A URL to the record location is great for electronic records, but for physical records you need more information. What box is it in? Where is that box? Who is currently using that box? We help you keep track of all of these physical records with this simple report:
Secondly, have you recently asked yourself how much space you have left for physical records? Cataloging all these records into a system like AvePoint Records means knowing how much space you have left becomes something easily calculated. Our Available Space Report does just this, taking all the information you’ve cataloged about your physical records and shows you exactly how much space you have left at each physical storage location.
Some Additional Considerations
Hopefully, the reports discussed here help you visualize how you’re going to meet the job you, my dear Record Manager friend, have been hired to do.
There will always be more. More reports are needed. More regulations to change how records have to be maintained. More stakeholders with more requirements around their specific content.
The ability to export every-single-report included in this discussion and import the data into your favorite (or required) reporting tool means you too can organize the Legos (sorry, I digressed). Tools like Microsoft Flow and Nintex can help you automate the distribution of reporting data.
If you need to manipulate the data a specific way, import our raw data into Power BI or Crystal Reports and create the view your stakeholders need. A tool like AvePoint Records doesn’t just give you a COTS solution, but it also gives you the experience and lessons learned of agencies across the Federal government who also use it. You benefit from their new requirements as they are designed