Generally Accepted Recordkeeping Principles
The Generally Accepted Recordkeeping Principles (The Principles), were created by ARMA International as a common set of principles that describe the conditions under which business records and related information should be maintained.[1]
The Principles
The eight principles are designed to identify the major hallmarks of effective Information governance, but do not follow a numerical hierarchy of importance.[2]
- Principle of Accountability
- Principle of Transparency
- Principle of Integrity
- Principle of Protection
- Principle of Compliance
- Principle of Availability
- Principle of Retention
- Principle of Disposition
The list of principles can be recalled with the help of the Mnemonic "A TIP CARD," which serves a dual purpose as it implies the principles are tips for effective recordkeeping.
ARMA International Maturity Model for Information Governance
Information is one of the most vital, strategic assets organizations possess. They depend on information to develop products and services, make critical strategic decisions, protect property rights, propel marketing, manage projects, process transactions, service customers, and generate revenues. This critical information is contained in the organizations' business records. It has not always been easy to describe what "good recordkeeping" looks like. Yet, this question gains in importance as regulators, shareholders, and customers are increasingly concerned about the business practices of organizations.
ARMA International recognized that a clear statement of "Generally Accepted Recordkeeping Principles®" (The Principles) would guide:
- CEOs in determining how to protect their organizations in the use of information assets;
- Legislators in crafting legislation meant to hold organizations accountable; and
- Records management professionals in designing comprehensive and effective records management programs.
The principles identify the critical hallmarks of information governance, which Gartner describes as an accountability framework that "includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals." As such, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. Multi-national organizations can also use the Principles to establish consistent practices across a variety of business units.
A Picture of Effective Information Governance
The Maturity Model for Information Governance[3] begins to paint a more complete picture of what effective information governance looks like. It is based on the eight principles as well as a foundation of standards, best practices, and legal/regulatory requirements. The maturity model goes beyond a mere statement of the principles by beginning to define characteristics of various levels of recordkeeping programs. For each principle, the maturity model associates various characteristics that are typical for each of the five levels in the model:
- Level 1 (Sub-standard): This level describes an environment where recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny.
- Level 2 (In Development): This level describes an environment where there is a developing recognition that recordkeeping affects the organization, and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature.
- Level 3 (Essential): This level describes the essential or minimum requirements that must be addressed in order to meet the organization's legal and regulatory requirements. Level 3 is characterized by defined policies and procedures, and more specific decisions taken to improve recordkeeping. However, organizations that identify primarily with Level 3 descriptions may still be missing significant opportunities for streamlining business and controlling costs.
- Level 4 (Proactive): This level describes an organization that is initiating information governance program improvements throughout its business operations. Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements. Organizations that identify primarily with these descriptions should begin to consider the business benefits of information availability in transforming their organizations globally.
- Level 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. These organizations have recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service.
How to Use the Maturity Model
The Information Governance Maturity Model will assist an organization in conducting a preliminary evaluation of its recordkeeping programs and practices. Thoughtful consideration of the organization's practices should allow users to make an initial determination of the maturity of their organization’s information governance. Initially, it is not unusual for an organization to be at differing levels of maturity for the eight principles. It is also important to note that the maturity model represents an initial evaluation. In order to be most effective, a more in-depth analysis of organizational policies and practices may be necessary.
The maturity model will be most useful to leaders who wish to achieve the maximum benefit from their information governance practices. Effective information governance requires a continuous focus. But in order to get started, organizations can look to the steps below:
- Identify the gaps between the organization's current practices and the desirable level of maturity for each principle.
- Assess the risk(s) to the organization, based on the biggest gaps.
- Determine whether additional information and analysis is necessary.
- Develop priorities and assign accountability for further development of the program.
See also
ARMA International
Records management