Business systems and EDRMS - who's doing which parts of ISO records management.

One of the things that's bothered me about the way records is practiced for a long time, is that we systematically ignore a section of the ISO definition, and carry on with the practice of records as it was done when we were managing paper.

The full ISO definition of records management from 15489 describes records management as the "field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records."

When I go to an EDRMS, what I see is maintenance and disposition of records.

When I go to a business system what I see is efficient and systematic control of creation, receipt, maintenance and use, and a process for capturing and maintaining evidence of and information about business activities and transactions.

This is because business systems constrain the input, and they present the recorded information to people in a way designed to support management of the business process, and the work that people are doing.

To me, a business system operates in the best spirit of ISO15489's appraisal principles.

Generally they get built by someone who is considering the risks that the process presents to the organisation, and how those processes can be reduced by recording information in the system. Then they present a form for people to record that information.

Because of the way the forms are presented, when managers want to understand the current state of processes that their organisation is dealing with, and whether there are any risks, they have the information they need to get a better understanding - without reading every document, and without interrupting everyone to ask about every process they're working on.

In general, as a professional group, we've ignored business systems.

First we did it because we were used to managing physical things, and our organisations were used to us managing physical things. The idea that we'd manage the electronic things that were rapidly replacing the physical things meant that our profession had to engage in a learning process that would result in practice change - something that isn't easy for any professional group.

What it looks like to me, is that we decided that our definition of records let us pretend that people weren't creating, recieving or maintaining information as evidence in business systems - it boiled down to saying that the systems only had data, therefore we didn't have to manage it, even though any numpty looking at a business system would say that it's data in a context.

Where it gets really interesting, is when "records" started to have a stigma attached to it.

Many of us changed our titles to "information" something - instead of "records" something.

To me, that should have been the moment when we expanded our remit and started to focus on business systems.

But we still didn't.

We still define our way out of it - this time by saying things along the lines of "that system doesn't comply with ISO whocares (16175) so we will write policy that says they're not records systems."

The impact of this, is that it has broken records management into two pieces.

The one that has the largest ability to impact performance is the one that's managed by IT - it's considering how business risks can be reduced by focusing on the systematic creation, receipt, maintenance and use of records. That's where almost all of the ability to have an impact on the performance of a business process is.

The one that has the least value, is what we're doing - capturing a tiny fraction of the information the organisation creates and uses so that we can manage its lifecycle.

The only way we're going to recapture the prestige and power that records management should have, is by recognising that we've abandoned a significant fraction of the value of our profession as ISO see it, and recapturing it.

To do this, we're going to have to recognise that all IT does, is build and maintain things so that information can be recorded and shared with other people.

And then we have to take back responsibility for the recording, and making sure that everywhere it's being done, we're there to make sure it's done systematically in ways that reduce business risk.