The embeddedness of the "records system document custody" paradigm - and the future of archives
It's official - archives are now "risk on."
Which just means that most of them have acknowledged the failure of their compliance standards, and are now saying "spend appropriate resources on appropriate things" (or, for the cynical - yes, you - "don't try and gold-plate everything, it won't work").
But no one is moving.
At best, what we're seeing is records systems branding themselves "manage in place" - when most of the time, the place is Microsoft 365 (and if you understand the evolution of SharePoint, you can see how they got there).
There seem to be three approaches to manage in place in the market at the moment -
- Manage in Microsoft 365 by buying a system that provides a separate metadata store and process engine for retention management.
- Manage in Microsoft 365 by buying a system that synchronises to another repository - and hope there's enough structure there to manage retention, or something magical appears that can solve that problem.
- Manage in other systems (mostly M365 and file servers) by buying some software that captures all available metadata from the other system, and then uses a classifier to do retention classification and provides a disposal process.
The commonality here, is that all of them involve "buying a system that..." delivers the compliance standard - in a very small percentage of systems.
I'm not seeing the approach of "we're going to risk assess all of our systems and decided whether the risk level needs additional capability."
Because for many systems, it just doesn't.
For many systems where retention is short term, it needs someone to "delete all content older than x days, and to do it every y days" - which any half way to competent DBA or sysadmin would write a script for.
What I think it really speaks to, is how embedded the mindset of "here is our records system, it's where we do the things with the records" is - which is essentially the custody paradigm, even if it's now only custody of the metadata.
I think this is an anchor for our profession that we need to work beyond.
I think it's rooted in risk aversion.
We still treat a lot of decisions as "things that we can't know."
And we miss the irony that the organisations we work in are often dealing with natural disasters and accidents - or other things that we can only actually have a statistical understanding of, not a causal understanding.
Simply put, we're stuck.
I'll consider us un-stuck when I find someone making archival regulations "our job" - instead of making it the responsibility of the whole organisation through policy directives that are plainly impossible to comply with (ie. we will give you a completely locked down business system to manage your work, and then tell you that you have to keep records in an EDRMS).
What would that look like?
A couple of things.
First, I think we'd hire a historian/archivist - someone tasked with proactively identifying what transactions of the organisation are likely to be of long-term historical value - and capturing them.
Second, I think we'd lose the traditional records system. This might be a bit controversial, but my read has always been that archives aren't actually interested in anything other than permanent. They massively over-regulate, relative to what they want - to me, this means that the records team of the future owns the digital preservation system - the one that will capture all content, regardless of format (ie. this has to include databases, or at least their business system representations). This is a move away from a document centric view of records management, it's not about documents, it's about records.
Third, I think we'll be out there designing systems for doing work, because I think that most of the records world has been sucked into an archival maintenance paradigm where the work is about the repository, instead of a records management one where the work is about the quality of the results that are being achieved, and how they can be improved by changing the way that information is recorded. This means that we're going to be more like business and process analysts, and that the risk assessments we're going to conduct will be based on the capabilities needed by the process, and the risk level attached to it.
For everyone who still wants an EDRMS, this means it still has a place - mining and gas companies don't implement EDRMS systems because an archive told them to, they implement them because they know that their business gets better results if they implement them (and hire document controllers - ie. records managers focused on documents - in droves).
What do you think?
Are we stuck?
What does the future look like?
Personally, I'd settle for a system that effectively captures the evidence of disposition (and so supports defensible destruction). I wonder if a lot of people aren't just waiting for this 'magic bullet' - and stalling for time in the process?