Often when technology is involved, we think of a “system” as the hardware and software: as in a computer system. However, when the drafters of AIIM Recommended Practices -1 (section 5.3.3) and ISO 15801 used the term “Trusted System”, they had more in mind than just the technology driven definition. They envisioned control over the entire environment in which the document/record is created, ingested into and managed throughout the lifecycle, a large part of which is the users.
Both ARP-1 (2009) section 5.3.3 and ISO 15801 identify four elements necessary to construct a trusted system:
• Hardware/software/storage
• Ability to audit the system
• Ability to write two separate copies
• Policies and procedures to support the system
In part, 5.3.3 reads:
“A trusted document management system ensures that all electronically stored information can be considered to be a true and accurate copy of the original information received regardless of the original format. . . . It is important to note that trusted document management systems incorporate not only technology, but also require adherence to organizational policies ensuring proper electronic document or record handling, processing as required by the organization (typically documented in the record retention policy and schedule) and electronic document management software or application components. . . .”
When the ANSI/AIIM 25 drafters considered how to develop guidelines for assessing whether a content management system met the threshold identified in 5.3.3 and 15801, the group focused on the need to pay particular attention to the policies and procedures for the users as this was deemed an integral part of the content management “system.” “Organizations must be more cognizant of the documentation prepared AND followed by the organization to both determine whether the Electronic Content Management (ECM) solution is actually safe and secure, creating a trustworthy document, record or information storage system and is providing the ability for the organization to monitor compliance with company record/document management policies.” ANSI/AIIM 25-2012 Introduction
And, the drafters believed it is equally important to take into consideration whether the policies and procedures accurately described the practices in the organization. The danger of having the best-drafted-but-not-followed policies is as dangerous as the failure to have any policies at all. For more information about trusted content management systems, contact either Robert Blatt or Jo Dunlap at EID, Inc.