In today’s frenzied attempt at differentiation of Record Information Management (RIM) solutions, many vendors are extolling the many advantages of “in-place” or federated records management across all disparate repositories within an enterprise. Some customers are receptive to an in-place records management approach because it promises to allow record content to remain transparent to existing users and applications while allowing organizations to preserve their investment in their existing content repositories and achieve compliance. But let’s take a closer look at in-place records management.
In-place records management provides the ability to establish, execute, and enforce a common records policy across various distributed records repositories using a set of standards that provide interoperability for functions such as search, collection, identity and access management, retention and disposition throughout the life cycle of a record.
Essentially, in-place records management leaves content stored in its native storage device by its native application and creating a pointer entry in the RIM database. Depending on the functionality available at the storage site through the native assets, RIM software transmits a query to the native site to gain access, and then through a mapped connector transmits an action command for the native application/site to execute. Then, the remote device then sends back status information to the RIM software to update the data base.
Why in-place records management doesn’t work
There are a number of issues with using an in-place records management system to manage the 5 percent of documents that comprise the official documents of record. They include:
1. An in-place records management system does not own or manage the information it indexes. It cannot guarantee the information it has just indexed will continue to exist in a minute, a day or a week. The in-place records management application does not manage or control the information, only indexes. So even if the file status is “Read Only,” there is no guarantee that the information will continue to exist.
2. Some content stores cannot absolutely delegate full control over retention to RIM. They still allow local system administrators to delete and/or alter content through the content store’s native administration interface.
3. Some content stores lack the requisite record management functionality for the RIM to map to.
4. Any external repositories will continue to own the content that they store, which means that access to this content is still under the direct control of the repository’s native services.
5. Departmental repositories can result in information silos requiring time, effort and budget to develop and/or maintain custom connectors.
6. In federated management, while the remote content maybe called immutable, it is better termed “as immutable as possible,” for the reasons mentioned above. An administrator using the native tools of the remote system or some malware running “as root” can sometimes override the API securing immutability. So while immutability can be promised, it cannot always be guaranteed.
7. The total cost of ownership may be prohibitive as well as too complex to maintain given the need for different application software expertise.
8. Backups and disaster recovery for records are contingent on multiple systems and sites, creating multiple points of failure, thus increasing risk and the frequency of issues.
The centralized repository remains superior
There are good reasons why many managers insist on a centralized records repository deemed as the enterprise’s “official records repository.” The central records repository remains the gold standard in terms of security, best practices, and lifecycle management to address regulatory compliance.
Our offering is Systemware Content Cloud, which lets users record, classify, store, manage and finally dispose of any type of physical or electronic record – documents, email, scanned images and text messages – in a consistent and integrated manner within one easy-to-use application. Our solution uses a single file plan to maintain all records and is DoD 5015.2 certified; and our role-based access increases ease of use, improves productivity and increases accuracy.