8 essentials for Information Management
ARMA International, a not-for-profit records and information association, has published a list of 8 Generally Accepted Recordkeeping Principles (GARP) and suggests they form the basis of ensuring Information Governance processes are up to scratch.
ARMA says organisations should view GARP as a map for a road that is safely winding through an operational and legal minefield that has always existed but has recently become even more treacherous. An organisation with an information governance program that doesn’t adhere to the GARP principles is teetering on the edge of the minefield. As it becomes more compliant, it will move away from that edge toward safety. Organisations progressing in that direction will find a lot of value in just taking that first step.
The GARP principles were created with the assistance of records and information management (RIM), legal, and IT professionals, who reviewed and distilled global best practice resources, including the international records management standard (ISO15489-1 Information and Documentation – Records Management), and court case law. The principles were vetted through a public call for comment process involving the professional RIM community.
The eight GARP principles are:
1. Principle of Accountability — An organisation shall assign a senior executive who will oversee a recordkeeping program and delegate responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure auditability.
2. Principle of Transparency — The processes and activities of an organisation’s recordkeeping program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties.
3. Principle of Integrity — A recordkeeping program shall be constructed so the records and information generated or managed by or for the organisation have a reasonable and suitable guarantee of authenticity and reliability.
4. Principle of Protection — A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity.
5. Principle of Compliance — The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organisation’s policies.
6. Principle of Availability — An organisation shall maintain records in a manner that ensures timely, efficient, and accurate retrieval of needed information.
7. Principle of Retention — An organisation shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.
8. Principle of Disposition — An organisation shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws and the organisation’s policies.
Additional context for each of the GARP principles is available at http://www.arma.org/garp.