What is a records policy?
PDF Print E-mail
Written by Carlota Bustelo
Monday, 27 August 2018 17:44

A few days ago, an esteemed colleague asked me for my opinion on a records policy that she had drafted and that had received some criticism from the professional community. This post is part of my answer.

Before starting to draft we must place ourselves in the context of the organization and in the purpose of the policy. In principle, a policy is a document that contains a statement of intentions by the top management of an organization with respect to a specific topic; but within this same definition there are at least two different interpretations:

1) A policy in the context of the implementation of management systems standards (MSS), is a short document that establishes the guidelines of the organization regarding an aspect, in this case records management, that is intended for all the people who work in the organization, since that is what should make the policy possible. It is the type of document that must be written when it comes to implementing the UNE ISO 30301: 2011 Standard on Management Systems for Documents . It is written in a language that is understandable to all and in pre-intranet times it was hung on the walls of the offices so that everyone could keep it in mind. That being the case, this type of policy is best not to go beyond a single page. When several management system standards are implemented within the same organization, the ideal is that the management system is integrated, which means that in many cases it is also an integrated management policy. That is, a document that covers different aspects of management, including records management. Being a short document does not mean that it is easy to write, since it must express the intention of the top management with clear and precise concepts. Of course, the management system is not based only on the policy document, but there are other levels of documents in which it is developed, defined and detailed, each of them with a different audience, according to the scope and purpose of the same.

2) A policy conceived as a technical document that includes the principles and rules for the creation, capture and management of records and that serves as the basis for the implementation of operating schemes, document management models or regulatory developments. These are detailed documents, with technical components whose comprehension is not available to anyone, and which are written by specialists for specialists. They are reference documents in change processes, which detail the decisions made regarding different technical aspects and that are necessary to guide an implementation process. This type of policy is what seems to have been imposed in different countries as a mandatory element for public administrations. In Spain, the Interoperability Technical Standard (NTI) of Electronic Document Management Policy or in Colombia Decree 1080 of 2015 "By means of which the Single Decree of the Culture Sector is issued" have opted for the term "records management policy" for this type of technical content. With this approach, great technical documents have been written, which in many cases exceed 150 pages and where all the details that serve to implement the policy are included in the main text or in its annexes. After having started reading many of them, I think it can be said that it only makes sense when you are directly involved in the process for which they were conceived, and that these are documents of reference rather than declaration of principles. As these are difficult documents in the two cases mentioned, in which the existence of the policy is mandatory, help has been provided in the form of templates or guides, which sometimes produce the opposite effect to the desired, as policies are drafted by “copy pasting”. I can affirm with knowledge that these kind of policies are useless.

When someone reads a records policy to approve and/or criticize it, they have already placed themselves in one of the two conceptions described, therefore, they will not understand a "policy" made with the other vision. The big peril is that those responsible for drafting a policy wanting to make a "mix" of the two visions, staying in "no man's land" and being criticized by all.

But, what is the solution when the organization is in a context where a technical policy is required, but at the same time the organization wants to implement a standard such as ISO 30301? For me it is a question of denomination and, therefore, should not waste too much time in discussions about what is or is not a policy. The two levels are necessary and meet completely different objectives. In some of my projects where these conditions are met we have called the technical document in another way, establishing within it that it acts as an electronic records management policy in compliance with current legislation.

Last Updated on Tuesday, 28 August 2018 09:23