| Document & records management in the cloud: personal perceptions |
|
Tuesday, 07 February 2012 00:00
| In recent times everybody endlessly repeats that "cloud computing" is the future of information management, and therefore also of electronic documents and records management. Large multinationals with the largest market share in ECM applications also seem to have embraced the "cloud computing" as the driver of their future developments and services. Is the case of EMC, launching EMC on Demand or Alfresco presented their new version 4 with the slogan "the connected cloud platform".
When I read and heard the predictions for the future on this issue always thought they were a bit far from the reality of the document & records management projects in which I am currently working on. I could not imagine any of my clients making the decision to move their document & records management in the cloud, losing "control" of the servers where the information is stored. However, a conversation with John Newton of Alfresco at the event to launch their new version in Madrid, made me think about how and for what the cloud could be used in document & records management projects. I think nowadays, two different levels or approaches could be established :
- The first and most radical, perhaps in which I had always thought of as unique, offering document management platforms in the form SAS (software as service). In this case, the software is offered in servers in the cloud which are accessed through the network and organizational documents and records are filed on servers in the cloud by the organization providing the service. The undoubted advantages of reducing maintenance costs and the ability to access documents from anywhere (especially in organizations with circulating employees or working from their homes) are not sufficient to overcome the "fear" of not having control over the documents & records. This fear is strengthened by news like the closing of Megaupload and customers explaining in the media they have "lost" their files.
- The second would be using the cloud as a replica of what the organizations have on their own servers. With an immediate synchronization service, organizations obtain some advantages that should not be neglected:
- It would eliminate the tasks related to the "backup", since there would always be a copy of the document repository immediately in the cloud.
- It would solve many problems of access to corporate documents & records from outside the organization, as employees with the adequate permissions could always work directly in the cloud when they are out of the office. As synchronization acts in both senses all the work done by these employees would be reflected immediately in the local repository. Furthermore, with tablets and smartphones applications (another trend predicted for the future) accessing documents & records in the cloud, it would have solved one of the limitations of these devices to be used as complete working tools.
- It would provide opportunities to share documents with suppliers, customers or other stakeholders, which would proceed directly to the cloud, in a natural and logical evolution of "extranets" of organizations.
Actually, this second option without more sophistication than the file server, has been widely adopted by many professionals and small businesses, among which I am. In my case, I can share files with my collaborators in a natural way and calm me down from hardware failures, which we have had two important in the last nine months. At the same time the solution automatically runs the backup policy, freeing us from the related tasks. Following this way perhaps the cloud is the option to make available and affordable the document & records management features to any kind of organization.
|
| Last Updated on Tuesday, 07 February 2012 12:43 |
| Legislating between two worlds: paper and electronic records |
|
Sunday, 08 January 2012 22:21
| It's hard to be updated from laws of other countries different from your own market, so my reflections here are based primarily on Spanish law, which at the same time needs to be harmonized with European Union directives, and has influenced many countries of Latin America.
 As one of the last acts (the election was the 20th of November) of the Spanish previous government a Royal Decree of November 18th on Spanish Systems of Archives was published. (Decreto 1708/2011, de 18 de noviembre, por el que se establece el Sistema Español de Archivos y se regula el Sistema de Archivos de la Administración General del Estado y de sus Organismos Públicos y su régimen de acceso). After reading it several times I cannot stop thinking about how difficult it is to legislate on records and archives in a dual reality, in a transition period between the paper and electronic world.
In countries like Spain, with an archival tradition of many years, an impressive legacy of historical documents and an organization of Archives, in which collections and organizational units guarding them aren’t easily distinguishable; the well-meaning attempt approach to legislate for the two realities may reveal some mismatches. Here are my views on some controversial issues:
- In the paper records world, the records location and responsibilities on their custody are the basis on which to perform all record processes. It is logical, therefore, that until producers do not submit records to the appropriate site, under Spanish law any kind of Archive, can be considered records an Archives law do not apply. In the electronic world the paradigm need to be necessarily another, in the world of the "cloud" and changing “team-based” organizational structures try to apply the model based on the custody and transfer of documents constitutes a high risk of failure. Legislation that attempts to encompass both realities could create much confusion.
- The establishment of the records lifecycle model by transfer of records between different types of Archives (office, central, intermediate, historical) works well to organize a huge mass of paper and to specialize functions and responsibilities for each type of Archive. But applied to electronic records can produce unnecessary complications and, worse at times of crisis, increase of investment in information technology need to simulate the different stages, without being very clear about the benefit.
- Access to paper records in public Archives need to be regulated to ensure citizens rights. Principles are the same for electronic records, but the technology would allow more direct access (without failing in security) than paper records, which always require an intermediary agent. Where the law says that to exercise the access to records you have to submit an application, that will be studied and answered in each case, without specify different conditions to digital repositories, is ruling out the possibility of direct access to electronic records. For some professionals, including me, the possibility of direct access is the great advantage of technologies to promote a greater degree of transparency.
And finally, as a conclusion, to legislate is always difficult (I know by experience when I have been asked to help), but when scope cover an area in transition, even more difficult!
|
| Last Updated on Sunday, 08 January 2012 23:04 |
|
| MoReq2010: Views for all tastes |
|
Wednesday, 07 December 2011 23:45
|  A few days ago I was surprised by an intervention in the ISO 30300 Linkedin group stating that MoReq2 is re-appearing against MoReq2010, and this would be very useful since is aligned with ISO 15489 (and therefore with the ISO 30 300), unlike MoReq2010.
I didn´t remember having read anything that would suggest that MoReq2010 was not aligned with ISO standards, but I returned again to the 500 pages of the specification and also listen to the interesting conversations between Jon Garde and James Lappin in “Musing over MoReq2010”. In this way I form my own opinion:
- Bearing in mind that any version of MoReq focuses on the functionality of records systems, in which records processes and controls described in ISO 15489 and Annex A of ISO 30301 should be implemented, an explanation of the meaning of “be aligned” is needed. To me it means that MoReq2010 requirements and functionality can implement records processes and controls of the ISO 15489. In this sense, l think MoReq2010 is perfectly aligned with ISO standards.
- The ISO 15489 published in 2001, has been further developed in other standards and technical reports that cover some aspects in more depth. Of particular importance are the three parts of ISO 23081 - Metadata for records. I find that MoReq2010, with an approach to metadata much more flexible and based on the concept of entities, is much more aligned with ISO 23081 than MoReq2
- MoReq2010 breaks with the unique model of implementation, the EDRMS, which according with the development of information management in organizations is beginning to show some mismatches needed to be solved. Records and evidences are not always digital objects which can be managed by an EDRMS and records manager are fighting to implement expensive technologies that require programming and customization to fit the needs of the organization. MoReq solution is smart, because without discarding the EDRMS model, opens the way for other models not encouraging a certain and specific technological model.
- MoReq2010, following a common trend observable in the standardization and legislation for the digital environment, is based more on wishful thinking rather than the standardization of everyday practice. There are not records systems on the market, different from the traditional EDRMS, which meet the specification MoReq2010. Probably one of the desired effects is developers to use MoRe2010 as an inspiration for their new products, but this will not have an immediate result. Only time will tell whether it has succeeded promoting R & D and putting on the market products with different approaches. In this regard, will be interesting to see the strength of an European specification on a market dominated by U.S. multinationals, where remains in force DoD50.15 increasingly away from MoReq2010 approaches.
- Regardless of how hard it is to read 500 pages and the structure needed for the purpose of certification, in my view MoReq 2010 has some important hits. Hopefully developments based on this new vision will be available for implementation.
|
| Last Updated on Thursday, 08 December 2011 00:06 |
| Information audit and compliance audit: two concepts which should not be confused |
|
Thursday, 27 October 2011 22:20
| Preparing different materials on the series of standards ISO 30300-Management systems for records, in whose implementation (as in all management systems) the audit process is a key, I've noticed that among information and documents management professionals sometimes the term audit is used to name different processes and activities which is better not to confuse.
 Information audit has been defined and explained by many authors. It is a Wikipedia entry, and among the best specialists it is the Spaniard Cristina Soy who has written a book on the subject as well as various articles. Information audit is defined as a tool for systematic analysis of the use of resources and information flows in order to establish the extent to which they are contributing to organizational goals. It is a powerful tool for information system design and implementation of information, documents and evidence management projects within organizations. When an information audit is initiated the fie¡¡irst goal is to identify the information resources.
The findings of an information audit can be useful for different contexts such as the creation or evaluation of an information service, the implementation of an intranet or any other information management system or to define information management strategy and even to meet one of the operational requirements of the ISO 30301 (A.1.1.) " All operational, reporting, audit and other stakeholders’ needs for information (captured as records with appropriate metadata) about the organization’s processes shall be identified, and documented systematically".
But internal audit established in the framework of management systems (as in the ISO 30301), it is not the same type of audit. These audits of management systems could be called compliance or conformity audits and its main purpose is to verify compliance with requirements previously established (in the standards). The main action is checking one by one the requirements established in a previous list. If one of the requirements is not satisfied non-conformity is produced. The non-conformity should be eliminated through corrective action.
In compliance audits of the 30301 both requirements on management system processes and requirements records processes need to be checked.
Both types of audits are different methodologies, sharing their most basic purpose: improving the organization effectiveness to meet its objectives.
|
| Last Updated on Thursday, 27 October 2011 22:35 |
|
Balloting and commenting of the first draft of ISO technical report PDTR 18126 - Information and documentation-Risk assessment for identification and records systems, is the reason to re-think on the subject.
