Wednesday, July 22, 2009

ATR: Information Management Reference Model -- Been There? Done That?

A colleague pointed out this blog post. Seems that the same folks who brought us the Electronic Discovery Reference Model (EDRM) are going to develop the Information Management Reference Model (IMRM). Interesting. Now don't get me wrong, I refer to the EDRM at almost every opportunity -- in fact, my job title is modeled on it. I'm quite pleased to see that the cornerstone of the EDRM is Information Management. If you don't know what you have, you can't find it when you need it. If you don't manage what you have, you will have too much to sift through when you need it.

So I suppose that it is a natural extension of the EDRM to show how that relationship works. The components need to be defined and vendors can then market their services and products around each component of the model. But, haven't we already done this? Sure we have. We like to call it the lifecycle of records. The traditional approach designates the lifecycle as:
  • Creation
  • Distribution
  • Use
  • Maintenance
  • Disposition
There have been a variety of iterations of this model, the latest of which was given the title "Information Lifecycle Management". But the core components remain the same through each evolution, so I would hope that the IMRM would contain the same basic elements.

Over and above the lifecycle concept, ARMA International has developed the Generally Accepted Recordkeeping Principles, or GARP (I'm missing some Service Marks there). GARP has some commonality with the lifecycle model, but GARP is designed to provide organizations with a core governance model for RIM programs. So it is a bit different. ISO 15489, which predates GARP, provides a bridge between the lifecycle model and the governance elements. So arguably, if you were going to build a Reference Model, you may need a starting point of Governance that provides an overall framework for managing records. Within Creation, you'd want to speak to creating records, capturing records, or receiving records and the attendant processes to determine if the information is, in fact, a record. A key element of any RIM program is not retaining all information (even though some vendors believe that "immutable archives" are the way to go and you therefore have to retain everything forever). Distribution likely has to speak to the means of transport of records in an organization and the manner in which those systems add and retain metadata about the record. Use is somewhat outside of scope of services because it speaks to the value proposition of the record. But there are metadata elements that are created and should be associated with the record. The record also has to be protected and secured during Use. Maintenance is a big catch all and includes mechanisms to store and preserve the information. The application of retention periods comes into play here and it is at this point that the IMRM connects most strongly to the EDRM. Lastly comes Disposition. Disposition will involve the final destruction or transfer of the records. It will be important to note that Disposition largely happens outside of the EDRM -- because Disposition can only happen when the records are not required to be retained for legal proceedings.

My expectation is that someone will want to make a major pitch for a step in the process that might be called "Classification". This would be where various attributes are associated with the record. These attributes could include the record series identifier, the vital records status of the record, and the security classification of the record. I would suggest that this is a process within Creation, but I suspect that the vendor community may want to carve this out. I would also expect a push to carve out "Storage" as a separate process, with "Archiving" seen as an additional process, the rationale being that "storage" is really about making records available during Use and archiving processes are about the Maintenance of the information.

The bottom line, however, is that the IMRM should be pretty easy to define -- it's been done before. The challenge will be to ensure that the Model is not too granular and that terminology is what we expect it to be. After all, us records managers have been there and done that -- and do it every day. The folks at EDRM ought to look us up to help out.