So, you’re ready to digitise your business records to maintain compliance with government and industry regulations. Should you be looking for a document management system or software that is exclusively for records management? Actually, document management enables you to digitise and archive both documents and records. Let’s explore the differences between the two to clarify the situation.
Records are evidence of a transaction, decision or commitment that an individual, company, nonprofit or government agency makes. A document becomes a record after a business process is completed. Records are stored in final form in case they’re needed as confirmation that an action took place rather than because they’re in active use. They cannot be edited or revised.
Proving compliance, limiting access to authorised personnel, ensuring security and enforcing retention schedules are among the main goals of records management. Easy storage and retrieval, time and cost savings gained through cloud office automation and data security are the primary objectives of document management.
The path from document to record
- Contract: When terms are agreed upon, it has been signed by all necessary stakeholders and is ready to be executed
- Invoice: When it is approved and paid
- Warrant: When an arrest is made or the warrant is recalled
- Financial aid application: When financial aid is awarded or the application is rejected
- Tax return: When it is submitted to the IRS and money is returned or taxes that are owed are paid
Monitoring retention schedules without an office automation system can get messy
You’ll notice that the retention requirements in the brief examples below vary widely. This makes it difficult, if not impossible, to keep track of retention schedules manually – and the cost of non-compliance can be substantial.
Student records governed by the Education Act 2005 and Data Protection Act 1988
- Student records – at least 6 years
Consequences of noncompliance include the possibility that a public school may lose funding from the Department of Education.
Business records
- Accounting records- 6 years from the end of the accounting period
- Statutory books – 10 years
- VAT MOSS (Mini One Stop Shop) records – 10 years
- Minutes of board meetings and resolutions – 10 years
- PAYE records – 3 years from the end of the tax year to which they relate
Consequences of noncompliance include paying extra tax because your company hasn’t kept proof of planned deductions; tax adjustment after an audit and audit failures that result in large fines.
What are the primary components of records management?
- Archiving: A record must be saved in a secure repository with a unique identifier and indexed so that it can also be retrieved by name, date, keyword, full-text search and other criteria that an organisation defines
- Retention schedule enforcement: A record must be stored and eventually destroyed according to a defined set of rules established for each document type
- Access controls: Authorised users must be able to access, retrieve, and read the record – but make no changes to it. Occasionally, there is a reason to allow changes to the metadata associated with a record
- Audit trail: The lifecycle of a record should be trackable from beginning to end
- Security: Encryption and a robust access rights structure to prevent unauthorised changes
- Disaster recovery and business continuity: Records must be stored in multiple locations in paper or electronic format
How does document management encompass records management?
A document management system provides all the business-critical functions needed to meet any records management requirement as well as managing information and documents that are part of active business processes. These capabilities include:
- Indexing transforms documents into manageable information by reading key portions of data and storing each data point as an index value. These index values describe the purpose and content of the document and are ultra-efficient for searching and organising documents
- Archiving and retrieval take place after records are routed to the correct location via automated workflows. The index data previously assigned to the record ensures clear organisation and quick retrieval by authorised users
- Digital workflows use predefined processes to automatically archive records and enforce retention schedules
- Comprehensive security and backup measures include:
- Authentication via a unique username and password. This not only allows specific access rights to be assigned but ensures a complete audit trail of which document was accessed, by whom, and what actions were taken
- Encryption of cloud-based communication through TLS, HTTPS and HSTS to protect against protocol download attacks and cookie high jacking
- Geographically distributed digital backups, housed in a high-security Microsoft Azure data centre, safeguard vital information and ensure quick data recovery without unexpected expenditures