The principles of information governance, known as the Generally Accepted
Recordkeeping Principles®, or “the Principles”, are well-defined and well-understood by information governance and information management practitioners.
However, for some enterprises, where the GARP maturity baseline is low, The Principles may seem overwhelming.
Also, in companies where a records management function exists, that function realizes a much higher maturity when measured within their department and often has difficulty transferring their knowledge and capabilities to other areas of their organization or doesn’t measure those areas against the Principles, thus potentially leaving significant gaps and business risk that is not realized.
The Principles are grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory. They form the basis upon which every effective information governance program is built, measured, and – regardless of whether or not an organization or its personnel are aware of them – will one day be judged.
Therefore, it is in the best interest of all organizations to be fully aware of the Principles and to manage records and information assets in accordance with them.
Developed and published by ARMA International to assist organizations in developing compliant information management systems and programs, the Principles are comprehensive in scope – yet general in nature.
The Principles are a foundation for continuous improvement and maturity.
What are the 8 GARP Principles, and what guidance – and cautions – do the Principles provide to help today’s enterprises develop and maintain responsible and defensible records and information management protocols?
- Principle of Accountability: A senior executive, or a person of comparable authority) shall oversee the information governance program and delegate responsibility for records and information management to appropriate individuals. The organization adopts policies and procedures to guide personnel and ensure that the program can be audited.
- Principle of Integrity: An information governance program shall be constructed so the information generated or managed by the organization has a reasonable and suitable guarantee of authenticity and reliability.
- Principle of Protection: An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection.
- Principle of Compliance: An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies.
- Principle of Availability: An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information. A successful and responsible organization must have the ability to identify, locate, and retrieve the records and information required to support its ongoing business activities. These records and information are used by individuals and groups to reference, share, and support their business, legal and compliance authorities for discovery and regulatory review purposes, and numerous corporate functions to validate management decisions and account for the organization’s resources.
- Principle of Retention: An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements. As part of a retention program, an organization must develop a records retention schedule, which specifies what business records and information must be retained and for what length of time. Retention decisions are based on the information content and the organization’s legal, regulatory, fiscal, operational, and historical requirements for that content.
- Principle of Disposition: An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies. At the completion of their retention period, an organization’s records and information must be designated for disposition. In many cases, the appropriate disposition will be destruction of the information, in which case the organization must ensure that it is transported securely and destroyed completely and irreversibly.
- Principle of Transparency: An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties. Many parties have a legitimate interest in understanding the program activities and processes that govern an organization’s records and information. In addition to the organization itself, those parties include, but are not limited to, government authorities, auditors and investigators, litigants, and for some organizations, the general public. It should be evident, that it is in an organization’s best interest to ensure that:
- its activities are conducted in a lawful and appropriate manner,
- records and information management systems accurately and completely record its activities,
- any records and information management system is structured in a lawful and appropriate manner, and
- records and information management program activities are also conducted in a lawful and appropriate manner.
By leveraging the Principles, organizations can create, maintain and fully commit to an information governance program that embodies processes and activities that are clearly apparent, understandable, and reasonably available to legitimately interested parties.
It is the responsibility of today’s organizations to maintain complex and highly regulated records and information management protocols and these Principles facilitate such programs and even offer organizations a way to continually measure and improve their programs in each of these key principles and tenets.
About ARMA International and the Generally Accepted Recordkeeping Principles®
ARMA International (www.arma.org) is a not-for-profit professional association and the authority on information governance. Formed in 1955, ARMA International is the oldest and largest association for the information management profession with a current international membership of more than 10,000. It provides education, publications, and information on the efficient maintenance, retrieval, and preservation of vital information created in public and private organizations in all sectors of the economy. It also publishes Information Management magazine, and the Generally Accepted Recordkeeping Principles®. More information about the Principles can be found at www.arma.org/principles.