IMPLEMENTING EDRMS FROM – GO A HOW TO MANUAL Part of the How to manage information series VOLUME : COURSE MATERIAL © inforg 2010 PUBLISHED BY: Inforg Information Solutions Pty Ltd GPO Box 2096 Darwin NT 0801 GPO Box 7220 Hutt Street Adelaide SA 5000 Ph 0428836405 admin@inforg.com.au ABN : 76735494304 AUTHOR: Anastasia Govan TO ORDER COPIES CONSULTANCY: OF MANUAL, TRAINING OR Email: admin@inforg.com.au Telephone: 0428836405 Copyright notice This manual is copyright No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission Enquiries should be directed to the publisher Disclaimer This manual is provided to purchasers with the express knowledge and understanding that inforg, its authors, directors, shareholders, agents and employees, the producers of the manual or any approved person working on behalf of these companies (hereafter referred to as ‘the Company and Agents’) will not be responsible or in any way liable for the results of any act done or omitted to be done on the basis of information contained in theis manual, nor for any errors or omissions in the said information The Company and Agents expressly disclaim all and any liability for any loss or damage which may be © inforg 2010 suffered by any person or corporate entity which may make use of this manual or any person arising out or or as a result of or in connection with any act done or omitted to be done by the person using the manual in reliance, whether whole or partial, upon the whole or any part of the contents of this manual whether that loss/damage is accused by any fault or negligence on the part of the Company and Agents, or otherwise howsoever Introduction Content structure The manual explores the critical role of information and knowledge to an organisation Specifically, the manual aims to provide students and organisations with the theoretical and practical underpinning elements enabling them to evaluate, measure and extend the effectiveness of existing and new processes, tools and technologies used to manage information Strategies for building knowledge cultures, developing creativity and innovation, capturing organisational memory, managing content, value adding and utilising technology for knowledge transfer will be explored Readers will cover topics such as leadership, risk management, project management, collaboration, marketing, budgeting, quality control, policy development and organisational culture in the context of implementing an Electronic Document and Record keeping System About the presenter (Ana)stasia Govan is an academic and consultant focusing on information, business management and for 15 years in Australia and Asia Ana has received several national awards from Professions Australia, academic institutions and the Australian Computer Society Currently a Senior Lecturer with Charles Darwin University Graduate Diploma of Information and Knowledge Management course and writing economics units for the Business School, Ana also teaches records management and library VET units Ana has held several Executive and non Executive national board directorships with private and not for profit organisations and is an active member of relevant professional societies Consulting services Services cover Information & Records Management, Telecommunications and Technology strategic and tactical services to the IT&T market, including advice on and implementation of: • Information Technology, Freedom of Information, Privacy, Project management and Records management compliance â inforg 2010 ã ã ã ã ã • • • • • • • • • • • • • • • Information technology and telecommunications strategy, planning, and acquisition Systems Integration and Facilities Management services Information, records, library, and knowledge management theory and technical implementations Classification and disposal schedules development and implementation Risk evaluation and planning IT outsourcing management Scanning solutions through our business partner INFORG Information Solutions Electronic Commerce, including business analysis and process design Distributors and implementation partners for Appian, HP Tower, Gateway and Outback Imaging (Ezescan scanning) Mobile laptop training network and Training facilities in Darwin and Melbourne Sharepoint, TRIM, integration and SQL expertise Regional telecommunication and other infrastructure planning and implementation Negotiation and funding access applications Federal and State Government liaison Policy evaluation, advice, business planning ICT resource and industry research analysis publications Project management Business, workflow and process analysis Labour hire – Records, Library, Knowledge Management and TRIM Training If you would like further information about any of our services please phone 0428836405 or email admin@inforg.com.au © inforg 2010 Manual content: The content is structured into themes and topics as follows Introduction Theme knowledge • • - The relationships of data, information and The socialisation of data, information and knowledge Terminology ← Theme - Why information is important to an organisation • • • The information lifecycle Why measure information as an asset? Why organisation management data, information and knowledge? How organisations manage information? Theme - Identifying the need for improvement in managing information • • • • • What is an information audit? Information audit models Organisational culture and information sharing Information as a business asset Building communities of practice Theme - Measuring information as a business asset • Why measure information as an asset • Models for valuing information as an asset Theme - The business case for managing information effectively • Defining business requirements • Elements of the business case Theme - Acquiring an information system to manage information effectively • • • Build or buy Systems principles Requests for information Theme – Contracting fundatmentals • Tendering © inforg 2010 • • What is a contract Getting value from contracts Theme - Implementation of the information management system • What is an information management system? • Types of information management systems Theme - Using project management methodologies • Using project management methodologies to implement an information management system • Why is project management important? Theme 10 - Exploring elements of project implementation • Change management • Policy and procedures • Information security • Implementation evaluation ã Continuous improvement in the management information Conclusion â inforg 2010 of Teaching and Learning Strategies Self directed: Follow the manual yourself to implement an EDRMS in your workplace There are two parts; Volume – Course material Volume - Readings Take a course: Contact Whitehorse Strategic Group (admin@whitehorsestrategic.com.au) for a training course on the material in this manual Learning framework: The content of the manual establishes the framework of knowledge from which you can explore the fundamental topics of implementing an EDRMS The learning activities at the end of each topic include options for discussion in a class room or within your work place, with optional self assessments consolidating your new knowledge As well as the provided activities and readings there are further references in the manual you can followup at your local library © inforg 2010 Theme - The relationships information and knowledge of data, Topic 1.1.1 Material - The socialisation of data, information and knowledge Data, information and knowledge are terms relating to elements of human thought, socialization and communication (Firestone, 2001) The Australian Standard on Knowledge Management defines them as; ← Data - Any manifestation in the environment, including symbolic representations, that in combination may form the basis of information ← ← ← ← Information - Data in a context to which meaning has been attributed Knowledge - A body of understanding and skills that is constructed by people Knowledge is increased through interaction with information (typically from other people) Boisot (1998) in Knowledge Assets Clarifies further by stating; "data, information, and knowledge is relevant for explaining the contrast between physical assets and knowledge assets Knowledge builds upon information that is extracted from data In contrast to data that can be characterized as a property of things, knowledge is a property of agents predisposing them to act in particular circumstances Information is that subset of the data residing in things that activates an agent through the perceptual or cognitive filters In contrast to information, knowledge cannot be directly observed Its existence can only be inferred from actions of agents Similarly knowledge assets cannot be directly observed in nature as they need to be apprehended indirectly Hence, in contrast to the emphasis on tangible input-focused measures of physical assets, knowledge assets require understanding in terms of quality and content of performance outcomes" (p 12) © inforg 2010 The Dampier Rock Art Precinct in Western Australia is the worlds largest collection of Petroglyphs (rock carvings).Over 250,000 individual rock carvings are estimated to be in this region Some date back as far ago as 10,000 years Some have been destroyed, some will be destroyed, some may be removed and some may remain Take a look at the rock art at http://www.ntwa.com.au/dampier.html Do you think they are data, information or knowledge given the above definitions? Some may argue that they are data as they are symbolic representations and not knowledge as they have lost the context to which their meaning has been attributed Other elements that have given us the context and meaning of the data to utilize it as information and increase our knowledge has been lost If they are simply data and not information that can be converted into knowledge are they less valuable and to whom? What are the risks if the rocks are destroyed, individual ones moved to museums or stay where they are? © inforg 2010 In a digital business world if someone has your credit card number, someone else has your signature and someone else the expiry date of the card the value of the information is low in a commercial context If the same person has all three data elements, a context arises and information is created The value of the individual data elements increases As the value of the data elements increases so the risks, costs and complexities surrounding management of the information at a business and global level The importance of managing information is critical not only for individuals and businesses but at a global level The World Development Report (1998) states that "For countries in the vanguard of the world economy, the balance between knowledge and resources has shifted so far towards the former that knowledge has become perhaps the most important factor determining the standard of living - more than land, than tools, than labor." In the KM Review article in your reading list for Topic Saint Onge (2006) discusses the convergence of knowledge and technology Braue (2002) and the first chapter of your Laudon and Laudon (2006) text identifies how important management of information is for competitive advantage in the business world 1.1.2 Readings Braue, D (2002) Banking on brain power:The secret to edging out the competition is discovering where your organisation’s knowledge lies, and managing it effectively ZDNET Australia Department of Economic and Social Affairs (2003) Expanding Public Space for the Development of the Knowledge Society: Report of the Ad Hoc Expert Group Meeting on Knowledge Systems for Development United Nations:New York Firestone, J (2001) Key issues in knowledge management Knowledge and innovation:Journal of the KMCI Vol (3) Saint Ong, H (2006) The convergence of knowledge and technology Technology Spotlight, vol 9, no 1.1.3 References Boisot, M.H Knowledge Assets New York, NY: Oxford University Press, 1998 © inforg 2010 10 Appendix F, Automated Records Management System File Culling Report Example Appendix G, Automated Records Management System Accession Number Entry Report Sample Appendix H, form ARS 518 (Records Destruction Authorization) sample Appendix I, "60-Day Notice of Final Disposition Action" Example Appendix J, Offsite Transfer Flow Chart 7.7 Retrieving Records From Offsite Storage 7.8 Re-activating Files o o • 8.0 Electronic Records o 8.1 Overview (To be developed) o 8.2 E-Mail o 8.3 Voice Mail • 9.0 Disaster Recovery o 9.1 Water Damaged Records The documents are important as they can be used to terminate employee contracts or indicate to a court what is the usual expected process in the organisation Email useage policies have been used to terminate employees and subsequently tendered to court rooms as evidence An important document within an organisation is a disposal schedule It is a tool to manage how long information needs to be kept by an organisation It also has legal implications for disposal of records at certain timeframes The importance of these documents has recently been elevated by the Victorian government who has legislated regarding their existence Many government agencies in Australia use a functional thesaurus based on the New South Wales AAA Keyword thesaurus model The thesaurus can form the basis of the disposal schedule A link to Northern Territory Government examples can be found in your reading list A disposal schedule is also referred to as a records schedule, disposal authority, records retention schedule, transfer schedule and defined by the American Society for Archivists as "A document that identifies and describes an organisation's records, usually at the series level, © inforg 2010 80 provides instructions for the disposition of records throughout their life cycle." From http://www.archivists.org/glossary/term_details.asp? DefinitionKey=125 10.2.2 Readings Priest, M (2006) Document destruction could be costly Australian Financial Review pg 58 Northern Territory Government disposal schedules for core functions (Click on government recordkeeping on right hand side then navigate through the guidelines on the right hand side pane to find the relevant guideline) Southhampton email usage policy 10.2.3 References AS ISO 10013-2003 Guidelines for quality management system documentation 10.2.3 Activity Activity Locate two email management policies of different organisations and identify if they conform to ISO 10013 - 2003 Guidelines for quality document management system documentation Activity Read the Southhampton Solent University email usage policy in your readings Read the compliance tips at http://www.businesslink.gov.uk/bdotg/action/detail;jsessionid=FGsq 2LQyHCRFfnPTQTB1vQNtXcRFWv7xVygl12s502F0Y4vWdQHN!448947959!1166322922992? r.l3=1074402338&r.l2=1074446317&r.t=RESOURCES&r.i=1074402 © inforg 2010 81 916&r.l1=1073861197&r.s=m&type=RESOURCES&itemId=107440 3613 Activity What action could be taken and why in relation to the following email trail between two employees based on the email usage policy and compliance tips identified above KATRINA NUGENT 9.39am: Yesterday I put my lunch in the fridge on Level 19 which included a packet of ham, some cheese slices and two slices of bread which was going to be for my lunch today Over night it has gone missing and as I have no spare money to buy another lunch today, I would appreciate being reimbursed for it MELINDA BIRD 9.55: Katrina, There are items fitting your exact description in the level 20 fridge Are you sure you didn't place your lunch in the wrong fridge yesterday? KATRINA NUGENT 10.06: Melinda, probably best you don't reply to all next time, would be annoyed to the lawyers The kitchen was not doing dinner last night, so obviously someone has helped themselves to my lunch Really sweet of you to investigate for me! MELINDA BIRD 10.14: Katrina, since I used to be a float and am still on the level 19 email list I couldn't help but receive your ridiculous email - lucky me! You use our kitchen all the time for some unknown reason and I saw the items you mentioned in the fridge so naturally thought you may have placed them in the wrong fridge Thanks I know I'm sweet and I only had your best interests at heart Now as you would say, "BYE"! KATRINA NUGENT 10.15: I'm not blonde!! !MELINDA BIRD 10.16: Being a brunette doesn't mean you're smart though! KATRINA NUGENT 10.17: I definitely wouldn't trade places with you for "the world"! MELINDA BIRD 10.19: I wouldn't trade places with you for the world I don't want your figure! KATRINA NUGENT 10.21: Let's not get person (sic) "Miss Can't Keep A Boyfriend" I am in a happy relationship, have a beautiful apartment, brand new car, high pay job say no more!! MELINDA BIRD 10.23: Oh my God I'm laughing! happy relationship (you have been with so many guys), beautiful apartment (so what), brand new car (me too), high pay job (I earn more) say plenty more I have guys at the moment! haha Activity What issues would arise if the Southhampton Solent University relied on their policy document to terminate an employee that used the email system to forward pornographic images to another employee that was offended by them? © inforg 2010 82 © inforg 2010 83 Topic 10.3.1 Information security There are two different aspects to information security when managing information The first is the physical setup of a security matrix for employees with different responsibilities and levels within the organisation and for different types of information When applying the security in an Information Management System it is more manageable to apply security to a file or container not the individual document The second is related to privacy, competitive advantage, image of an organisation and inappropriate use of information tools and stores such as email and the internet In an effort to reduce privacy issues organisational policy and procedures may assist To impose physical access to information applications such as public key infrastructure can assist in encrypting data for transmission between two parties The current debate in Australia regarding privacy issues relates to the pending introduction of the National Health Identifier and personal medical information being stored on a smart card Chadwick (2006) outlines the value of privacy to citizens in relation to this issue National and state privacy principles, regulations, determinations by the Privacy Commissioner, debates and papers presented by the Commissioner are available on the www.privacy.gov.au website 10.3.2 Readings Chadwick, P (2006) The value of information privacy Victorian Privacy Commission:Melbourne Functional security matrix for accessing information on registry files, records management system or windows explorer files 10.3.3 References Office of the (Australian) www.privacy.gov.au Privacy © inforg 2010 84 Commissioner - Activities Activity Create a security matrix in Microsoft excel for the Community Health branch An organisational chart of the Community Health team is provided below Director Community Health Hearing Services Manager Audiologists Customer Service team Manager Customer service team Personal assistant Quality Manager Quality team Identify who should have read, write or delete access to the following types of information: • • • • • • Job description of the Post natal Home visiting nurse Inter Office Memo signed by Manager Nursing Services authorizing a change in financial delegations for the Clinical nurse manager Community Health Branch draft budget for 2006/2007 Approval for leave without pay by a the Manager Child Youth and Family for the xyz nurse Power point presentation on the Community Health reorganisation process that the Director gave to the Customer Service staff Project plan for implementation of an SQL database to replace the current Clipper database that Well Women’s Cancer program use © inforg 2010 85 Maternal & child health Manager Child health nurses Activity Using Administrative Functions Disposaln Authority (available from the National Archives website at http://www.naa.gov.au/recordsmanagement/keep-destroy-transfer/authorities/AFDA.aspx) from and identify how long each of the documents in activity above would need to be kept before they could be destroyed according to the relevant disposal schedules © inforg 2010 86 Topic 10.4.1 Implementation evaluation W.K Kelloggs foundation identifies three types of evaluation; 1.Project-Level Evaluation Project-level evaluation is the evaluation that project directors are responsible for locally The project director, with appropriate staff and with input from board members and other relevant stakeholders, determines the critical evaluation questions, decides whether to use an internal evaluator or hire an external consultant, and conducts and guides the projectlevel evaluation The primary goal of project-level evaluation is to improve and strengthen Kellogg-funded projects Ultimately, project-level evaluation can be defined as the consistent, ongoing collection and analysis of information for use in decision making Cluster Evaluation Cluster evaluation is a means of determining how well the collection of projects fulfils the objective of systemic change Projects identified as part of a cluster are periodically brought together at networking conferences to discuss issues of interest to project directors, cluster evaluators, and the Foundation Program and Policymaking Evaluation Program and policymaking evaluation is the most macro form of evaluation at the Foundation Conducted by the Foundation's programming staff, it addresses cross-cutting programming and policy questions, and utilizes information gathered and synthesized from both project-level and cluster evaluation to make effective decisions about program funding and support This type of evaluation also supports communities in effecting policy change at the local, state, and Federal levels To identify if the implementation of the information management system is; • meeting the identified user requirements, • will be implemented on time and on budget, • vendors are providing what was stated, • documentation is being completed to a high standard © inforg 2010 87 • the roles and resonsibilities of those governing and implementing the project are appropriate an audit by an external auditing organisation should occur at least in the middle of implementation and after the information management system is placed into 'production' and being used by stakeholders An external auditor gives an impartial evaluation of the information system implementation An overview of an IT system implementation audit can be found on the Institute of Internal Auditors website 10.4.2 Readings Mookhey, K (2008) Auditing IT Project Management Consulting: Mumbia NII Kellog Foundation (1998) W.K.Kellogg's Program Evaluation Handbook Kellog Foundation:MI Tavares, S (2001) Project Management Processes and Quality Checklist At http://www.prodetec-pr.com.br/dpt/PM-Audit.doc Auditnet (2002) Project management auditing guide http://www.auditnet.org/docs/ProjectManagement_Auditgui de.pdf Last accessed 29/04/2009 10.4.3 References Auditing IT systems implementation http://www.theiia.org/ITAudit/index.cfm? act=itaudit.archive&fid=5495CB 029-2003:The Audit Skills Handbook © inforg 2010 88 Topic 10.5.1 Continuous improvement in the management of information Ongoing evaluation and improvement can be identified and rectified through a Quality Management Framework Quality management first appeared in the 1950’s and has been referred to under many terms including Total Quality Management Incremental improvement in the key areas of people, processes and technology are part of the framework outlined further in your readings by Hashmi Quality Management Lifecycle is made of several steps relating to the evaluation principles of Plan, Do, Check, Act To assist with the principles there are steps to improve processes which are; • • • • • User awareness (define the user problem via surveying or interviewing) Document using flowcharts the existing process Define performance measures such as the time and cost of the process now Collect statistical evidence Analyse the cause and effect â inforg 2010 89 ã • • Provide solutions Monitor and evaluate solutions Update procedure document and retrain staff When quality systems are in place an organisation can be certified and then audited regularly (such as every three years) by a certifying body who will evaluate processes according to AS/NZS ISO 19011:2003 : Guidelines for quality and/or environmental management systems auditing In relation to information systems development the International standard ISO 9000-3:1997 Quality management and quality assurance standards - Part gives guidelines on the application of ISO 9001 (Quality management systems) to the development, supply, installation and maintenance of computer software An overview of auditing EDRMS implementation relating to Quality management by the International Standards Organisation and Accreditation appears in your readings Ongoing evaluation and improvement to the information management system and associated processes can be implemented through a Quality Management Framework English (2003 & 2002) outlines the importance of the link between Information and Quality Quality Management is also known as Total Quality Management and Business Process Improvement In the 1920's statistical theory was applied to quality control by Shewhart His work was later developed further by Edward Deming and applied to improve Japanese manufacturing processes in the 1940's and 1950's In the 1980's Deming applied his 14 principles to American manufacturing processes A full history and overview of Quality Management frameworks can be found http://www.isixsigma.com/library/content/c031008a.asp One of the concepts of the framework is the Quality lifecycle which is made of several steps relating to the evaluation principles of Plan, Do, Check, Act To assist with the principles there are steps to improve processes which are; • User awareness (define the user problem via surveying or interviewing) • Document using flowcharts the existing process • Define performance measures such as the time and cost of the process now • Collate statistical evidence © inforg 2010 90 • • • • Analyse the cause and effect Provide solutions Monitor and evaluate solutions Update procedure document and retrain staff When quality systems are in place an organisation can be certified and then audited regularly (such as every three years) by a certifying body who will evaluate processes according to AS/NZS ISO 19011:2003 : Guidelines for quality and/or environmental management systems auditing In relation to information systems development the International standard ISO 9000-3:1997 Quality management and quality assurance standards:Part gives guidelines on the application of ISO 9001 (Quality management systems) to the development, supply, installation and maintenance of computer software An overview of auditing different processes relating to Quality management by the International Standards Organisation and Accreditation Forum can be found in your reading list 10.5.2 Readings Hashmi., K http://www.isixsigma.com/library/content/c031008a.asp Last accessed 29/04/2009 AGIMO best practice checklists At http://www.finance.gov.au/egovernment/better-practice-and-collaboration/better-practicechecklists/index.html Malhortra, Y (2002) Why knowledge management strategies fail BRINT Institute: New York At http://www.brint.org/kms.pdf Last accessed 29/04/2009 English, L (2003) Total Information Quality Management - A Complete Methodology for IQ Management DM Review Magazine 10.5.3 References Deming, E (1986) Out of the crisis MIT Press: Cambridge Kannegieter, Tim (2004) Driving knowledge performance: A continuous improvement approach to developing and implementing knowledge strategy Day one KM Australia Conference Sydney © inforg 2010 91 Oakland, J.(1989) Total Quality Management Nichols Publising Company:new York International Standards Organisation and Accreditation Forum guidelines at http://isotc.iso.org/livelink/livelink/fetch/2000/2122/138402/138403/3 541460/customview.html? func=ll&objId=3541460&objAction=browse&sort=name © inforg 2010 92 Topic 10.6.1 Risk management Stoneburner, Goguen, and Feringa (2002) define risk management as "Risk is the net negative impact of the exercise of a vulnerability, considering both the probability and the impact of occurrence Risk management is the process of identifying risk, assessing risk,and taking steps to reduce risk to an acceptable level." Risk management is critical to the successful implementation of an information management system At the start of the project risks can be listed, ranked and tracked The resulting risk register can also be used as a tool to identify if a project should proceed based upon the risk to the organisation Contemporary approaches to strategic risk management are outlined by the New Zealand and Australian advisory arm of KPMG in a 2005 report listed in your readings A risk management template including a risk rating chart appears in your readings 10.6.2 Readings Risk management template Stoneburner, A; Gougen, A & Fergina, A (2003) Risk Management Guide for Information Technology Systems NIST:Gaithersburg KPMG.(2005) Strategic Risk Management survey © inforg 2010 93 Conclusion Your organisation can leverage competitive advantage from being able to quickly find information for or about clients, staff will save time in searching and not having to recreate documents and all data elements of communication (such as phone calls, memos, conversations front counters, policy and complaint Microsoft word documents) can be captured into a single system giving complete knowledge about an event or client To achieve a successful EDRMS implementation methodologies should be followed These include; several High level steps for implementing an EDRMS incorporating project management methodology (page 32) Information audit steps (page 38) Contract lifecycle steps (page 57) Documenting and measuring current processes (page 59) Project management steps (page 68-70) EDRMS high level project plan (page 71) Records management manual contents (page 79) Steps to improving processes (page 90) Once an organisation has successfully implemented an Information Management system the information architecture may look like those in Reading and Conclusion Readings What the organisation infrastructure will look like.doc Workflow of EDMS March 2004.doc © inforg 2010 94