GLOSSARY

access control list
In systems—such as ERM, EDRMS, or document management systems—a list of individuals authorized to access, view, amend, transfer, or delete documents, records, or files. Access rights are enforced through software controls.
accountability
The assigned responsibility for records management at a senior level to ensure effective governance with the appropriate level of authority.
adverse inference
Generally a legal inference, adverse to the concerned party, made from a party's silence or the absence of requested evidence.
application programming interface (API)
A way of standardizing the connection between two software applications. They are essentially standard hooks that an application uses to connect to another software application.
archival information package (AIP)
One of three types of information packages that can be submitted in the OAIS preservation model.
archive
Storing information and records for long term or permanent preservation. With respect to e-mail, in a compressed and indexed format to reduce storage requirements and allow for rapid, complex searches (this can also done for blogs, social media or other applications). Archiving of real-time applications like email can only be deemed reliable with record integrity if it is performed immediately, in real time.
artificial intelligence
A branch of computer science that aims to create intelligent machines that can perform human-like thinking tasks in a rapid and automated way, programming computers to solve problems using knowledge, reasoning, perception, learning, and planning. AI is increasingly being used in IG programs for finding relevant information in e-discovery, and classifying unstructured information, as well as assisting in compliance tasks.
ARMA International
Association for Records Managers and Administrators, the U.S.-based nonprofit organization for records managers with a network of international chapters.
authentication, authorization, and audit (or accounting) (AAA)
A network management and security framework that controls computer system logons and access to applications that enforces IG policies and audits usage.1
autoclassification
Setting predefined indices to classify documents and records and having the process performed automatically by using software, rather than human intervention. A strong trend toward autoclassification is emerging due to the impact of “Big Data” and rapidly increasing volumes of documents and records.
backup
A complete spare copy of data for purposes of disaster recovery. Backups are nonindexed mass storage and cannot substitute for indexed, archived information that can be quickly searched and retrieved (as in archiving).
best practices
Those methods, processes, or procedures that have been proven to be the most effective, based on real-world experience and measured results.
Big Data
It is high volume, variety, and velocity of data that is too large to manage in traditional relational databases.
blockchain
An aggregation of appended records, “blocks,” that are kept in sequence as a list of records, cryptographically linked—that is, each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. A blockchain is more secure than previous records databases, and represents an open, distributed ledger that records and verifies transactions efficiently and permanently.
business activities
The tasks performed to accomplish a particular business function. Several activities may be associated with each business function.
business case
A written analysis of the financial, productivity, auditability, and other factors to justify the investment in software and hardware systems, implementation, and training.
business classification scheme
Also referred to as a BCS, the overall structure an organization uses for organizing, searching, retrieving, storing, and managing documents and records in ERM. The BCS must be developed based on the business functions and activities. A file plan is a graphic representation of the BCS, usually a “hierarchical structure consisting of headings and folders to indicate where and when records should be created during the conducting of the business of an office.” In other words the file plan links the records to their business context.
business driver
Is a key factor that motivates an organization to undertake a project or program to address that business need.
business functions
Basic business units such as accounting, legal, human resources, and purchasing.
business intelligence
The set of techniques and tools for the transformation of raw data into meaningful and useful information for business analysis purposes. Business intelligence has generally focused mainly on structured data held within relational databases.
business processes
A coordinated set of collaborative and transactional work activities carried out to complete work-steps.
business process improvement (BPI)
Analyzing and redesigning business processes to streamline them and gain efficiencies, reduce cycle times, and improve auditability and worker productivity.
business process outsourcing (BPO)
It is the practice of contracting a third party to perform specific business functions. Often BPO engages businesses outside the home country of the primary business, in order to lower costs.
business process management
Is the analysis, refinement and improvement of automated work steps to reduce cycle times, costs, and labor to speed processing and improve its accuracy.
business process management system (BPMS)
A superset of workflow software, and more: BPMS software offers five main capabilities:2
  1. Puts existing and new application software under the direct control of business managers.
  2. Makes it easier to improve existing business processes and create new ones.
  3. Enables the automation of processes across the entire organization, and beyond it.
  4. Gives managers “real-time” information on the performance of processes.
  5. Allows organizations to take full advantage of new computing services.
BYOD
Is a ‘bring your own device’ which is a policy whereby organizations allow employees to bring their own smartphone, tablet, or laptop to use in the workplace.
capture
Capture components are often also called input components. There are several levels and technologies, from simple document scanning and capture to complex information preparation using automatic classification.
case records
Case records are characterized as having a beginning and an end, but are added to over time. Case records generally have titles that include names, dates, numbers, or places.
change management
Methods and best practices to assist an organization and its employees in implementing changes to business processes, culture, and systems.
classification
Systematic identification and arrangement of business activities and/or records into categories according to logically structured conventions, methods, and procedural rules represented in a classification system. A coding of content items as members of a group for the purposes of cataloging them or associating them with a taxonomy.
CIA
triad is a cyber-security principle or model whereby security policies are formed using the confidentiality, integrity, and accessibility of information as key considerations.
cloud computing
Cloud computing refers to the provision of computational resources on demand via a network. Cloud computing can be compared to the supply of electricity and gas, or the provision of telephone, television, and postal services. All of these services are presented to the users in a simple way that is easy to understand without the users’ needing to know how the services are provided. This simplified view is called an abstraction. Similarly, cloud computing offers computer application developers and users an abstract view of services, which simplifies and ignores much of the details and inner workings. A provider's offering of abstracted Internet services is often called The Cloud.
Code of Federal Regulations (CFR)
“The Code of Federal Regulations (CFR),” issued annually, is the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the federal government. It is divided into 50 titles that represent broad areas subject to federal regulation. The 50 subject matter titles contain one or more individual volumes, which are updated once each calendar year, on a staggered basis.”3
cold site
A cold site is simply an empty computer facility or data center that is ready with air-conditioning, raised floors, telecommunication lines, and electric power. Backup hardware and software will have to be purchased and shipped in quickly to resume operations. Arrangements can be made with suppliers for rapid delivery in the event of a disaster.
compliance monitoring
Being regularly apprised and updated on pertinent regulations and laws and examining processes in the organization to ensure compliance with them. In a records management sense, this involves reviewing and inspecting the various facets of a records management program to ensure it is in compliance. Compliance monitoring can be carried out by an internal audit, external organization, or records management and must be done on a regular basis.
computer memory
Solid state volatile (erasable) storage capability built into central processing units of computers. At times memory size can be increased by expanding it to the computer's hard drive or external magnetic disks.
consensus mechanism
The way a group makes a decision jointly. Often referred to in blockchain applications like Bitcoin, where users need to constantly update their history of transactions in order to reflect new transactions and wallet balances.
content
In records, the actual information contained in the record; more broadly, content is information, for example, content is managed by ECM systems, and may be email, e-documents, Web content, report content, and so on.
content services
A newer definition of cloud-based content management services offered by Gartner. A content services platform is a set of services and microservices, embodied either as an integrated product suite or as separate applications, that share common APIs and repositories, to exploit diverse content types and to serve multiple constituencies and numerous use cases across an organization.
controlled vocabulary
Set, defined terms used in a taxonomy.
corporate compliance
The set of activities and processes that result in meeting and adhering to all regulations and laws that apply to an organization.
dark data
Unknown data; data that has accumulated but is not used to derive insights or for decision making.
data analytics
The process and techniques for the exploration and analysis of business data to discover and identify new and meaningful information and trends that allow for analysis to take place.
data cleansing (or data scrubbing)
The process of removing corrupt, redundant, and inaccurate data in the data governance process.
data governance
A collection of practices and processes that help to ensure the formal management of data assets within an organization. Data governance often includes other concepts such as data stewardship, data quality, and others to help an enterprise gain better control over its data assets, including methods, technologies, and behaviors around the proper management of data. It also deals with security and privacy, integrity, usability, integration, compliance, availability, roles and responsibilities, and overall management of the internal and external data flows within an organization.
data governance framework
A logical structure for classifying, organizing, and communicating complex activities involved in making decisions about and taking action on enterprise data. The framework or system sets the guidelines and rules of engagement for business and management activities, especially those that deal with or result in the creation and manipulation of data.
data integrity
The overall completeness, accuracy, consistency, and trustworthiness of data.
Data stewardship
It is where individuals are assigned responsibility for the accuracy, integrity, and accessibility of data in the management and oversight of an organization’s data assets.
data loss prevention (DLP)
Data loss prevention (DLP; also known as data leak prevention) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, and so on) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information.
decentralized architecture
Characterized by no single point of failure. All system information is instantly and constantly replicated to all nodes in a network.
declaration
Assignment of metadata elements to associate the attributes of one or more record folder(s) to a record, or for categories to be managed at the record level, providing the capability to associate a record category to a specific record.
de-duplication
The process of identifying and eliminating redundant occurrences of data.
defensible deletion
Managing the life cycle of information in a standardized and routine way whereby information that has met its life cycle retention requirement is fully and completely deleted. Defensible deletion is the practice of methodically deleting electronically stored information (ESI) when it is no longer useful. This reduces the storage costs and legal risks.
descriptive analytics
A reactive type of data analytics that provides real-time analysis of incoming data.
Designing and Implementation of Recordkeeping Systems (DIRKS)
An Australian framework or methodology consisting of eight steps developed by the Archives Authority of New South Wales, included in ISO 15489, the international standard for records management. Roughly analogous to the Generally Accepted Recordkeeping Principles® developed by ARMA in the United States.
destruction
The process of eliminating or deleting records, beyond any possible reconstruction.
destruction certificate
Issued once the destruction of a record is complete, which verifies it has taken place, who authorized the destruction, and who carried it out. May include some metadata about the record.
destructive retention policy
Permanently destroying documents or e-documents (such as e-mail) after retaining them for a specified period of time.
diagnostic analytics
A reactive type of data analytics that provides insights into past performance.
digital preservation
See long-term digital preservation.
disaster recovery (DR)/business continuity (BC)
The planning, preparation, and testing set of activities used to help a business plan recover from any major business interruption, and to resume normal business operations.
discovery
May refer to the process of gathering and exchanging evidence in civil trials; or, to discover information flows inside an organization using data loss prevention (DLP) tools.
dissemination information package (DIP)
One of three types of information packages that can be submitted in the OAIS preservation model.
disposition
The range of processes associated with implementing records retention, destruction, or transfer decisions, which are documented in disposition authorities or other instruments.
distributed ledger
A decentralized database that provides a consensus of replicated, shared, and synchronized digital transactions geographically spread across many remote computers.
document
Recorded information or object that can be treated as a unit.
document analytics
Detailed usage statistics on e-documents, such as time spent viewing, which pages were viewed and for how long, number of documents printed, where printed, number of copies printed, and other granular information about how and where a document is accessed, viewed, edited, or printed.
Document labeling
It involves adding a tag or label to easily identify a document type or class, such as vital records or confidential documents.
document imaging
Scanning and digitally capturing images of paper documents.
document life cycle
The span of a document's use, from creation, through active use, storage, and final disposition, which may be destruction or preservation.
document life cycle security (DLS)
Providing a secure and controlled environment for e-documents. This can be accomplished by properly implementing technologies including information rights management (IRM) and data loss prevention (DLP), along with complementary technologies like digital signatures.
document management
Managing documents throughout their life cycle from creation to final disposition, including managing revisions. Also called document lifecycle management.
document type
A term used by many software systems to refer to a grouping of related records.
early case assessment
The process of attempting to quickly surface key electronically stored information (ESI), paper documents, and other potential evidence early on in a legal matter. The data gathered during early case assessment is then used to help estimate risk and guide case strategy, such as decisions to go to trial or settle.
e-discovery
Discovery in civil litigation or government investigations that deals with the exchange of information in electronic format (often referred to as electronically stored information or ESI). These data are subject to local rules and agreed-upon processes, and are often reviewed for privilege and relevance before being turned over to opposing counsel.
e-document
An electronic document, that is, a document in digital form.
Electronic Code of Federal Regulations (e-CFR)
“It is not an official legal edition of the CFR. The e-CFR is an editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register (OFR) and the Government Printing Office.”4
electronic document and records management system (EDRMS)
Software that has the ability to manage documents and records.
electronic record
Information recorded in a form that requires a computer or other machine to process and view it and that satisfies the legal or business definition of a record.
electronic records management (ERM)
Electronic records management is the management of electronic and nonelectronic records by software, including maintaining disposition schedules for keeping records for specified retention periods, archiving, or destruction. (For enterprise rights management, see Information Rights Management [IRM].)
electronically stored information (ESI)
A term coined by the legal community to connote any information at all that is stored by electronic means; this can include not just e-mail and e-documents but also audio and video recordings, and any other type of information stored on electronic media. ESI is a term that was created in 2006 when the US Federal Rules of Civil Procedure (FRCP) were revised to include the governance of ESI in litigation.
e-mail and e-document encryption
E-mail and e-document encryption refers to encryption or scrambling (and often authentication) of e-mail messages, which can be done in order to protect the content from being read by unintended recipients.
emulation
Software that mimics the behavior of another computer environment, often used to maintain compatibility of dated software or records in digital preservation. There can be legal concerns that arise regarding fidelity.
Encryption
It is the process of encoding or scrambling a message or information so that only authorized parties with the proper encryption key may access the information in a readable format.
enterprise content management (ECM)
Software that manages unstructured information such as e-documents, document images, e-mail, word processing documents, spreadsheets, Web content, and other documents; most systems also include some records management capability.
enterprise mobility management (EMM)
Software that enables the secure use of mobile devices and applications. Allows for IT to add and update apps to enable knowledge workers to complete work on mobile devices.
enterprise process analytics
Enterprise process analytics provides digital feedback on the status or various business processes in an organization, usually represented is a dashboard format so that management may understand the efficiency of business operations.
Enterprise risk management
It is the process of identifying and assessing the relative seriousness and likelihood of risks and organization faces, and crafting counter-measures to reduce the risks or their impact.
event-based disposition
A disposition instruction in which a record is eligible for the specified disposition (transfer or destroy) upon when or immediately after the specified event occurs. No retention period is applied and there is no fixed waiting period as with timed or combination timed-event dispositions. Example: Destroy when no longer needed for current operations.
expected value (EV)
Expected value is a calculation of the potential financial value of the impact of a risk, multiplied by the percentage likelihood that the risk event will occur.
faceted search
Faceted search helps those searching for information to narrow their options and more quickly find the information they are looking for.
faceted taxonomy
Faceted taxonomies allow for multiple organizing principles to be applied to information along various dimensions. Facets can contain subjects, departments, business units, processes, tasks, interests, security levels, and other attributes used to describe information. There is never really one single taxonomy but rather collections of taxonomies that describe different aspects of information.
Federal Rules of Civil Procedure (FRCP)—Amended 2006
In US civil litigation, the FRCP governs the discovery and exchange of electronically stored information (ESI), which includes not only e-mail but all forms of information that can be stored electronically.
file plan
A file plan is a graphic representation of the business classification scheme (BCS), usually a “hierarchical structure consisting of headings and folders to indicate where and when records should be created during the conducting of the business of an office. In other words the file plan links the records to their business context.”
folksonomy
The term used for a free-form, social approach to metadata assignment. Folksonomies are not an ordered classification system; rather, they are a list of keywords input by users that are ranked by popularity.5
functional retention schedule
Groups records series based on business functions, such as financial, legal, product management, or sales. Each function or grouping is also used for classification. Rather than detail every sequence of records, these larger functional groups are less numerous, and are easier for users to understand.
Generally Accepted Privacy Principles
A set of 10 Generally Accepted Privacy Principles, developed jointly by the Canadian Institute of Chartered Accountants and the American Institute of Certified Public Accountants through the AICPA/CICA Privacy Task Force. These principles can be used to guide the privacy aspects of an information governance program.
Generally Accepted Recordkeeping Principles®
A set of eight Generally Accepted Recordkeeping Principles®, also known as “The Principles” within the records management community,6 published in 2009 by US-based ARMA International to foster awareness of good recordkeeping practices and to provide guidance for records management maturity in organizations. These principles and associated metrics provide an information governance (IG) framework that can support continuous improvement.
governance, risk management, and compliance (GRC)
GRC is a high-level risk assessment set of tools to help senior and executive management assess the relative risks an organization faces, in the areas of compliance and governance.
governance model
A framework or model that can assist in guiding governance efforts. Examples include using a SharePoint governance model, the information governance reference model (IGRM), MIKE2.0, and others.
guiding principles
In developing a governance model, for instance for a SharePoint deployment, the basic principles used to guide its development. May include principles such as accountability (who is accountable for managing the site, who is accountable for certain content), who has authorized access to which documents, and whether or not the governance model is required for use, or to be used optionally as a reference.
Healthcare Insurance Portability and Accountability Act (HIPAA)
HIPAA was enacted by the US Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title II of HIPAA, known as the administrative simplification (AS) provision, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
hot site
A hot site is one that has identical or nearly identical hardware and operating system configurations, and copies of application software, and receives live, real-time backup data from business operations. In the event of a business interruption, the IT and electronic vital records operations can be switched over automatically, providing uninterrupted service.
identity and access management (IAM)
Sometimes referred to loosely as single sign-on, IAM is a framework of business processes, policies, and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place IT managers can control user access to critical information within their organizations. IAM software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise.
IG Process Maturity Model (IGPMM)
A model from the Compliance, Governance, and Oversight Council that measures the maturity of 22 enterprise processes of IT, RIM, Legal, Privacy & Security, and Business units (the five key impact areas of the IG Reference Model) on four levels. Bringing these processes to maturity can reduce the risks and costs associated with evolving compliance and privacy regulations, increasingly expensive legal discovery, ever-growing storage requirements, and new data security challenges.
infonomics
The discipline that assigns “economic significance” to information and provides a framework to manage, measure, and monetize information.
information footprint
The total size of the amount of information an organization manages.
information asset risk mitigation plan
An information asset risk mitigation plan delineates the key risks an organization faces, and develops countermeasures to offset and reduce those risks.
information governance (IG)
IG is a subset of corporate governance and is an all-encompassing term for how an organization manages the totality of its information. IG “encompasses the policies and leveraged technologies meant to dictate and manage what corporate information is retained, where and for how long, and also how it is retained (e.g. protected, replicated, and secured). Information governance spans retention, security and life cycle management issues.”7 IG is an ongoing program that helps organizations meet external compliance and legal demands and internal governance rules.
information life cycle
The span of the use of information, from creation, through active use, storage, and final disposition, which may be destruction or preservation.
information management
The collection and management of information from one or more sources and the distribution of that information to one or more audiences. The process of collecting, storing, managing, and maintaining information in all its forms. IM broadly incorporates policies and procedures for centrally managing and sharing information among different individuals, organizations, and/or information systems throughout the information life cycle. Information management may also be called information asset management.
information and communications technology
ICT is a term that refers generally to information and communication technologies.
information map or data map
A graphic diagram that shows where information is created, where it resides, and the path it takes.
information quality
The accuracy, reliability, and quality of the content of information systems.
information rights management (IRM)
Information rights management (IRM) is often referred to as enterprise rights management. IRM applies to a technology set that protects sensitive information, usually documents or e-mail messages, from unauthorized access. IRM is technology that allows for information (mostly in the form of documents) to be remote controlled. This means that information and its control can be separately created, viewed, edited, and distributed. IRM is sometimes also referred to as enterprise digital rights management (E-DRM). This can cause confusion because digital rights management (DRM) technologies are typically associated with business-to-consumer systems designed to protect rich media such as music and video.
information technology
Technologies used to manage digital information.
inherited metadata
Automatically assigning certain metadata to records based on rules that are established in advance and set up by a system administrator.
Internet of Things
The IoT includes Internet-enabled connections to sensors, processors, and devices that collect, send, and act on data they acquire from their surrounding environments.
inventorying records
A descriptive listing of each record series or system, together with an indication of location and other pertinent data. It is not a list of each document or each folder but rather of each series or system.”8
ISO30300:2011 Information and documentation – Management systems for records – Fundamentals and vocabulary
Defines terms and definitions applicable to the standards on management systems for records (MSR) prepared by ISO/TC 46/SC 11. It also establishes the objectives for using a MSR, provides principles for a MSR, describes a process approach and specifies roles for top management.
ISO/TR 18128:2014 Information and documentation – Risk assessment for records processes and systems
Assists organizations in assessing risks to records processes and systems so they can ensure records continue to meet identified business needs as long as required.
jukebox (optical disk jukebox)
Optical disc autochanger units for mass storage that use robotics to pick and mount optical disks, and remove and replace them after use; dubbed a “jukebox” for their similarity in mechanics to jukebox units for playing vinyl records, and later, CDs.
key performance indicators (KPIs)
Metrics that measure progress toward achieving key business objectives. Organizations use KPIs at multiple levels to evaluate their success at reaching targets.
keyword search
Searching for a particular word or phrase that describes the contents of an e-document or information, or a Web page. Keywords represent shortcuts that sum up an entire email, document, or Web page. Keywords form part of a Web page's metadata and help search engines match a page to with an appropriate search query.
knowledge management (KM)
The accumulation, organization, and use of experience and “lessons learned” that can be leveraged to improve future decision-making efforts. Often involves listing and indexing subject matter experts, project categories, reports, studies, proposals and other intellectual property sources or outputs that is retained to build corporate memory. Good KM systems help train new employees and reduce the impact of turnover and retirement of key employees.
legal hold
Also known as a preservation order or hold order, a legal hold is a temporary suspension of the company's document retention destruction policies for the documents that may be relevant to a lawsuit or that are reasonably anticipated to be relevant. It is a stipulation requiring the company to preserve all data that may relate to a legal action involving the company. A litigation hold ensures that the documents relating to the litigation are not destroyed and are available for the discovery process prior to litigation. The legal hold process is a foundational element of information governance.
legal hold notification (LHN)
The process of notifying employees of certain date ranges and topics or categories of information that must be preserved and not modified or deleted in preparation for litigation.
limitation period
The length of time after which a legal action cannot be brought before the courts. Limitation periods are important because they determine the length of time records must be kept to support court action [including subsequent appeal periods]. It is important to be familiar with the purpose, principles, and special circumstances that affect limitation periods and therefore records retention.”9
long-term digital preservation (LTDP)
The managed activities, methods, standards and technologies used to provide long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time span the information is required to be retained.
machine learning
A category of AI algorithm that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. It is a branch of AI based on the idea that systems can learn from data, identify patterns, and make decisions with minimal human intervention.
master retention schedule
A retention schedule which includes the retention and disposition requirements for records series that cross business unit boundaries. The master retention schedule contains all records series in the entire enterprise.
meaningful use
In the context of health IT, meaningful use is a term used to define minimum US government standards for electronic health records (EHR), outlining how clinical patient data should be exchanged between healthcare providers, between providers and insurers, and between providers and patients. It is typically estimated to be about 40% of the capabilities of the EHR software app. Meaningful use ensures that the certified EHR technology is connected in a manner that provides for the electronic exchange of health information to improve the quality of care.
metadata
Metadata is short descriptive information about an email, document or database such as its author, date and time created, length, language, and business unit owner.
migration
Migration is the transfer of a file from one storage medium to another, to ensure its future readability. An example is moving files form old floppy disks, to optical discs. Maintaining file integrity, accuracy, and readability is of paramount importance.
mobile device management (MDM)
A type of security software used to monitor, manage, and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. Allows for remote wiping of lost devices, software upgrades en masse, and overall management of mobile devices within a network.
negotiated procurement
A negotiated procurement is where a consultant or other third party negotiates the purchase of hardware, software, and/or services on behalf of a client, without putting the project out to bid.
NENR
It is non-erasable, non-rewritable storage which is unalterable. NENR is often used in financial institutions to prevent adulteration of information. NENR storage includes Write-Once, Read-Many (WORM) tape and optical media, disk and disk-and-tape blended.
OAIS
Reference Model for an Open Archival Information System describes how to prepare and submit digital objects for long-term digital preservation (LTDP) and retrieval but does not specify technologies, techniques, or content types. The OAIS Reference Model defines an archival information system as an archive, consisting of an organization of people and systems that has accepted the responsibility to preserve information and make it available and understandable for a Designated Community (i.e. potential users or consumers), who should be able to understand the information. Thus, the context of an OAIS-compliant digital repository includes producers who originate the information to be preserved in the repository, consumers who retrieve the information, and a management/organization that hosts and administers the digital assets being preserved. The OAIS Information Model employs three types of information packages: A Submission Information Package (SIP), an Archival Information Package (AIP), and a Dissemination Information Package (DIP). An OAIS-compliant digital repository preserves AIPs and any PDI associated with them. A Submission Information Package encompasses digital content that a Producer has organized for submission to the OAIS. After the completion of quality assurance and normalization procedures, an Archival Information Package is created, which as noted previously is the focus of preservation activity. Subsequently, a Dissemination Package is created that consists of an AIP or information extracted from an AIP that is customized to the requirements of the Designated Community of users and consumers.
optical character recognition (OCR)
OCR is the process of using optical reading technologies to read data from a paper form or documents. Optical disc is a highly durable storage medium similar to DVD that uses lasers to read information.
optical disk
Round, platter-shaped storage media written to using laser technologies. Optical disk drives use lasers to record and retrieve information, and optical media has a much longer useful life (some purported to be 100 years or more) than magnetic.
Penetration testing
It is also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
pattern search
A search for patterns or concrete concepts when searching a corpus of e-documents. It attempts to find the best match (the solution that has the lowest error value). Often used in e-discovery phase of litigation.
personally identifiable information (PII)
Information about individuals that identifies them personally, such as Social Security number, address, credit card information, health information, and the like. PII is subject to privacy laws.
phishing
Phishing is a way of attempting to acquire sensitive information such as user names, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social websites, auction sites, online payment processors, or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website that looks and feels almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users, and it exploits the poor usability of current web security technologies.
policy
A high-level overall plan, containing a set of principles that embrace the general goals of the organization and are used as a basis for decisions. Can include some specifics of processes allowed and not allowed.
predictive analytics
A proactive type of data analytics that provides a forecast of what might happen.
predictive coding
The use of keyword search, filtering, and sampling to automate portions of an e-discovery document review. The goal of predictive coding is to reduce the number of irrelevant and nonresponsive documents that need to be reviewed manually.
prescriptive analytics
A proactive type of data analytics that formulates rules and recommendations based on historic data and other forward-looking data points.
preservation description information (PDI)
In the LTDP process, adhering to the OAIS reference model, description information such as provenance, context, and fixity.
privacy awareness training
A privacy training program for employees that raises privacy literacy and awareness in organizations. May use animations in short vignettes and may be gamified to improve user engagement.
process-enabled technologies
Information technologies that automate and streamline business processes. Process-enabled technologies are often divided into two categories: workflow automation or business process management. The two technologies have a significant amount in common. Indeed it is fair to say that a good deal of the technology that underpins business process management concepts has its roots in the late 1980s and early 1990s and stems from the early efforts of the workflow community.
project charter
A document that formally authorizes a project to move forward. “A project charter dramatically reduces the risk of a project being cancelled due to lack of support or perceived value to the company. It documents the overall objectives of the project and helps manage the expectations.”10
project manager
The person primarily responsible for managing a project to its successful completion.
project plan
Includes the project charter and project schedule and a delineation of all project team members and their roles and responsibilities.
project schedule
A listing of project tasks, subtasks, and estimated completion times.
policy
A high-level overall plan, containing a set of principles that embrace the general goals of the organization and are used as a basis for decisions. Can include some specifics of processes allowed and not allowed.
provenance
In records management, provenance is information about who created a record and what it is used for.
record category
A description of a particular set of records within a file plan. Each category has retention and disposition data associated with it, applied to all record folders and records within the category.
records appraisal
The process of assessing the value and risk of records to determine their retention and disposition requirements. Legal research is outlined in appraisal reports. This may be accomplished as a part of the process of developing the records retention schedules, as well as conducting a regular review to ensure that citations and requirements are current.
Ransomware as a service (RaaS)
RaaS is an approach to ransomware where back hat hackers sell ransomware through a cloud-based platform.
records integrity
The accuracy and consistency of records, and the assurance that they are genuine and unaltered.
records management (RM) or records and information management (RIM))
The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records. A set of instructions allocated to a class or file to determine the length of time for which records should be retained by the organization for business purposes, and the eventual fate of the records on completion of this period of time.
records retention schedule/records retention period
A records retention schedule spells out how long different types of records are to be held, and how they will be archived or disposed of at the end of their life cycle. It considers legal, regulatory, operational, and historical requirements.11
records series
A group or unit of identical or related records that are normally used and filed as a unit and that can be evaluated as a unit or business function for scheduling purposes.12
responsibility assignment (RACI) matrix
A RACI matrix, or responsibility assignment matrix spells out who is Responsible, Accountable, Consulted, and Informed in a particular project or program.
refreshment
The process of copying stored e-records to new copies of the same media, to extend the storage life of the record by using new media.
return on investment (ROI)
A performance measure used to evaluate the efficiency of an investment …. To calculate ROI, the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio.”13
risk management framework
The structured process used to identify potential risks and threats an organization faces and to develop offsetting countermeasures to minimize the impact of these risks, as well as the control mechanisms to effectively monitor and evaluate this strategy.
risk profile
A listing of risks an organization faces and their relative likelihood; used as a basic building block in enterprise risk management that assists executives in understanding the risks associated with stated business objectives, and allocating resources, within a structured evaluation approach or framework.
secure sockets layer (SSL)/transport layer security (TLS)
Secure sockets layer (SSL) and transport layer security (TLS) are cryptographic protocols that provide communications security over the Internet. SSL and TLS encrypt the segments of network connections above the transport layer, using symmetric cryptography for privacy and a keyed message authentication code for message reliability.
senior records officer (SRO)
The leading records manager in an organization; may also be titled chief records officer or similar.
service-level agreement (SLA)
The service or maintenance contract that states the explicit levels of support, response time windows or ranges, escalation procedures in the event of a persistent problem, and possible penalties for nonconformance in the event the vendor does not meet its contractual obligations.
service-oriented architecture (SOA)
An IT architecture that separates infrastructure, applications, and data into layers.
Six Sigma
Six sigma is a disciplined, statistical-based, data-driven approach and continuous improvement methodology for eliminating defects in a product, process or service.
smishing
SMS is short message service, which is texting on smartphones and mobile devices. SMiShing is a security attack in which the user is tricked into downloading a Trojan horse, virus, or other malware onto his cellular phone or other mobile device. SMiShing is short for SMS phishing.
social engineering
The term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
social tagging
A method that allows users to manage content with metadata they apply themselves using keywords or metadata tags. Unlike traditional classification, which uses a controlled vocabulary, social tagging keywords are freely chosen by each individual. This can help uncover new categories of documents that are emerging, and helps users find information using their terms they believe are relevant.
solid state disk drive
A solid state drive is storage that has no moving parts, similar to computer memory.
spoliation
The loss of proven authenticity of a record. Can occur in the case of e-mail records if they are not captured in real time, or they have been edited in any way.
structured data
A collection of records or data that is stored in a computer; records maintained in a database or application.
subject matter expert (SME)
A person with deep knowledge of a particular topical area. SMEs can be useful in the consultation phase of the taxonomy design process.
subject records (or topic or function records)
Subject records (also referred to as topic or function records) “contain information relating to specific or general topics and that are arranged according to their informational content or by the function/activity/transaction they pertain to.”14
submission information package (SIP)
One of three types of information packages that can be submitted in the OAIS preservation model.
technology-assisted review (TAR)
Technology Assisted Review (TAR) is a process of having computer software electronically classify documents based on input from expert reviewers, in an effort to expedite the organization and prioritization of the document collection. typically during the e-discovery process.
taxonomy
A hierarchical structure of information components, for example, a subject, business-unit, or functional taxonomy, any part of which can be used to classify a content item in relation to other items in the structure.
text analytics
The process of deriving high-quality information from text, typically through the devising of patterns and trends through means such as statistical pattern learning. Also known as text mining.
text mining
Performing detailed full-text searches on the content of document. See text analytics.
thesaurus
In taxonomies, a thesaurus contains all synonyms and definitions, is used to enforce naming conventions in a controlled vocabulary, for example, invoice and bill could be terms that are used interchangeably.
time-/date-based disposition
A disposition instruction specifying when a record shall be cut off and when a fixed retention period is applied. The retention period does not begin until after the records have been cut off, for example: destroy after two years.
total cost of ownership (TCO)
TCO is the calculation of to total cost of a computing system including hardware, software, maintenance, and other related costs throughout the lifespan of a computing system.
transfer
Moving records from one location to another, or change of custody, ownership, and/or responsibility for records.
unstructured information
Records that are not expressed in numerical rows and columns but rather are objects such as image files, e-mail files, Microsoft Office files, and so forth. Structured records are maintained in databases.
usage (records)
The purpose a record is used for, i.e. its primary use.
vulnerability assessment
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization with an understanding of the threats and how to counter them.
vital records
Vital records are mission-critical records that are necessary for an organization to continue to operate in the event of disruption or disaster and cannot be recreated from any other source. Typically, they make up about 3%-5% of an organization's total records. They are the most important records to be protected, and a plan for disaster recovery (DR)/business continuity (BC) must be in place to safeguard these records.
warm site
A warm site has the hardware and operating systems the main data center has, and likely the applications, but needs data loaded to go online and resume processing when a main site is damaged or compromised.
workflow, workflow automation, and workflow software
Software that can route electronic folders through a series of worksteps to speed processing and improve auditability. Not to be confused with business process management systems (BPMS), which have more robust capabilities.
WORM
Write Once Read Many optical disk storage media that is nonerasable, and can only be written to one time.

Notes

  1. 1.   TechTarget.com, “Authentication, Authorization, and Accounting,” http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting (accessed December 5, 2012).
  2. 2.   John O'Connell, Jon Pyke, and Roger Whitehead, Mastering Your Organization's Processes (Cambridge, UK: Cambridge University Press, 2006), 14.
  3. 3.   The U.S. Government Printing Office (GPO), “Code of Federal Regulations,” www.gpo.gov/help/index.html#about_code_of_federal_regulations.htm (accessed April 22, 2012).
  4. 4.   National Archives and Records Administration, “Electronic Code of Federal Regulations,” October 2, 2012, http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&tpl=%2Findex.tpl.
  5. 5.   Tom Reamy, “Folksonomy Folktales,” KM World, September 29, 2009, www.kmworld.com/Articles/Editorial/Feature/Folksonomy-folktales-56210.aspx.
  6. 6.   ARMA International, “How to Cite GARP,” www.arma.org/garp/copyright.cfm (accessed May 8, 2012). This chapter was contributed by Charmaine Brooks, CRM.
  7. 7.   Kathleen Reidy, “The Rise of Information Governance,” Too Much Information: The 451 Take on Information Management (blog), August 5, 2009, http://blogs.the451group.com/information_management/2009/08/05/the-rise-of-information-governance/.
  8. 8.   U.S. National Archives and Records Administration, “Disposition of Federal Records: A Records Management Handbook,” www.archives.gov/records-mgmt/publications/disposition-of-federal-records/chapter-3.html (accessed April 3, 2012).
  9. 9.   Government of Alberta, “Developing Retention and Disposition Schedules,” p. 122.
  10. 10. Rita Mulcahy, “Project Management Crash Course: What Is a Project Charter?” October 28, 2009, www.ciscopress.com/articles/article.asp?p=1400865.
  11. 11. National Archives, “Frequently Asked Questions about Records Scheduling and Disposition,” updated June 6, 2005, www.archives.gov/records-mgmt/faqs/scheduling.html#whysched.
  12. 12. University of Toronto Archives, “Glossary,” www.library.utoronto.ca/utarms/info/glossary.html (accessed September 10, 2012).
  13. 13. Investopedia website, “Return on Investment,” www.investopedia.com/terms/r/returnoninvestment.asp#axzz2E6SXDDOc (accessed December 4, 2012).
  14. 14. Ibid.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.65.134