access control list In systems such as electronic records management, electronic document and records management systems, or document management systems, a list of individuals authorized to access, view, amend, transfer, or delete documents, records, or files. Access rights are enforced through software controls.

application programming interface (API) A way of standardizing the connection between two software applications. It is essentially a standard hook that an application uses to connect to another software application.

archival information package (AIP) One of three types of information packages that can be submitted in the Open Archival Information System (OAIS) preservation model.

archive Storing information and records for long-term or permanent preservation. With respect to e-mail, it is stored in a compressed and indexed format to reduce storage requirements and allow for rapid, complex searches. (This also can done for blogs, social media, or other applications.) Archiving of real-time applications like e-mail can be deemed reliable with record integrity only if it is performed immediately, in real time.

ARMA Association for Records Managers and Administrators, the United States-based nonprofit organization for records managers with a network of international chapters.

authentication, authorization, and audit (or accounting) (AAA) A network management and security framework that controls computer system logons and access to applications that enforces IG policies and audits usage.

authenticity of records Verified content and author information as original for the purposes of electronic records management; in a legal context, proof that the e-document is what it purports to be when electronically stored information is submitted during the e-discovery process.

auto-classification Setting predefined indices to classify documents and records and having the process performed automatically by using software rather than human intervention. A strong trend toward auto-classification is emerging due to the impact of Big Data and rapidly increasing volumes of documents and records.

backup A complete spare copy of data for purposes of disaster recovery. Backups are nonindexed mass storage and cannot substitute for indexed, archived information that can be quickly searched and retrieved (as in archiving).

best practices Those methods, processes, or procedures that have been proven to be the most effective, based on real-world experience and measured results.

Big Data More data than can be processed by today's database systems, or acutely high volume, velocity, and variety of information assets that demand IG to manage and leverage for decision-making insights and cost management.

bidders' conference A formal meeting where vendors bidding on a request for proposal (RFP) can ask questions and raise issues about the RFP, proposal requirements, and procurement process.

business activities The tasks performed to accomplish a particular business function. Several activities may be associated with each business function.

business case A written analysis of the financial, productivity, auditability, and other factors to justify the investment in software and hardware systems, implementation, and training.

business classification scheme (BCS) The overall structure an organization uses for organizing, searching, retrieving, storing, and managing documents and records in electronic records management. The BCS must be developed based on the business functions and activities. A file plan is a graphic representation of the BCS, usually a hierarchical structure consisting of headings and folders to indicate where and when records should be created during the conducting of the business of an office. In other words, the file plan links the records to their business context.

business driver A compelling business reason that motivates an organization to implement a solution to a problem. Business drivers can be based on financial, legal, or operational gaps or needs.

business functions Basic business units, such as accounting, legal, human resources, and purchasing.

business process A coordinated set of collaborative and transactional work activities carried out to complete work steps.

business process improvement (BPI) Analyzing and redesigning business processes to streamline them and gain efficiencies, reduce cycle times, and improve auditability and worker productivity.

business process outsourcing (BPO) Contracting with a third party to perform specific business processes. One example could be using a customer service center taking inbound telephone calls from U.S. customers and handling customer requests and complaints from a service center located offshore, in locations such as India, where labor costs are lower.

business process management (BPM) Managing the work steps and business activities of an organization's workers in an automated way.

business process management system (BPMS) A superset of workflow software, and more. BPMS software offers five main capabilities:

  1. Puts existing and new application software under the direct control of business managers
  2. Makes it easier to improve existing business processes and create new ones
  3. Enables the automation of processes across the entire organization and beyond it
  4. Gives managers real-time information on the performance of processes
  5. Allows organizations to take full advantage of new computing services

capture Components that also often are called input components. There are several levels and technologies, from simple document scanning and capture to complex information preparation using automatic classification.

case records Records that are characterized as having a beginning and an end but are added to over time. Case records generally have titles that include names, dates, numbers, or places.

change management Methods and best practices to assist an organization and its employees in implementing changes to business processes, culture, and systems.

classification Systematic identification and arrangement of business activities and/or records into categories according to logically structured conventions, methods, and procedural rules represented in a classification system. A coding of content items as members of a group for the purposes of cataloging them or associating them with a taxonomy.

cloud computing The provision of computational resources on demand via a network. Cloud computing can be compared to the supply of electricity and gas or the provision of telephone, television, and postal services. All of these services are presented to users in a simple way that is easy to understand without users' needing to know how the services are provided. This simplified view is called an abstraction. Similarly, cloud computing offers computer application developers and users an abstract view of services, which simplifies and ignores much of the details and inner workings. A provider's offering of abstracted Internet services is often called the cloud.

CobiT (Control Objectives for Information and related Technology) A process-based information technology governance framework that represents a consensus of experts worldwide. It was codeveloped by the IT Governance Institute and ISACA.

Code of Federal Regulations (CFR) The annual edition of the CFR contains all the rules published in the Federal Register by the departments and agencies of the federal government. It is divided into 50 broad subject areas and contain at least one individual volumes, and is update annually, on a staggered basis.

cold site An empty computer facility or data center that is ready for operation with air-conditioning, raised floors, telecommunication lines, and electric power. Backup hardware and software will have to be purchased and shipped in quickly to resume operations. Arrangements can be made with suppliers for rapid delivery in the event of a disaster.

compliance monitoring Being regularly apprised and updated on pertinent regulations and laws and examining processes in the organization to ensure compliance with them. In a records management sense, this involves reviewing and inspecting the various facets of a records management program to ensure it is in compliance. Compliance monitoring can be carried out by an internal audit, external organization, or records management and must be done on a regular basis.

computer memory Solid state volatile (erasable) storage capability built into central processing units of computers. At times memory size can be increased by expanding it to the computer's hard drive or external magnetic disks.

content In records, the actual information contained in the record; more broadly, content is information. For example, content is managed by enterprise content management systems and may be e-mail, e-documents, Web content, report content, and so on.

controlled vocabulary Set, defined terms used in a taxonomy.

corporate compliance The set of activities and processes that result in meeting and adhering to all regulations and laws that apply to an organization.

data cleansing (or data scrubbing) The process of removing corrupt, redundant, and inaccurate data in the data governance process.

data governance Processes and controls at the data level; a newer, hybrid quality control discipline that includes elements of data quality, data management, information governance policy development, business process improvement, and compliance and risk management.

data loss prevention (DLP; or data leak prevention) A computer security term referring to systems that identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions), and data at rest (e.g., data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information.

declaration Assignment of metadata elements to associate the attributes of one or more record folder(s) to a record; for categories to be managed at the record level, providing the capability to associate a record category to a specific record.

de-duplication The process of identifying and eliminating redundant occurrences of data.

defensible deletion Disposing of unneeded data, e-documents, and reports based on set policy that can be defended in court. It reduces an organization's information footprint.

Designing and Implementing Recordkeeping Systems (DIRKS) An Australian methodology consisting of eight steps developed by the Archives Authority of New South Wales, included in ISO 15489, the international standard for records management. Roughly analogous to the Generally Accepted Recordkeeping Principles® developed by the Association for Records Managers and Administrators in the United States.

destruction The process of eliminating or deleting records, beyond any possible reconstruction.

destruction certificate A certificate issued once destruction of a record is complete. It verifies that destruction has taken place, who authorized the destruction, and who carried it out. It also may include some metadata about the record.

destructive retention policy Permanently destroying documents or e-documents (such as e-mail) after retaining them for a specified period of time.

disaster recovery (DR)/business continuity (BC) The planning, preparation, and testing set of activities used to help a business plan for and recover from any major business interruption and to resume normal business operations.

discovery The process of gathering and exchanging evidence in civil trials; or discovering information flows inside an organization using data loss prevention tools.

disposition The range of processes associated with implementing records retention, destruction, or transfer decisions, which are documented in disposition authorities or other instruments.

dissemination information package (DIP) One of three types of information packages that can be submitted in the Open Archival Information System (OAIS) preservation model.

document Recorded information or object that can be treated as a unit.

document analytics Detailed usage statistics on e-documents, such as time spent viewing, which pages were viewed and for how long, number of documents printed, where printed, number of copies printed, and other granular information about how and where a document is accessed, viewed, edited, or printed.

document imaging Scanning and digitally capturing images of paper documents.

document life cycle The span of a document's use, from creation, through active use, storage, and final disposition, which may be destruction or preservation.

document life cycle security (DLS) Providing a secure and controlled environment for e-documents. This can be accomplished by properly implementing technologies including information rights management and data loss prevention, along with complementary technologies like digital signatures.

document management Managing documents throughout their life cycle from creation to final disposition, including managing revisions. Also called document life cycle management.

document type A term used by many software systems to refer to a grouping of related records.

e-document An electronic document (i.e., a document in digital form).

electronic Code of Federal Regulations (e-CFR) An unofficial, editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register and the Government Printing Office.

electronic document and records management system (EDRMS) Software that has the ability to manage documents and records.

electronic records management (ERM) The management of electronic and nonelectronic records by software, including maintaining disposition schedules for keeping records for specified retention periods, archiving, or destruction. (For enterprise rights management, see information rights management [IRM].)

electronic record Information recorded in a form that requires a computer or other machine to process and view it and that satisfies the legal or business definition of a record.

electronic records repository A direct access device on which the electronic records and associated metadata are stored.

electronically stored information (ESI) Any information stored by electronic means; this can include not just e-mail and e-documents but also audio and video recordings and any other type of information stored on electronic media. The term was created in 2006 when the U.S. Federal Rules of Civil Procedure were revised to include the governance of ESI in litigation.

e-mail and e-document encryption Encryption or scrambling (and often authentication) of e-mail messages, which can be done in order to protect the content from being read by unintended recipients.

enterprise content management (ECM) Software that manages unstructured information such as e-documents, document images, e-mail, word processing documents, spreadsheets, Web content, and other documents; most systems also include some records management capability.

enterprise process analytics Detailed statistics and analysis of business process cycle times and other data occurring throughout an enterprise. This business intelligence can help spot bottlenecks, optimize work flow, and improve worker productivity while improving input for decision making.

enterprise risk profile An assessment of the threats and risks an enterprise faces and the likelihood of those risks occurring.

event-based disposition A disposition instruction in which a record is eligible for the specified disposition (transfer or destroy) when or immediately after the specified event occurs. No retention period is applied, and there is no fixed waiting period, as with timed or combination timed-event dispositions. Example: Destroy when no longer needed for current operations.

faceted search Where document collections are classified in multiple ways rather than in a single, rigid taxonomy.

faceted taxonomy Allow for multiple organizing principles to be applied to information along various dimensions. Facets can contain subjects, departments, business units, processes, tasks, interests, security levels, and other attributes used to describe information. There is never really one single taxonomy but rather collections of taxonomies that describe different aspects of information.

Federal Rules of Civil Procedure (FRCP)—Amended 2006 In U.S. civil litigation, the FRCP governs the discovery and exchange of electronically stored information, which includes not only e-mail but all forms of information that can be stored electronically.

file plan A graphic representation of the business classification scheme, usually a hierarchical structure consisting of headings and folders to indicate where and when records should be created during the conduct of business of an office. In other words, the file plan links the records to their business context.

file transfer protocol (FTP) A standard network protocol used to copy a file from one host to another over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it.

folksonomy The term used for a free-form, social approach to metadata assignment. Folksonomies are not an ordered classification system but are lists of keywords input by users that are ranked by popularity.

functional retention schedule A schedule that groups records series based on business functions, such as financial, legal, product management, or sales. Each function or grouping is also used for classification. Rather than detail every sequence of records, these larger functional groups are less numerous and are easier for users to understand.

Generally Accepted Recordkeeping Principles® (the Principles) A set of eight principles published in 2009 by U.S.-based ARMA International to foster awareness of good recordkeeping practices and to provide guidance for records management maturity in organizations. These principles and associated metrics provide an information governance framework that can support continuous improvement.

governance model A framework or model that can assist in guiding governance efforts. Examples include using a SharePoint governance model, the information governance reference model (IGRM), MIKE2.0, and others.

guiding principles The basic principles used to guide the development of a governance model (e.g., for a SharePoint deployment). They may include principles such accountability (who is accountable for managing the site, who is accountable for certain content), who has authorized access to which documents, and whether the governance model is required for use or is to be used optionally as a reference.

heat map A color-coded matrix generated by stakeholders voting on risk level by color (e.g., red being highest).

HIPAA The Healthcare Insurance Portability and Accountability Act enacted by the U.S. Congress in 1996. Title II of HIPAA, known as the administrative simplification (AS) provision, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

hot site One that has identical or nearly identical hardware and operating system configurations and copies of application software, and receives live, real-time backup data from business operations. In the event of a business interruption, the information technology and electronic vital records operations can be switched over automatically, providing uninterrupted service.

information footprint The total size of the amount of information an organization manages.

information governance (IG) A subset of corporate governance. It is an all-encompassing term for how an organization manages the totality of its information. IG “encompasses the policies and leveraged technologies meant to dictate and manage what corporate information is retained, where and for how long, and also how it is retained (e.g., protected, replicated, and secured). Information governance spans retention, security, and life cycle management issues.”1 IG is an ongoing program that helps organizations meet external compliance and legal demands and internal governance rules.

information governance reference model (IGRM) A graphically depicted practical framework that includes risk and profit considerations for the business, legal, informational technology, records and information management (RIM), and privacy and security functions of an organization. IGRM enables organizations to establish IG programs that more effectively deal with the rising volume and diversity of information and the risks, costs, and complications this presents. IGRM is most frequently used to facilitate dialogue and combine disparate information stakeholders and perspectives across legal, records, information technology, and business organizations.

information life cycle The span of the use of information, from creation, through active use, storage, and final disposition, which may be destruction or preservation.

information map A graphic diagram that shows where information is created, where it resides, and the path it takes.

information rights management (IRM) Often referred to as enterprise rights management (ERM) or enterprise digital rights management (E-DRM). IRM applies to a technology set that protects sensitive information, usually documents or email messages, from unauthorized access. IRM is technology that allows for information (mostly in the form of documents) to be remote controlled. Information and its control can be separately created, viewed, edited, and distributed.

information technology (IT) Technology used to manage digital information.

IT governance Controls and process to improve the effectiveness of information technology; also, the primary way that stakeholders can ensure that investments in IT create business value and contribute toward meeting business objectives.

IT governance framework Constructs or frameworks that guide informational technology governance efforts, including CobiT® and ITIL.

ITIL (Information Technology Infrastructure Library) A set of process-oriented best practices and guidance originally developed in the United Kingdom to standardize delivery of informational technology service management. ITIL is applicable to both the private and public sectors and, according to its Web site, is the “most widely accepted approach to IT service management in the world.”

inherited metadata Automatically assigning certain metadata to records based on rules that are established in advance and set up by a system administrator.

inventorying records A descriptive listing of each record series or system, together with an indication of location and other pertinent data. It is not a list of each document or each folder but rather of each series or system.

ISO International Organization for Standardization, a highly regarded and widely accepted global standards body.

jukebox (optical disk jukebox) Optical disc autochanger units for mass storage that use robotics to pick and mount optical disks and remove and replace them after use; dubbed a “jukebox” for its similarity in mechanics to jukebox units for playing vinyl records and later CDs.

knowledge management (KM) The accumulation, organization, and use of experience and lessons learned, which can be leveraged to improve future decision-making efforts. KM often involves listing and indexing subject matter experts, project categories, reports, studies, proposals, and other intellectual property sources or outputs that are retained to build corporate memory. Good KM systems help train new employees and reduce the impact of turnover and retirement of key employees.

legal hold or litigation hold Also known as a preservation order or hold order. A temporary suspension of the company's document retention destruction policies for the documents that may be relevant to a lawsuit or that are reasonably anticipated to be relevant. It is a stipulation requiring the company to preserve all data that may relate to a legal action involving the company. A litigation hold ensures that the documents relating to the litigation are not destroyed and are available for the discovery process prior to litigation. The legal hold process is a foundational element of information governance.

legal hold notification (LHN) The process of identifying information that may be requested in legal proceeding and locking that (data or documents) down to prevent editing or deletion while notifying all parties within an organization who may be involved in processing that information that it is subject to a legal hold. LHN management is arguably the absolute minimum an organization should be doing in order to meet the guidelines provided by court rules, common law, and case law precedent.

limitation period The length of time after which a legal action cannot be brought before the courts. Limitation periods determine the length of time records must be kept to support court actions, including subsequent appeal periods.

long-term digital preservation (LTDP) The managed activities, methods, standards, and technologies used to provide long-term, error-free storage of digital information, with means for retrieval and interpretation, for the entire time span the information is required to be retained.

magnetic disk drives A common data storage device using erasable magnetic media. Magnetic disk drives are common peripherals and built-in storage devices in desktop PCs, minicomputers, and mainframe computers.

master retention schedule A retention schedule that includes the retention and disposition requirements for records series that cross business unit boundaries. The master retention schedule contains all records series in the entire enterprise.

metadata Data about data, or detailed information describing context, content, and structure of records and their management through time. Examples include the author, department, document type, date created, and length, among others.

migration The act of moving records from one system to another while maintaining their authenticity, integrity, reliability, and usability.

negotiated procurement A way to acquire a new system or components when the buying organization wants to make a rapid decision and requirements are known (e.g., making a bulk purchase of additional workstations or tablet computers that will be added to an existing network). Often a trusted consulting firm is engaged to solicit bids, negotiate with vendors, and make a recommendation for procurement. This approach can be a better fit than issuing a request for proposal when cost and time are leading issues.

NENR Nonerasable, nonrewritable media (e.g., optical, magnetic) that, once written, do not allow for erasure or overwriting of the original data.

OAIS (Open Archival Information System) Describes how to prepare and submit digital objects for long-term digital preservation and retrieval but does not specify technologies, techniques, or content types. The OAIS Reference Model defines an archival information system as an archive, consisting of an organization of people and systems that has accepted the responsibility to preserve information and make it available and understandable for a designated community (i.e., potential users or consumers), who should be able to understand the information. Thus, the context of an OAIS-compliant digital repository includes producers who originate the information to be preserved in the repository, consumers who retrieve the information, and a management/organization that hosts and administers the digital assets being preserved. The OAIS Information Model employs three types of information packages: a Submission Information Package (SIP), an Archival Information Package (AIP), and a Dissemination Information Package (DIP). An OAIS-compliant digital repository preserves AIPs and any preservation description information (PDI) associated with them. A SIP encompasses digital content that a producer has organized for submission to the OAIS. After the completion of quality assurance and normalization procedures, an AIP is created, which is the focus of preservation activity. Subsequently, a DIP is created that consists of an AIP or information extracted from an AIP that is customized to the requirements of the designated community of users and consumers.

optical character recognition (OCR) A visual recognition process that involves photo-scanning text character by character.

optical disk Round, platter-shape storage media written to using laser technologies. Optical disk drives use lasers to record and retrieve information, and optical media has a much longer useful life (some purported to be 100 years or more) than magnetic.

phishing A way of attempting to acquire sensitive information, such as user names, passwords, and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social Web sites, auction sites, online payment processors, or information technology administrators are commonly used to lure the unsuspecting public. Phishing typically is carried out by e-mail or instant messaging, and it often directs users to enter details at a fake Web site that looks and feels almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users, and it exploits the poor usability of current Web security technologies.

PII (personally identifiable information) Information about individuals that identifies them personally, such as Social Security number, address, credit card information, health information, and the like. PII is subject to privacy laws.

predictive coding A court-endorsed process utilized to perform document review during the early case assessment phase of e-discovery. It uses human expertise and information technology to facilitate analysis and sorting of documents. Predictive coding software leverages human analysis when experts review a subset of documents to “teach” the software what to look for, so it can apply this logic to the full set of documents, making the sorting and culling process faster and more accurate than solely using human review or automated review.

preservation description information (PDI) In the long-term digital preservation process adhering to the Open Archival Information System reference model, description information such as provenance, context, and fixity.

process-enabled technologies Information technologies that automate and streamline business processes. Process-enabled technologies often are divided into two categories that have a great deal in common: work flow automation or business process management. It is fair to say that a good deal of the technology that underpins business process management concepts has its roots in the late 1980s and early 1990s and stems from the early efforts of the work flow community.

project charter A document that formally authorizes a project to move forward. Having such a document reduces project cancellation risk due to lack of support or perceived value to the company. A charter documents the project's overall objectives and helps manage expectations of those involved.

project management The process of managing required project activities and tasks in a formal manner to complete a project; performed primarily by the project manager.

project manager The person primarily responsible for managing a project to its successful completion.

project plan Includes the project charter and project schedule and a delineation of all project team members and their roles and responsibilities.

project schedule A listing of project tasks, subtasks, and estimated completion times.

policy A high-level overall plan, containing a set of principles that embrace the general goals of the organization and are used as a basis for decisions. A policy can include some specifics of processes allowed and not allowed.

preservation The processes and operations involved in ensuring the technical and intellectual survival of authentic records through time. Preservation involves recording information created, received, and maintained as evidence and information by an organization or person, in pursuit of legal obligations or in the transaction of business.

provenance In records management, information about who created a record and what it is used for.

records appraisal The process of assessing the value and risk of records to determine their retention and disposition requirements. Legal research is outlined in appraisal reports. This may be accomplished as a part of the process of developing the records retention schedules as well as conducting a regular review to ensure that citations and requirements are current.

record category A description of a particular set of records within a file plan. Each category has retention and disposition data associated with it, applied to all record folders and records within the category.

records integrity Refers to the accuracy and consistency of records, and the assurance that they are genuine and unaltered.

records management (RM) or records and information management (RIM)) The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records. It is also the set of instructions allocated to a class or file to determine the length of time for which records should be retained by the organization for business purposes, and the eventual fate of the records on completion of this period of time.

records retention schedule Spells out how long different types of records are to be held and how they will be archived or disposed of at the end of their life cycle. Such a schedule considers legal, regulatory, operational, and historical requirements.

record series A group or unit of identical or related records that are normally used and filed as a unit and that can be evaluated as a unit or business function for scheduling purposes.

refreshment The process of copying stored e-records to new copies of the same media, to extend the storage life of the record by using new media.

return on investment (ROI) A common investment return measure, where the financial benefit is divided by the cost rendering a percentage or ratio.

risk assessment An evaluation of the risks and possible bad outcomes an organization faces and the likelihood these may occur.

risk map A simple identification and ranking of the 10 greatest risks an organization faces in relation to business objectives. The risk map is a visual tool that is easy to grasp, with a grid depicting a likelihood axis and an impact axis, usually rated on a scale of 1 to 5.

risk profile A listing of risks an organization faces and their relative liklihood; used as a basic building block in enterprise risk management that assists executives in understanding the risks associated with stated business objectives, and allocating resources, within a structured evaluation approach or framework.

secure sockets layer (SSL)/transport layer security (TLS) Cryptographic protocols that provide communications security over the Internet. SSL and TLS encrypt the segments of network connections above the transport layer, using symmetric cryptography for privacy and a keyed message authentication code for message reliability.

senior records officer (SRO) The leading records manager in an organization; may also be titled chief records officer or similar.

service-level agreement (SLA) The service or maintenance contract that states the explicit levels of support, response time windows or ranges, escalation procedures in the event of a persistent problem, and possible penalties for nonconformance in the event the vendor does not meet its contractual obligations.

service-oriented architecture (SOA) An information technology architecture that separates infrastructure, applications, and data into layers.

Six Sigma A highly structured approach for eliminating defects in any process, whether from manufacturing or transactional processes. It can be applied to a product or a service-oriented process in any organization. Further, six sigma is a statistical term that measures how far a given process deviates from perfection. The goal of the Six Sigma is to systematically measure and eliminate defects in a process, aiming for a level of fewer than 3.4 defects per million instances, or “opportunities.”

social tagging A method that allows users to manage content with metadata they apply themselves using keywords or metadata tags. Unlike traditional classification, which uses a controlled vocabulary, social tagging keywords are freely chosen by each individual. This can help uncover new categories of documents that are emerging and helps users find information using their terms they believe are relevant.

solid state disk drive Storage devices that can be built in or external that have no moving parts and are made of semiconductor materials. They are used more often in tablet computers as they are faster and more reliable than magnetic disk drives, although also more expensive. Memory sticks and removable USB thumb or flash drives are also solid state technology.

spoliation The loss of proven authenticity of a record. Spoliation can occur in the case of e-mail records if they are not captured in real time or if they have been edited in any way.

strategic planning A systematic process of envisioning a desired future and translating this vision into broadly defined goals or objectives and a sequence of steps to achieve them.

structured data/records A collection of records or data that is stored in a computer; records maintained in a database or application.

subject matter expert (SME) A person with deep knowledge of a particular topical area. SMEs can be useful in the consultation phase of the taxonomy design process.

subject records (Also referred to as topic or function records.) Records containing information relating to specific or general topics. The records are arranged by informational content or by the function, activity, or transaction to which they pertain.

submission information package (SIP) One of three types of information packages that can be submitted in the Open Archival Information System preservation model.

taxonomy A hierarchical structure of information components (e.g., a subject, business unit, or functional taxonomy), any part of which can be used to classify a content item in relation to other items in the structure.

technology-assisted review (TAR) (Also known as computer-assisted review). Includes aspects of the nonlinear review process, such as culling, clustering, and de-duplication, but TAR does not meet the requirements for comprehensive predictive coding. According to Barry Murphy of eDJ Group, here are three main methods for using technology to make legal review faster, less costly, and generally smarter:

  1. Rules driven. “I know what I am looking for and how to profile it.” In this scenario, a case team creates a set of criteria, or rules, for document review and builds what is essentially a coding manual. The rules are fed into the tool for execution on the document set.
  2. Facet driven. “I let the system show me the profile groups first.” In this scenario, a tool analyzes documents for potential items of interest or groups potentially similar items together so that reviewers can begin applying decisions.
  3. Propagation based. “I start making decisions and the system looks for similar-related items.” This type of TAR is about passing along, or propagating, what is known based on a sample set of documents to the rest of the documents in a corpus.

text mining Performing detailed full-text searches on the content of document.

thesaurus In taxonomies, a listing that contains all synonyms and definitions and is used to enforce naming conventions in a controlled vocabulary (e.g., invoice and bill could be terms that are used interchangeably).

time- /date-based disposition A disposition instruction specifying when a record shall be cut off and when a fixed retention period is applied. The retention period does not begin until after the records have been cut off, for example: Destroy after two years.

time, date, and event based A disposition instruction specifying that a record shall be disposed of after a fixed period of disposition time after a predictable or specified event. Once the specified event has occurred, then the retention period is applied. Example: Destroy three years after close of case. In this example, the record does not start its retention period until after the case is closed. At that time, its folder is cut off and the retention period (three years) is applied.

total cost of ownership (TCO) All costs associated with owning a system over the life of the installation and implementation—usually considered over a range of three to five years. TCO includes implementation price and change orders (and the change order approval process), which occur when changes to the project are made outside of the original proposal. Timing and pricing of the software support fees are also critical TCO components and may include warranty periods, annual fees, planned and maximum increases, trade-in and upgrade costs, hardware maintenance costs, and other charges that may not be immediately apparent to buyers.

transfer Moving records from one location to another, or change of custody, ownership, and/or responsibility for records.

unstructured records Records that are not expressed in numerical rows and columns but rather are objects, such as image files, e-mail files, Microsoft Office files, and so forth. Structured records are maintained in databases.

usage (records) The purpose a record is used for (i.e., its primary use).

ValIT A newer value-oriented information technology governance framework that is compatible with and complementary to CobiT. Its principles and best practices focus is on leveraging IT investments to gain maximum value.

vital records Mission-critical records that are necessary for an organization to continue to operate in the event of disruption or disaster and cannot be re-created from any other source. Typically, they make up about 3 to 5 percent of an organization's total records. They are the most important records to be protected, and a plan for disaster recovery/business continuity must be in place to safeguard these records.

warm site A computer facility location that has all (or almost all) of the hardware and operating systems as a hot site does, and software licenses for the same applications, and needs only to have data loaded to resume normal operations. Internal information technology staff may have to retrieve magnetic tapes, optical disks, or other storage media containing the most recent backup data, and some data may be lost if the backup is not real time and continuous.

work flow, work flow automation, and work flow software Software that can route electronic folders through a series of work steps to speed processing and improve auditability. Not to be confused with business process management systems, which have more robust capabilities.

WORM Write Once Read Many optical disk storage media that is nonerasable and can be written to only one time.


