recommended reading

Will Your Agency Meet Digital Recordkeeping Deadlines?



By Marty Heinrich ARRAY March 3, 2014

recent posts

Upcoming deadlines to comply with the 2012 President’s Managing Government Records Directive are putting new pressure on federal agencies to develop, fund and implement the new requirements and milestones.

The directive is also an opportunity: Agencies now have the chance to finally make the transition to electronic recordkeeping and address the challenge of managing email electronically for both records management and eDiscovery purposes. 

The directive -- issued by the Office of Management and Budget and the National Archives and Records Administration on Aug. 24, 2012 -- has two primary goals: It requires agencies use electronic recordkeeping to ensure transparency, efficiency, and accountability, and that they demonstrate compliance with federal records management statutes and regulations.

The Email Requirement and NARA’s Guidance on Managing Email Records

One of the greatest challenges of the directive is the need to manage all permanent and temporary email as electronic records by 2016. Email is a major factor for agencies in the event of litigation, Freedom of Information Act requests and investigations — and the volume is growing to where many agencies are creating well over one million email messages daily.   

NARA’s Guidance on a New Approach to Managing Email Records, dated May 2013, addresses this requirement with a role-based approach called Capstone, which allows agencies to designate certain email accounts as permanent records by job position or role.  All other email accounts are designated as temporary for a set time.  

The Capstone approach requires agencies to evaluate their policy, disposition schedules and technology options.   Agencies will have to give serious thought as to whose accounts will be included under the Capstone permanent retention umbrella by assessing which accounts have the highest likelihood of creating permanent records. Records managers and information technology professionals will need to evaluate current systems to determine whether they meet their email records management, search and eDiscovery needs. They should also evaluate technologies such as auto-categorization to help remove duplicate, transient and personal emails from the archive.

Records Directive Compliance Challenges

Agencies will have to define their implementation plans and establish senior level support in order to fund and provide resources for their records management initiatives.  A recent study conducted by MeriTalk found that nearly half of federal agencies were not confident they can meet their deadlines for improving records management practices, and 70 percent said they have very little progress to report in regards to electronically managing permanent records and email.  However, the study indicated better-trained personnel (53 percent) and dedicated funding (51 percent) would most help agencies meet the directive’s deadlines.

The reality for many agencies is that electronic records, including email, social media and office documents, exist in various disconnected and incompatible systems.  Agencies must evaluate whether a centralized enterprise records repository is feasible and desirable, or whether the agency’s information governance and retention policies must be applied in a consistent manner to multiple repositories.

The directive requires agencies to evaluate digitization of records, and this should include an assessment of whether certain paper documents, based on their content and value, should be scanned and made electronically accessible for eDiscovery, FOIA and other requests.

Agencies should take a disciplined approach to the directive, and they must develop plans for how they will achieve each of its milestones.  When addressing the requirements for a transition to an electronic recordkeeping solution, the following approach is recommended:

  1. Define and gain consensus on the agency’s functional and compliance requirements for electronic records management.
  2. Identify gaps between the requirements and agency’s current technology, and determine whether gaps can be addressed by adapting current systems or new technology acquisition.
  3. Evaluate proven technology to provide efficiencies including auto-categorization, search and digitization technologies.
  4. Analyze viable alternatives and make recommendations on the best solution to meet the agency’s needs.

Finally, records managers must continuously respond to the accelerated pace of new technology, including collaboration, mobile devices, social media and cloud-based solutions that challenge traditional records management policies and processes. 

(Image via Catz/


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.