U.S. Department of Commerce
Office of the Chief Information Officer
Records Management Policy
What is records management?
What are the benefits of records management?
Who does this policy apply to?
What are some of the Federal laws and regulations that relate to records management?
What are Federal agency responsibilities?
What are the records management responsibilities of the Commerce Chief Information Officer (CIO)?
What are the records management responsibilities of the Commerce Records Management Officer (RMO)?
What are the records management responsibilities of the operating units?
What are records?
What are electronic records?
How should Social Media and Web records be managed?
What are recordkeeping requirements?
How long should records be retained?
What is a records schedule?
What are the General Records Schedules?
What is a record series?
Which agency has oversight responsibility for records management?
What is adequate and proper documentation of agency functions and activities?
What are a Federal employee’s responsibilities?
How can a Federal employee safeguard official records?
What are personal papers?
What are vital records?
How can program managers encourage increased use of electronic records?
What is electronic records management (ERM)?
What should be considered in developing or selecting an electronic records management system (ERMS)?
Where can I obtain information about conducting a cost benefit analysis for an ERMS?
Who can provide additional information about this policy and other records management related matters?
Records management is "the field of management responsible for the systematic control of the creation, maintenance, use, and disposition of records." From the Federal perspective, it is the planning, controlling, directing, organizing, training, promoting, and other managerial activities involved in records creation, maintenance, use, and disposition in order to achieve adequate and proper documentation of the policies and transactions of the Federal Government and effective and economical management of agency operations. (44 U.S.C. §2901).
Records management is not limited to paper records, but includes electronic records and other documentary materials regardless of physical form or characteristics. (See "What are records?" below.)
Records management addresses the life cycle of records, i.e., the period of time that records are in the custody of Federal agencies. The life cycle usually consists of three stages:
• Creation or receipt
• Maintenance and use
Tools for maintaining and using records include records schedules, file plans, indexes, controlled vocabularies, taxonomies, data dictionaries, and access and security procedures.
Records enable and support an agency's work to fulfill its mission. Every organization, including Federal agencies, must address well-defined objectives that add value, either by achieving the organization's goals or by reducing costs. Records are a valuable resource, and it is essential to take a systematic approach to their management. Some of the benefits of records management are that it:
• Contributes to the smooth operation of your agency's programs by making the information needed for decision making and operations readily available;
• Helps deliver services in a consistent and equitable manner;
• Facilitates effective performance of activities throughout an agency;
• Protects the rights of the agency, its employees, and its customers;
• Provides continuity in the event of a disaster;
• Protects records from inappropriate and unauthorized access; and
• Meets statutory and regulatory requirements including archival, audit, and oversight activities.
This policy applies to all Department of Commerce operating units, including the Office of the Secretary.
• Title 44, U.S.C. Chapter 29 Records Management by the Archivist of the United States and by the Administrator of General Services; Chapter 31, Records Management by Federal Agencies; and Chapter 33, Disposal of Records, codify the Federal Records Act of 1950, as amended, and establish the basic responsibilities for records management in the Federal Government.
• Title 36, CFR, Parts 1220 through 1238 includes National Archives and Records Administration (NARA) regulations that affect the records management program of Federal agencies.
• The E-Government Act of 2002 (§207, (Public Law 107-347, 44 U.S.C. Chapter 36)) calls for increased use of electronic records management systems to provide improved citizen-centered government services and places a number of requirements relating to Web sites on NARA and Federal agencies.
• Title 18, U.S.C. § 2071 establishes criminal penalties for the unlawful concealment, removal, or destruction of Federal records.
• The Paperwork Reduction Act (PRA) (44 U.S.C. Chapter 35) calls for the coordination and integration of information technology (IT) and records management policies and procedures.
• Office of Management and Budget (OMB) Circular A-130 implements the PRA and provides guidance for the integration of IT and records management. It reaffirms that "information" includes records in any form and that agency heads must create, maintain, and dispose of records in accordance with the Federal Records Act of 1950.
Every Federal agency is legally required to manage its records. Records are the evidence of the agency's actions. Therefore, they must be managed properly for the agency to function effectively and to comply with Federal laws and regulations.
Agency heads have specific legal requirements for records management which include:
• Making and preserving records that contain adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency and designed to furnish the information necessary to protect the legal and financial rights of the Government and of persons directly affected by the agency's activities. (44 U.S.C. §3101).
• Establishing and maintaining an active, continuing program for the economical and efficient management of the records of the agency. (44 U.S.C. §3102).
• Establishing safeguards against the removal or loss of records and making requirements and penalties known to agency officials and employees. (44 U.S.C. §3105).
• Notifying the Archivist of any actual, impending, or threatened unlawful destruction of records and assisting in their recovery. (44 U.S.C. §3106).
The Commerce CIO will:
• Establish a departmental records management policy and related procedures for the creation, use, maintenance, safeguarding, and disposition of records, including electronic records.
• Provide management oversight of records management programs throughout the Department.
• Review and make recommendations on requests for the funding and acquisition of electronic records management systems in accordance with information technology capital planning and investment control procedures.
• Establish management systems and procedures to ensure that officials and employees do not destroy, mutilate, or remove Federal records from Department custody without appropriate authorization.
As designated by and acting under the authority of the CIO, the Commerce RMO is responsible for the implementation of the Department-wide records management program. This official shall:
• Serve as the liaison with NARA on matters pertaining to records management.
• Develop policies, standards, and procedures for records management throughout the Department.
• Provide advice and assistance to operating unit RMOs and coordinate Department-wide records management activities and initiatives.
• Provide records management expertise and participate in the review and development of proposed electronic records management systems.
• Serve as the RMO for and provide operational records management services, including training, to offices in the Office of the Secretary.
Each operating unit is responsible for designating an RMO, developing and implementing an effective program, including training, to ensure the effective management of its records, and coordinating its activities with the Commerce RMO. Operating units may adapt the guidelines in this policy to meet its specific requirements, but any changes may not detract from or conflict with NARA regulations at 36 CFR Parts 1220 through 1238.
The operating unit CIOs are responsible for reviewing requests for electronic management systems through the capital planning and investment control process. The operating unit RMO should be involved in the review and approval of proposed electronic records management systems.
The Federal Records Act defines records as including "all books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the informational value of the data in them." (44 U.S.C. §3301). Many of the key terms, phrases, and concepts in this statutory definition of records are defined in 36 CFR §1222.12.
Electronic records are those that are created, used, maintained, transmitted, and disposed of in electronic form. They consist of information in any form, including textual documents such as word processing files or electronic mail messages; images such as maps or pictures; World Wide Web content; and computer code. Electronic records may be stored in computer memory or on storage media, such as optical disks or magnetic tapes. They may or may not have paper backup. Electronic records are Federal records as designated by the Federal Records Act and are subject to the same records management standards of NARA and the Department of Commerce as any other records.
"Managing Web records properly is essential to effective Web site operations, especially the mitigation of the risks an agency faces by using the Web to carry out agency business," states the "NARA Guidance on Managing Web Records." Issued in January 2005, the NARA Guidance discusses various aspects of managing Web records, including the legal and regulatory framework, risk and risk assessment, managing Web site content, and developing disposition schedules for Web records.
The Guidance advises Webmasters and RMOs to use their agency information technology system risk assessments to establish records management controls on Web records. Agencies should conduct a risk assessment of records management-related threats to their Web sites and the consequences of compromised records.
• Once an agency has determined its Web site vulnerabilities, it can begin to take steps to mitigate those risks, including documenting the systems used to create and maintain Web records.
• Ensuring that the Web records are created and maintained in a secure environment.
• Implementing standard operating procedures for the creation, use, and management of Web records and maintaining adequate written documentation of those procedures.
• Training agency staff in the procedures.
• Developing a records schedule for Web records and obtaining NARA approval of the schedule.
The NARA Guidance addresses each of these steps and suggests ways in which they can be accomplished.
Operating units must ensure that the content maintained on their Social Media / Web 2.0 sponsors’ Web sites, especially personally identifiable information and other sensitive information, is secure and adequately safeguarded from unauthorized disclosure or destruction. The records must be retained consistent with the Department’s records retention requirements. NARA Bulletin 2011-02, Guidance on Managing Records in Web 2.0/Social Media Platforms, provides additional guidance.
The Commerce Social Media and Web 2.0 Policy, December 9, 2010, provides detailed guidance regarding the approval and use of social media and Web 2.0 by Commerce employees and program offices.
"Recordkeeping requirements" are authoritative descriptions on what qualifies as a record, and how agencies are to manage records. Recordkeeping requirements can be found in statutes, regulations, or agency directives. (36 CFR §1220.14). Recordkeeping requirements should be outlined in program office guidelines and other issuances that specify which records need to be included in agency files or other recordkeeping systems. Clearly articulated recordkeeping requirements are essential to implementation of an adequate records management system.
The retention period for records depends upon their legal, fiscal, administrative, and/or historical value. There is not a single retention period for all records. Some may be destroyed after a short period, others must be retained for many years, and still others will be transferred to the National Archives because they possess sufficient historical value to warrant permanent retention. The determination of the appropriate retention period is the result of the appraisal process that takes place during the development and approval of the records schedule.
A records schedule is a document that provides the legal authority for the final disposition, including destruction, of recurring or nonrecurring records of an office, component, or complete agency. The record descriptions on the schedule should contain sufficient detail so that it is clear which records are covered but with sufficient generality that minor changes in the records will not require amending the schedule. The records schedule is developed by the program office that has responsibility for the records in conjunction with the operating unit RMO. NARA approves records schedules developed by the agencies. See the records schedules for the Office of the Secretary for examples.
The General Records Schedules (GRS) are issued by the Archivist of the United States to provide authorization for the disposition of temporary administrative records common to several or all agencies of the Federal Government. They include records relating to civilian personnel, fiscal accounting, procurement, communications, printing, and other common functions. Use of the GRS is mandatory, unless an exception has been explicitly granted in a superseding agency records schedule.
A series is the basic unit for organizing and controlling files. It is a group of files or documents kept together (either physically or intellectually) because they relate to a particular subject or function, result from the same activity, document a specific type of transaction, take a particular physical form, or have some other relationship arising out of their creation, receipt, maintenance, or use. (36 CFR §1220.14).
Each record series must be scheduled for appropriate disposition. The series concept is flexible, allowing program offices to create record series by organizing documents in ways that facilitate management of the records throughout their life cycle. For example, each record series in hard copy should be physically separated from all other record series. Electronic records should be managed in ways that link records to their disposition authority, within the context of a record keeping system.
NARA is the independent Federal agency that helps preserve our nation's history by overseeing the management of all Federal records. The National Archives and Records Administration Act of 1984 divided records management oversight responsibilities between NARA and the General Services Administration (GSA). Under the Act, NARA is responsible for adequacy of documentation and records disposition (44 U.S.C. §2904(a)), and GSA is responsible for economy and efficiency in records management (44 U.S.C. §2904(b)). Federal agency records management programs must comply with regulations promulgated by both NARA and GSA. (36 CFR §1220.2)
The determination of what records must be created and preserved to ensure that agency functions and activities are adequately and properly documented, and that the rights of the Government and persons directly affected by governmental actions are protected, involves the consideration of several factors. Recordkeeping requirements will vary depending upon the nature of the agency and its mission; the information in the records; laws that established the program the records relate to; specific legal or regulatory requirements that directly affect the records and their retention; and general legal, fiscal, and administrative requirements. (44 U.S.C. §3101).
Medical files on individuals, contract files, financial assistance case files, equal opportunity complaint files, and similar case records possess important legal, fiscal, and administrative value. They must be managed in a standardized manner if they are to maintain their value to the Government and individuals. The retention periods for these records are generally determined by various legal and fiscal requirements that are taken into account and incorporated into the retention instructions that are in the records schedule. Program managers are able to utilize their experience to identify the specific documents that must be included in the files and how long they must be retained.
In more general types of files, such as program subject files, the records schedule will prescribe a retention period for the record series as a whole. It will not have instructions for individual file folders or specify which documents should be included in the file. This is where the skill and judgment of the record keeper are essential. It is not feasible or desirable to file all the papers that arrive in an office. Many are transitory in nature, unrelated to the essential activities of the office, or duplicative.
Federal employees are responsible for making and keeping records of their work. Federal employees have three basic obligations regarding Federal records:
• Create records needed to do the business of their agency, record decisions and actions taken, and document activities for which they are responsible.
• Maintain records so that information can be found when needed. This means setting up good directories and files, and filing materials (in whatever format) regularly and carefully in a manner that allows them to be safely stored and efficiently retrieved when necessary.
• Carry out the disposition of records under their control in accordance with agency records schedules and Federal regulations.
Each Department officer or employee having custody or control over records, including electronic records, must ensure that they are properly used and protected. The level of physical protection afforded the records will depend on their nature and sensitivity. For example, records containing private information about individuals require a higher level of protection than common administrative records. Similarly, there are special requirements for the handling and destruction of national security information. Regardless of their sensitivity, all Federal records are the property of the Federal government, not the property of individual employees, and may not be removed from the Department without the approval of the Department or operating unit Records Management Officer.
Personal papers are those of a private or unofficial nature pertaining solely to the employee's personal affairs. An employee should minimize the volume of personal papers that are maintained in the office, and personal papers should be filed separately so that they can be clearly distinguished from the records of the office.
Vital records are records that are essential to the continued functioning or reconstitution of the Department and its operating units during and after an emergency. Vital records are divided into two categories:
• Emergency operating records include emergency plans and directive(s), orders of succession, delegations of authority, staffing assignments, selected program records needed to continue the most critical Department and operating unit functions, as well as related policy or procedural records that would be needed to conduct operations under emergency conditions and to resume normal operations after the emergency.
• Legal and financial rights records are essential to protect the legal and financial rights of the government and of the individuals directly affected by its activities. Examples of these records include titles, deeds, leases, contracts, personnel files, and similar records.
Vital records are duplicate records created and maintained solely in case of an emergency. They may be destroyed when no longer needed because they become outdated or are replaced by more current records. Procedures for the creation and maintenance of vital records and their identification are in the Continuity of Operations Plan (COOP) for each operating unit.
Each program office is responsible for identifying, creating, and maintaining its vital records. RMOs are responsible for assisting program offices in identifying records that should be designated as vital and providing advice regarding records management issues.
The NARA Vital Records and Records Disaster Mitigation and Recovery Instructional Guide includes additional information.
In so far as possible, program offices should convert to and rely on electronic records whenever feasible. In most cases, the determination of whether information is maintained in electronic, paper, or other form will result from the implementation and use of systems outside the control of the individual record keeper. In these cases, there may be a temptation to maintain duplicate recordkeeping (the electronic data in the system and paper copies). Unless there is a specific requirement or demonstrated need to maintain both copies, this temptation should be resisted. The electronic record should be considered the official record and assigned the appropriate retention period on the applicable records schedule.
There are instances where a paper copy of electronic records must be created and may even have the longer retention period. Examples include:
• Electronic mail messages that must be copied into paper form for inclusion in a paper-based case file to ensure that the case record is complete.
• Letters, memoranda, and other correspondence that have been identified as historically valuable and scheduled for permanent retention and are a subset of a larger electronic file, the bulk of which is temporary. An example would be correspondence of the immediate Office of the Secretary embedded within a document management system of all correspondence to and from the Department of Commerce. Unless the former block of correspondence could be electronically separated from the latter and made easily accessible to historical researchers in electronic form, it might be necessary to maintain permanently the paper copies of the incoming and outgoing correspondence for researchers.
• Fiscal records that may have to be retained in paper form for auditing purposes or because they contain original signatures, evidence of which may be necessary in case fraud is subsequently uncovered.
• Records that may have to be maintained in paper form to adhere to specific legal requirements.
Program managers and system developers should identify and incorporate all applicable recordkeeping requirements in the initial design phase of the system. The Commerce, or operating unit, Records Management Officer, Freedom of Information Act Officer, Privacy Act Officer, legal counsel, and others who have expertise in recordkeeping requirements should be consulted before the system is designed.
ERM, sometimes referred to as electronic recordkeeping (ERK), is the use of automated techniques to manage records, regardless of their format (e.g., paper, microform, or electronic). An electronic records management system is one in which the records are collected, organized, and categorized to facilitate preservation, retrieval, use, and disposition. An electronic records management product used by a Federal agency must, at a minimum, meet the Department of Defense (DOD) 5015.2 Standard for Records Management for Federal Agencies to ensure that the records it maintains have sufficient authenticity and reliability to meet all the agency's recordkeeping needs.
What should be considered in developing or selecting an electronic records management system (ERMS)?
In developing or selecting an ERMS, an in-depth review and analysis must be conducted and a business case made to justify the purpose, scope, components, and functionalities of the proposed system. This review will be performed as part of the information technology capital planning and investment control process. The review team should include representatives from the responsible program office(s) that create and maintain the records, IT professionals, the RMO, potential users, and others who can bring their expertise to bear. If the proposed system is or could be enterprise-wide, all operating units should be represented.
The review should employ all the management techniques that are useful to define the system and build the business case for it. Focus group meetings and other means of communication with potential users and other stakeholders to explain the benefits of the proposed system, to determine what changes should be made to better meet user needs, and to ensure enthusiastic user acceptance.
The initial discussions and review with stakeholders should focus on the practical program benefits that an ERMS can provide rather than on technological issues. Program managers must be involved to ensure that concrete benefits can be identified and will be realized if it is decided to develop and implement the ERMS. It should not be assumed that an ERMS is the preferred solution for improving program performance. In some instances, the current paper-based system or a legacy electronic system may be preferable, at least for the short or intermediate term. The analysis should give full credit to the status quo and not be influenced by an implicit bias toward a new solution.
If it is tentatively determined that an ERMS should be developed, the following core issues should be discussed:
• What organizational elements should the ERMS cover?
• What records should the ERMS include (e.g., correspondence, Web content, electronic mail, databases of case files, etc.)?
• How should the ERMS interact with other office management programs that may also have records content (e.g., workflow management, work force management, Web content management, etc.)?
The responses to these questions, in discussion with program officers and other stakeholders, will provide the framework for the cost benefit analysis that must be performed as part of the CPIC process.
The cost-benefit analysis is at the heart of developing a business case for an ERMS or any information technology (IT) system. Sources of information about developing a business case and cost-benefit analysis methods include:
• Office of Management and Budget (OMB) Circular A-94, dated October 29, 1992, provides general guidance for conducting cost benefit analysis for various types of projects.
• The General Accounting Office Information Technology Investment Management, dated March 2004, describes the analysis of costs, benefits, and risks in the context of an overall IT management process.
• The NARA Analysis of Costs and Benefits for ERM/ERK Projects, dated March 4, 2004, itemizes recurring and non-recurring costs and benefits specifically applicable to electronic records management and electronic recordkeeping.
• NARA Guidance for Coordinating the Evaluation of Capital Planning and Investment Control (CPIC) Proposals for ERM Applications, dated June 4, 2004, contains helpful information specific to ERM projects.
• Department of Commerce Instructions for Completing the OMB Exhibit 300, Capital Asset Plan and Business Case are updated regularly.
Who can provide additional information about this policy and other records management related matters?
For information on records management, contact Allen Winokur, the Commerce RMO, in the OCIO at AWinokur@doc.gov or your operating unit RMO. A list of RMOs and other records management information is available on the Commerce records management Web page.
For information on the E-Government Act or the Paperwork Reduction Act, contact Jennifer Jessup, OCIO, at JJessup@doc.gov.
For information on the Freedom of Information Act or the Privacy Act, contact Brenda Dolan at firstname.lastname@example.org.
Supersedes policy dated: None
Origination date: September 14, 2005;
Approved by: Thomas N. Pyke, Jr., Chief Information Officer, September 14, 2005
Revision status: Revised 12/22/2010
- Questions regarding this section may be directed to the IT Policy, Guidance & Legislation Administrator