One of today’s major challenges, with the almost exponential increase in document production, is records management. This explosive growth of information in all its forms is making it ever more difficult to capture and control. Increasing compliance requirements and litigation risks are calling for rigorous records management,
The standardization of records management policies and procedures within a forensic laboratory ensures that appropriate attention and protection is given to all records, and that the evidence and information they contain can be retrieved more efficiently and effectively, using standard practices and procedures.
Records management is part of a forensic laboratory’s activities that are associated with the discipline or field known as Governance, Risk, and Compliance (GRC) and is primarily concerned with the evidence of the forensic laboratory’s activities as well as the reduction or mitigation of risk that may be associated with such evidence, whether this be relating to digital case processing or operational business activities.
A record is defined as being something that represents proof of existence and that can be used to recreate or prove state of existence, regardless of medium or characteristics. A record is either created or received by your forensic laboratory to ensure compliance with legal, regulatory or contractual requirements, or in the operation of the business. Records within your forensic laboratory can be wither tangible or intangible, that is physical or electronic media.
- applies to the management of records, in all formats or media, created or received by your forensic laboratory for any legitimate reason where there is a duty to create and maintain records
- provides guidance on determining the responsibilities of your forensic laboratory for the management of records and records policies, procedures, systems and processes
- provides guidance on records management in support of a quality process framework to comply with ISO 9001, ISO 17020 or ISO 17025
- provides guidance on the design and implementation of a records system for your forensic laboratory
It is possible in some areas to gain certification for ISO 15489, but this is not a worldwide process.
- developing business cases;
- project scoping;
- initial gap analysis;
- analysis of existing systems;
- developing strategy;
- record management reviews;
- strategy option review;
- project development and implementation;
- defining a records management architecture;
- defining system requirements, including technical architectures;
- building a records management framework;
- developing policies, processes and procedures to support the framework;
- assisting in system design and development or purchase;
- training employees, as appropriate
- auditing records management systems;
- continuous improvement of your records management system;
- recommendations for improvement of existing systems,
- project management.
- understand your forensic laboratory’s business;
- understand the legal, regulatory and social context in which it operates;
- understand how your business works including its data flows and record types used;
- identify the need to create, control, retrieve and dispose of records within your business for digital forensic case processing as well as operational business purposes;
- assess the extent to which your existing strategies satisfy your needs for records management;
- redesign existing processes and procedures or design new ones to address any identified non-conformances;
- develop a record management system based on agreed strategies;
- implement the record management that you define;
- review the implementation to see if it meets the defined system objectives;
- undertake a process of ongoing audits against internal policies and procedures;
- implement a process of continuous improvement.
This approach gives you a number of practical tools that can be used to underpin good records management. It provides the essential framework to:
- adopt appropriate metadata standards for control and retrieval of records;
- compile a functions-based records disposal process for records unique to your business;
- construct organisation specific classification tools;
- design or select records management tools to create, control, retrieve and dispose of your records.
- develop a business classification scheme that identifies, labels and defines the unique functions and activities of your organisation;
- establish a business case for records management;
- aligned with your business needs;
- appropriately protected against unauthorised access, modification, erasure or disclosure;
- correctly documented through their complete life cycle;
- demonstrating compliance verified by a third party Certification Body for all management systems;
- easily accessible;
- interoperable between disparate systems;
- subject to processes and procedures for records management that are documented and tested;
- transparent in the disposal process;
- subject to a public statement that you have addressed records management and information security needs of your, and your customers, data
- subject to managing and treating significant risks to reduce them to an acceptable level in line with risk appetite;
- properly maintained;
- traced to from creation to disposal or archiving.
- FCL are justifiably proud of our 100% SUCCESS RATE, of achieving first time certification through an Accredited Certification Body for our Clients;
- FCL is committed to providing a consistently high value service to our Clients;
- David Lilburn Watson, who remains personally ‘hands-on’ throughout the process, manages this process.
- to understand how the FCL suite of offerings can be used to transform your business, please contact us
- we look forward to discussing your specific requirements, at your convenience;
- we offer a free Health Check for ISO 15489;
- whatever other type of consultancy you require, we can possibly offer a free Health Check.