Thought Leadership on Business Strategy & Technology Value presented by Paragon Solutions.
The principles of information governance, known as the Generally Accepted Recordkeeping Principles® (GARP), or “the principles,” are well defined and well understood by information governance and information management practitioners.
However, for some enterprises where the GARP maturity baseline is low, the principles may seem overwhelming.
What’s more, in companies where a records management function exists, that function realizes a much higher maturity when measured within its department, and often has difficulty transferring knowledge and capabilities to other areas of the organization, or doesn’t measure those areas against the principles, thus potentially leaving significant gaps and business risk that is not realized.
The principles are grounded in practical experience, and are based on extensive consideration and analysis of legal doctrine and information theory. They form the basis upon which every effective information governance program is built, measured, and — regardless of whether or not an organization or its personnel are aware of them — will one day be judged.
Therefore, it is in the best interest of all organizations to be fully aware of the principles, and to manage records and information assets in accordance with them.
Developed and published by ARMA International to assist organizations in developing compliant information management systems and programs, the principles are comprehensive in scope, yet general in nature.
The Principles are a foundation for continuous improvement and maturity.
What are the eight GARP principles, and what guidance and cautions do the principles provide to help today’s enterprises develop and maintain responsible and defensible records, and information management protocols?
- Principle of Accountability: A senior executive or a person of comparable authority shall oversee the information governance program and delegate responsibility for records and information management to appropriate individuals. The organization adopts policies and procedures to guide personnel and ensure that the program can be audited.
- Principle of Integrity: An information governance program shall be constructed so the information generated or managed by the organization has a reasonable and suitable guarantee of authenticity and reliability.
- Principle of Protection: An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection.
- Principle of Compliance: An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies.
- Principle of Availability: An organization shall maintain records and information in a manner that ensures timely, efficient and accurate retrieval of needed information. A successful and responsible organization must have the ability to identify, locate, and retrieve the records and information required to support its ongoing business activities. These records and information are used by individuals and groups to reference, share and support their business, legal and compliance authorities for discovery and regulatory review purposes, and numerous corporate functions to validate management decisions and account for the organization’s resources.
- Principle of Retention: An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational and historical requirements. As part of a retention program, an organization must develop a records retention schedule, which specifies what business records and information must be retained and for what length of time. Retention decisions are based on the information content and the organization’s legal, regulatory, fiscal, operational and historical requirements for that content.