Many business organizations have found that the importance and volume of business-critical records is rapidly increasing. Because of this, many companies are reevaluating their unstructured data strategy and are turning towards more reliable records management policies.
“Records management” is the systematic and comprehensive control of the creation, capture, maintenance, filing, use, and disposition of records. It aims to ensure that records contained in a database are authentic and reliable; can be retrieved when needed as quickly and efficiently as possible; and are not destroyed prematurely or kept longer than required. A “record” in the compliance industry is any data item (recorded information) that is under records management control and subject to a life cycle. A record's life cycle is the life span of a record from its creation or receipt to its final disposition. It is usually described in three stages: creation, maintenance and use, and final disposition. A set of retention rules/policies are applied to the record over a defined time period.
Different user applications (e.g. email, accounting, personnel, etc.) operate with different types of data that use different databases. To control access to its associated database, each user application must implement policies/rules that apply to its data. For example, an email application can implement a retention policy that emails will be maintained in the database for 7 years. However, someone with direct access to the database (e.g. a database administrator) can by-pass the email application policy and delete emails directly from the database (intentionally or unintentionally).
Another example is a background job that periodically updates/deletes data from the database tables. The background job does not operate through the email application and thus by-passes the retention policies. To ensure compliance, the background job must be programmed to be aware of the email retention policies and to comply with the email application's logic to prevent updates/deletions. Other background jobs must also be individually reprogrammed, which can be time intensive. Of course, if a policy changes, then all applications and background jobs that are affected must be identified and reprogrammed. This type of records management does not ensure compliance with implemented policies.