Records management (RM) generally refers to approaches to controlling and governing key records of an organization (e.g. an enterprise, a company, a university, or the like, including subordinate organizations within other organization) throughout the lifecycle of a record, which includes the period from when a record is first created by or provided to an organization to the eventual disposal of the record. Elements of records management can include identifying, classifying, prioritizing, storing, securing, archiving, preserving, retrieving, tracking, and destroying of records. These activities are typically part of a broader set of requirements associated with governance, risk, and compliance (GRC) activities performed by the organization, and are generally related to maintaining and securing records and evidence of the organization's business activities, etc. as well as the reduction or mitigation of risk that may be associated with such evidence.
Records management can be a crucial function within an organization, but also one that can be difficult to implement due to added burdens placed on users by requirements for compliance with records management protocols. Well-implemented approaches to records management can provide benefits such as improving efficiency and productivity, ensuring regulatory compliance, minimizing litigation risks, safeguarding important (or even vital) information, supporting improved decision making by an organization's management, preserving the organization's institutional memory, fostering improved document organization, etc. However, these benefits can be difficult to achieve for various reasons, including the reliance of many aspects of existing records management approaches upon a certain level of training, adoption, and regular implementation of a set of records management procedures by users at the organization. If users do not properly adopt and implement the necessary procedures, a records management approach can fail to achieve the various goals and to provide the intended benefits. Alternatively, hard enforcement of records management procedures in a manner that ensures compliance but that requires additional user actions beyond normal day to day work can hinder productivity as users are required to carry extra workload, and thereby devote time and attention to these extra tasks that could be more productively used for other tasks, simply to comply with such procedures.
Once a record is created, one or more of an owner of the record, a records repository, an authorized user, a records management team member, or the like can set records controls to regulate access to and distribution of the record. Records controls, as referred to herein, can include one or more records management policies, procedures, rules, etc., which can pertain to access privileges, records lifecycle management, and the like. For example, privileges can be set (e.g. by an administrator, manager, etc.) on a repository to allow users having certain roles to access particular records stored in the repository. Lifecycle management, records management, or other software-based architectures can be used to identify original records, versions of records, copies of records, and distribution histories of records. Records maintenance can be accomplished by formally and discretely identifying records (e.g. by coding and storing records in folders or other file plan hierarchies specifically designed for protection and storage capacity, by informally identifying and filing without indexing, or by other approaches.
Content management is a related field to records management. However, the two approaches are not always compatible and are sometimes at odds with one another. A content management system (CMS), otherwise known as a records management system, suitable for managing the various content items that an organization produces or receives, retains or otherwise stores, manipulates or modifies, etc. can support the requirements of one or more applications, and optionally other requirements, to provide a coherent solution in which content and management processes are capable of accessing content across a variety of applications subject to access controls, permissions, and the like. Content items managed by a content management system can include one or more of files, documents, images, photos, Web pages, records, XML documents, other unstructured or semi-structured files, etc., as well as directory structures such as folders, file trees, file plans, or the like, which can provide organization for multiple content items in addition to storing or otherwise representing relationships between content items, etc. For simplicity, the term “document” is used generically herein to refer to all types of content items handled by a content management system, while “record” refers to a content item that has been put under the control of a records management system.
A content management system can manage one or more of the actual digital content of a document, the metadata that describes a context of the document, associations between the document and other content or documents, a place and classification of the document in a repository, indexes for finding and accessing documents, etc. The content management system can also manage processes and lifecycles of documents to ensure that this information is correct. The content management system can also manage one or more workflows for capturing, manipulating, editing, storing, and distributing documents, as well as the lifecycle for how long a document will be retained and what happens after that retention period.
A content management system for use in enterprise content management can include one or more of document management tools, applications, and interfaces to support general office work, search, and discovery. Workflow management capabilities of a content management system can support various business processes, optionally including, but not limited to, case management and review and approval. Collaboration applications and services of a content management system can support the collaborative development of information and knowledge in the creation and refinement of content and documents. Web content management services of a content management system, which can be scalable, can support the delivery and deployment of content and documents from the enterprise to users (e.g. end users of content, customers of the enterprise, etc.). Records management capabilities of a content management system can capture and preserve records based upon government-approved or other standards. A standards-based platform can also provide access to applications that use these standards, such as publishing, image management, email management, etc.
Accurate classification of content items, for both security and other reasons, can be critical to ensuring that correct management policies are applied. Streamlining of the user input process for assigning security classifications and/or access controls to a large number of content items in a content management and/or records management system can dramatically improve uniform application of these important protocols. In systems in which application of classifications is a manual process relying on the knowledge of individuals, in particular for security sensitive information, it is generally a laborious, inefficient process. Very large numbers of files can require classification, in particular in government environments, and this volume can require very large numbers of users (100,000 in some organizations) spending large amounts of time in setting classifications. Simplification of the classification process can provide significant savings in time and effort. Existing systems that require multiple, time consuming entries as part of a classification process can lead to files being assigned a simple, higher “safe” level of classification, which can restrict access unnecessarily. Implementations of the current subject matter can reduce the frequency and/or likelihood of such “over-securing” occurring by improving the ease with which users can select a correct combination of security markings for a given file or group of content items.