1. Retention and Disposition Control
1.1 Retention to rules - Records required by the organization for business purposes are kept and not destroyed prematurely. These records are retained according to instructions which include both the length of time retained and the eventual fate of the records on completion of this period of time.
1.2 Event/Hold management - Records can be retained indefinitely while waiting for the occurrence of a specified event. (This event can be an internal event like termination of employment, expiration of a contract, etc. or an external event like a destruction hold due to litigation or regulatory review.) The records are eligible for a specified retention or a specified disposition (transfer or destroy) upon or immediately after the specified event occurs.
1.3 Disposition to rules - Review processes based on a disposition event and disposition rules are used to decide how retained records should be handled next. As a result of the review decision records are either retained, transferred to another system, or destroyed according to instructions.
2. Security and Privacy Control
2.1 Protection against unauthorized actions - Record users and record administrators cannot create, view, change, or delete electronic records in a system without an assigned role or privilege.
2.2 Authorized life cycle actions - Record users and record administrators can create, view, change, or delete electronic records in a system based on an assigned role or privilege.
3. Quality Control
3.1 System design process - Systems are designed and implemented using a structured approach that meets the operational needs of the organization, are in accord with the regulatory environment, include consideration of existing organizational systems, and lead to systems with the functionality necessary to support records management.
3.2 Operation documentation - The products of system design include specifications that best meet the requirements for records, design plans to meet these specifications, implementation activities, as well as system policies, procedures, and standards for both records users and records (system) administrators.
3.3 Configuration - Systems incorporate standards for data subjects for control and description, allow automatic collection of user and record category data values, and establish routine tracking and maintenance operations.
3.3 Testing - Systems to be used for records management operations responses are compared to specifications to determine satisfaction of requirements.
3.5 Training - Responsibilities and duties of record system users and record system administrators are presented in ways that allow them to effectively carry out the activities required for their work.
3.6 Records of operation (audit trail) - Evidence of actions, whether authorized or unauthorized, in relation to records or a records system is tracked according to a plan. Actions tracked include creation, modification, use, and deletion.
3.7 Monitoring and auditing - System performance is reported and results are inspected to show compliance with policies and standards, acceptability of records as evidence in a court of law when required.
4. Organization and Searching Control
4.1 Classification schemes - Systematic arrangements of subject matter are used to describe records according to their requirements for control and their characteristics for searching.
4.2 Content creating - A record user decides whether or not to make or keep a record (whether received or composed) because it commits an individual or unit to an action, renders them accountable, or documents an action, a decision or decision-making process.
4.3 Version control - Documents having the same general form and specific subject and purpose are identified and organized in a unique sequence. This sequence often reflects successive changes to a document.
4.4 Content analysis - Records are assessed to determine their importance and value in order to determine the proper system and methods for control and protection.
4.5 Classification for control - Business activities and/or records are systematically identified and assigned to categories according to logically structured conventions, methods, and procedural rules represented in classification schemes for retention, disposition, protection, and authorized activities.
4.6 Classification for searching - Business activities and/or records are systematically identified and assigned to categories according to logically structured conventions, methods, and procedural rules represented in classification schemes for discovery and business use retrieval.
4.7 Searching - Records or collections of records can be identified through user-defined parameters for the purpose of confirming, locating, accessing and retrieving records, files and/or their metadata.
5. System Control
5.1 Capture - A record or a set of records is registered, classified and physically entered into a system in ways that preserve the integrity of the original document and add appropriate metadata about the record.
5.2 Transmitting - Records can be sent from a system holding records while retaining the integrity of the original document and the associated metadata.
5.3 Storing - Records entered into a system are handled and managed in ways that preserve the record's content and structure and maintain the ability for the record to be successfully displayed.
5.4 Retrieving - Records entered into a system are handled and managed in ways that identify all components of the record and the location of those components so that the complete record can be found and presented to the requestor when needed.
5.5 Manipulating - Records entered into a system are handled and managed in ways that prevent unauthorized changes, track authorized changes, and allow copies to be made for creating extracts or starting new records.
5.6 Displaying (rendering) - Records retrieved from a system are converted from an electronic format into a physical format that can be interpreted by a human being.
5.7 Backup and recovery - Records and the systems holding records are managed in ways that reduce exposure to loss of records due to system failure, operator error, disaster, or willful destruction.
5.8 Purging, transfer and migration - Storage and preservation strategies are used to minimize storage costs, to protect records from media and technology decay and to allow records to be assigned to new owners as part of disposition review and action.
5.9 Destruction - Records that have reached the end of their useful life are eliminated or deleted beyond possible reconstruction.