Universal ERM Requirements

Your information: centrally stored, automated, searchable, and secured from prying eyes.

Universal ERM Requirements

The Universal ERM Requirements serve as a resource for agencies looking to use a technology solution to assist with managing their records. By referring to these guidelines, agencies can determine what ERM functions are critical, while also considering their personal needs and financial priorities.

Agencies should refer to this document when they’re deciding on an ERM system. The protocols are broken down into “must have” and “should have” recommendations, and agencies must make sure their ERM system, at least, complies with the “must have” requirements.

With the M-12-18 deadline approaching, agencies who haven’t tackled their electronic records yet should consider the solution offered by Feith Systems & Software Inc. The Feith team of subject

matter experts have guided countless government agencies during their transition to managing electronic records across their lifecycle. Furthermore, Feith’s software ensures that agencies comply with both NARA’s Must Haves and recommendations – Feith supports every requirement of the new Universal ERM Requirements.

Here are some examples of how Feith’s system can help your agency align with NARA Universal ERM Requirements:

NARA recommendation:

How Feith helps agencies align with this requirement:

“The record system must have the ability to prevent illegal access, alteration, or deletion of records.”

  • Full Attribute-Based and Role-Based Access controls for every document and data row in the system.
  • Set legal-holds to prevent deletion of records.
  • Meets the DoD 5015.02 standard for managing controlled, classified, and sensitive documents.

“Any actions changing the level of access, altering the record, or changing the location of the record must be documented and tracked into an audit log.”

  • The Feith platform contains a full audit-trail of every change in the system. No action in the system flies under the radar of the audit system.
  • Full system log contain who, what, when, where, and how a setting or piece of metadata was changed.
  • Track and dashboard individual users, groups, roles, and their respective actions.

“Records of current and former employees must be managed in a manner that supports searching in response to information requests, including FOIA and agency business needs.”

  • Full-text and content search across all documents, including emails and their attachments.
  • Adjust search parameters to simplify search processes.
  • Advanced search allows Power Users to find things in creative ways.

“Ensuring usability of records includes converting records to usable formats and maintaining the link between the records and their metadata through the conversion process.”

  • Captures records in their native formats, but will also generate readable PDF formats for web review, redactions, and production for legal.
  • Transfers files in correct file format and with complete metadata to NARA.

“Ensuring usability of records includes carrying out system upgrades of hardware and software while maintaining the functionality and integrity of the electronic records created in them.”

  • Maintains records for entire lifecycle.
  • Whether On-Premises or in the Cloud, the system is easy to upgrade, and the records are provably secure throughout the process.

Government agencies should make sure their ERM system adheres to the Universal ERM Requirements established by NARA; Feith’s solution makes it simple for agencies to comply with these regulations.  

To learn more about how Feith helps agencies meet the NARA M-12-18 mandate and Universal ERM requirements, contact the Feith team!

NARA M-19-21 Deadline is Approaching

Preparing for the Transition to Electronic Records

The US Government knew they needed to get a handle on the inefficiencies they experienced with paper records. Several factors influenced the decision to improve record management processes, including the business case need for electronic record keeping (ERK), and the alignment of ERK with the agency’s mission and strategic initiatives. Additional factors, such as legal, statutory, and regulatory requirements also played a part in the verdict. Ultimately, agencies determined they needed a more up to date system for managing enormous amounts of records. 

To modernize government record keeping, NARA and the Whitehouse decided to create a new, 21st-century framework for government record management. In conjunction with their colleagues at NARA, the White House issued the NARA M-19-21 mandate.

By the end of 2019, Federal Agencies must manage all permanent  records electronically. By 2022, they must also manage temporary records the same way. This mandate applies to all electronic records, regardless of where they live. Although this law applies mostly to Senior Agency Officials for Record Management (SAORM), and Agency Records Officers, it’s essential that all

government employees take proactive measures to safeguard records per this new policy.

According to the National Archives and Records Administration: Criteria for Successfully Managing Permanent Electronic Records, there are four high-level view components to successfully managing electronic records. The first criteria suggest administering company-wide polices that explain how employees are expected to manage electronic records. Next, to help with educating employees about record responsibilities, training programs should be enforced, and record requirements need to be considered throughout the development process to make sure that the selected automated system supports these requirements. Secure record keeping is vital, but agency employees should also be able to access records when needed. Furthermore, documents must be transferred to NARA in the appropriate format with the correct metadata.

In addition to high-level view components, there are also operational activities and universal electronic records management requirements that NARA recommends for successfully managing permanent electronic records. For example, at an executive level, agencies should regularly review record schedules to assess whether records have become obsolete or superseded, consult stakeholders to confirm the owners of permanent electronic records, and maintain the ERM system for the duration of their retention periods.

NARA cites several more examples, and agencies should visit NARA’s website to view the complete list of suggested activities and requirements. 

Government Agencies Should Look to a Technology solution

For agencies who still need to digitalize their records, the mandate’s deadline is swiftly approaching; the time to act is now. Agencies should consider Feith’s solution to help successfully digitalize and manage their records. The Feith team has helped guide countless government agencies during their transition from paper to electronic records. This is what we’ve learned over the years, while making other organizations M-19-21 Compliant.

Government agencies should look for an ERM technology that allows for:

  • Compatibility with Existing Tools: Because agencies store so many records in applications such as SharePoint or Excel, the system needs to integrate with these other platforms so it’s simple to transfer documents from one system to the next. 
  • Accessibility: As part of the new mandate, federal employees should be able to access records as needed. A centralized system makes accessing documents fast and easy for agency workers. Furthermore, there should be advanced search features such as filtering and sorting of data so that employees can find and access data efficiently.
  • Security: The system should provide a high level of security so that unauthorized parties can’t gain access to the sensitive information. 
  • Streamlined Processes: Agencies manage vast amounts of records, and so to stay on top of everything, it’s critical that the system streamlines complex processes and improves the overall workflow. 
  • Transfer to NARA: The selected system should be able to transfer documents to NARA in the correct file format.
  • Report Generation: System should have the capability to run, save, and distribute ad hoc reports.
  • Complete Lifecycle Management: System must have proper security and controls in place to retain record for its entire life-cycle.

Feith’s Team of Subject Matter Experts Can Help Guide Agencies to M-19-21 Compliance

To learn more about the NARA M-19-21 mandate or ERM requirements, contact the Feith team today!

Case Study: Big county Using Feith’s Physical Records

Problem: One of the most Populous Counties in the U.S.  needed a better system for managing their records

Members of this county perform essential administrative functions such as registering voters, supervising elections, keeping records, providing police protection, and administrating health and welfare services. Storing and managing their boxed records consumes much of their time, however, and the paperwork continues to pile up. Not only is it their job to maintain hundreds of documents, but they must also keep track of these files. It’s an enormous amount of paperwork to support.

Although they had a system in place for managing these records, they experienced several problems with it. First, their existing system didn’t provide them with enough user licenses. Agencies outside of their county had to fill out a paper form whenever they needed to check out a box. Another problem they encountered was with destroying boxes. They kept retention schedules based on the contents of the boxes, but it was a tedious and manual process of sorting through and finding the correct files. 

A third problem arose from how they were tracking records and communicating with agencies. This county was sending spreadsheets through email to monitor and communicate this crucial information. However, this method required them to reenter new data into their online database. With email communication, it sometimes took a long time to hear back from agencies too. A final problem they encountered was with the high cost. Their inflexible record management software didn’t perform up to their standards. Ultimately, this county decided that to improve their workflow they needed new software that could solve these challenges.

Feith’s Solution: The Project

The first step began with a discovery phase. The Feith team wrote up a functional solution design document (FSD) that listed any configurations or changes that were going to be made. Next, to better understand the workflow and logistics needed for uploading 45,000 boxes of records, the Feith team arranged for an in-person meeting at the client’s location. Once on-site, they spoke with end users and then developed a solution to meet the client’s exact specifications.

With Feith’s software, this client will receive better record management, improved reporting, and greater transparency. For example, their communication with outside agencies can now occur through a simple workflow instead of through email. And all their conversation will be in a single location which means they won’t have to search through a cluttered email inbox to see if they received an approval message. Dashboards will give them increased insights into their data. From a glance, they’ll be able to determine which boxes need approval and which need destruction. Moreover, when they’re ready, they can streamline their workflow even further with Feith’s electronic record management solution.

6 Mistakes You’re Making By Using Public Fileshares

If you’re using services like Google Drive, DropBox, Box.net, or SkyDrive for business, here’s why you probably shouldn’t be.

1. Trusting The Public Cloud.

Your coworkers already use applications like Google Drive and Dropbox to share business documents because they are easy to use, but security can be questionable. You should limit users from taking corporate files to the Public Cloud before important information is compromised.

2. Ignoring Your Snowden or Manning While He’s Right Under Your Nose.

Identifying a thief after they’ve gotten away isn’t helpful. Stopping them in the act is. When a file sync and share can report suspicious activity as it happens by monitoring who’s accessing what and how many files, you stop the offender before confidential or damaging documents walk out the door.

3. Disregarding Proper Records Management.

Documents in the Public Cloud are not managed through your Records Management application, are not categorized, administered, or disposed of automatically, and are not conformant to DoD 5015.2. Only when you sync documents with databases that are RMA’d can you start proper records management.

4. Running on Non-Standard Databases.

Oracle Database? SQL Server? Your organization’s technology and staff grow around a specific database. Therefore it’s critical to use, create, and maintain business applications like an enterprise file sync and share that run on that existing database.

5. Forgetting That Your Users Are Already The Users.

Every new application added to a user management platform should tie authentication to the central system, such as Active Directory. It’s unwise to implement a rogue program like a Public Cloud file sync and share that ignores the security and consistency of that process.

6. Losing Your Stuff.

As large numbers of documents are added to the cloud, the only way to easily find the one you’re looking for is through the document’s content. Only an enterprise file sync and share that accesses a universal full-text searchable repository (including OCR’d image content), and uses a familiar interface with which to search it, can do that.

Feith Systems brings leading Records Management software to GSA Schedule 36

Feith Systems brings leading Records Management software to GSA Schedule 36

WASHINGTON DC (2018) — In an effort to increase the access and availability of their records management platform within the US Federal Government, industry-leaders Feith Systems and Software, Inc. have signed on to the GSA’s popular new Schedule 36 (51 600) for Records Management solutions.

The General Services Administration’s updated Schedule 36 seeks to modernize procurement for electronic records management software.

As Feith is now the only Department of Defense 5015.02-certified records management system on Schedule 36, the move to adopt the new category was particularly important to departments and agencies dealing with classified records workloads.

The GSA began moving critical Electronic Records Management software and services under Schedule 36 at the end of 2017. As the Dec. 31st, 2019 deadline of the Managing Government Records Directive quickly approaches, this and other moves to highlight Electronic Records are imperative.

Further, establishing an electronic records management program becomes increasingly important as NARA announced intentions to stop accepting paper-based records in 2022.

At the request of several organizations in the Department of Defense and Intelligence Community and in an effort to simplify procurement of their software, Feith Systems has decided to adopt the new schedule, and finalized a move onto Schedule 36 as of November.

The new schedule provides vendor certification for most of the major areas of Records Management: desktop applications, electronic messages, social media, cloud, digital media, databases, shared drives, and engineering archives. With Feith’s unique ability to support all of these major areas, this was viewed by Feith executives as a strong argument for moving to the new schedule since it emphasizes Feith’s strength across records domains.

As Feith is now the only Department of Defense 5015.02-certified records management system on Schedule 36, the move to adopt the new category was particularly important to departments and agencies dealing with classified records workloads.

For more information about the new GSA Schedule 36 SIN 51 600, navigate here.


Learn how Feith helps over 30 federal organizations with document and records management. 

The EU General Data Protection Regulations & Why it Matters

Let’s talk big picture…
The way we use Personal Identifying Information (PII) has vastly transformed the digital economy in recent years. Advancements in technology that captures, stores, organizes, and analyzes PII have made way for some pretty remarkable means of increasing efficiency and generating greater revenue. And who’s not a fan of that?

So how’s it changing?
Going into effect May 25th 2018, the EU’s new GDPR has serious implications for worldwide companies, so be sure to pay attention. These new regulations warrant that the rights of any individual residing in the European Union will be enforced, even if their data is being processed by companies outside the EU. The focus of the new regulation is to increase user rights as well as increase accountability for people storing or processing data.

If you’re looking for evidence that they mean business, just look at the fines. Up to 20 million euros or 4% of a company’s annual worldwide revenue, whichever is greater. By the way, once the new GDPR goes into effect, that will also include subsidiary companies and partners, even if a subsidiary was not directly involved in processing the data in question. The GDPR also makes it easier for individuals to bring private claims against organizations, including breaches that result in non-material damages. You heard right, individuals can receive compensation for emotional damages as well as financial. Sound a little daunting?

Start planning now…
There are several techniques that organizations can employ to remain in the good graces of the GDPR’s supervisory authorities. The big ones are Anonymization and Obfuscation. By removing PII from data sets, the process of anonymization renders the subject of the data anonymous.

Obfuscation ensures that existing data can’t be traced back to a specific individual. It’s a means of processing information that isolates certain identifying data and organizes it in separate places so that a person might be identified only by combining information from multiple locations.

Kind of a mouthful, huh?
Let’s break it down some more. The whole point of these tighter sanctions is to protect users from being specifically identified based on the information being gathered from their data. There’s no denying the value of the information and in fact one of the pillars of the EU’s Digital Single Market directive is to “[maximize] the growth potential of the digital economy.” The new GDPR is simply aiming to ensure that individuals, and organizations that store and process PII, are all on the same page and level playing field.

The light at the end of the tunnel…
If you’re in an industry dealing in PII (financial, medical, educational, employment) just to name a few, these new regulations make it more important than ever to have a strong Enterprise Content Management system with seamlessly integrated Records Management. Furthermore, having an open line of communication with your ECM system provider to communicate your changing needs will be an invaluable tool in navigating the changing landscape of data protection regulations.

These regulations aren’t so scary if you truly have control over exactly how your data is organized, who can access it, and when it gets disposed of. And if you don’t already have these capabilities, then you’re not getting the most use out of your data anyway.

Just think of these new sanctions as a great excuse to improve efficiency within your organization by adding structure to your data.

After all, the tighter you run your ship, the smoother the sailing.

10 Hard-won Records Management Insights

Here are ten RMA insights, that you don’t want to learn the hard way.

1. Auto-Categorization is not a magic antidote. If you aren’t careful about tagging and organizing your data, you’re making a lot of manual work down the road.

2. Organization is a magic antidote. Get organized upfront. It’s easier to provide structure to data from the beginning, than it will be to structure your data after the fact.

3. Keep It Simply Systematized. Use as few categories as your process allows. The fewer buckets you’re categorizing into, the easier it will be to maintain those categories (but make sure to see 4 below).

4. Metadata is your friend. Make sure your metadata is complete, and will allow you to separate a single category into multiple ones later, if need be. You don’t want to have to separate a category manually, believe me.

5. Be like a Ninja. The more transparent the Records Management process is to your end users, the more likely it is to succeed. Wherever possible, be like an RMA ninja.

6. But also like a Shark. The rules and regulations are always evolving. If you’re not moving your RMA process forward, you’re falling behind, or worse.

7. ‘Business Continuity’ is not just Jargon. It’s not, we swear. If your RMA system doesn’t aid business continuity, it’s not properly supporting your organization. Know it, live it, love it.

8. You’re leaking records. Records in the hands of partners, or on employee cellphones and laptops, are often just as responsive as the ones you keep on site. Know where your organization leaks records.

9. If it’s worth doing, it’s worth doing well. Implementation is key. Get it right the first time to save yourself a lifetime of headache. If you already got it wrong, please accept my condolences.

10. Make friends, a bunch of them. Get buy-in from other departments before you need them for your next project. You’ll thank us later.

Want more of our hard-won insight? Give us a call, or check out our Records Management University event!

JAD Beta – Design the Future of Feith

At Feith Systems, we pride ourselves on our closeness with customers—we like to say that all of our software is born from customer need.

That’s why every year we host JAD- a Joint Application Development session where customers tell us how they’re using the software and what we can do to make it work better for them. Some features that came from past JAD sessions include:

  • Add page- select multiple documents and append a page to them in bulk
  • Record when a user logs into WebFDD for reporting (last login)
  • Print Workflow Diagram to PDF
  • RSS feed to notify customers of new releases.

This year during JAD, we had some of the very first customers using FeithDrive in production participate, which prompted us to look at the application in-depth with the entire JAD audience. We got great feedback on one of the features of FeithDrive from a customer who hasn’t even implemented it yet!

See, in FeithDrive, we save the entire revision history for every document—we do this for a few reasons:

  1. Some clients NEED to preserve a full audit trail for every document they have—we want our software to be compliant with their needs
  2. The convenience of seeing who made changes, when, and being able to see older versions of the documents at a moment’s notice. You only have to overwrite your work once to know the pain of losing it!

Some of our other customers want to ability to turn this off- to have new versions of a document overwrite older versions with no version history preserved.

And we said—why not. As long as the functionality remains in place for customers who need it for compliance, then we don’t see the harm in removing the audit trail for systems that have less strict requirements.

And then another customer had an idea for JAD Beta- that’s right, it wasn’t even our idea! To test new software on the customers we want to use it while it’s still being written.

So here we are—we want your feedback on the software we’re still writing. All we want to do is show it to you and if you happen to say, “what about…” then we’re all ears.

Troubleshooting in 20 Questions

No matter how many possibilities you plan for, you can’t always prevent problems from coming up.

For a technical support representative faced with the responsibility of getting things working again, there’s one technique we use every time, with every problem situation.

If you’ve ever played the game 20 Questions, you know that there’s a technique to finding the correct answer to a completely unknown problem — If you try to guess at the very beginning you won’t get the answer. You have to cut the possibilities down, by asking broad questions:

“Is it alive?”
“Is it man-made?”
“Is it larger than a toaster?”

There are millions of possibilities, but by asking those questions that cut the field in half, we can get to the correct answer pretty quickly. The trick is to make sure that you start at the very highest level. You have to ask questions that divide your remaining possibilities in half each time. In this way, just like in 20 Questions, you should have a fairly solid idea of what’s wrong in about 20 questions – every time, no matter how complicated the problem is.

To ensure you’re cutting things in half, try to keep the questions binary in nature, for instance:

“Did it work before?”
“Is it happening to just one user, or more than one user?”
“Is it happening on just one machine, or more than one machine?”
“Can you reproduce the problem at will, or is it intermittent?”

Soon you will find a once unwieldy problem is cornered into one of 2 or 3 possibilities, each of which can just be directly checked to determine if they are, in fact, the root cause. Of course, once the root-cause is identified – then you can begin the joyous process of fixing it!

Keep Your Information Digital

Here at Feith we live by three words: CAPTURE, MANAGE, DELIVER.

These are the basic components of the document management equation: getting information into your system, managing that information, and getting it into the hands of stakeholders.

You probably already knew that, but it may surprise you to learn that when we talk to customers, the biggest area for improvement is in Capture.

That’s right—getting information into your database is what’s really eating up your team’s time. And whether it is through a web service integration, a high-speed scanning solution, or plain old drag-and-drop, we want to help your team gain back those valuable minutes. So here’s what we’ve learned:

If you want to cut down on the time it takes to do capture your information, then take a step back and connect the dots. Where is all this paper coming from? Paper forms and documents requiring wet signatures are probably the biggest culprits, but there are many times where files are printed and scanned into the database because users do not know any better way.

Try mapping your process end-to-end to see where those files can stay digital, and here’s a hint—you can ask us for help.