Review of corporate information management

Review of the Scottish Government's corporate processes for the storage, retrieval and deployment of corporate information to ensure they are fit-for-purpose.


Training and guidance

Uptake in training

All staff in core SG are expected to use eRDM for their documents and records management. The majority of them would have received face to face training in the legacy application some time ago, in some cases up to 15 years ago. Knowledge of key functionality, the ‘how’, will have dissipated as will an understanding of the business purpose of using eRDM, the ‘why’.

At the end of 2019 a completely modernised web based version of eRDM, known as eRDM Browser, was delivered to all users. The new application addresses many usability issues in the previous version raised by staff, including easier general documents management and improved search functionality. To support its adoption and use a significant education, communications and change management programme was delivered. This included a new blended model of training resources including online modules and webinars that users could self-select and consume in a way that caused minimum disruption to their day job. The minimum standard was a short online overview course explaining how to get the best out of the new system which takes around 30-40 minutes to complete. To date however only around a quarter of users have completed this course. Consideration should be given to making this course mandatory to ensure all staff using eRDM are competent in its key functionality and to drive up adoption and use and reduce the risk of continued use of alternative repositories. 

Defining records and using eRDM

Over time eRDM has become viewed by many staff as an administrative records filing system. It is in fact a business critical information management solution for the day to day management of documents within a corporate file plan with inbuilt records management features. Over time behaviours and habits have continued or been developed where much business information is managed outside of eRDM with the intention in some cases that if its important in some way a final version of an item should or may be ‘filed’ in eRDM, rather than it being the primary source of information and all its versions being properly managed in eRDM.

There is significant variance in understanding among staff about what information should be managed in eRDM, when and why. Different operational interpretations on what constitutes a ‘record’ is one of the factors. Culturally a gap has been allowed to grow between documents and records management when in fact the gap should be quite small to the point where the default is that there is almost no difference. Put simply, the majority of information created within the SG relates to the business activities of the organisation. It is owned by the organisation and to reflect its value it should be protected, properly structured, managed and readily accessible. This is best achieved within eRDM. In effect the organisation needs to put the ‘D’ back in eRDM. Training, guidance and policy should clarify the working definition of what constitutes a SG record and this should be applied consistently. The following is a draft definition for consideration and further refinement: 

Records contain information that is needed for the day to day work of the SG. This includes all versions of recorded information in any form, created or received in the conduct of government business and which can provide evidence of activities, transactions and decisions carried out by, or on behalf of, the organisation. Their value and purpose is to provide a primary source of the truth and reliable evidence of and information about 'who, what, when, and why' something happened. This information must be recorded and managed in the corporate eRDM system.

Clarifying what not to do

Instruction on information and records management is available to staff on what to do, how to do it and to some extent why to do it. However there is very little explicit direction to staff on what not to do and why not to do it. For example there is no specific instruction around managing information in repositories other than eRDM and the risks to the business of doing so. This gap should be closed and training, guidance and policy should be updated or developed to provide clear and explicit instruction around this to remove any ambiguity and reduce risk.

​​​​​​​A corporate approach by default

The organisation should seek to implement measures to have staff manage information in a consistent and corporate manner and where they have access to it this should be done in eRDM. Criteria should be developed against which the management of the organisation’s information in a system other than corporate eRDM is properly managed and authorised. Such criteria acts as a robust test and additional safeguarding layer for the organisation’s business information.

Key principles formed the criteria signed off by the SIRO for the deployment and use of the corporate eDiscovery solution. These principles were necessary, justified and proportionate. These could equally apply to any business scenario where the rationale and justification for not storing and managing information in eRDM is demonstrably set out and signed off by a senior official, possibly the IAO for the business area concerned, and ratified by the SIRO or someone acting on their behalf.

Specific role based training

The training provided to local Information Management Support Officers (IMSOs) should be reviewed. It is currently only focused on records and file management within an eRDM context. This is important but could be broadened to capture wider information management practice such as understanding the information management principles and good email management. The training provided to IAO’s should also be reviewed and broadened from asset management and data protection to include key information management processes and responsibilities.

A general information management best practice course should also be considered for staff working in Directorate and Divisional BMUs. These resources are best placed to understand the business priorities of their area and where good information management can add value and reduce risk.  They provide close support to senior managers and IAOs as well as a degree of oversight of operational teams. The content for this is largely already there as a result of significant updating of material as part of the new blended training model.​​​​​​​

Contact

Email

Email: ceu@gov.scot

Related information

Handling of harassment complaints

Back to top