Electronic Records Management Toolkit


To provide a practical set of resources that will assist members of the higher education community in addressing related issues of electronic records management (ERM), e-discovery, and data retention on their own campuses.


We all create and use information every day. Taking care of that information (in all its many forms) is an effort requiring shared responsibility by each member of a specific community. Just figuring out where to start and what needs to be done can be a time-consuming task.

Some institutions have done a lot of work in this area, while others have just gotten started, and still others have done little or nothing. We all have an opportunity to learn from and share with each other. This set of resources is intended to be a collaborative and evolving effort. Please use this forum to share what you have done! It might be just what someone else is looking for. If you have questions or comments regarding this toolkit, or if you'd like to contribute your own material, please contact the Higher Education Information Security Council.

This toolkit will provide valuable information on the following areas:

ERM Background and Context

Interest in records and information management (RIM) continues to increase among university & college leadership due to new compliance regulations and statutes. The growing number of corporate scandals and government incidents involving questionable or deficient records management practices have raised general awareness of and created a critical interest in records compliance, retention period requirements, litigation preparedness, data security & privacy, and many other records and information management issues.

Records management is often seen as an unnecessary or low priority administrative task that can be performed at the lowest levels within an organization. However, this perception is changing as these publicized events have demonstrated that records management is in fact the responsibility of all individuals within an organization.

Electronic Records Management

The general principles of records and information management apply to records in any media, form and format. However, the complex attributes of electronic records (also called digital records) present specific issues that records stored in paper and microfilm do not typically share. For example, it is more difficult to ensure that the content, context and structure of electronic records is preserved and protected.

Several concepts are critical when addressing Electronic Records Management. A simple way to think about it is to imagine all information existing within a lifecycle. From the moment of creation until the time it is no longer needed, information should be managed with care according to a variety of factors, including sensitivity, confidentiality, and desired longevity.

Within the information lifecycle, information may take different forms over time. Definitions are one type of information. Electronic records are those records that have been created or stored using electronic systems.

Records may be grouped into classes according to a variety of factors. Common factors include, but are not limited to, record type, sensitivity, confidentiality, and desired longevity.

Based on those classifications, records can then be scheduled according to their required or desired retention periods, and their recommended method of disposition. In addition, certain classes of records may only be appropriate for access by certain members of a community. Almost all records are subject to Definitions.

The entire process by which an organization creates, classifies, controls, and authorizes access to electronic records is known as Definitions.

Related Topics

Top of page

Practical Guide to Getting Started

So what's the best way to get started? The answer to that question will largely depend on the particular culture of your campus and your knowledge of the players involved.

No matter where you start, though, you likely won't get far unless you have the support of top-level administration, and can build a critical mass of people within the community who understand (and can help others understand) what's at stake.

Who to Involve?

Potential partners include legal counsel, internal auditors, chief information officers, information security officers, privacy officers, records managers, archivists, comptroller, head of student affairs, and head of academic affairs.

What to Do?

Raising Campus Awareness

Need help making the case? Here's a presentation you can tailor to suit your needs and institutional culture. Good luck!

Building and Providing Tools

Information Management Policies

These policies describe expectations for handling certain types of content.

Top of page

What Are Others Doing?

Brigham Young University
Indiana University
The Ohio State University
The Ohio State University Libraries
Pennsylvania State University
University of California
The University of Kansas
University of Missouri System
University of Virginia

Top of page

Additional Resources


Unless otherwise noted*, all definitions are from the Glossary of Records and Information Management Terms, 3rd ed., ARMA International (2007).

List of Records Management Laws for State Agencies





























New Hampshire

New Jersey

New Mexico

New York

North Carolina

North Dakota





Rhode Island

South Carolina

South Dakota







West Virginia



List of Records Management Standards (in progress)

Non-Comprehensive List of Statutory Regulations & Requirements (in progress)

Note: Similar laws exist in other countries. Some examples are included on the Sarbanes-Oxley Act Wikipedia page.

Other Relevant Agencies

Top of page

Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).