In the wake of recent, well-publicized failures in information disclosure, organizations are now reconsidering the importance of effective information management. The court rulings and regulations directly resulting from these failures have created additional liability for organizations, exposing many records retention and compliance programs as insufficient. In Information Nation: Seven Keys to Information Management Compliance, Randolph A. Kahn, Esq., and Barclay T. Blair have crafted an informative, practical guide to help information professionals address these concerns.

Part 1, "Laying Down the Foundations of Information Management Compliance," begins by examining key terms. Numerous definitions of "records" and "records management" are cited, demonstrating variances in how these terms are perceived by different groups of information professionals and how these perceptions have changed with advances in technology. While portions of these initial chapters may only serve as a review for many practitioners, the legal cases reviewed emphasize the importance of understanding how the courts have recently interpreted these terms.

The first chapter, "Why Information Management Matters" examines the effect technology has had in promoting increased distribution and use of information, further complicating the ability to track and manage this resource. This growth coincides with the increasingly significant, strategic role that information management plays in all facets of business operations. The authors effectively explain how the responsibility of managing this resource requires the cooperation and support of all information professionals within an organization.

The role of records management, as a vital component of information management, is also closely examined, with emphasis on compliance. The challenge of managing "trustworthy" electronic records is given particular scrutiny as the authors cite court cases in which this form of evidence has been excluded. Despite these examples, the authors contend that laws are generally technology neutral and provide a list of important considerations for maintaining reliable, authentic electronic records.

Chapter 5 discusses the complications that evolving technologies present in regard to how information assets are managed. As the dissemination of information throughout an organization becomes more fluid, so does the need for all information professionals to have an understanding of their role in information management compliance (IMC). The problems associated with adopting technologies that outpace information management practices and those designed without consideration for compliance are discussed. These problems, which factor into many of the case studies examined, cannot be overemphasized and receive much attention throughout the book. Perspectives from the U.S. Sentencing Commission are also provided in discussion of the U.S. Federal Sentencing Guidelines, which the authors consider central to the structuring of the IMC program they present.

The final chapter of Part 1 takes a closer look at the Sarbanes-Oxley Act and the changes in internal controls that have been recently mandated for governing financial documentation. While portions of this act only affect public corporations and accountants, the authors pointedly focus on specific sections and wording that can be applied universally. Helpful guidelines for creating "records hold" mechanisms are provided in direct response to the sections of this act that are examined.

In Part 2, the authors discuss the seven keys to an effective compliance program. Sample policy statements and guidelines are presented, all of which effectively address the issues discussed in the preceeding chapters.

The first key the authors examine is the importance of clear, concise policies and procedures that contain mechanisms to ensure consistent enforcement. The authors provide thoughtful advice for writing policies that will remain current as technologies change, suggesting that technology-dependent content only be used at the procedural level. The challenges presented by a distributed workforce, obtaining information from a variety of access points, are also examined.

The second important key is executive-level support. Vocal support and funding must come from the highest level, and the authors once again rely on court cases to exemplify instances in which chief executives have been held accountable for lapses in compliance programs.

Key 3 explains the importance of all personnel understanding the role they play in IMC and the effective delegation of authority to those individuals. Collaboration between departments, specifically IT, legal, and records management, is re-emphasized. Although chapter 14 provides an informative model of information management organizational structure, it may be a bit overwhelming for smaller organizations that lack the resources or personnel to support the various components that are suggested.

Key 4 focuses on the importance of communication and training. The authors emphasize that success depends on employees at all levels receiving proper training and instruction relevant to their responsibilities within the organization. Instructor-led training and outside experts are recommended over mass memos or self-guided tutorials for issues of higher importance.

Key 5 discusses the importance of audits and continual monitoring of a compliance program. These activities not only convey a level of importance to the employee but also demonstrate a level of commitment to the courts, regulatory agencies, customers, and the public, thereby promoting trust in the organization.

Key 6, "Effective and Consistent Program Enforcement," is a component found lacking in many of the case studies examined throughout the book. This section adds helpful policy statements and a discussion of the important role IT departments play in creating automatic enforcement through the use of passwords and network monitoring.

Key 7, "Continuous Program Improvement," is partially an overview of themes brought up throughout the book with a closer look at some issues that are certain to change or become more prominent in the future. After a brief conclusion, notes, and index, the book provides a short but detailed directory of industry resources.

Information Nation, through the use of straightforward, concise chapters, provides a surprising amount of information and advice for minimizing the risk of compliance failure in a small volume that is a fast read. Despite the great breadth of issues and the uncertainties that go along with tackling this challenging topic, the book is well structured and should be considered timely reading for anyone involved with an organization's informational strategies.

TITLE: Information Nation: Seven Keys to Information Management Compliance

AUTHOR: Randolph A. Kahn, Esq. and Barclay T. Blair

ISBN: 0-89258-402-5

PUBLISHER: Association for Information and Image Management (AIIM)

PUBLICATION DATE: 2004

LENGTH: 302 pages

PRICE: $30 U.S.

SOURCE: ARMA International Bookstore, www.arma.org/bookstore

Gary Cox is the Reference and Public Service Archivist at the University of Missouri-Columbia. He may be contacted at coxgd@missouri.edu.