by Jatheon

How to Ensure NARA Email Compliance: A Guide for Government Agencies

In 2017, the National Archives and Records Administration (NARA) and the Office of Management and Budget (OMB) released a directive mandating that all government agencies manage their electronic records, including email and mobile text messages.

The mandate, which is still in effect, included the ability to identify, store, retrieve, and retain electronic records so that agencies can locate and deliver them in a timely manner, knowing they are trustworthy and complete.

In 2022, NARA and OMB released a new memo, which serves as an update to the Transition to Electronic Records. It mandates all government agencies to complete their transition to electronic records by June 30, 2024, in order to ensure NARA compliance.

In 2017, NARA and OMB released a directive requiring all government agencies to manage electronic records, including emails and texts, by the end of 2019.

In 2022, this directive was updated, mandating a full transition to digital  records management by June 30, 2024 for NARA compliance.

To facilitate the implementation process and compliance, NARA introduced universal electronic records management (ERM) requirements based on existing regulations, divided into six sections of the digital records lifecycle.

1. Capture
Capturing electronic records means placing objects under records management control for disposition and access purposes.

2. Maintenance and Use
The process of managing records through their most active stage. This includes ensuring that records will remain usable if they are migrated and transformed as systems change.

3. Disposal
When electronic records have met their retention period and no longer have business or regulatory value to the organization, they can be destroyed in accordance with their records retention schedule.

4. Transfer
Records identified as having historical value are considered permanent records. Such records are kept by the agency for a period of time specified by the records retention schedule, after which they are legally transferred to NARA for permanent storage.

5. Metadata
Identifiers that describe the context, content, and structure of the records. Examples include the author, document type, date, record category, file size, etc.

6. Reporting
Generating reports to allow further analysis and demonstrate effective controls and compliance. Such reports may include search results, records eligible for disposition, audit logs etc.

There are additional digital record management requirements which must be followed throughout the ERM lifecycle:

  1. Agencies must manage all electronic records including all recorded information, regardless of form or characteristics, made or received by a federal agency as evidence of the organization, policies, decisions, procedures, operations and other activities.
  2. Agencies should monitor and review access rights and permission rules for electronic records regularly.
  3. Agencies must have controls to prevent unauthorized access, alteration, or destruction of records.
  4. Agencies should regularly monitor and evaluate their records control systems.
  5. Agencies retain responsibility for managing their electronic records, regardless of whether they reside in a public, private, or community cloud, contracting environment, or under the agency’s physical control.
  6. The records system must have the ability to prevent unauthorized access, modification, or deletion of records, and must ensure that audit trails are in place to track the use of records.
  7. Agencies must be responsible for monitoring changes to third-party terms of service that may affect the management of records.

To help agencies manage electronic records, NARA released the universal electronic records management (ERM) requirements derived from “existing NARA regulations, policy, and guidance.” The requirements are divided into six sections based on the lifecycle of digital records management:

These requirements are either program requirements related to the design and implementation of an agency’s ERM policies and procedures or system requirements that can serve as technical guidance to vendors in creating archiving and ERM tools and as specifications for agencies to consider when procuring them in a NARA compliant manner.

See how data archiving can simplify compliance and ediscovery for your organization

Book a short demo to see all the key features in action and get more information.

Get a Demo

Jatheon is a “Trail Blazer” in The Radicati Group’s 2024 Information Archiving MQ

Share via
Copy link
Powered by Social Snap