Isn’t Email Management ALREADY Supposed to be Under Control?

In my previous post — Simple Sounding M-19-21 Requirements are Deceptive — I discussed some of the complexity that underlies the seemingly simple mandates in M-19-21 (“Agencies are encouraged to consider cost-effective opportunities to transition related business processes to an electronic environment in support of the President’s Management Agenda and Reform Plan.”)

A lot of the compliance complexity centers around the multiple content types that fall under the M-19-21 requirements. The 2022 mandate that “NARA will no longer accept transfers of permanent or temporary records in analog formats and will accept records only in electronic format and with appropriate metadata” carries with it a lot more complexity than “simply” (as if!) scanning all of the paper documents.

For example, consider email.

Since the end of 2016, agencies have been under this M-12-18 requirement:

Federal agencies must manage all email records in an electronic format. Email records must be retained in an appropriate electronic system that supports records management and litigation requirements (which may include preservation-inplace models), including the capability to identify, retrieve, and retain the records for as long as they are needed.

So what exactly does the all-digital transfer requirement in M-19-21 mean with respect to email? Here is NARA’s guidance for transfer of e-mail records:

  1. Transfers of email records must consist of an identifiable, organized body of records (not necessarily a traditional series);
  2. Email messages should include delimiters that indicate the beginning and end of each message and the beginning and end of each attachment, if any. Each attachment must be differentiated from the body of the message, and uniquely identified;
  3. Email messages transferred as XML files must be accompanied by any associated document type definitions (dtds), schemas, and/or data dictionaries;
  4. Labels to identify each part of the message (Date, To [all recipients, including cc: and bc: copies], From, Subject, Body, and Attachment) including transmission and receipt information (Time Sent, Time Opened, Message Size, File Name, and similar information, if available). To ensure identification of the sender and addressee(s), agencies that use an email system that identifies users by codes or nicknames, or identifies addressees only by the name of a distribution list should include information with the transfer-level documentation; and
  5. Email converted to formats not natively used by the email program, and which do not maintain header information (such as RTF or Word documents) are not accepted.  Printouts of emails are also not accepted.

Given that e-mail records should have been under control and managed since the end of 2016, where are we with all of this?

Last year’s Federal Email Management Report Records Management Self-Assessment (included in the broader Federal Agency Records Management 2018 Annual Report from NARA) suggests that a lot of gaps still exist, gaps that will be magnified as the new all-electronic transfer requirements in M-19-21 kick in.

This was the third time that NARA required agencies to assess their email management policies and practices against the maturity model established in Criteria for Managing Email Records in Compliance with the Managing Government Records Directive. The maturity model provides five scenarios with progressively improving standards for each of the four domains — policies, systems, access, and disposition. In the assessment (a current one is underway), agencies choose which scenario best describes their current state of email management. The results of the maturity model are rated on a scale of zero to four, with four being the highest level. NARA assigns low, moderate, and high-risk ratings based on the level of achievement.

While progress has been made since the first assessment, 32% of agencies are still under medium or high risk per NARA’s criteria. Overall, 105 agencies (43%) rated their email management maturity levels higher in 2018 than in 2017; 75 agencies (31%) remained the same (some of which were already at a Level 4), and 63 agencies (26%) went down.

The responses to this question in NARA’s annual Records Management Self-Assessment (also known as “RMSA” and included in the Federal Agency Records Management 2018 Annual Report ) indicate that a number of challenges remain, challenges that will be magnified by the 12/31/2022 all-digital transfer requirements in M-19-21:

Are you Email Ready?

Does your agency have documented and approved policies and procedures to implement the guidelines for the transfer of permanent email records to NARA described in NARA Bulletin 2018-01: Format Guidance for the Transfer of Permanent Electronic Records – Appendix A: Tables of File Formats, Section 9 – Email? (36 CFR 1236.22(e))

Next post — what M-19-21 complexities are created by web records?

#NARACompliance #M-19-21