Special thanks to the wonderful volunteers who have

given so much of their time and expertise to the

Information Body of Knowledge project, most especially
D. Madrid who has led these volunteer efforts. Additional
thanks to Lori Ashley, Laurence Hart, Ron Layel (Records
& Information Management), Kevin Parker (Information
Architecture), Ann Snyder, and the many other people who
have contributed in meaningful ways to this effort.
Contents
ABOUT THE ARMA GUIDE TO THE INFORMATION
PROFESSION ............................................................7
Process .....................................................................8
Scope ..................................................................10
Goal .........................................................................10
ABOUT ARMA .........................................................11
About The ARMA ................................................12
The ARMA Guide, Expanded ...................................12
The Information Profession .................................14
Disciplines Of The Information Profession ...............14
Archiving .............................................................17
Compliance .........................................................17
Information Leadership / Strategy .......................18
Information Management ....................................19
Information Technology (IT) ................................19
Legal ...................................................................20
Privacy ................................................................21
Records Management .........................................22
Security ...............................................................23
Information Profession & ARMA Guide Elements ....24
Core Elements.....................................................24
Risk Elements .....................................................25
Value Elements ...................................................26
Structural / Process Elements .............................27
Emerging Elements .............................................28
THE ARMA GUIDE TO THE INFORMATION
PROFESSION ..........................................................29
FOUNDATIONAL CONCEPTS ................................30
 Content or Data or Document or Information or
Knowledge or Record? ........................................31
Governance, Strategy, & Management ...............33
Records Management In Flux .............................34
Information Lifecycle ...........................................36
Capture, Digitization, Imaging, Native Creation,
Scanning, & Upload.............................................38
Information Assurance vs. Information Security ..39
Backup, Business Continuity, Disaster Recovery,
and Information Assurance .................................40
CORE ELEMENTS...................................................42
Archiving .............................................................43
Content Management ..........................................44
Data Governance ................................................45
Data Management ...............................................46
Data Storage .......................................................47
Document Management ......................................48
Electronic Records Management ........................49
Enterprise Content Management (ECM) .............51
Enterprise File Synchronization & Sharing ..........53
Information Architecture ......................................54
Information Governance ......................................55
Information Management ....................................57
Knowledge Management.....................................58
Records Management .........................................58
Traditional Records Management .......................60
Web Content Management .................................61
RISK ELEMENTS.....................................................63
Audit ....................................................................64
Backup ................................................................65
 Compliance .........................................................66
Disaster Recovery ...............................................67
Discovery / eDiscovery ........................................68
Information Access ..............................................69
Information Assurance ........................................69
Information Security (Information Protection) ......70
Privacy ................................................................71
STRUCTURAL / PROCESS ELEMENTS ................72
Auto-Classification...............................................73
Business Process Management ..........................74
Capture ...............................................................75
Change Management ..........................................75
Content Services .................................................76
Digitization ...........................................................77
Enterprise Search................................................77
Forms ..................................................................78
Imaging ...............................................................79
Information Technology .......................................80
Interoperability .....................................................81
Metadata .............................................................81
Metrics.................................................................82
Migration .............................................................83
Mobility ................................................................84
Native Creation / Upload .....................................84
Search .................................................................85
Social Media ........................................................86
Taxonomy ...........................................................87
Workflow .............................................................87
VALUE ELEMENTS .................................................89
 Big Data ..............................................................90
Business Analysis ...............................................90
Business Intelligence...........................................91
Collaboration .......................................................92
Content Analytics ................................................93
Data Analytics .....................................................94
Data Visualization................................................95
Digital Transformation .........................................95
Usability ...............................................................96
User Experience ..................................................97
EMERGING ELEMENTS .........................................98
Artificial Intelligence.............................................99
Blockchain ...........................................................99
Deep Learning ...................................................100
Records & Information Management (RIM) .......100
Retention Management .....................................101
ABOUT THE ARMA
GUIDE TO THE
INFORMATION
PROFESSION
About The ARMA Guide
To The Information
Profession
The ARMA Guide To The Information Profession
(originally, the Information Body of Knowledge
[InfoBOK]) is the community-driven open source body
of knowledge for the Information Profession. An
Information Professional is anyone who, for one of
their major job tasks, manages or governs information
(content, data, documents, knowledge, or Records),
the systems that contain information, or the policies
and practices by which information workers must
abide.
The ARMA Guide To The Information Profession
("ARMA Guide") establishes the major areas of
knowledge which must be attained to successfully be
an Information Professional and provides a common
terminology, understandings, and strategies amongst
the various sub-disciplines of the Information
Profession.

Process
Unlike other efforts to codify the knowledge of the
Information Profession, this venture relies heavily on
the Information Profession itself, the community, to
willingly share its knowledge. This undertaking started
with a gathering of frequently utilized terms in the
Information Profession, regardless of whether those
terms were processes, disciplines, technologies, or
something else. We then brought that exhaustive list
of terms to the community and had an open selection
period with a simple task - select the terms that
encompass the Information Profession.
After 9 months of open selection, we accumulated
over 1400 selections. Our threshold for inclusion was
initially 50% however, we found that several of the
topics between 30%-50% acceptance were also
required to fully rationalize a comprehensive
understanding of the profession. Therefore, we
decided to include those topics as well, with the
qualifier that they will be labeled as “Ascending
Elements” or “Descending Elements” in future editions
of the ARMA Guide and related INFORMATION: The
Comprehensive Overview of the Information
Profession Book.
Once the list was compiled, the community was
invited to join us in both defining each of these
elements and establishing the most important aspects
to know about each of the elements. With some
editing and revision, those definitions and ‘things to
know’ are listed here within the INFORMATION Book
and comprise the ARMA Guide.
The ARMA Guide consists of the list of 62 elements.
The elements are organized for clear understanding,
defined with the addition of several points of
knowledge an Information Professional must know.
This guide includes additional analysis of each
element and extrapolating of those points of
knowledge. The ARMA Guide is available as a free
download and is licensed under an open source
license, the Creative Commons CC BY-ND 3.0 US
license.
By releasing the ARMA Guide under an open source
license, we are making it widely and freely available
to all. It can be used by Colleges and Universities
looking to establish a comprehensive educational
framework, by companies as their program for
ongoing professional development, for personal
development, and the uses are infinite.
Scope
The scope of the ARMA Guide is the majority of
topics that one should know as an Information
Professional. It is as expansive as the community has
selected and excludes what the community has
eliminated.

Goal
The goal of the ARMA Guide is to define the terms
and identifies the most important components to know
about the various elements that comprise the
Information Profession. In the initial iteration of the
ARMA Guide, the goal was to include the “must-have”
knowledge for anyone working within the Information
Profession. Future iterations of the ARMA Guide will
improve and expand upon this baseline knowledge.
ABOUT ARMA
About The ARMA
ARMA International (www.arma.org) is the world’s
leading membership organization serving
professionals who manage and govern information
assets. It provides information professionals with the
resources, tools, and training they need to effectively
manage records and information within an established
information governance framework. Works that are
associated with the framework include the Principles,
the Information Governance Maturity Model and the
Information Governance Body of Knowledge
(IGBOK). ARMA recognizes professionals who have
mastered these concepts through the Information
Governance Professional (IGP) Certification.

The ARMA Guide,

Expanded
The ARMA Guide is also available in an expanded
version with commentary, analysis, and put in the
larger context of a comprehensive understanding of
the Information Profession in the book Information:
The Comprehensive Overview of the Information
Profession by Nick Inglis, also available through
ARMA.
THE INFORMATION
PROFESSION
The Information
Profession
The “Information Profession” is a loosely defined
group of people, working in companies, whose
primary function is related to information - this
includes everyone from CIOs making major policy
decisions and leading their organizations through to
imaging specialists sitting in front of scanners with
piles of paper to digitize.
I believe that the Information Profession is a
profession that exists now and requires a guide to
support that profession’s maturity and acceptance by
companies and the market. In the early 1980s the
Project Management profession, which everyone
accepts as a profession and discipline now, did not
have such acceptance until a group called PMI
developed a body of knowledge and designation
called the PMP (or Project Management
Professional). We believe that the Information
Profession is likewise overdue for this acceptance.

Disciplines Of The
Information Profession
I believe that there are many disciplines that belong
within the now loosely defined Information Profession.
In the ARMA Guide and this INFORMATION Book, I
categorize those disciplines into 9 categories:
Archiving, Compliance, Information Leadership /
Strategy, Information Management, Information
Technology (IT), Legal, Privacy, Records
Management, and Security.
This understanding and dissection of the information
profession aligns very closely with the ARMA
Information Governance Core Concepts, presented
graphically on the following page.
Archiving
Archiving roles include job titles such as archivist,
archiving fellow, archivist intern, archival
transcriptionist, library program manager (special
collections), archivist & librarian, university archivist,
government archivist, museum archivist, chief
librarian, library archives officer, etc.
Archiving often overlaps with records management
roles and associations, as well as with library roles.
Associations serving the archiving disciplines are the
SAA (Society of American Archivists), ACA (Academy
of Certified Archivists), IASSIST (Association for
Social Science Information Services and Technology),
ARMA (Association of Records Managers and
Administrators), ICA (International Council on
Archives), and others.

Compliance
Compliance as a discipline includes job titles such as
director of compliance, chief compliance officer,
global head of compliance, compliance manager,
compliance associate, fraud investigator, compliance
administrator, etc. These roles support the
organization’s compliance efforts or ensure that their
organizations comply with applicable regulations
and/or internal guidelines. Roles within compliance
range from C-suite positions through to entry-level
jobs.
Compliance roles are governed by multiple
associations such as ICA (International Compliance
Association), RCA (Regulatory Compliance
Association), SCCE (Society of Corporate
Compliance and Ethics), IARCP (International
Association of Risk and Compliance Professionals),
NSCP (National Society of Compliance
Professionals), CCB (Compliance Certification
Board), and ECA (Ethics & Compliance Association),
as well as groups that serve a particular sector, such
as AICP (Association of Insurance Compliance
Professionals) and HCCA (Health Care Compliance
Association).
Compliance roles often overlap with the information
profession with some roles most firmly considered to
be within the profession than others, all dependent
upon the specific job tasks of the role. For some
compliance positions, a complete understanding of
information systems is a requirement for success,
while others do not leverage information systems
beyond that of the typical employee of the
organization.

Information Leadership
/ Strategy
Information leadership and information strategy roles
include positions such as CIO (chief information
officer), CSO (chief security officer), CISO (chief
information security officer), CIGO (chief information
governance oficer), CDO (chief data officer), CDIO
(chief digital information officer), CKO (chief
knowledge officer), director of information
management, information governance director,
information director, director of information security,
director of knowledge, etc.
Information leadership roles are governed by a variety
of associations and quasi-association organizations,
often with publications or events specifically catering
to one of the aforementioned roles. The groups are
too numerous to list and sometimes are segmented
by industry.
ARMA International is one of the organizations that
caters specifically to information leadership and
information strategy roles - focusing heavily on
establishing an overall organizational strategy for
information.

Information
Management
Information Management roles span positions from
Chief Information Officer, to Document Clerk,
including Director of Information Management,
Information Manager, Records & Information
Manager, Archivist, Librarian, Document Controller,
Document Manager, Scanner Operator, File Clerk,
etc. Roles also may be technology specific such as
SharePoint Manager or Documentum Specialist.
Information Management roles are guided and served
by a variety of associations, including ARMA
International, AIIM (now the Association for Intelligent
Information Management). Other industry-specific
associations such as AHIMA (American Health
Information Management Association) guide and
serve specific segments of the Information
Management discipline.
Other resources for Information Management roles
include the vendors of the many products and
services supplied to the market - providing
technology-specific guidance to perform many of the
typical tasks for managing information.

Information Technology
(IT)
Information technology (IT) roles include chief
information officer (CIO), chief technology officer
(CTO), director of IT, IT manager, IT service
professional, IT helpdesk, database manager,
development director, software engineer, systems
analyst, technical support, network engineer,
technical consultant, software tester, web developer,
etc. Roles also often include technology-specific roles
including titles such as PeopleSoft administrator,
SharePoint manager, etc.
IT roles are governed by a wide array of associations
such as Association for Computing Machinery (ACM),
Association of Information Technology Professionals
(AITP), Association of Shareware Professionals
(ASP), Association for Women in Computing (AWC),
Independent Computer Consultants Association
(ICCA), Institute of Electrical and Electronics
Engineers (IEEE), Network Professional Association
(NPA), Software Development Forum (SDF), Women
in Technology (WIT), CompTIA, and National
Association of Programmers. There are also many
software-specific groups that may be funded by
software vendors or that are grassroots in various
local markets that help guide IT professionals.
IT roles often overlap with the information profession
since they often handle the technical execution of
policy and strategy within organizational technologies.
Some roles, however, may have less overlap than
others with the information profession - for example, a
database administrator may be tasked with ensuring
uptime of various database applications with little
interaction with the actual data within the database. In
this example, the individual is clearly a part of the IT
operation but likely not a part of the information
profession.

Legal
Legal roles that are often a part of the information
profession include general counsel, assistant general
counsel, legal information officer, contract specialist,
legal specialist, of counsel, law librarian, legal
counsel, and paralegal, among others.
Associations serving the legal profession related to
the information profession include NLA (National
Lawyers Association), ACEDS (Association of
Certified eDiscovery Specialists), OLP (the
Organization of Legal Professionals), NALA (National
Association of Legal Assistants), NALS (formerly the
National Association of Legal Secretaries, now simply
NALS), NFPA (National Federation of Paralegal
Associations), ALA (Association of Legal
Administrators), and an array of associations that are
specific to an area of practice or state/region.
Not all legal roles are a part of the information
profession, but many more than those that currently
consider themselves a part of it likely are. Legal
professionals in law firms and corporate lawyers are
required to have specific information-handling
practices that place them within the information
profession whether they acknowledge it as such or
not.

Privacy
Privacy roles are growing within organizations today
as data breaches continue to harm many corporate
brands. Privacy roles include CPO (chief privacy
officer), privacy manager, director of privacy, privacy
analyst, privacy program manager, vice president of
privacy, etc., as well as roles specific to particular
regulations or particular industries such as HIPAA
privacy officer, health privacy director, or bank
secrecy act officer.
Privacy roles are served by IAPP (International
Association of Privacy Professionals) and EPA
(European Privacy Association), in addition to
associations specific to particular industries.
Privacy roles are often excluded from the information
profession as it is a growing disciplinary field.
However, all privacy roles should be included within
the information profession.

Records Management
Traditional Records Management roles are a part of
the Information Profession and include Records
Manager, Director of Records, Chief Records Officer,
Records Clerk, Records Associate, and other related
roles.
Many evolving Records Management programs use
the term Records and Information Management (RIM)
to label and define the cross-disciplinary roles that
come from combining and overlapping Records
Management and Information Management
disciplines. Please see the Foundational Concept of
“Records Management in Flux”.
Associations serving the Records Management
profession are ARMA International, IRMS (Information
and Records Management Society, primarily in the
UK and Europe), ICRM (Institute of Certified Records
Managers), ARA (Archives and Records Association),
NARA (National Archives & Records Administration),
NAGARA (National Association of Government
Archives & Records Administrators), and
occasionally, AIIM (Association of Intelligent
Information Management). Records Management
associations also occasionally overlap with Archiving
roles given the closeness of the two professions and
professional bodies of knowledge.
In ARMA's view, Records Management is a sub-
discipline of Information Management - this guide
affirms that understanding.
Security
Security roles are, like privacy roles, growing within
organizations today - in direct response to ongoing
concerns of data breaches. Security roles include
CISO (chief information security officer), information
assurance analyst, IT security engineer, security
administrator, IT security officer, risk analyst, incident
response specialist, ethical hacker, penetration tester,
business continuity manager, malware analyst,
security auditor, security analyst, etc.
Security roles are served by a variety of associations
depending upon the type of security role, including
CompTIA, EC_Council, GIAC (Global Information
Assurance Certification), ISACA (formerly Information
Systems Audit & Control Association), ISC2
(International Information System Security
Certification Consortium), and ISSA (Information
Systems Security Association), among others.
Security roles most often lean towards the technical
and IT-driven functions, but increasingly are aligning
with the information profession - security previously
only focusing on technologies now looking towards
the information assets that are being protected. This
means that some roles within the security discipline
should be considered a part of the information
profession.
Information Profession
& ARMA Guide Elements
With the varied disciplines that comprise the
information profession, there are a wide array of job
duties, task areas, and information types (collectively
“elements”) contained within and shared between
those many disciplines. To gain a clear understanding
of these elements, we workshopped a categorization
method with our core ARMA Guide team, eventually
deciding on a four-categorization model that we
believe encompasses all of the elements of both the
information profession and the ARMA Guide. Those
categories are Core Elements, Risk Elements,
Structural/Process Elements, and Value Elements. In
addition to the four categories, we’ve added a fifth,
Emerging Elements, to encompass elements that are
still coming to the fore.

Core Elements
The Core Elements, are all interrelated but are not all-
encompassing. Core Elements of the Information
Profession include:
• Archiving
• Content Management
• Data Governance
• Data Management
• Data Storage
• Document Management
• Electronic Records Management
• Enterprise Content Management
• Enterprise File Sync & Sharing
• Information Architecture
• Information Governance
• Information Management
• Knowledge Management
• Records Management
 • Traditional Records Management
• Web Content Management
There may be additional Core Elements that exist
within the Information Profession. However, they are
what we call “Niche Cores”, areas like Health
Information Management (specific to a particular
industry, in this case, healthcare), Microfiche
Processing (specific to a particular piece of
technology, in this case, Microfiche), and
Stenography (among smaller disciplines). All of these
“Niche Cores” reside within the Information
Profession, however, their disciplinary knowledge is
specific and not universal. While we believe that the
knowledge of a Stenographer, for example, is
incredibly important - we do not believe that all people
within the Information Profession need to have an
understanding of that knowledge.
We encourage those members of the Information
Profession whose knowledge resides within a Niche
Core to contribute to the ARMA Guide project through
ARMA International, where that knowledge can be
shared with the community on an “as needed” basis.
Since the ARMA Guide is released under an Open
Source license, we hope that the ARMA Guide can be
extended by leaders of Niche Core disciplines for
usage within that discipline. We would appreciate
lending a hand to help in those efforts.

Risk Elements
Encompassing the elements of the ARMA Guide that
reduce organizational risk, the nine Risk Elements
are:
• Audit
• Backup
• Compliance
• Disaster recovery
• eDiscovery
 • Information access
• Information assurance
• Information security
• Privacy
There are likely other risk elements that exist within
the information profession, and others may emerge as
new technology and technique advances create new
elements. There may also be elements within a
specific knowledge base or that are not universal, and
therefore would not be included in the ARMA Guide.

Value Elements
Value elements within the ARMA Guide To The
Information Profession are elements that help
increase the value of information within an
organization. The 10 Value Elements are:
• Big data
• Business analysis
• Business intelligence
• Collaboration
• Content analytics
• Data analytics
• Digital transformation
• Usability
• User experience
As with Risk Elements, there are likely other Value
Elements that exist within the information profession
and others which may emerge as new technology and
technique advances create new ones. There may also
be elements within a specific knowledge base, the
knowledge of which is specific and not universal,
which, likewise, would not be included in the ARMA
Guide.
Structural / Process
Elements
Another categorization of Elements within the ARMA
Guide To The Information Profession is
Structural/Process Elements. Structural/Process
Elements may be applicable to both risk and value, or
may be simply neutral but whose importance doesn’t
ingrain itself into the Core of the ARMA Guide. The 20
Structural Elements of the ARMA Guide include:
• Auto-Classification
• Business Process Management
• Capture
• Change Management
• Content Services
• Digitization
• Enterprise Search
• Forms
• Imaging
• Information Technology (IT)
• Interoperability
• Metadata
• Metrics
• Migration
• Mobility
• Native Creation / Upload
• Search
• Social Media
• Taxonomy
• Workflow
As with Risk Elements and Value Elements before it,
there are likely other Structural Elements that exist
within the Information Profession and others which
may emerge as new technology and technique
advances create new Elements. There may also be
Elements within a specific knowledge base, the
knowledge of which is specific and not universal
which, likewise, would not be included in the ARMA
Guide To The Information Profession.

Emerging Elements
Our last categorization of elements in the Information
Body of Knowledge is Emerging Elements. These are
terms decided upon by our ARMA Guide To The
Information Profession team that have come to the
fore during the creation of the first version of the
ARMA Guide. These terms may remain in the future
or be deprecated; they are unknowns that we are
seeking to be made known but are nonetheless
important. These terms include:
• Artificial intelligence
• Blockchain
• Deep learning
• Machine learning
• Process automation (including RPA)
• Records & information management
(RIM)
• Retention management
THE ARMA
GUIDE TO THE
INFORMATION
PROFESSION
FOUNDATIONAL
CONCEPTS
Foundational Concepts
Words matter and word choices matter. In any
profession that is looking to move forward in maturity,
there are often vernacular issues that make gaining a
comprehensive understanding of the profession a
challenge. This is one of the reasons bodies of
knowledge are so incredibly helpful: they help to
clarify the vocabulary of a profession.
The information profession is filled with confusing
terms, misused terms, and confusing acronyms. We
revel in using words like “content” and “document”
interchangeably (they’re not interchangeable) and
misunderstand the differences between “governance”
and “management,” all the while tossing around
acronyms like ECM, BPM, ERM, IG, and EPR. Ok, I
made up that last acronym, but if I didn’t tell you that,
you might not have been sure. So, you can see that
the issues are numerous.

Content or Data or
Document or
Information or
Knowledge or Record?
One of the biggest issues with the information
profession is the misunderstanding and misuse of our
information types: content, data, documents,
knowledge, and records.
Each information type has a separate and distinct
definition, and the terms are not interchangeable.
Each type of information is, however, information. For
example, all content is information but not all
information is content. Confused yet? That’s why
these issues exist.
Without a proper understanding of these terms, we
cannot have a shared vocabulary across the
information profession - this is the most important
barrier that we remove in this effort. We believe that
the easiest way to understand the differences
between these terms is visually:

Everything, whether unstructured or structured (or

even semi-structured), is information. Content is
unstructured information while data is structured (this
is easiest to understand through the structure of a
database). Data tends to be relational while content
tends not to be.
Documents are a type of content, semi-structured,
through the use of a container (either paper or Word
or PDF most commonly). Knowledge is a
repurposable type of information that tends to include
content more often than data. The goal of knowledge
is for it to be shared between individuals within an
organization (think of best practices resources).
Records, like knowledge, can also be content or data
and serve as evidence of a transaction or information
that rises to the importance of being preserved.
Through this visual understanding, we know several
things:
• Content is unstructured
• Documents are semi-structured
• Data is structured
• Knowledge can be found in any form
• Records can be found in any form
• All documents are content
• Not all content can be considered
documents
• All documents are Information
• Not all information is documents
• All content is Information
• Not all information is content
• Content is not data
• Data is not content
• Everything is information

Governance, Strategy, &

Management
We use terms like “governance,” “strategy,” and
“management” after the words content, data,
document, information, knowledge, and record, but
we frequently use these terms improperly. For
instance, records managers tend not to utilize a term
such as “records governance” or “records strategy.”
However, they likely should use these terms to
describe the high-level planning, policy, and
coordination that records managers do.
Governance and strategy are, for the information
profession, interchangeable terms. For example,
information governance and information strategy refer
to the same work, whereas information management
is different.
The terms “governance” or “strategy” should be used
to describe high-level planning, policy, and
coordination. Whereas the term “management” should
be used to describe the tactical execution of said
planning, policy, and coordination. The two sides
must coexist.

Records Management In
Flux
In my view, records management is currently in
transition, and we don't yet know what form it will
eventually take on. There are seemingly four differing
views of where records management is moving. For
most, records management remains a sub-discipline
of information management, operating independently.
For others, records management itself is splitting into
two different disciplines - one focused on the
traditional (paper and physical records), the other
focused on the electronic (electronic and digital
records). A third prevalent view is to combine records
management with information management as a
single unified discipline (records & information
management [RIM]). In addition to these three
approaches, a non-standard approach has begun to
find its early adopters - retention management, in
which all information is treated equally and the focus
shifts to the lengths of time that categories of
information must be kept by an organization.
Records management. in my estimation,
encompasses both electronic records management
and traditional records management. Where there is
overlap, that area can be referred to as records
management, the highest level of guidance. The
divergent areas between the two should be referred to
as their specific sub-discipline - either Electronic
Records Management or Traditional Records
Management.
At the same time as there is a splitting between
Electronic Records Management and Traditional
Records Management, there is also a movement
growing that is taking the two separate disciplines of
Records Management and Information Management
and combining them under a single moniker -
“Records and Information Management” or “Recorded
Information Management” or simply “RIM”. We
address this along with what we refer to as “Retention
Management” in our Emerging Elements section.
Alternatively, a new approach referred to as Retention
Management shifts the focus from the Record to the
length of time information is kept before disposition.
Retention is not just for Records; it is for all
information. Many companies and organizations
cannot move to this method because of regulatory or
compliance requirements placed on them to maintain
Records specifically (which the Retention
Management approach does not do). We address
“Retention Management”, as well, in our Emerging
Elements section.

At this point, Records Management remains in flux

with many organizations still struggling to find their
appropriate path forward.

Information Lifecycle
The information lifecycle is a common term used to
describe the pathways in which information flows in
an organization. While it is often expressed in terms
of stages, it can also be used as a tool to map specific
organizational flows. Many versions of the information
lifecycle have appeared from a variety of sources over
the years; here is our simplified version:

1. All information flows begin at capture (more

on this in the next piece).
2. The information then becomes useful to the
organization and it moves into the collaboration
phase. Collaboration may be as simple as a
technology showing the information to a person
or as complex as multi-user editing and
workflow.
3. Version control is often applied as changes
or edits are made.
4. Information is then retained and/or stored
based on either records management
principles or retention management principles,
or it is simply retained as organizational
information.
 5. Any organizational information may be
subject to legal holds or discovery. Therefore,
throughout the lifecycle there should be an
applicability of holds or discovery.
6. Finally, information should be either
disposed of or archived.

Capture, Digitization,
Imaging, Native
Creation, Scanning, &
Upload
Another common area of confusion is at the beginning
of the information lifecycle. “Capture,” “Digitization,"
“Imaging,” “Native Creation,” “Scanning,” and
“Upload” all have distinct meanings despite their
being commonly confused and misused.
From this visual on the following page, we can see a
hierarchy for capture-related terms:
• Capture
o Scanning (any type of conversion of a physical
item into digital format)
 Imaging (scanning to a picture format,
e.g. jpg, png, basic pdf)
 Digitization (scanning to readable format
or extraction of metadata)
o File Upload (Moving a piece of information into
a system)
o Native Creation (Creating a piece of
information in a system, e.g. Microsoft Word
file created in Microsoft SharePoint or Google
Doc created in Google Drive)
Information Assurance
vs. Information Security
Though frequently used interchangeably, the terms
“information assurance” and “information security” are
distinctly different. Information assurance has a
broader scope than information security (which could
also be followed by cybersecurity with an even more
limited scope). Information assurance encompasses
information security.
Information security (also referred to as information
protection) focuses on the protection of information
assets and information systems. Information
assurance has the broader focus of ensuring system
reliability, information quality, and information
recovery. Information assurance includes business
continuity and disaster recovery functions in addition
to information security functions.

Backup, Business
Continuity, Disaster
Recovery, and
Information Assurance
Other terms that are frequently misused are “backup,”
“business continuity,” “disaster recovery,” and
“information assurance.” The terms have different
goals and different scales despite being often used
interchangeably and incorrectly.
The term with the smallest scope is backup, which
refers to information loss prevention through regular
copying or making of backups that are generally
stored in an external location. With a larger scope is
disaster recovery, which encompasses backup but
looks at the recovery of systems as well as the
information contained within them in the event of an
information loss event.
Business continuity is yet larger in scale,
encompassing disaster recovery, expanding that
mission with planning for the resumption of business
operations after an information loss event. The
highest scale of our terms is information assurance,
which goes beyond disaster recovery and business
continuity to also include information security aspects
and information reliability/quality standards. Shown
graphically:
CORE ELEMENTS
Archiving
Definition
Archiving is the process of transferring information
objects and artifacts including their metadata for long-
term preservation and access. Archived Information
may have heritage or historical value or may be
required long-term for governance, regulatory
compliance, legal protection, and defense, as well as
operational needs.

Key Points
1. Archiving is focused on information and artifacts
requiring continued authenticity, usability, and
integrity over successive generations of custodians
and technologies.
2. An Archive is an institution or repository that has
accepted responsibility for the preservation and
management of long-term information assets.
3. Certified professional archivists and librarians
typically perform duties associated with the appraisal,
organization, description, accessioning, preservation
of and access to physical and digital materials
deemed to have long-term or permanent retention
value.
4. Archives exist at all levels in the public sector -
federal/national, state and provincial and local
government - as well as in corporations, religious
institutions, non-governmental (NGO) and not-for-
profit organizations, cultural heritage institutions, and
private collections.
5. Terminology: Archiving refers to the discipline;
Archives refers to the storage location; Archivist refers
to the individual.
6. “Archiving” and “Archives” as used here differs from
a common use of these terms in IT operations, where
it is frequently used a synonym of “backup”. In this IT
context, the terms refer to a temporary copy of sets of
data created and kept outside the primary
system/database for purposes of recovery and
continued functionality in event of a system failure or
unintended loss/deletion of the data.

Content Management
Definition
Content management is an umbrella term that
encompasses enterprise content management,
document management, and web content
management. It is the process and technology that
supports the creation and capture, accessibility,
publishing and/or collaboration, version control,
retention and storage, disposal, search, and
protection of content (unstructured information).

Key Points
1. Content management is focused on unstructured or
semi-structured information.
2. Content management does not manage data.
3. Content is not data, data is not content.
4. Content management may feed content into
knowledge management.
5. Content management may feed content into
records management.
6. Content management has many sub-disciplines,
like enterprise content management, document
management, and web content management.
7. Content management systems support the
beginning stages of the information lifecycle.
8. Content management systems don’t always
support the ending stages of the information lifecycle.

Data Governance
Definition
Data Governance is the overarching and coordinating
strategy for all organizational data. Data Governance
takes its high-level direction from Information
Governance. Related to organizational data, Data
Governance extends the authorities, supports,
processes, capabilities, structures, and infrastructure
from Information Governance. Data Governance is
primarily focused on data accessibility, data use, and
data security, with the goal of ensuring data quality
and data integrity.

Key Points
1. Data Governance is one of the two highest sub-
disciplines of Information Governance (shared with
Content Governance - see “Content Management”).
2. Data Governance is about planning, policy, and
strategy.
3. Ensures data quality and integrity throughout the
Information Lifecycle.
4. Data Governance is often established through a
council, team, or group. Not through a single person’s
direction.
5. With guidance provided by Information
Governance, Data Governance should establish the
authorities, supports, processes, capabilities,
structures, and infrastructure related to organizational
data.
6. Data Governance efforts often focus on the data
accessibility, usage, and security - while ensuring
data quality and data integrity.

Data Management
Definition
Data management is the practice of ensuring data
integrity, reliability, security, and accessibility. It is
focused on the architecture, practices, and processes
of structured information. Data management is the
tactical execution of data governance (an aspect of
information governance) concerned with the quality
and accessibility of data.

Key Points
1. Data management is the tactical execution of data
governance.
2. Data management ensures data integrity.
3. Data management enacts data structure practices.
4. Data management includes storage practices of
data.
5. Data management looks towards extraction
techniques in partnership with value-focused
disciplines such as data science and business
analysis.
6. Data management is generally responsible for data
cleansing as a piece of data integrity.
7. Data management should enable timely and
relevant access to data.

Data Storage
Definition
Data storage can refer to any electronic storage of
structured data. The term is often used in reference to
archival or tiered storage, or data that is set aside for
non-critical purposes. Data storage techniques often
focus on cost reduction and may be related to backup
activities. Data storage is a frequently misused term
and should be replaced with “information storage”
when it matches the reality of the practice.

Key Points
1. Data storage is focused on structured data.
2. Data storage relates to optimization and availability
of resources.
3. Data storage is often established in conjunction
with data backup capabilities.
4. Data storage is often the label utilized for readily
accessible data, whereas data backup and tiered
storage are terms for less frequently utilized data.
5. Tiered storage is often leveraged as a strategy for
data storage where data can be categorized as
online, nearline, and offline.
6. Online data is readily accessible and available.
7. Nearline data is accessible but may take slightly
longer to retrieve or have longer load times than
online data.
8. Offline data is often inaccessible to most, with
availability to a select few, but may take some time.
9. Data categorization of online, nearline, and offline
should be established and tiered based on
organizational requirements.

Document Management
Definition
Document management is the practice and process of
ensuring consistent control of organizational
documents. It is a subset of all organizational content
(which is a subset of all organizational information)
through a defined lifecycle starting with its conception
or capture through to its archival or disposition.
Document management is the tactical execution of
the organizational strategy for documents.

Key Points
1. Document management is a sub-discipline of
content management, so it should take its primary
direction from content management efforts.
2. Document management is not exclusively a
scanning or mail room effort, but it may include those
efforts.
3. Document management should be the tactical
execution of document governance. However,
document governance does not in exist in most
organizations. Consequently, document management
efforts must look to extend from content management
or information management efforts.
4. In many organizations, document management is
often over-scoped to include content management, or
it includes strategic decision-making that should be
included in document governance, a practice that
doesn’t exist in many organizations.

Electronic Records
Management
o See Foundational Concept - "Records
Management in Flux"

Definition
Electronic Records Management is the professional
field dedicated to specific electronically based
information that rise to the importance of requiring
ongoing maintenance, whether it be evidentiary or
specific business importance. These pieces of
information are termed electronic "Records" and
cannot be modified or changed. Electronic Records
Managers are responsible for the receipt, distribution,
maintenance, control, protection, and disposition of
Electronic Records. In this view of Records
Management, Electronic Records Management is a
subcategory of Records Management, alongside
Traditional Records Management.

Key Points
1. Pertains only to electronic Records (not
physical/traditional Records).
2. Electronic Records Management is a sub-discipline
of Records Management.
3. Records Management is comprised of both
Electronic and Traditional Records Management for
electronic formats and paper formats respectively.
The two have strong similarities but diverge because
of the specificities of managing physical items as
opposed to digital items.
4. Electronic Records Management comprises the
entire lifecycle of the Record (but not the full lifecycle
of it as a piece of information).
5. Electronic Records Management begins managing
a piece of information upon Record declaration or
Record creation.
6. Electronic Records Management concludes
managing a piece of information upon Record
disposition or Record transfer to Archiving.
Enterprise Content
Management (ECM)
Definition
ECM is the practice of saving, securing, managing,
storing, controlling versions, leveraging and
extracting, applying holds, and sharing, of content
(unstructured and semi-structured). ECM is a sub-
discipline of information management and should take
direction on its policies and practices from
organizational information policies and practices.

Additional Detail
While the term "enterprise content management" is in
the common vernacular, the word "enterprise" was
originally used to differentiate between business
systems and web content management systems,
which were often referred to as simply "content
management" systems. The term has shifted as web
content management systems and ECM systems
have changed. Web content management falls under
content management hierarchically, which leaves the
"enterprise" term unnecessary. Due to these changes,
many vendors have begun referring to their ECM
systems as simply "content management" systems.
This, too, is likely a misnomer, as most of what is
being referred to as content management or
enterprise content management is, in reality, more
likely information management. In this version of the
ARMA Guide we retain the usage of the more popular
ECM but may change the terminology in future
revisions.
Key Points
1. The elements of ECM include capturing, securing,
managing, storing, controlling versions, leveraging
and extracting, applying legal holds, and sharing.
2. Capturing is creating new content or uploading new
content into the ECM system (see “Capture”).
3. Storing is the act of analyzing business value of
content and ensuring it is available in an appropriate
amount of time to support the business (see
"Storage").
4. Controlling versions ensures that, for compliance or
business requirements, multiple copies of a piece of
content (as it is being edited over time) are available.
Version control may include both major and minor
revisions. (See “Version Control.”)
5. Leveraging and extracting refer to the ongoing use
of the information for both traditional business
purposes and for use in value extraction such as
business analysis or big data.
6. Applying holds refers to the act of securing a piece
of information and preventing destruction or deletion
(see "eDiscovery").
7. Sharing refers to collaborative content usage
whether internally within an organization or with
external partners through the use of EFSS systems
(see "EFSS").
Enterprise File
Synchronization &
Sharing
Definition
Enterprise File Synchronization (often shortened to
“Sync”) & Sharing (EFFS) systems are cloud-based
systems that enable an organization's employees to
securely share, collaborate, and synchronize
information to internal participants and often external
parties (such as customers, partners, and vendors).
These systems are often lightweight and have
functionality that is similar to consumer file sharing
applications and are managed centrally by an
organization. Functionality often includes link-based
sharing (instead of sending attachments), file
synchronization from corporate storage to local
devices, user access controls and permissions,
encryption and security, file-level password
protection, and user authentication synchronization
with corporate authentication protocols (LDAP, Active
Directory, SAML, etc.).

Key Points
1. Often leveraged in organizations as an effort to
prevent employees from using ungoverned consumer
file-sharing technologies.
2. Cloud-based systems.
3. Synchronization may be to cloud storage but can
also be on-premises or hybrid storage for internal
EFSS systems.
4. EFSS systems are often leveraged to reduce file
attachments on email servers and may be used to
replace file attachments.
5. EFSS systems often have internal editing features
for common business file types.

Information
Architecture
Definition
Information architecture (IA) is the art and science of
making information usable, findable, manageable,
and securable. This is accomplished by applying
information science to enterprise information
environments to model and design logical systems for
organizing, labeling, navigating, and searching
information.

Key Points
1. IA relates to both the front end and back end of
information systems.
2. IA for user interfaces (UI) defines schemes for
organizing and labeling information in websites,
applications, mobile interfaces, and Internet of Things
devices for greater clarity and improved user
experiences (UX).
3. IA for information systems defines data structures,
content repositories, information flows, and metadata
for describing properties, categories, and
classifications, all of which are used for searching,
displaying, processing, routing, securing, and
managing information assets throughout their
lifecycle.
4. IA design for websites and applications considers
the interdependent aspects of users, content, and
context.
5. Enterprise IA, which is closely related to enterprise
architecture, considers the interdependent aspects of
people, processes, technology, and information for
designing enterprise information systems.
6. IA design must follow strategic goals and
requirements defined by information governance
when designing information architectures for
individual systems, system interfaces, and the entire
enterprise information environment.
7. IA defines the work artifacts necessary for well-
designed and usable information environments that
follow the strategic goals and requirements defined by
information governance and cybersecurity.
8. IA produces artifacts that include taxonomies,
ontologies, sitemaps, wireframes, search strategies,
navigation strategies, records schedules, master data
and metadata plans, data models, and data maps.
9. IA informs architectures for applications and
infrastructure.

Information Governance
Definition
Information governance is the overarching and
coordinating strategy for all organizational
information. It establishes the authorities, supports,
processes, capabilities, structures, and infrastructure
to enable information to be a useful asset and
reduced liability to an organization, based on that
organization’s specific business requirements and risk
tolerance.

Key Points
1. Overarching strategy across all information and
information disciplines.
2. Information governance is the top level of any
organization's information strategy.
3. Information governance defines the authorities for
making information-related decisions.
4. Information governance defines the supports for
information governance (things like change
management, communications, organizational
learning/training, standards and best bractices, help
desk/FAQs, and project management methodology).
5. Information governance defines the processes and
flows of information throughout an organization (or at
least a standardized methodology for the organization
to establish consistently).
6. Information governance establishes the business
requirements for information architecture, including
taxonomy, metadata, format standards,
classification/sensitivity labels, and protocols.
7. Information governance should establish the
requirements for technologies and networks, as well
as the plan for implementing and managing them.
Information
Management
Definition
Information management is the practice of ensuring a
consistent flow of organizational information through a
defined lifecycle that starts with its conception or
capture through to its archival or disposition. While
information governance serves as the guideline for
the organization's overall information strategy,
information management is the tactical execution of
that strategy.

Key Points
1. Information management is the tactical execution of
information governance.
2. Information management is an umbrella term that
includes systems and processes within an
organization that handles the creation and use of
information.
3. Information management manages an
organization's information as an asset.
4. Information management encompasses people,
processes, and technologies.
5. Information management should enable individual
information workers to connect to their organization's
information.
6. Information management should enable timely and
relevant access to information.
Knowledge Management
Definition
Knowledge management is the professional practice
of capturing tacit organizational knowledge and
making it accessible when needed to whomever
needs it in an organization.

Key Points
1. Knowledge management can ingest any type of
information as knowledge.
2. Knowledge management must, at a minimum,
make knowledge accessible.
3. As knowledge management becomes more mature
within an organization, knowledge should be brought
to the attention of employees when they need it as
opposed to employees seeking specific knowledge.
4. Knowledge management has seen a resurgence
recently because of enterprise social networking
platforms that allow for greater collaboration among
employees.
5. Knowledge management platforms are increasingly
able to look across large repositories of content to
share collective knowledge across an organization.

Records Management
o See Foundational Concept - "Records
Management in Flux"
Definition
Records Management is the professional field
dedicated to information that rises to the level of
importance that requires ongoing maintenance,
whether it be for evidentiary or specific business
purposes. These pieces of information are termed
"Records" and cannot be modified or changed.
Records Managers are responsible for the receipt,
distribution, maintenance, control, protection, and
disposition of Records. Records Management, in this
view, is the parent category of both Electronic
Records Management and Traditional Records
Management, as the two have increasingly divergent
practices. In this view, Records Management is a sub-
category of Information Management but some
organizations combine the two disciplines under the
moniker of "Records & Information Management
(RIM)".

Key Points
1. Establishes high-level practices and policies that
apply to both electronic Records and traditional
Records.
2. Parent category to both Electronic Records
Management and Traditional Records Management,
both of which build upon standards established by
Records Management.
3. Records Management is comprised of both
Electronic and Traditional Records Management for
electronic formats and paper formats respectively.
The two have strong similarities but diverge because
of the specificities of managing physical items as
opposed to digital items.
4. Records Management includes the entire lifecycle
of the Record.
5. Records Management begins managing a piece of
information once it is declared a Record declaration or
if it is initially created as a Record.
6. Records Management concludes managing a piece
of information when the Record is disposed or
transferred to Archiving.

Traditional Records
Management
o See Foundational Concept - "Records
Management in Flux"

Definition
In the Electronic & Traditional Records Management
viewpoint, Traditional Records Management is the
professional field dedicated to specific pieces of
physical information that rise to the importance of
requiring ongoing maintenance, whether it be
evidentiary or specific business importance. These
pieces of information are termed Physical "Records"
and cannot be modified or changed. Traditional
Records Managers are responsible for the receipt,
distribution, maintenance, control, protection, and
disposition of Physical Records. In this view,
Traditional Records Management is a subcategory of
Records Management, alongside Electronic Records
Management.

Key Points
1. Pertains only to physical Records.
2. A subset of Records Management.
3. Records Management is comprised of both
Electronic and Traditional Records Management for
electronic formats and paper formats respectively.
The two have strong similarities but diverge because
of the specificities of managing physical items as
opposed to digital items.
4. Traditional Records Management comprises the
entire lifecycle of the Record (as opposed to any time
it may spend not classified as a "Record").
5. Traditional Records Management begins managing
a piece of information upon Record declaration or
Record creation.
6. Traditional Records Management concludes
managing a piece of information upon Record
disposition (or destruction) or Record transfer to
Archiving.

Web Content
Management
Definition
Web content management is the area of practice
specific to the management of content that resides in
web-based formats. It combines the skills and
knowledge base of content management and adapts
it to the specific medium of the internet by leveraging
specialized systems called "web content management
systems" (WCMS) to control the creation, site
management, collaboration, publishing, and search of
web-based content.

Key Points
1. Web content management (WCM) is a sub-
discipline of content management.
2. Web content has several defining characteristics,
such as publishing processes that are unique and
distinct from other forms of content - necessitating the
need for a separate discipline.
3. WCM is often a combination of IT capabilities with
marketing capabilities as the content is generally
published to external audiences.
4. WCM manages the lifecycle of content through the
use of WCM systems and beyond.
RISK ELEMENTS
Audit
Definition
Audit, in relation to the information profession, is the
organizational practice of independently examining
adherence to information practices, policies, and
processes.

Key Points
1. Audit must have independence.
2. The goal is to spot-check regularly to view
adherence to information practices, policies, and
processes over time.
3. Audit results are often included in metrics (see
“Metrics”)
4. Audit is often a department in the organization that
is tasked with a much broader mission than that of
adherence with regards to information.
5. Audit is often confused with compliance. Audit is
focused on adherence to internal practices;
compliance is focused on adherence to external
regulation/rules.
6. Audit and compliance may be combined in some
organizations, but both terms should be retained in
their department names to avoid confusion.
Backup
Definition
Backup is an element utilized by several disciplines,
the goal of which is to prevent the loss of information
through regular copying of information to an external
location. Fundamental to backup is placing a value to
the importance of a particular repository to determine
restoration goals - time to restore and recovery point
(determination of backup frequency).

Key Points
1. Backup relies on (1) understanding how long an
acceptable amount of time is to restore a particular
repository.
2. Backup relies on (2) understanding the frequency
of backups by determining acceptable recovery points
- information stored in a repository after a backup has
been performed but before information loss may be
unrecoverable.
3. Utilizing those two factors, backup efforts
determine locations for backup copies and the
frequency of the backups.
4. Backups are often tiered between offline, near-line,
and online backup availability.
5. The greater the frequency and easier the
restoration of a repository of information, generally,
the greater the cost to back it up.
6. The cost must be weighed against the criticality of
the information in the backup copy.

Compliance
Definition
Compliance, in relation to the information profession,
is the organizational practice of independently
examining adherence to external laws and regulations
governing organizational information.

Key Points
1. Compliance must have independence.
2. The goal is to check regularly to view adherence to
external information regulations and laws over time.
3. Compliance is often tasked with ensuring
adherence to industry-specific practices.
4. Compliance results are often included in metrics
(see “Metrics”).
5. Compliance is often confused with audit. Audit is
focused on adherence to internal practices;
compliance is focused on adherence to external
regulation/rules.
6. Audit and compliance may be combined in some
organizations, but both terms should be retained in
their department names to avoid confusion.

Disaster Recovery
Definition
Disaster recovery is a planned and practiced strategy
for recovering information and systems in the event of
an information loss event. The goal of disaster
recovery is to minimize downtime and reduce the
impact of information loss events on the business.
Often viewed in organizations as a part of a larger
(and non-information specific) practice of business
continuity or more broad information assurance.

Key Points
1. Disaster recovery must be planned in advance of
an information loss event.
2. Disaster recovery plans should be practiced
regularly.
3. Disaster recovery is often part of business
continuity of information assurance efforts within
organizations.
4. Disaster recovery encompasses backup planning -
but is not just backup.
5. Disaster recovery also ensures individual employee
access to systems in the event of an information loss
event.

Discovery / eDiscovery
Definition
Discovery is the process of gathering and/or
producing information based on particular keywords,
phrases, or complex information relationships (often
based on machine learning or AI technologies) related
to a court case or investigation. eDiscovery (electronic
discovery, E-discovery, eDiscovery) is discovery
applied to any “electronically stored information”
(ESI).

Key Points
1. Discovery and eDiscovery are focused on
producing information related to a court case or
investigation.
2. eDiscovery can be conducted on an individual
computer or network level.
3. Examples of ESI include email, databases,
presentations, voicemail, documents, social media,
video files, and websites.
4. Metadata is included in the eDiscovery of ESI and
includes information such as time-date stamps,
author, recipient, file properties, etc.
5. Discovery can also be performed on physical
information, with eDiscovery being its successor in
the digital era.
Information Access
Definition
Information access refers to the process of
determining which individuals may make use of
specific information or specific categories of
information, as well as the technology used to enable
that process.

Key Points
1. Information access leverages “access rights” and
“profiles” to determine which information is available
to which user or, more often, user group.
2. Information access refers to both process and
technology.
3. Information access determinations should be
established through information governance.

Information Assurance
Definition
Information assurance is the practice of protecting
information and information systems, as well as
ensuring systems reliability and information quality
and recoverability. Information assurance ensures
that information and information systems are available
when needed, and are protected, and that appropriate
confidentiality is leveraged.
Key Points
1. Information assurance is focused on both
information and the systems that contain information.
2. Information assurance is related to information
security / information protection but has a broader
scope.
3. Making information available to the right people at
the right time while preventing unauthorized access is
a key component of information assurance.
4. Information assurance keeps information systems
protected from external audiences and from
inappropriate access from internal audiences.
5. Information assurance often includes disaster
recovery and backup efforts.
6. Information assurance efforts often include
confidentiality mechanisms or classified information
tiers (generally in government or military applications).

Information Security
(Information Protection)
Definition
Information security is the protection of information
and information systems from unauthorized access
and disruption.

Key Points
1. Information security's goal is to protect information
assets.
2. Information security leverages technologies,
processes, and policies to protect information and
information systems.
3. Information security often focuses on technology
but should also include policy around people and their
access to information.
4. Information security should include policies around
access to information for employees, partners, and
customers.

Privacy
Definition
Privacy is the practice of ensuring an organization’s
meets its commitments and regulatory obligations to
protect the personal information of customers,
partners, and employees.

Key Points
1. Privacy is a cross-functional practice - it cannot
exist without cooperation across the organization.
2. Privacy covers an organization’s commitments to
protect personal information (such as contractual
obligations and commitments made in terms of
service agreements) as well as regulatory obligations
(external requirements).
3. Privacy efforts span various audiences that may
have different commitments and/or regulatory
requirements.
4. Privacy should cover customers, partners, and
employees.
STRUCTURAL / PROCESS
ELEMENTS
Auto-Classification
Definition
Auto-classification refers to the process of leveraging
technologies to automatically analyze information and
apply transformation without the requirement of
human intervention. A transformation enabled by
auto-classification may include relocation, addition or
removal of metadata, addition or removal of
categorization, addition or removal of policy, addition
or removal of restrictions (print, download, copy, etc.),
starting a workflow (approval, disposition, etc.) and/or
any combination of transformations. Auto-
classification may also refer to the underlying
technologies that enable this functionality.

Key Points
1. Auto-classification refers to the process of auto-
classification as well as the technologies that enable
auto-classification functionality.
2. Auto-classification processes often include moving
information from one location to another (relocation).
3. Workflow can be started through auto-classification
or information may be moved into the queue for auto-
classification technologies through a workflow.
4. Auto-classification processes may add or remove
metadata after technology-based analysis of
information.
5. Policies may be added or removed on information
through auto-classification.
6. Restrictions (such as limiting printing, ability to
download, ability to copy/share, etc.) may be added or
removed on information through auto-classification.
7. Auto-classification technology has quickly become
incredibly important in handling large volumes of
information.

Business Process
Management
Definition
Business process management is the practice and
technologies that support the analysis, maintenance,
management, automation, improvement, and re-
engineering of organizational processes and
workflow.

Key Points
1. Business process management is focused on the
full management and lifecycle of business processes.
2. Business process improvement is a sub-discipline
of business process management that focused on
analysis, improvement, and re-engineering of
organizational processes and workflow.
3. Business process management is both a
professional practice and the underlying technologies
that support the professional practice.
4. Business process management includes all
organizational processes and workflow.
Capture
Definition
Capture is any means of adding a piece of information
into an information system.

Key Points
1. Capture encompasses scanning, file upload, and
native file creation.
2. Capture is an addition of information into a system.
3. Capture is irrespective of text extraction
techniques.
4. Sub-categories of capture include scanning (both
imaging and digitization), file upload, and native
creation.

Change Management
Definition
Change management is the process and techniques
that enable organizational change. Most change
management methodologies enable organizational
change by focusing on the motivators behind
individual change within an organization. Change
management may also refer to the technologies and
tools that enable organizational change.

Key Points
1. Change management focuses on the people side
of organizational change in order to implement
change that is thorough, smooth, and lasting.
2. Key areas in a change management planning are
sponsorship, buy-in, involvement, impact,
communication, and readiness.
3. Change is a process, not an event, that includes
three states: current state, transition state, and future
state.
4. Change management may be a process,
technique, technology, or tool.
5. Change management often seeks out the individual
motivations to create change in an organization.

Content Services
Definition
Content services are the tools and technologies that
can be accessed through APIs to connect content to
users while focusing on their unique user experience.
The aim of content services is to separate various
useful functionalities from the platforms that have
previously encapsulated them, making functionalities
portable and exposing content in a manner consistent
with the role of a user.

Key Points
1. Content services are tools and technologies
accessed through APIs.
2. Content services disconnects functionality from
platforms.
3. Content services makes functionality portable
between platforms.
4. Content services expose content based on user
role.
5. Content services can make content available
through a variety of channels.
6. Content services allow for personalized user
experiences.

Digitization
Definition
Digitization is the process of converting physical
information or scanned images of information to a
usable form of electronic information through the
extraction of text.

Key Points
1. Digitization is a combination of imaging and
automated text extraction.
2. Text extraction can be full text or partial text.
3. Full-text extraction often creates a file which has
searchable text.
4. Partial text extraction is often utilized to fill specific
metadata fields related to a file.
5. Partial text extraction is often leveraged in forms
processing or repeatable processes.

Enterprise Search
Definition
Enterprise search is a type of search that provides
results to users across all organizational information
independent of the systems where that information
may reside. Some enterprise search capabilities rely
on a single search technology which is granted
access to multiple repositories (federated search),
whereas others aggregate the search results from
multiple native (repository-specific) search
technologies.

Key Points
1. Enterprise search is any search capability that
provides results across all organizational repositories.
2. There was previously a difference in terminology
between enterprise search and “federated search” -
enterprise search being a single search technology
employed across multiple repositories, whereas
federated search brought together multiple native
search technologies. This terminology difference was
largely semantic and has been disregarded by most.
We have decided, as has the profession, to call both
terms “enterprise search.”
3. Enterprise search is the technology employed to
search across multiple repositories as well as an
action taken when searching across multiple
repositories.
4. Enterprise search was coined largely to signal a
difference between organizational search capabilities
from web search, the technologies leveraged by
providers like Google and Bing.

Forms
Definition
Forms are structured information-capture
technologies that allow for user entry of information
across a series of entry points or fields. The use of
forms ensures consistent entry of data, but the forms
may also be used for entry of descriptive text
(metadata) for other types of information.

Key Points
1. Forms allow for multiple, repeatable user entry of a
defined series of fields.
2. Forms ensure consistent data entry.
3. Forms create structured information - data.
4. Forms may also be utilized to enter metadata on
other types of information.

Imaging
Definition
Imaging is a type of capture that relies on scanning
technologies to make images (pictures) of pieces of
information. These images do not have extracted text
and metadata unless it's manually entered.

Key Points
1. Imaging is a type of capture.
2. Imaging leverages scanning technologies
3. Imaging creates only a picture of a piece of
information and contains no text.
4. Images may have metadata that is manually
entered but not extracted.
Information Technology
Definition
Information technology (or “I.T.” or “IT”) is the
professional practice, the people who make up the
professional practice, and often the name of the
department that manages organizational technology,
including hardware, software, and connectivity; and it
often refers to the set of technologies employed by
an organization.

Key Points
1. IT has four related meanings. It refers to:
A. The professional practice.
B. The people who comprise the professional
practice.
C. The department that manages an organization’s
technology.
D. The technology of the organization itself.
2. IT encompasses all hardware (including on-
premises hardware as well as cloud-based hardware).
3. IT encompasses all software (including on-
premises, cloud, and hybrid software).
4. IT encompasses all organizational connectivity
(including all devices, computers, hubs, bridges,
routers, internet connections, etc.).
Interoperability
Definition
Interoperability is the capability and/or technologies
employed to make information and information
systems accessible across different systems and
platforms.

Key Points
1. Interoperability takes either a capability or
technology and makes it available in multiple settings.
2. Interoperability makes information and functionality
available for external usage.
3. Interoperability can make information flow more
easily and consistently between multiple information
systems.

Metadata
Definition
Metadata is descriptive text applied to unstructured or
semi-structured information. Metadata often employs
forms to ensure consistent entry of descriptive text
through individual and repeatable fields.

Key Points
1. Metadata enables information to be discoverable,
reusable, and accessible.
2. It can be used to describe physical as well as
digital items (information, images, audio-visual files,
etc.).
3. Metadata can describe either a single item or a
collection.
4. Metadata can be created manually or
automatically.
5. There are different types of metadata (descriptive,
structural, administrative).
6. Descriptive metadata is the most common form and
is applied to a piece of information to assist in
understanding what the piece of information is.
7. Structural metadata is applied to a piece of
information to understand where that particular piece
is in relation to other pieces of information (e.g., a
chapter in a book, or object relationships)
8. Administrative metadata is applied to a piece of
information to understand technical aspects of it (e.g.,
created date, last modified date, retention rules,
access rights, etc.).

Metrics
Definition
Metrics are predetermined assessment criteria to
objectively evaluate an organization, effort, project,
department, team, or individual.

Key Points
1. Metrics should be objectively measurable.
2. Metrics are tracked over time, either in real-time
(such as server uptime metrics) or periodically (such
as quarterly sales goals).
3. Metrics can be employed at any organizational
level from the organization as a whole through to the
individual.

Migration
Definition
Migration is the process of moving information from
one repository and/or system to another repository or
system. This process generally includes actions to
improve the quality or management of the information
such as cleansing, transforming, and mapping.
Technologies such as auto-classification or machine
learning may be employed in this process.

Key Points
1. Migration includes moving both information and
metadata from one system to another system.
2. During migration, understanding how information
moves, changes, and is transformed is critical to the
success of a migration project.
3. Migration projects should be well understood by
compliance, Records, and legal teams to ensure that
any applicable regulations or standards are upheld
during migration and any special considerations are
handled.
4. Some technologies may have aspects of
information migration built into them such as auto-
classification and machine learning technologies.
Mobility
Definition
Mobility is the enabling technology (devices and
software) and management of that technology that
enables employees to work from locations other than
their workplace.

Key Points
1. Mobility is about making information available on a
wider variety of devices and uses.
2. Security is generally a concern for mobility
enablement projects.
3. Any technology that allows for access of corporate
information on devices should require an
organizational policy be in place before deployment.
4. There are different considerations for information
accessed on corporate-owned mobile devices and
employee-owned devices.
5. There has been a rising popularity of BYOD (bring
your own device) practices; they should be
accompanied by corporate-accepted policies.

Native Creation / Upload

Definition
Native creation and upload are the methods of
entering information into an information system.
Native creation refers to the ability to make new
pieces of information within an information system
whereas upload is the ability to move pieces of
information into an information system.

Key Points
1. Native creation refers to creating a piece of
information within an information system.
2. Upload refers to creating a piece of information and
then moving it into an information system.
3. Native creation is also referred to as “native file
creation.”
4. Native creation and upload are sub-categories of
capture.

Search
Definition
Search is the ability to seek out information within an
information system, as well as the underlying
technology that enables that ability. The goal of
search is to locate information relevant to a particular
query.

Key Points
1. Search, as related to the information profession,
refers to any capability that queries information.
2. Search facilitates finding information.
3. Search is improved through improvement of
metadata.
4. Search can be a single box (such as Google) or an
advanced form querying multiple fields.
5. Search may leverage operators (such as AND, OR,
and NOT) as well as wildcards (such as “*” or “?”) to
improve results or widen queries.
6. Search results may have the additional capability of
being filtered or sorted.

Social Media
Definition
Social media include publicly facing websites and
internal sites that allow for interaction, collaboration,
and communication among and between people and
companies. These websites often contain information
that must be governed and managed.

Key Points
1. Publicly facing systems such as social media sites
may include information that must be governed and
managed.
2. Social media sites offer unique information benefits
and challenges.
3. The benefits of social media sites include rapid
interaction, faster iteration between employees (for
internal systems), and a flattening of the
organizational structure (for internal systems) to
create more serendipitous beneficial relationships.
4. Risks of social media include information
disbursement that may place information beyond the
reach of management requirements, information
security risks, and the subversion of information
access requirements that are applied in other
information systems.
5. Internal social media sites are often referred to as
enterprise social networks.

Taxonomy
Definition
A taxonomy is an organization’s structured
classification scheme for information.

Key Points
1. Taxonomy is based on organizational needs.
2. Taxonomy is structured classification.
3. A taxonomy is an organization’s understanding of
its relationship to its information.
4. A folksonomy is a type of organic taxonomy that is
developed by information consumers who then apply
“tags” to information.

Workflow
Definition
A workflow is a defined and repeatable series of
actions that often leverages a piece of information to
accomplish a specific business task.

Key Points
1. Workflow is a repeatable series of actions.
2. Workflows are pre-defined for usage.
3. Workflow itself should be managed.
4. Repeatable tasks utilized in workflow can include
approval, routing, moving, copying, signatures,
disposition, application of print restrictions, application
of user access controls, etc.
5. Workflow can be combined with other technologies
such as auto-classification to create enhanced
capabilities.
VALUE ELEMENTS
Big Data
Definition
Big data is the processes and technologies employed
by organizations to combine information from various
repositories and sources (generally, very large
repositories) to identify trends, patterns, and
interactions to improve organizational decision
making.

Key Points
1. Big data analyzes data sets.
2. Big data combines data sets.
3. Data sets leveraged in big data can be internal data
as well as external data or openly available data sets.
4. The goal of big data is to improve organizational
decision making.
5. Big data allows for the identification of trends,
patterns, and interactions.

Business Analysis
Definition
Business analysis is a defined research-focused
approach to understanding business challenges and
identifying best possible solutions. These solutions
may include improvements to process, to information
systems, and to procedures and/or policies.
Key Points
1. Business analysis is not confined to the information
profession.
2. Business analysis often is utilized within the
information profession or business analysts who are
not specifically tied to the information profession are
utilized to analyze information or information systems.
3. Business analysts can reside within the information
profession but aren’t necessarily confined to it.
4. Business analysis can be performed on processes,
software and systems, procedures, and/or policies.
5. Business analysis is a defined professional practice
with its own methodologies and underlying bodies of
knowledge.
6. Business analysis is often confused with business
intelligence. Business analysis is focused on
providing solutions, while business intelligence is
focused on decision making.

Business Intelligence
Definition
Business intelligence is the strategic discipline and
underlying technologies for analyzing information to
improve organizational decision making.

Key Points
1. Business intelligence is the discipline of analyzing
information, along with the technologies that provide
capabilities for analyzing information.
2. The goal of business intelligence is to improve
organizational decision making.
3. Business intelligence is often confused with
business analysis. Business intelligence is focused on
decision making, while business analysis is focused
on providing solutions.
4. Business intelligence is being combined with newer
technologies like big data and machine learning for a
broader scope of input for analysis.

Collaboration
Definition
Collaboration is when two or more individuals,
software systems and applications, departments,
organizations, and/or stakeholders work together
towards a common goal.

Key Points
1. Collaboration isn’t just about people - it's also about
systems, applications, departments, organizations,
and stakeholders.
2. Collaboration is a description of whenever two
entities come together towards a common goal.
3. Collaboration may include any activities leading
towards a common goal.
4. Most often, when discussing collaboration, one is
looking at interpersonal collaboration.
5. Systems that enable interpersonal collaboration
have been seen as more favorable in today’s
information climate.
Content Analytics
Definition
Content analytics are technologies leveraged to better
understand the context of content either as a defined
task (towards a specific business intelligence related
goal or for information re-categorization) or
programmatically as content is captured by an
information system.

Key Points
1. Content analytics are technologies that develop
understandings of the context of content.
2. Content analytics can be employed as a one-off
process.
3. Content analytics can be employed on an ongoing
basis as content is captured.
4. Content analytics are often standalone applications
that are applied to information systems.
5. Some information systems are beginning to employ
content analytics.
6. There is often a great overlap between the
capabilities of the technologies of content analytics,
data analytics, and information analytics - and the
terms are growing ever more interchangeable.
Data Analytics
Definition
Data analytics are technologies leveraged to better
understand the context of data either as a defined
task (towards a specific business intelligence related
goal or for information re-categorization) or
programmatically as data is captured by an
information system.

Key Points
1. Data analytics are technologies that develop
understandings of the context of data.
2. Data analytics can be employed as a one-off
process.
3. Data analytics can be employed on an ongoing
basis as information is captured.
4. Data analytics are often standalone applications
that are applied to information systems.
5. Some information systems are beginning to employ
data analytics.
6. There is often a great overlap between the
capabilities of the technologies of content analytics,
data analytics, and information analytics - and the
terms are growing ever more interchangeable.
Data Visualization
Definition
Data visualization is the professional practice and
techniques employed to transform data into visual
mediums such as charts, graphs, maps, etc., in order
to more easily understand trends, correlations, rank,
and/or context.

Key Points
1. Data visualization is a professional practice as well
as a set of techniques.
2. Data visualization transforms data into visual
mediums such as charts, graphs, maps, etc.
3. The goal of data visualization is to understand
trends, correlations, rank, and/or context.
4. Data visualization aids in the decision-making
process.
5. Data visualization makes it easier to understand
data that's difficult to describe.

Digital Transformation
Definition
Digital transformation is the reshaping of interactions,
processes, and work outputs through the use of new
technologies.
Key Points
1. Digital transformation is about the application of
new technology in all areas of an organization.
2. Digital transformation is about re-imagining and
reshaping business through new technology.
3. Digital transformation is at its heart, disruptive.
4. Digital transformation seeks to start with the goals
of an interaction, process, or work outputs - then
determine how to best achieve those goals through
technology without regard to how they were achieved
in the past.
5. Digital transformation as a term is relatively new
but is something that in practice has been employed
since the beginning of the technological age.

Usability
Definition
Usability is the user experience-focused
measurement of technologies and/or processes for
efficiency and effectiveness.

Key Points
1. Usability is focused on measuring technology
and/or process efficiency and effectiveness.
2. Usability is centered on the user of a system or
process.
3. Usability, in the information profession, is the
measure of user experience (UX).
4. There is currently a trend of different disciplines
within and outside of the information profession
simplifying this understanding of usability and UX by
simply referring to both as User Experience.
5. Measurement criteria for assessing usability is
based on what's being measured, but criteria should
be assessed consistently over time to understand
improvement.

User Experience
Definition
User experience (UX) is the satisfaction level of an
interaction. The users in UX can be employees,
partners, customers, or any other group interacting
with an organization’s technology, employees,
partners, or processes. UX is measured by usability.

Key Points
1. UX is a qualitative understanding of the satisfaction
level of an interaction.
2. UX is measured by usability and criteria. While
different for different types of interactions, it should be
consistent when measuring the same interaction for
different people.
3. UX should be measured before and after an
improvement effort.
4. UX should be measured regularly, as interaction
expectations and standards change over time.
EMERGING ELEMENTS
Artificial Intelligence
Definition
Artificial intelligence (AI, A.I.) is technology that
performs a function that had previously required
human intervention, such as reasoning, identification,
inference, or learning from repetition. AI technologies
include visual recognition, speech recognition,
handwriting recognition, translation, diagnosis, and
decision making.

Key Points
1. AI is technology that can simulate reasoning,
identification, inference, or learning capabilities.
2. AI has the promise of human replacement.
3. AI is intended to improve employee efficiency.

Blockchain
Definition
Blockchain is a decentralized technology that
leverages an unalterable and timestamped distributed
ledger, repeated in multiple locations, that ensures
trust. Every transaction (called a “block”) in the ledger
is secured through advanced cryptography, and each
transaction is linked to the previous transaction.

Key Points
1. Blockchain is a decentralized technology.
2. Information is stored in blocks on the blockchain.
3. Various pieces of the blockchain reside on multiple
computers, repeated in multiple locations.
4. Every block in the blockchain ledger is secured and
linked to the previous block.

Deep Learning
Definition
Deep learning is a type of machine learning that
identifies complex and interrelated relationships,
patterns, and correlations between and among pieces
of information by leveraging non-linear algorithms.

Key Points
1. Deep learning is one type of machine learning.
2. Deep learning is focused on identifying
relationships, patterns, and correlations.
3. Deep learning takes in various inputs and creates
additional layers that bring together the relationships
between the inputs before providing an output.
4. This type of relationship evaluation is modeled after
neural networks in human brains.

Records & Information

Management (RIM)
o See Foundational Concept - "Records
Management in Flux"
Definition
Records & information management (RIM) is the
evolution of records management when combined
and aligned with the discipline of information
management.

Key Points
1. RIM is a combination of two previously separated
disciplines.
2.Records management portions of RIM align to
provide a holistic approach to both ongoing
management and disposition of records and
information.
3.Information management portions of RIM align to
provide a holistic approach to management based on
business value to an organization’s constituents and
clients.
4. RIM seeks to better link records with business
outcomes and processes.

Retention Management
o See Foundational Concept - "Records
Management in Flux"

Definition
Retention management is the post-records practice of
focusing on the retention periods of groups of
information across all of an organization's information
rather than segmenting records from the rest. This is
often an easier method to achieve basic levels of
compliance or automation than a records
management approach. Organizations that move
towards this model are often lightly regulated and/or
entrepreneurial-minded.

Key Points
1. In a retention management approach to information
there is no separation of records from information.
2. The focus of retention management is on retention
periods and disposition, across all organizational
information.
3. Techniques utilized in retention management may
include auto-classification technologies.
4. Disposition of information is often automated (but
may include human interaction).
5. Policy drives retention management techniques
and potential use.
6. Records management (and traditional records
management and electronic records management)
reject the retention management approach, and an
organization must select either retention management
or records management - organizations cannot use
both.
7. Retention management cannot be utilized as an
approach by organizations that have records
requirements placed on them by regulation or
requirement.