Competency G

Know the legal requirements and ethical principles involved in records management and the role the recordkeeper plays in institutional compliance and risk management.


It is the responsibility of the records and information manager and archivist to understand and abide by the legal and regulatory environment in which they work and the principles and standards that are recognized and accepted by relevant organizational bodies, such as ARMA and Society of American Archivists (SAA). In doing so, the records and information manager or archivist will ensure that the actions that they take and the policies that they create for the organization for which they serve will be ethical, compliant, and will effectively mitigate the risks involved with the handling of records and information.

While there are resources that can be used across both professions, RIM professionals tend to refer to and abide by the ethical statements professed by ARMA. This is referred to as the Code of Professional Responsibility. This Code is broken into two sections—The Social Principles and The Professional Principles. When a RIM professional attaches their name to ARMA, it is under the understanding that the aforementioned ethical and legal statements will be taken into consideration in all functions in the field.

At times a records and information manger might go through the process of certification in Information Governance (IG). This is offered by ARMA and serves to further educate the professional and confirm that that particular individual has taken the necessary steps to achieve that certification. This IG certification comes with a supplementary set of ethical and legal statements referred to as the Information Governance Professional Code of Ethics.

An archivist will tend to reference the SAA Core Values Statement and Code of Ethics. Like the ARMA Code, the SAA Code refers to a social and professional responsibility; however, the SAA Code goes into more detail on the importance of preservation, advocacy, diversity, and more. This brings to light the importance of archives in societal memory and the power of the archives in the shaping of said memory. Interestingly, the SAA Code intersects with ARMA’s Generally Accepted Recordkeeping Principles which is a guideline in records management program development and maintenance.


MARA 284 Analytical Essay 2 – Amanda Stowell

Information assurance plays a large role in the mitigation of risk and records management compliance. All persons in the organization must be dedicated to its cause and routine training must occur to keep the information, policies, and procedures fresh. This work submitted details the damaging consequences of not having an information assurance plan in the health record field. As a RIM professional, it is our ethical responsibility to protect the privacy of the individuals identified in records as well as protect the information that the records contain. Health records contain sensitive data that we must diligently protect for both ethical and legal reasons. Additionally, this work details the steps an organization would take in order to implement such policies.

MARA 284 Analytical Essay 3 – Amanda Stowell

A business continuity plan is a complimentary and necessary part of a larger information assurance plan. This work submitted demonstrates the importance of the BC plan focusing specifically on the mitigation control strategy and its components. Additionally, the importance of the BC plan is reemphasized and an implementation plan is presented.

Information Governance Program Final, Stowell, Amanda

An information governance program is the totality of an organization’s plan for the handling of all information. This work submitted shows my ability to create an information governance program which includes proper assignment of responsibilities to key staff members and department heads, a strategic plan, compliance, legal and regulatory framework, procedures and standards framework, key organizational policies, a political, economical, and environmental scan, as well as an assurance plan that covers communication, training, and change management strategy. My IG program also includes the steps that were taken to develop the polices such as a top-10 risk profile and mitigation plan. Finally, my IG program details the technology alignment with the program and policies. My IG program demonstrates my understanding of legal requirements, principles and best practices that are necessary to mitigate risk.


My internship has presented many opportunities for me to grow as a records manager and archivist as well as allowed me to experience first-hand many of the terms and topics that have been presented throughout the MARA program. While I was not directly involved, I was able to observe my supervisor’s research and creation of a disaster plan for the museum at which I intern. As the disaster plan neared completion, I was able to assist in proofreading for errors and consistency. The disaster plan in an important piece of a business continuity plan and can be found in any information governance plan. Proofreading allowed me to apply the knowledge that I learned in MARA as I looked for consistency in wording and policy.

Currently my supervisor is working on the code of ethics, and I have been able to assist in the early strategies by locating code of ethics from other museums and similar cultural institutions. She has also pulled examples from SAA and ARMA. The initial draft has now been sent to the board for review and I look forward to being part of the final draft process.


ARMA International, “Generally Accepted Recordkeeping Principles,”

ARMA International. “Code of Professional Responsibility”. Retrieved from

ARMA International, “Information Governance Maturity Model,”

ARMA International. (2016). Information Governance Professional Code of Ethics. Retrieved from

EDRM. (2011). How the IGRM Complements ARMA’s Principles. Retrieved from