FAQ: “Do I need a DoD 5015.2 Compliant EDRM/ECM System?”

This is a guest post by Ryan Ellis, CIP, PMP, Records Management Officer for Galveston County. We wrote here about Ryan’s presentation on Galveston County’s ECM system implementation at our e-Records 2012 conference. Ryan attended our recent webinar “Automating Records Management with EDRMS” and emailed us his thoughts on the importance of choosing a DoD 5015.2 compliant vendor when selecting an EDRMS system. He graciously agreed to let us repost his thoughts here on the The Texas Record. Thanks, Ryan!

DoD 5015.02-STD RMA Design Criteria Standard: http://jitc.fhu.disa.mil/cgi/rma/downloads/p50152stdapr07.pdf

It’s common to look for all “best of breed” qualifications and list them out when putting together requirements for a new software system, but “DoD 5015.2 Compliant” might not really be one of them. In fact, depending on your situation, it may eat up a chunk of your project budget when you don’t even need it. It may even prevent you from accomplishing what you’re actually setting out to do.

Here’s another surprising fact: buying a certified DoD 5015.2 compliant software doesn’t automatically make your organization DoD 5015.2 compliant. “Records Management Applications,” as they are referred to in the standard, are not the only participants facing requirements in the standard; the people in it do too. And to be honest, trying to make your employees follow some of these standards would not make any sense in the typical workplace, for instance following labor-intensive guidelines to declare e-mails as records. When I was an Airman managing classified records in our squadron’s tactics unit, it made sense that the processes I followed adhered to included a chapter on “Management of Classified Records.” It also made sense that my agency would spend additional dollars to make sure our software did too. But as a County Records Management Officer, it would not have made sense to spend additional dollars on software that could perform functions we would never use. It would also not make sense to reject time-saving functionality and require users to follow complex steps that have been simplified through advances in technology in the decade since the current version was on the drawing board.

DoD 5015.02-STD includes 6 chapters. The first is an introductory chapter. Three of the following chapters form the “baseline” for certification, focusing on Mandatory Requirements, Transfers, and Non-Mandatory features. The other two chapters set the standards for Classified Records, and FOIA and Privacy Act Records. Because of the complexity and slow pace of modifying the standard, there is even debate on whether DoD 5015.2 is in the best interest for Federal agencies. (Both sides can be viewed here: For, http://www.aiim.org/community/blogs/expert/I-Support-DOD-50152-and-Encourage-ALL-Federal-Agencies-to-Adopt-It, and Against, http://www.aiim.org/community/blogs/expert/On-Why-I-No-Longer-Support-the-DoD-50152-Standard.) A good rule of thumb is if your organization regularly transfers records to a Department of Defense agency, or to the National Archives and Records Administration, you should consult with your liaisons in those organizations to see if DoD 5015.2 Compliance is a requirement for you. Otherwise, you should keep your options open, and focus on the business requirements of your organization.

The good news is, many EDRM and ECM software suites offer DoD 5015.2 as an optional component. Alfresco, Laserfiche, OnBase, and SharePoint, just to name a few, all can be implemented as a DoD 5015.2 compliant package, though you don’t to pay the additional dollars to make it so if it’s not needed.

For those considering an EDRM or ECM solution, here’s my recommendation:

  1. First, talk to similar federal, state, and local entities, and partners with whom you share processes and content. For example, if you have records and information you share with law enforcement agencies, understanding CJIS requirements will lead to a better starting point for technical specifications.
  2. Talk with each of your prospective vendors about how their products handle security, and learn their strategy for DoD 5015.2 compliant customers.
  3. Join an industry organization like AIIM or ARMA, and subscribe to the TSLAC SLRM blog. It’s much easier to navigate the maze of complex and evolving standards when you have experts ready to guide you.

To access an archived recording of our “Automating Records Management with EDRMS” webinar, click here.