How do I assess the maturity of our email and instant messaging recordkeeping program against a recognized model?
Assessing maturity means measuring your current practices against an external, recognized benchmark rather than your own assumptions. For email and instant messaging, this turns vague concerns (“we probably aren’t capturing chat”) into a structured gap analysis you can prioritize and track over time.
Choose a recognized model
Several established frameworks lend themselves to maturity scoring:
- Principles-based governance models typically score dimensions such as accountability, transparency, integrity, protection, compliance, availability, retention, and disposition across a scale from substandard to transformational. These map well to messaging because they cover both governance and day-to-day handling.
- ISO 15489-1 defines what trustworthy records management requires—records that are authentic, reliable, complete, and usable. You can convert each requirement into a maturity question for email and IM.
- Process-improvement scales (initial, managed, defined, measured, optimized) borrowed from broader management frameworks help you describe the trajectory you want.
You do not need to adopt several at once. Pick one primary model and stay consistent so results are comparable year over year.
Translate the model to messaging realities
Email and instant messaging raise issues that generic models gloss over. As you score each dimension, ask messaging-specific questions:
- Capture: Are messages on sanctioned platforms captured as records, and is unsanctioned messaging (personal apps, ephemeral chat) addressed by policy?
- Classification and retention: Can messages be linked to a retention schedule, or are they treated as undifferentiated bulk?
- Disposition: Can you defensibly delete expired messages and suspend that deletion under a legal hold?
- Integrity and search: Are threads, attachments, and metadata preserved so a record remains complete and retrievable?
Run and use the assessment
Gather evidence—policies, system configurations, sample audits—rather than relying on self-reported confidence. Score each dimension, document the gap between current and target state, and build a remediation roadmap with owners and dates. Reassess on a regular cadence so you can show measurable progress.
Maturity assessment is a means, not an end: the goal is reliable, well-governed records. For related guidance, see the email and messaging topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- ARMA International — ARMA International
How to cite this page
APA
RM University Editorial. (2026). How do I assess the maturity of our email and instant messaging recordkeeping program against a recognized model?. Records Management University. https://www.recordsmgmt.org/questions/how-to-assess-maturity-of-email-and-instant-messaging-recordkeeping-program/
MLA
RM University Editorial. "How do I assess the maturity of our email and instant messaging recordkeeping program against a recognized model?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-to-assess-maturity-of-email-and-instant-messaging-recordkeeping-program/.
Related questions
- Are emails between teachers and parents considered education records under FERPA?
- Are emails in my Sent folder and Inbox both records, or just one copy?
- Are emails on my personal phone discoverable in a lawsuit?
- Are ephemeral or disappearing messages legal to use for work, or do they violate recordkeeping rules?
- Are text messages and chat business records?