What are IT's specific responsibilities for records management versus what the records department handles?
Records management is a shared responsibility. The records (or information governance) department defines what must happen to records and why; IT provides and operates the systems that make those rules enforceable. Confusion usually arises when an organization assumes that storing data is the same as managing records. It is not.
What the records department handles
The records function owns the policy and the lifecycle decisions. Typical responsibilities include:
- Developing records management policy and the records retention schedule (what is a record, how long it is kept, and its final disposition).
- Classifying records and applying file plans or taxonomies.
- Determining when records may be destroyed and authorizing disposition.
- Managing legal holds and ensuring requirements for FOIA, privacy, audits, and litigation are met.
- Training staff and monitoring compliance.
In short, the records department defines the rules, makes the retention and disposition decisions, and answers for compliance.
What IT handles
IT builds, secures, and sustains the technical environment in which records live. Typical responsibilities include:
- Operating and maintaining repositories, email systems, network storage, and recordkeeping applications.
- Implementing the retention and disposition rules the records function defines (for example, configuring a system to apply holds or expire content).
- Backups, disaster recovery, access controls, encryption, and cybersecurity.
- Migrating data, managing system upgrades, and ensuring records remain readable over time.
IT keeps the systems running and the data protected, but it does not decide retention periods or what qualifies as a record.
Where the two overlap
The most effective programs treat the boundary as a partnership rather than a handoff:
- System selection and design — records requirements should shape technical decisions, not be retrofitted afterward.
- Defensible disposition — IT executes deletion only on the records department’s authorization, with documentation.
- Migration and preservation — both functions must agree that records survive system changes with their content, context, and metadata intact.
A useful rule of thumb: the records department is accountable for the decision, and IT is accountable for the capability. Standards such as ISO 15489 reinforce that recordkeeping responsibilities should be clearly assigned across the organization.
Learn more at the fundamentals topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Records management (NARA) — National Archives (NARA)
- ISO 15489-1 Records management — ISO
How to cite this page
APA
RM University Editorial. (2026). What are IT's specific responsibilities for records management versus what the records department handles?. Records Management University. https://www.recordsmgmt.org/questions/what-are-its-specific-responsibilities-for-records-management/
MLA
RM University Editorial. "What are IT's specific responsibilities for records management versus what the records department handles?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/what-are-its-specific-responsibilities-for-records-management/.
Related questions
- An employee left and had work records saved only on their personal phone or laptop — how do we recover them?
- Are the outputs of generative AI tools like ChatGPT and Copilot considered records that have to be retained?
- Can a company use a single global retention schedule across multiple countries or do different national laws force separate ones?
- Can an employee be personally fined or fired for deleting records they were supposed to keep?
- Can blockchain make records tamper-proof, and does an immutable ledger satisfy recordkeeping and retention requirements?