Electronic Document and Records Management Systems (EDRMS)

Understand the importance of using Electronic Document and Records Management Systems (EDRMS) to promote good recordkeeping and meet compliance regulations in your organisation.

Last updated:: 26 March 2026

Listen

On this page

^{This guidance has been developed for State Records NSW by Andrew Warland, a consultant with many years of experience advising organisations on effective recordkeeping.}

What is an EDRMS?

Electronic Document and Records Management Systems (EDRM systems) are computer-based applications that are used to register and manage both physical and electronic (born digital or digitised/scanned) records.

Origin of EDRM systems

EDRM systems trace their origins to two separate ‘streams’:

Electronic document management (EDM) systems, developed from the late 1970s to manage electronic documents. Some of these systems later incorporated the ability to manage records.
Records management (RM) systems, developed in Australia from the early to mid-1980s to replace physical file management registers. By the late 1990s, most of these systems included the ability to manage electronic records via an attached file store/drive that linked the record of the item in the database to the item in the file store. These systems were more commonly known as Electronic Records Management (ERM) systems.

The term ‘EDRMS’ was not formally used until 2008 when it was recommended by Technical Committee 171 of the International Standards Organisation.¹

Collaborative systems such as Google Drive and Microsoft 365 have their origins in Web 2.0 technologies and Enterprise Content Management (ECM) systems introduced in the early 2000’s that allowed users to interact with the system via a browser. An intranet is an example of an ECM system.

The importance of using an EDRM system

EDRM systems are designed to capture, store, protect and manage records as authentic evidence of business activities, to meet statutory and operational responsibilities, and assist in addressing long-term needs for records and information.

EDRM systems:

Establish an official recordkeeping system used to register and store records in an aggregation or ‘file’² relating to a specific subject.
Can be configured to meet specific recordkeeping and business needs.
Allow metadata to be added to describe records.
Include access, security and various system controls designed to protect the system and the records stored in it, and ensure the authenticity, reliability, integrity and usability of those records for as long as they need to be kept.

Most EDRM systems integrate with business applications such as Outlook, Microsoft Office, and other business systems, thereby allowing end users to save emails, Office documents, or other documents directly into a suitable ‘file’ in the EDRMS.

Some EDRM systems include integration with SharePoint Online (documents) and Microsoft Teams (channel posts) allowing content to be copied to a pre-defined container/file in the EDRMS.

A well-configured, managed, and utilised EDRM system, along with good user training, will allow organisation to meet their compliance obligations for keeping records.

Relationship with standards

There is no formal compliance certification process for EDRM systems. Instead, the onus is on government agencies to demonstrate that their recordkeeping practices and systems, including configuration of their EDRM systems, complies with recordkeeping related standards including:

AS ISO 15489-1:2017 ‘Information and documentation - Records Management - Part 1: Concepts and principles’
AS ISO 16175-1:2021 ‘Information and documentation - Processes and functional requirements for software for managing records - Part 1: Functional requirements and associated guidance for any applications that manage digital records’
AS ISO 23081-1:2018 ‘Information and documentation - Records management processes - Metadata for records - Part 1: Principles’
Minimum requirements for metadata for authoritative records and information
The NSW Standard on records management.

Core functionality of EDRM systems

EDRM systems are expected to have the following records management functionality:

Records capture and classification	Records classification, including the implementation and management of a business classification scheme (BCS) and other metadata controls Create, capture, import and register records Capture or apply metadata to records and make contextual relationships between records.
Records integrity and maintenance	Protect and ensure the authenticity, reliability, integrity and usability of records Storage, reporting and metadata management Audit trails.
Records retention and disposition	Retention controls Disposal functionality, including review, transfer and/or destruction Migration and export functionality.
Records discovery, use and sharing	Search, retrieval, presentation, use and interoperability. Access restrictions and permissions. Ability to manage duplicates, extraction and redaction.

EDRM systems should have the following system functionality and characteristics:

Configurable in line with standards and business requirements.
Allow for the management of users and groups recorded in the directory.
Be upgradable without impacting the integrity or authenticity of records.
Integrate with other business systems where required.
Include or integrate with automation functionality to allow records to be subject to workflows.
Include security controls in line with information security requirements, such as records access controls, monitoring, agent validation and authorized destruction and maintenance of information about the controls that were applied to a record and detailed in the record’s process metadata.
Include suitable monitoring and reporting functionality.
Include system administration functionality, including storage, back up, recovery and preservation.
Facilitate the migration or relocation of the content in the system.
Comply with standards. Compliance should be regularly assessed, and compliance capability should be audited and reported, with logs being maintained.

Characteristics of records systems
Functions of records systems

To operate effectively, records systems should have the following characteristics:

Characteristics	The records system should...
Reliable	routinely capture records within the scope of the business activity it supports routinely create process metadata provide adequate information about the records within them have controls that will ensure accuracy and quality of records created, captured and managed present records in useable and readable form provide timely access to records prevent unauthorised access, use, alteration, concealment, deletion, destruction or removal of records manage and store records for as long as they are needed
Secure	allow setting up access and permission controls to protect records from unauthorised use, alteration, deletion or removal, such as user registration/deregistration have security controls that allow logging, monitoring and termination of access and use. The logs should be protected from tampering.
Compliant	be designed and managed in compliance with legal and regulatory requirements that apply to the business documented within them. Please note that the records system’s compliance should be regularly monitored and assessed.
Comprehensive	create, capture and manage records and associated metadata resulting from the business activities supported by the system
Fixity	capture and preserve records as an accurate, unaltered record of the business activity or systems event it documents in a fixed point in time. Records may be captured through the process metadata which shows information on the changes made to the record, when and who changed the records.

In addition to having these characteristics, records systems must be capable of performing a range of standard functions.

Functions	The records system is able to...
Registration	create and/or capture records by assigning them unique identities and, when necessary, allow users to provide additional description, such as a title and date of the record create and/or capture process metadata such as date of creation and/or capture and by whom.
Indexing	build a list of keywords or index, associated with the record. The index aids in searching and retrieval of records and may be built using metadata or the record content.
Search and retrieval	provide a mechanism to identify and show records in response to search queries.
Access and security monitoring	assign and implement rights or restrictions that protect records against unauthorised or inappropriate use or access
Tracking	log, monitor and show events such as user access, additions, alterations and deletions carried out on the record, date of the action and by whom.
Disposal	facilitate authorised disposal of records log and show information on disposal actions such as date and time of disposal and by whom.
Export	extract select or all records (including associated metadata, when needed) regardless of format without loss or degradation of content or metadata
Reporting	generate any reports deemed necessary by the organisation.

Implementing an EDRM system

EDRM systems, like many business systems, are implemented in three main stages.⁵

Initiation and planning

This stage includes:

establishing a clear understanding of the organisation’s business and records management environment
developing and obtaining approval for a business case
drafting and finalising technical and functional requirements
designing the proposed configuration based on business engagement⁶

Implementation

This stage includes:

establishing the design and understanding the impact of the proposed system on the existing IT environment
developing a migration strategy if required
developing an administration model
designing a security model
developing procedures and business rules
establishing how a business classification scheme (BCS) and retention requirements will be implemented
finalising the design
acquiring the new system
developing an implementation plan or strategy
configuring the system to meet organisational recordkeeping requirements
training admins and end users.

Post-implementation

This stage includes:

a post-implementation review plan
reviewing the implementation outcomes.

EDRM system upgrades

From time to time, EDRM systems, or the underlying server/s or database, will need to be upgraded to newer versions. A failure to upgrade to a new version could create risks in terms of access to and technical support for older versions.

EDRM system upgrades generally require the establishment of a project with many of the same elements as the original implementation noted above, especially (a) planning, (b) engaging with IT, (c) developing any procedural updates, and (d) end user training.

See our Policy on accessibility of equipment and technology dependent records.

Issues and risks associated with EDRM systems

One of the key issues and risk associated with centralised recordkeeping systems is that they may not store all the records that could have been stored in them. There are two related reasons for this situation:

End users must be trained to use an EDRM system. The container-based ‘file’ paradigm in the EDRMS may be unfamiliar compared with a folder-based structure in an email system or file store where the originals were created and remain stored. Some EDRM systems include an interface that resembles network file shares, but the filing structure may still be unfamiliar.
The onus is on end users to identify what needs to be saved to the EDRM system, then copy (not move) the record from its original storage location (e.g., the email system or file share) to the EDRMS. This requirement is not always met. Even when it is met, the original items and any other content that may and may not be records usually remain in place and discoverable.

Additionally, not all types of records can be captured in an EDRM system. This has been a problem since the introduction of email in the 1980s, mobile phones in the 1990s, and Web 2.0 technologies from the turn of the century. It remains a problem with the multitude of cloud- and mobile device-based applications. Some contemporary record types (e.g., Teams chats) can be difficult or impossible to capture into an EDRMS without additional effort on the part of the user.

The consequences arising from these risks may include adverse publicity, financial loss, inefficient business functions and processes, and a reduction in the organisation’s capacity to prosecute or defend allegations. ⁷

Mitigating the risks

In the same way that organisations manage financial records or personnel records in dedicated business systems, organisations with an EDRM system need to ensure that relevant business records are captured.

Organisations with an EDRM system need to ensure that relevant business records are captured. There are several ways to mitigate the risks:

Active and ongoing senior management support and commitment to the EDRM system.
Assessing systems to confirm recordkeeping functionality and where functionality is lacking, integrate the business system with the EDRM system to ensure that records are captured and managed appropriately.
Establishing integration between systems when there is a lack of recordkeeping functionality in a line of business system or the line of business system holds high-risk/high-value records, including cloud-based collaboration systems.
Undertaking regular training for new and continuing staff on system use as well as their recordkeeping responsibilities.
Training or guidance on the use of cloud-based collaboration platforms to ensure the content is or can be saved to the EDRMS.
Monitoring of the EDRMS for quality and compliance purposes.
Monitoring the size of email mailboxes.
Monitoring the size of ‘personal’ storage space, including OneDrive.
Reviewing existing general network file storage areas and proactively removing redundant, outdated and trivial (ROT) content as part of a proactive records disposal program.

References

^{[1] See ISO/TC171/SC2 N489E ‘ISO/NWI/PDTR: Document management – Framework for integration of Electronic Document Management Systems and Electronic Records Management Systems’, 12 May 2008. [2] The word ‘file’ here refers to a container or aggregation used to store multiple items, not the individual items (‘files’) stored in that container. EDRMS files are typically subject-based, where the subject maps to the terms in a Business Classification Scheme (BCS). For example, FINANCIAL MANAGEMENT – Budgeting – 2026 Budget. [3] Drawn from ISO 16175-1:2020 ‘Information and documentation – Processes and functional requirements for software for managing records – Part 1: Functional requirements and associated guidance for any applications that manage digital records’. [4] Drawn from ISO 15489-1:2016 section 5.3.2 and the NAA guidance}^{Electronic document and records management systems | naa.gov.au}^[5]^{Extracted from the NAA guide: IM standard - Implementing an EDRMS checklist}^{. See also}^{Developing systems – information management considerations | NSW Government}^{and AS ISO 16175-1:2020. [6] See ISO/TR 26122:2008 ‘Information and documentation – Work process analysis for records’. [7] Text from AS ISO 16175-1:2020, section 8.4 ‘Risk assessment’.}

Related information

Top