134

African countries including Kenya has not been widespread, probably as a result of the slow development of digital archiving in the continent.

In view of the foregone, the glaring question for our continent is how can Africa leapfrog and catch up with the rest of the world in matters digital archiving? Perhaps the answer lies in buttressing the legal and regulatory frameworks for digital archiving in individual countries, Kenya included, as well as conformance to standards and best practice models for digital records and archives management. This study agrees with Ambira (2016:28) that the legal and regulatory frameworks within which records are managed in Kenya do not adequately address the management of digital records and archives. This therefore calls for the development of an elaborate and comprehensive framework to ensure the adequate management of all digital records in Kenya. In this regard the current research investigated the legal and regulatory instruments that govern the management of digital archives in public universities, focusing on the OAIS and RC models as best practice model benchmarks.

135

arising from the use of new technologies in the management of information resources, such as technological obsolescence, access control, among others, which have an impact on digital records (Council of Canadian Academies 2015:xii). Specifically, digital records face threats ranging from the effects of nature, technology, forces of time, human-related threats, amongst others, requiring organizations to formulate and document best practices for digital recordkeeping and long-term preservation (Tripathi 2018:8; Dolan-Mescal et al. 2014:79; Mulauzi et al. 2012:5). McLeod and Childs (2013:3) referred to these threats generally as constituting a “wicked problem”

with deep running impacts for the conception, design and implementation digital recordkeeping initiatives in organisations.

Organizations including higher education institutions keep struggling with management of the constant accumulation of digital volumes and the diversity of formats generated by information creators (Svard 2017:276). According to McHugh (2016:4), social, organizational, legal, financial and technological issues work collectively and in isolation to pose risks to the access and use of digital collections in organizations. This is affirmed by Eusch (2016:2-3) who wrote that the risks associated with university records can be categorized into the following four types:

i. Legal and regulatory risks: There arise from an institution failing to meet its obligations to maintain records in accordance with required laws (State and Federal) and for litigation readiness. When there is the potential for litigation or ongoing litigation, the related records schedule should be suspended, and the associated records held. This process should be completed through a records’ hold process to properly identify records related to the suit or request to prevent spoliation. Paper and electronic records should be organised and easily accessible or retrievable and demonstrate a chain of custody or the university could potentially lose the suit or damage the institutional reputation;

ii. Records technology risks: There are many technology risks which may impact the management of records to meet university obligations to ensure that records are accessible, retrievable and in a readable format. An example of this risk would be each time data is handled when a system is decommissioned, or data migration takes place to new software or with software integration. There is always the risk of data loss or the loss of data integrity and retention

136

schedules not being met. There is also risk to information in systems where records are stored long-term (more than 10 years), and the associated risks of not deleting records in the normal course of business which also ties back to legal risk to the university;

iii. Records control risks: There is a potential risk of the loss of information when files are not properly classified and named. There are many repositories for records in both electronic and paper formats with little or no records management principles applied. This would tend to lead to an increased risk to the university in not being able identify, document or have systematic controls in place. There is also a very high risk of losing historically significant records which document the decision making on campus and should be transferred to the University Archives. This risk also ties back up into to the legal risk and not being able to produce records in a suit or litigation; and

iv. Administrative risks: Administrative risk is posed though the inability to reach all campus communities to provide for regular and consistent institutional communication and training for employees on their responsibility for the records that they create, manage, store and dispose of. There is also administrative risk that departments/units have not adequately identified institutionally vital records for disaster recovery and business continuity to ensure business resumption after a disaster. Considering the decentralized nature of public university campuses in Kenya, recordkeeping professionals should design uniform file plans across all departments/units in their institutions to achieve efficiency in the management of records in a continuum.

Additionally, Phiri (2016) carried out research to establish the relationship between recordkeeping, governance, audit and risk. The study proposed a governance recordkeeping model incorporating risk as an element of the governance function.

Erima (2013) and Ambira (2011) carried out separate studies to establish risks facing organisations as a result of poor recordkeeping at Moi University and Kenya Commercial Bank respectively. Both studies proposed records-risk management models for the case study areas. These studies clearly indicate that archival repositories in need to be ready to deal with records-related risks, which are more pronounced in digital and hybrid environments. Research should therefore be

137

undertaken to establish risk exposures for public universities in Kenya emanating from weak archival systems and recommend possible strategies for mitigating the risks.

The DCC and Digital Preservation of Europe (DPE) created a toolkit for auditing of digital repositories known as DRAMBORA. DRAMBORA was developed to help information professionals identify the risks faced by their repositories by understanding their potential impact and probability of occurrence. An analysis of the identified risks is then made by mapping the risks to the repositories’ objectives to determine the severity of the risks faced. This methodology though paper-based, provides a quantifiable insight of the extent of risks that a repository is facing and gives a report of the same (Digital Preservation Coalition [DCC] 2015:48).

The ARMA Records Management Maturity Model has become increasingly popular as a framework for assessing the state of recordkeeping in organizations and archival repositories. During assessment, the organization or archive is categorized at a given level (1 to 5) based on its recordkeeping characteristics, which subsequently informs risk management decisions. According to McHugh (2016:3), infrastructural development and preservation planning are comparable to risk management. Hence, when recordkeeping professionals identify risks to information materials and manage them accordingly, the danger to or loss of information is eliminated. The level of risk is determined by multiplying the probability of the event occurring (likelihood) times the level of impact (consequences) the event would have on the organisation if it did occur, that is:

Level of Risk = Probability x Impact (Franks 2013:235).

McHugh (2016:11-2) further advised that it is important for records professionals to understand the value of the information materials under their care and be aware of the risks faced, risk appetite of the organisation and the most appropriate preservation approaches to be adopted.