Purpose This paper aims to report on a study that aimed at analyzing the relationships between information security and records management (RM), both as programs/functions established in organizations. Similar studies were not found in relevant literature. Design/methodology/approach The study used the classic grounded theory methodology. Pursuing the general curiosity about the information security-RM relationship in organizations, the study selected the United States (US) Federal Government as its field of entrance and followed the process of the classic grounded theory methodology that starts from the letting of the emergence of the research question to the formulation of a substantive theory that answered the question. Findings On the emergent question that why, despite the legislative establishment of agency RM programs and the use of the term records in their work, the US Federal Government information security community considered RM a candidate for deletion (CFD), the study coded the truncated application of the encompassing definition of records as the underlying reason. By this code, along with its three properties, i.e. limitations by the seemingly more encompassing coverage of information, insufficient legislative/regulatory support and the use of the terms of evidence and preservation in the records definition, the CFD consideration and the associated phenomena of unsound legislative/regulatory conceptualization, information shadow, information ignorance and archival shadow were explained. Research limitations/implications The study results suggested the data for subsequent theoretical sampling to be the operational situations of individual agency RM programs. Practical implications The rationale presented in the study regarding the encompassing nature of records and the comprehensive scope of RM program can be used for building strong RM business cases. Originality/value The study appears to be the first of its kind, which examined the RM–information security relationship in a very detailed setting.

中文翻译：

---

机构必须删除或删除候选人

目的本文旨在报告一项旨在分析信息安全与记录管理（RM）之间的关系的研究，这两者都是组织中建立的程序/功能。在相关文献中未发现类似的研究。设计/方法/方法这项研究使用了经典的扎根理论方法。出于对组织中信息安全-RM关系的普遍好奇心，该研究选择了美国（美国）联邦政府作为其进入领域，并遵循了经典的扎根理论方法论的过程，该方法论始于允许出现这种情况的组织。研究问题，以形成回答该问题的实质性理论。调查结果关于为什么这样的紧急问题，尽管立法机构制定了机构RM计划，并在其工作中使用了术语记录，但美国联邦政府信息安全社区仍将RM视为删除的候选对象（CFD），但该研究将包括记录在内的截断应用编码为根本原因。通过该代码及其三个属性，即似乎看似更全面的信息覆盖范围的限制，立法/监管支持不足以及在记录定义中使用证据条款和保存，CFD考虑以及相关的不健全现象解释了立法/监管概念化，信息阴影，信息无知和档案阴影。研究局限性/启示研究结果表明，后续理论抽样的数据应为各个机构RM计划的运营情况。实际含义研究中提出的有关记录的涵盖性质和RM计划的全面范围的基本原理可用于构建强大的RM商业案例。原创性/价值这项研究似乎尚属首次，它在非常详细的背景下研究了RM-信息安全关系。