UNIVERSITI TEKNOLOGI MARA SEGAMAT JOHOR

BACHELOR OF BUSINESS IN DIGITAL MARKETING (HONS)

IMR531
FUNDAMENTAL OF ELECTRONIC RECORDS MANAGEMENT

ASSIGNMENT 1:
TRAINING AND AWARENESS IN ELECTRONIC RECORDS
MANAGEMENT

PREPARED BY:
NAME MATRIC NUMBER

AKLA NADZIRA BINTI MOHD AKRAM 2023622952

AMIRA ADLINA BINTI AZLAN 2023643466

NUR MAISARAH BINTI MOHAMAD 2023627766

PREPARED FOR:
MADAM NOR SAKILA BINTI ASNAWI

SUBMISSION DATE:
14 NOVEMBER 2024
TABLE OF CONTENT

1.0 INTRODUCTION.............................................................................................................. 2
2.0 Importance of training and awareness programs........................................................... 4
3.0 Training and Awareness Programs for Effective ERMS......................................................8
3.1 Types of training and awareness programs..................................................................................8
3.1.1 Awareness Training...........................................................................................................8
3.1.2 Foundational Training Services......................................................................................... 9
3.1.3 End-User Training..............................................................................................................9
3.2 Focus group training....................................................................................................................9

4.0 The training and awareness programs that can be conducted............................................ 12

5.0 CONCLUSION................................................................................................................16
6.0 REFERENCES................................................................................................................ 19
5.0 APPENDIX....................................................................................................................... 25

1
1.0 INTRODUCTION

Electronic records management (ERM) is the systematic process of creating,

distributing, using, maintaining, and disposing of electronic records inside an organization.
ERM is intended to enhance corporate operations, ensure it meets legal and regulatory
obligations, and safeguard valuable data. Johare (2001) defines ERM as managing electronic
data and guaranteeing that these records are legitimate, dependable, and accessible
throughout their existence (Johare R., 2006). This lifespan encompasses steps from record
production to destruction. It is frequently connected with standards such as ISO 15489, which
guides effective records management, assuring accountability, transparency, and protection
against unauthorized access (ISO 15489 Records Management, 2016).

ERM is also a method of preserving organizational memory, as electronic records

include significant data that may be utilized to make strategic decisions (National Archive,
2019). According to the National Archives and Records Administration, a well-organized
ERM platform enables organizations to prevent data duplication, improve operational
efficiency, and speed up data retrieval procedures (NARA, 2022). Given the massive volume
of digital data generated every day, an ERM framework is critical for hindering information
loss and safeguarding from cyber-attacks (Bank Negara Malaysia, 2023)

ERM training programs are essential as they educate staff with the expertise and
knowledge to manage electronic documents responsibly. These classes address various topics,
including metadata comprehension, categorization system use, information security, and
compliance with applicable rules (ERM, 2023). According to Abdullah et al. (2023), training
can minimize mistakes during electronic record-keeping while increasing compliance with
organizational policy. For instance, in Malaysia's public sector, training on ERM helped solve
knowledge gaps in digital archiving, resulting in a major improvement in record accessibility
and compliance with legislative norms (Yaacob & Sabai, 2011).

In-house training is one practical strategy for improving ERM, as it allows

organizations to personalize training sessions to individual jobs and responsibilities. For
instance, SecureScan states that record management officers could profit through advanced
training on archival processes and digital preservation. At the same time, general personnel
may receive guidance on everyday record handling and best practices for protection
(SecureScan, 2023). According to the Devimpact Institute (2020), organizations can improve

2
employees' capacity to handle records efficiently by tailoring ERM training to job functions.
On top of that, in-house training ensures that all staff are regularly updated on ERM
regulations and procedures, lowering the risk of violations and data mishandling.

Awareness campaigns complement these training efforts by informing employees and

the wider public about the larger significance of ERM. Public awareness campaigns are
important, especially in industries that deal directly with citizens, like healthcare and public
services. For example, The Pew Charitable Trusts (2020) explored how Americans are
becoming more engaged with their electronic health records, with increasing support for data
access and security measures​. In Malaysia, public awareness initiatives might emphasize the
value of ERM in encouraging government transparency and protecting public data. These ads
should highlight how ERM enables digital transformation and reduces information silos in
the public sector (Yaacob & Sabai, 2011).

In Malaysia, public-sector training and awareness campaigns have highlighted issues

specific to the country's government structure, including legacy systems and poor digital
infrastructure (Yaacob & Sabai, 2011). As a result, regional ERM policies must consider
these restrictions, incorporating localized solutions that enable digital preservation while
allowing seamless compliance with documentation standards across sectors. Malaysia can
improve the performance of its ERM systems and promote best practices in digital
governance by developing training efforts that target these specific needs (Johare, 2001;
Abdullah et al., 2019).

3
2.0 Importance of training and awareness programs

First, training and awareness in electronic records management (ERM) is

essential and is needed to improve data security in a company. Organisations are
extremely vulnerable to data breaches or ransomware due to the amount of sensitive data,
from financial records to client information, and all of this information is stored electronically
in an increasingly digital environment. It is supported by the Identity Theft Resource Center
(2023) in their annual report, which shows that in 2023, 3,205 data breaches were reported,
which is 72% more than the previous highest point in 2021. Many organisations were
affected by these breaches, with their frequency rate being high in healthcare, financial, and
professional services. This statement is also supported by the Identity Theft Resource Center
(2023) in the same annual report. Thus, training such as data awareness training is better able
to comprehend and apply security best practices that protect sensitive data, greatly lowering
the possibility of breaches and unwanted access. It can be seen through ProofPoint’s annual
report that security awareness training has decreased vulnerability to phishing, a type of
ransomware, according to 80% of organisations (ProofPoint, 2021). Through this annual
report, it is seen that fostering an understanding of security practices allows employees to act
as a defence in an organisation, reducing the chances of data breaches and creating a secure
environment for sensitive electronic records. This comprehensive focus on security within
ERM training ultimately strengthens the organisation’s overall data protection posture.
Next, training and awareness programs are needed in ERM to ensure
employees can perform their work effectively. One of the four reasons for designing a
suitable education and training program is to improve job performance in an electronic
environment (Mariani, 1999). Every day, employees waste hours looking for information,
which decreases workflows and slows down decision-making. This statement is proved by
studies by (The McKinsey Global Institute, 2012), which states that finding information can
take up to 20% of a worker's day, which results in decreased production and heightened
annoyance. Thus, training programs focused on the basic knowledge of ERM can increase
employee productivity. A case study supported by Yaacob, R. A. et al. (2011) shows that the
majority of respondents in the study agreed that each employee involved in ERM
management needs to possess specialised knowledge and abilities, which includes metadata,
preservation, and life cycle of records from production to disposal. They believed that in
order to do their jobs effectively, they were required to know the fundamentals of records
management. The study also shows that it is evident that, without personnel with expertise or

4
with special knowledge and skills, the implementation of ERM would be extremely difficult.
From here, it can be concluded that training is needed to ensure employees can do their jobs
effectively which will boost productivity.

Reducing human error in electronic records management (ERM) is one of the

critical needs of providing comprehensive training to employees. One of the main reasons
for data loss, mismanagement, and breaches is human error. This statement can be seen
through International Business Machines Corporation’s (IBM) Security Services 2014 Cyber
Security Intelligence Index report, which shows that over 95% of all security breaches were
caused by human error, as opposed to those that are solely the result of unexpected
vulnerabilities in system security (IBM, 2014). Thus, scenario-based training helps users
become familiar with the ERM system interface and standard operations through realistic
tasks, leading to reduced human error. This statement can be proven by a study from Nuamah
et al. (2020), stating that electronic health record (EHR)-specific simulation-based training,
which is a subset of ERM, a type of computer screen-based simulator, can be done to
maximise the use of EHR as a clinical tool, which leads to better navigating the system more
confidently with fewer errors. In the same study, she mentioned that previous research, which
was done by Scalese et al. (2007), shows that EHR-specific simulation-based training
facilitates improved use of EHRs for clinicians. With this training, it shows that most human
performance errors can be eliminated, but they are unlikely to be entirely prevented. Thus,
training is one of the ways to reduce the possibility of them happening (Human Error
Solutions, 2020).
Next, the reason why training and awareness programs are needed for ERM is
to improve compliance and reduce risks. By ensuring staff members are aware of the
regulations when handling electronic records, training on this topic lowers the possibility of
paying the cost for non-compliance. This statement is supported by Weise, C. (2013) from
The Association for Information and Image Management (AIIM), which mentions that
training compliance addresses what the company is trying to achieve, along with increasing
efficiency, which addresses productivity and cost savings in organisations, to ensure business
continuity. He also stated that even with policies in place, monitoring and enforcement are
obviously crucial, and procedures and staff training are very necessary (Weise, C.,2013).
Another report that supports why training programs for ERM are needed by Globalscape
(2017) shows that the average cost for organisations that experience non-compliance
problems is $14.82 million, a 45 percent increase from 2011, while the average cost of

5
compliance for the organisations in the study is $5.47 million, a 43 percent increase from
2011. At the same time, for instance, in Malaysia, companies must comply with the Personal
Data Protection Act (PDPA) 2010 (LAWS of MALAYSIA ACT 709 PDPA, 2010). Based on
the law, a data user, which is the organisation, who contravenes Section 5(1) of the PDPA by
committing an offence shall be liable to a fine of not exceeding RM300,000 or imprisonment
for not exceeding two years or both. (Yong H.S. & Foo X.Y, 2023). Thus, it can be said that
the cost of not complying is much greater (Globalscape, 2017), and it can be concluded that
investing in compliance training is more cost-effective than needing to pay for
non-compliance.
Lastly, training and awareness programs are needed for ERM to improve
business continuity. Continuity signifies business continuity, which ensures that companies
may carry on with operations even after suffering a significant loss or disruption (Weise, C.,
2013). Effective ERM training ensures that staff members are equipped to recover critical
documents from backup systems in the case of data loss, natural disaster, or system failures.
Planning for disaster recovery and business continuity depends on this. This statement is
supported by Pinky Priscylla Micheal et al (2023), stating that to reduce the chance of data
being lost or damaged due to recordkeeping errors, an organisation should develop backup
procedures, which one of them can be training for employees to ensure employees know what
to do during desperate times. In the same article, it is also mentioned that records will be
more organised, less redundant, and less of a burden on the company if all employees are
aware of the foundations of records administration. The statement is also proved by Strawser
(2021), stating that effective handling of records from the very beginning of their life cycle
makes the process go more smoothly and requires far less work, later on, to maintain them
secure.
In conclusion, awareness and training initiatives are essential for an
organisation's successful Electronic Records Management (ERM). These initiatives lower
the risk of data breaches and other cybersecurity threats by training staff members on data
security (Identity Theft Resource Center, 2023). By guaranteeing that employees can locate
and handle records effectively, they also increase productivity by reducing downtime and
improving decision-making (McKinsey Global Institute, 2012). Additionally, training
promotes a culture of security and compliance throughout the company by lowering human
error that results in data breaches or mismanagement (Nuamah et al., 2020). By lowering the
financial and legal risks connected to regulatory violations, compliance training helps
businesses even more (Weise C., 2013). Lastly, these programs are crucial for business

6
continuity because they give staff members the tools they need to recover important data and
go on with operations in the event of unforeseen disruptions (Pinky Priscylla Micheal et al.,
2023). The necessity of strong training and awareness initiatives as a component of an
organization's overall ERM strategy is shown by these advantages taken together.

7
3.0 Training and awareness programs for Effective ERMS

Training and awareness programs for electronic records management systems

(ERMS) are fundamental to fostering an effective and comprehensive records management
culture within organizations. Given the critical nature of electronic records in maintaining
legal compliance, supporting operational efficiency, and upholding organizational
transparency, training programs must be carefully designed and implemented to cater to
various levels of expertise and roles within the organization (Johare, 2006)​. The rapid
evolution of digital technology has underscored the need for robust education in ERMS to
manage the risks of data obsolescence, unauthorized access, and compliance failures
(McLeod, Hare & Johare, 2004). Training programs are essential to equip employees with the
necessary knowledge and skills to manage, preserve, and utilize electronic records
effectively, ensuring the integrity, authenticity, and accessibility of these records throughout
their lifecycle (Mukred et al., 2019)​.

3.1 Types of training and awareness programs

3.1.1 Awareness Training

Awareness training is the starting point for developing a culture of effective

electronic records management. This type of training is designed for all employees,
emphasizing the importance of records management with organizational compliance
and risk mitigation (Mukred, Yusof & Alotaibi, 2019)​. Through workshops, webinars,
and e-learning modules, employees are introduced to the basics of ERMS, including
their roles and responsibilities in maintaining records according to organizational
policies and legal standards​. Such training is crucial for promoting awareness of the
impact that poor records management can have on operations, such as the loss of
crucial data and potential legal ramifications (Mukred et al., 2019)​​. Employees must
understand that proper records management contributes not only to organizational
efficiency but also to broader corporate governance and accountability frameworks
(Johare, 2006)​.

8
 3.1.2 Foundational Training Services

Foundational training serves as the entry-level approach, laying the

groundwork for more in-depth education. It introduces employees to essential
concepts, such as the characteristics of electronic records and the processes they
undergo throughout their lifecycle—from creation and storage to eventual archiving
or destruction (Johare, 2006). This type of training emphasizes the significance of
records as strategic assets that underpin operational continuity and organizational
integrity (Mukred et al., 2019; McLeod et al., 2004). Employees benefit from
understanding how their roles contribute to the broader records management strategy,
fostering a culture of compliance and reducing the risk of data mismanagement and
unauthorized disclosures (McLeod et al., 2004).

3.1.3 End-User Training

End-user training is another essential type of program that focuses on enabling

general employees to use ERMS effectively. This form of training involves hands-on
workshops that teach users how to create, store, access, and retrieve records within the
system, ensuring that employees can perform their roles efficiently without
compromising the system’s functionality or security (Johare, 2006)​. Practical
exercises and scenario-based training are useful for illustrating common challenges
that employees might face when interacting with ERMS, helping to build their
confidence and competence in using the system (Mukred et al., 2019)​. End-user
training is especially important in reducing resistance to new technology by
demonstrating the system’s relevance to daily tasks and simplifying complex
processes into manageable steps​​.

3.2 Focus group training

For IT personnel, records managers, and archivists, specialized technical training is a

prerequisite to ensure that they possess the expertise required to handle the complexities of
ERMS. This training encompasses system configuration, data migration techniques, and the
integration of ERMS with existing IT infrastructure (Johare, 2006)​. IT professionals must be

9
trained in managing system updates and security protocols to protect records from
unauthorized access and data breaches, which are critical for preserving the integrity and
confidentiality of organizational information (Mukred et al., 2019)​. Records managers and
archivists require advanced training in record classification schemes, metadata management,
and retention schedules to maintain compliance with international standards such as ISO
15489​​. These professionals must be adept at handling metadata, which enhances the
searchability, context, and usability of records, making it easier to retrieve and use documents
when needed (Mukred et al., 2019)​.

Training programs must also extend to senior management and policymakers to

ensure that they understand the strategic importance of ERMS and can support its integration
into organizational strategies. Leadership-focused workshops and seminars provide senior
management with the tools needed to govern electronic records management initiatives and
link them to risk management and corporate governance frameworks (Mukred, Yusof &
Alotaibi, 2019)​. Senior executives need training that highlights how electronic records impact
organizational risk and the importance of supporting these systems through policy
development and resource allocation (Johare, 2006)​. Policymaker training can focus on
aligning organizational policies with national and international records management
standards, ensuring that these policies reflect best practices and regulatory compliance
(Mukred et al., 2019)​. By involving senior leadership in these training initiatives,
organizations can cultivate a top-down commitment to effective records management, which
is crucial for embedding ERMS practices into the organizational culture​​.

Comprehensive training and awareness programs for ERMS are integral to successful
records management within organizations. By providing targeted training that spans
awareness, technical expertise, user competency, continuous learning, and strategic
leadership, organizations can cultivate a knowledgeable workforce that can handle the
demands of electronic records management with confidence and compliance (Mukred et al.,
2019)​​. In turn, it supports the overall operational effectiveness, compliance, and strategic
resilience of the organization, ensuring that electronic records continue to serve as reliable,
authentic, and accessible assets throughout their lifecycle (Johare, 2006)​​.

10
4.0 The training and awareness programs that can be conducted

First, one of the training programs that could be proposed at Universiti Teknologi
MARA (UiTM) is a research-based ERM education and interdisciplinary collaboration. It is a
method of Electronic Records Management (ERM) that blends scholarly study with
real-world implementation and interdisciplinary collaboration. The success of this program
has been demonstrated in Canada when Archivists, IT experts, and engineers from all around
the world were effectively brought together by the project to develop fundamental standards
and best practices for ERM (Johare R., 2006). As demonstrated by the University of British
Columbia's (UBC) International Research on Permanent Authentic Records in Electronic
Systems (InterPARES) project, this model involves bringing together professionals and
students from a variety of fields of study, including engineering, archival science, information
technology, and diplomatics (InterPARES Project, 2001). The project's researchers also
developed and pilot-tested ongoing educational and training materials, such as workshops,
distance education courses, annotated bibliographies, glossaries, and maybe even case studies
on ERM, that were made available for use by academic programmes and professional
associations and institutions in their continuing education programming. (Duranti, 2001).
Therefore, UiTM may look into ERM authenticity, compliance, and innovation by forming an
interdisciplinary research group, which could help create educational resources for use in
ERM courses. Research-based case studies, glossaries, and workshops could be developed to
enhance professional training and the ERM curriculum here at UiTM.

Next, UiTM could implement a distance learning training program for Practicing
Professionals. For professionals who require flexibility because of job responsibilities, UiTM
may provide distance learning options for a Master of Science (MSc) or Advanced Diploma
Program in ERM. In an article by Johare R.(2006), Northumbria University, which provides
an MSc in Records Management by Distance Learning, has effectively used this strategy. The
primary core knowledge of ERM is electronic record-keeping, and the subjects center on
organizational record-keeping as practice in various contexts; thus, this program aims to
provide the information and comprehension needed by those planning to work as records
managers or who are currently employed. At the same time, it is to do so in a way that it
adapts to the electronic world. In the same article by Johare R.(2006), professionals have
been successfully served by Northumbria's remote learning model, which enables them to
acquire advanced ERM expertise while they are employed. This strategy has made ERM

11
training more widely available and allowed students to use what they have learned in the
workplace, which frequently results in career progression and improved organisational
efficacy in ERM (Johare R.,2006).

Europe has created some advanced ERM education programs, such as the Education
and Training in Electronic Records Management (e-TERM) project, which focuses on
training people from different fields like administration, IT, and archives to work together on
managing electronic records (Johare R., 2006). Countries like Germany and Finland offer
ERM-specific courses at schools like the Bavarian Archives School and Mid Sweden
University, where students learn both the practical skills and theoretical knowledge needed to
manage electronic records in modern organizations (Johare R., 2006). These programs
prepare students to handle real-world ERM challenges by giving them hands-on experience
that matches the needs of actual workplaces (Johare R., 2006). UiTM could create a similar
program where students and professionals from various areas, such as IT, information
management, and archives, come together to work on ERM projects and solutions (Johare R.,
2006). By offering this kind of interdisciplinary training, UiTM would build a culture of
teamwork and shared knowledge across different fields, equipping future Malaysian ERM
professionals with the skills to ensure electronic records are reliable, authentic, and meet
legal and organizational standards (Johare R., 2006).

In the United States, although few universities offer specific programs in Electronic
Records Management (ERM), schools like the University of Michigan and the University of
California have made significant progress by including ERM courses within their broader
information science programs (Johare R., 2006). These universities have integrated ERM into
their Master of Science in Information programs, which cover various areas like digital
preservation, electronic document management, and modern record-keeping technologies
(Johare R., 2006). This type of curriculum gives students the skills and knowledge needed to
manage digital records effectively, especially within complex organizational settings (Johare
R., 2006). Additionally, outside of traditional university programs, some institutions offer
shorter courses designed to meet specific ERM needs. For example, University College
London (UCL) in the United Kingdom provides summer courses that address ERM
requirements arising from recent laws, like the Freedom of Information Act, aimed at both
the public and private sectors (Johare R., 2006). Following this model, UiTM could offer
short-term training programs and workshops focused on Malaysia's specific legislative and

12
regulatory requirements (Johare R., 2006). For instance, UiTM could introduce courses on
ERM that help professionals comply with Malaysia’s Electronic Government initiatives and
public sector standards (Johare R., 2006). These courses would support Malaysia’s shift to
digital practices and strengthen UiTM's role in preparing professionals for this transition
(Johare R., 2006).

Expanding UiTM's Electronic Records Management (ERM) training program could

significantly benefit Malaysia by drawing on approaches used in other Asian countries
(Johare R., 2006). In China, universities such as Zhejiang University and Beijing Union
University integrate ERM into broader library and information science programs, allowing
students across disciplines to gain foundational ERM knowledge without a dedicated
program; UiTM could adopt a similar approach, aligning with Chinese institutions to prepare
students for digital record management within a comprehensive curriculum (Johare R., 2006).
Japan, however, focuses on historical document preservation, with institutions like the
National Institute of Japanese Literature largely excluding ERM (Johare R., 2006). UiTM
could differentiate itself by emphasizing digital record management and addressing digital
preservation, security, and access challenges, thus positioning UiTM as an ERM leader in
Asia (Johare R., 2006). Indonesia’s ERM education is often limited to diploma-level
traditional records management, leading professionals to seek advanced training abroad
(Johare R., 2006). UiTM could make ERM education more accessible by establishing a
comprehensive program that offers foundational to advanced ERM training and reduces
reliance on foreign programs (Johare R., 2006).

In Malaysia, the National Archives provides limited ERM-specific training, often

sending professionals abroad for advanced instruction due to a need for more local expertise
(Johare R., 2006). UiTM could address this need by establishing an ERM program within its
Faculty of Information Management, covering digital preservation, compliance with
electronic government requirements, and information security (Johare R., 2006). This
program would support Malaysia’s electronic government initiatives and equip professionals
to meet local and international standards for managing electronic records (Johare R., 2006).
UiTM’s ERM training program could not only provide Malaysian professionals with essential
ERM skills but also position UiTM as a regional hub for ERM education, contributing to a
sustainable knowledge base in Malaysia (Johare R., 2006).

13
 Overall, by adapting these proven models, UiTM has the potential to become a
leading ERM education provider in Malaysia, setting standards that align with the country’s
digital aspirations. Implementing these strategies at UiTM could lead to the development of
Malaysia-specific ERM competencies, preparing future professionals to manage electronic
records within local organizational and regulatory frameworks. Through partnerships with
government agencies, industry leaders, and international institutions, UiTM could establish
an ERM educational program that builds upon the success of established models, positioning
itself as a core institution for ERM knowledge and innovation in Malaysia​.

14
5.0 CONCLUSION

Training and awareness programs in Electronic Records Management (ERM) are

critical for data protection, increasing productivity, mitigating risks, and assuring business
continuity. Organisations in today's digital environment become more vulnerable to cyber
dangers like data breaches and ransomware attacks (paradigm, 2024). According to Steve
Alder (2024), 3,205 data breaches were recorded in 2023, a 72% increase over 2021, with
sectors such as healthcare, financial, and professional services having the most impact. It
emphasises the necessity for reasonable data security training inside ERM systems. This
could include regular phishing awareness training, data classification and handling
workshops, and incident response drills. Awareness training can significantly reduce the
possibility of data breaches by instilling a security culture within the organisation (Keepnet,
2024).

Training programs not only strengthen security but also boost employee efficiency
and production. According to McKinsey Global Institute (2012), employees allocate up to
20% of their workday looking for information, which slows decision-making and workflow
(Chui et al., 2012). Proper ERM training can address this issue by teaching staff how to find
and handle documents, resulting in increased productivity. Yaacob et al. (2011) provide more
support, emphasising the significance of specialised knowledge in metadata, preservation,
and record lifecycle. This specialised expertise guarantees that personnel can efficiently
manage ERM activities, which include document creation, storage, retrieval, and disposal,
thereby increasing organisational productivity.

Human error, a significant challenge in ERM, often leads to data loss, poor
management, or breaches (Rock, 2022). According to the IBM Security Services 2014 Cyber
Security Intelligence Index (IBM, 2014), human mistakes account for more than 95% of
security breaches (Ahola, 2021). Therefore, comprehensive training programs that effectively
reduce human error are crucial for safeguarding electronic documents, providing a reliable
solution to this common problem.

Training programs are also vital for ensuring legal and regulatory compliance
(Cleaned, 2024). According to the Journal of Management Policy and Training, programs are
also crucial for ensuring legal and regulatory compliance (Cleaned, 2024). According to the

15
Journal of Management Policy and Practice, Volume 25(1), 2024, compliance training helps
organisations meet regulatory obligations and mitigates non-compliance risks such as
penalties and legal challenges (Fiene, 2023). Training enhances decision-making and
corporate operations by increasing awareness of policies and procedures. Practical ERM
training also supports business continuity, as staff are equipped to recover essential records in
the event of data loss, natural disasters, or system failures, ensuring the organisation can
continue operating without significant disruptions (Program Framework, 2024).

The training programs necessary for successful ERM implementation are diverse and
should be tailored to different organisational roles (ERM, 2023). All staff should receive
awareness training, while IT personnel and records managers require specialised technical
training. This specialised training is crucial, as it ensures these staff members are equipped to
secure records from unauthorised access and understand system configuration, data
migration, and safety precautions. Furthermore, end-user training is essential to ensure that
ordinary staff can use ERMS effectively, including creating, saving, and obtaining records
securely (Johare, 2006). Continuous professional development and refresher training are also
vital to keep staff up to date with the latest technology and regulatory standards governing
ERM systems (Johare, 2006).

In terms of higher education, institutions such as Universiti Teknologi MARA

(UiTM) may play a critical role in promoting ERM learning via innovative programs (Erma,
2023). One such program may be Research-Based ERM Education and Interdisciplinary
Collaboration, which blends academic research with application in real life, as successful
efforts in Canada have shown (Johare, 2006). Another attempt could be to create remote
learning programs for practising professionals, such as the MSc in Records Management,
which resembles effective models at Northumbria University (Johare, 2006). By adding such
programs, UiTM can solve the particular difficulties of digital preservation, security, and
access while positioning itself as a pioneer in ERM education in Malaysia, contributing to its
digital transformation (Johare, 2006).

16
 In a nutshell, thorough training and awareness initiatives are required to adopt ERM
systems successfully. They protect against cybersecurity risks and boost organisational
efficiency, compliance, and business continuity (Cornette, 2024). As organisations continue
to rely on digital records, the need to train skilled ERM specialists must be recognised (IERP,
2024). OrganisationsThrough strategic training efforts, organisations may build a strong
foundation for managing electronic documents, reducing risks, and guaranteeing long-term
success (Yaacob & Sabai, 2011).

17
6.0 REFERENCES

Ahola, M. (2021). The Role of Human Error in Successful Cyber Security Breaches.
Usecure.io; usecure ltd. Retrieved from https://blog.usecure.io/the-role-of-
human-error-in-successful-cyber-security-breaches#:~:text=There's%20not%
20a%20single%20person,cyber%20behaviour%20in%20your%20organisation.

Analysis of cyber attack and incident data from IBM’s worldwide security operations IBM
Global Technology Services Managed Security Services Research Report. (2014)
Retrieved from https://www.editoraroncarati.com.br/v2/phocadownload/
ibm_security.PDF

Alder, S. (2024). ITRC: Data Compromises Reach All-time High in 2023. The HIPAA
Journal. Retrieved from https://www.hipaajournal.com/itrc-data-compromises
-record-2023/#:~:text=There%20was%20a%20huge%20increase,rather%20than
%20conducting%20mass%20attacks.

Arulsamy, A. S., Singh, I., Kumar, M. S., Panchal, J. J., & Bajaj, K. K. (2023). Employee
training and development enhancing employee performance–A study. Samdarshi,
16(3), 406-416.

Bank Negara Malaysia (2023) - Risk Management and Internal Controls. Retrieved on
November 6, 2024 from https://www.bnm.gov.my/documents/20124/12142010/
Ar2023_en_ch2c.pdf

Chui, M., Manyika, J., Bughin, J., Dobbs, R., Roxburgh, C., Sarrazin, H., Sands, G., &
Westergren, M. (2012). The social economy: Unlocking value and productivity
through social technologies. McKinsey & Company. Retrieved from https://www.
mckinsey.com/industries/technology-media-and-telecommunications/our-insights/the-
social-economy

Claned. (2024, February 20). Compliance Training: Understanding Its Importance and
Benefits. Claned. Retrieved from https://claned.com/compliance-training-importance-
and-benefits/#:~:text=Compliance%20training%20is%20an%20essential,
decision%2Dmaking%20within%20a%20workplace.

Cornette, P. (2024, May 29). By proactively managing risks and building robust cyber
resilience strategies, companies can protect their assets, ensure business continuity

18
 and maintain trust. Linkedin.com. Retrieved from https://www.linkedin.com/pulse/
importance-risk-management-cyber-resilience-companies-cornette-qwest/‌

Devimpact Institute (2020). Electronic Records Management - Get yourself the best training
in the Field of Information and Communication Technology. Davin Institute.
Retrieved from https://davinstitute.com/course/erm/

Duranti, L., & Thibodeau, K. (2001). The INTERPARES international research project,
Information Management, Journal, 35(1), 44-50.

ERM (2023) Training Programs & Courses. ERM. Retrieved from https://www.erm.com/
solutions/training-programs-courses/

Erma. (2023). The Future of ERM: Integrating AI, Automation, and Human Expertise -
ERMA. Enterprise Risk Management Academy. Retrieved from
https://www.erm-academy.org/publication/risk-management-article/the-
future-of-erm-integrating-ai-automation-and-human-expertise/

Fiene, R. (2023). The Importance of the Theory of Regulatory Compliance. SSRN Electronic
Journal. https://doi.org/10.2139/ssrn.4597469

Globalscape (2017). The True Cost Of Compliance With Data Protection

Regulations. Globalscape. Retrieved from https://static.fortra.com/globalscape/pdfs/
guides/gs-true-cost-of-compliance-data-protection-regulations-gd.pdf

Ginette Collazo, Ph.D (2020). Human Error Reduction Program. Ginette Collazo, Ph.D.
Retrieved from https://humanerrorsolutions.com/error-reduction-program/#1528
746101552-1890992a-218e

Identity Theft Resource Center (2024) Identity Theft Resource Center 2023 Annual Data
Breach Report. ITRC. Retrieved from https://www.idtheftcenter.org/post/2023
-annual-data-breach-report-reveals-record-number-of-compromises-72-percent-
increase-over-previous-high/

IERP. (2024) Effectively Implement ERM Concepts to Enhance Business Value - Institute of
Enterprise Risk Practitioners . (IERP®). Retrieved from https://insterp.com/
effectively-implement-erm-concepts-to-enhance-business-value/

19
Interpares.org (2024). InterPARES Project: The Findings. (2024). Interpares.org.
http://www.interpares.org/index.htm

ISO org.(2016). ISO 15489 Records Management, Iso. Org Retrieved from https://committee
.iso.org/sites/tc46sc11/home/projects/published/iso-15489-records-management.html

Johare, R. (2006). Education and training in electronic records management (ERM): The
need for partnership building. https://repository.arizona.edu/bitstream/handle
/10150/106014/77.Rusnah_Johare_pp541-549.long.pdf?sequence=1&isAllowed=y‌

Keepnet. (2024). Cyber threats are rapidly evolving, posing significant security risks to both -
individuals and organizations. Linkedin.com. Retrieved from https://www.linkedin.
com/pulse/can-strong-security-awareness-reduce-cyber-risks-keepnetlabs-4pdif#:~:
text=Resarch%20by%20Keepnet%20shows%20that,essential%20for%20effective
%20data%20protection.

Laws Of Malaysia (2010). LAWS OF MALAYSIA ACT 709 PERSONAL DATA PROTECTION
ACT 2010. Retrieved from https://mohre.um.edu.my/img/files/Personal%20Data%20
Protection%20(PDPA)%20Act%202010.pdf

McLeod, J. H. (2004). Education and training for records management in the electronic
environment - the (re)search for an appropriate model.
https://informationr.net/ir/9-3/paper179.html

Mariani, M.P.R. (1999). DLM-Forum follow -up: proposals on training of administrators and
archivists. Paper presented at the DLM-Forum on Electronic Records of the European
Communities, held on 18-19 October,Brussels.

McKinsey Global Institute. (2012). The social economy: Unlocking value and productivity
through social technologies. McKinsey & Company. Retrieved from
https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-
insights/the-social-economy

McLeod, J., Hare, C., & Johare, R. (2007). Education and training for records management
in the electronic environment - the (re)search for an appropriate model.

20
Mukred, M., Yusof, Z. M., & Alotaibi, F. M. (2019). Ensuring the productivity of higher
learning institutions through the electronic records management system (ERMS).
IEEE Access.

Mukred, M., Yusof, Z. M., Alotaibi, F. M., Mokhtar, U. A., & Fauzi, F. (2019). The key
factors in adopting an electronic records management system (ERMS) in the
educational sector: A UTAUT-based framework. IEEE Access.

Evolution of E-records Management Practices in E-government: A Malaysian Perspective.

International Journal of Academic Research in Business & Social Sciences, 13(8).
https://doi.org/10.6007/ijarbss/v13-i8/17455

National Archives and Record Administration, (2022) (NARA). Federal Agency Records
Management 2021 Annual Report Senior Agency Official for Records Management
Annual Report Records Management Self-Assessment Federal Electronic Records and
Email Management Report. Retrieved from
https://www.archives.gov/files/records-mgmt/agency/federal-agency-records-manage
ment-annual-report-2021.pdf

National Archive, 2019- Context for Electronic Records Management [ERM]. (2016)
National Archives. Retrieved from
https://www.archives.gov/records-mgmt/initiatives/context-for-erm.html

Nuamah, J. K., Adapa, K., & Mazur, L. (2020). Electronic health records (EHR)
simulation-based training: a scoping review protocol. BMJ Open, 10(8), e036884.
https://doi.org/10.1136/bmjopen-2020-036884

Paradigm. (2024). The Importance of Continuous Records Management Training. VRC.

Retrieved from
https://vitalrecordscontrol.com/resources/records-management/importance-of-continu
ous-records-management-training/#:~:text=Protection%20of%20Sensitive%20Inform
ation,risk%20of%20a%20security%20breach.

Pinky Priscylla Micheal, Mohd Nizam Yunus, & Kadir, A. (2023). Effects of Electronic
Records Management Best Practices and Records Professionals in Malaysia.
Environment-Behaviour Proceedings Journal, 8(SI12),
95–101.https://doi.org/10.21834/e-bpj.v8isi12.5011

21
Program Framework. (2024). Enterprise Risk Management: Best Practices to Guide Your
Business. Powerframework.com. Retrieved from
https://www.powerframework.com/enterprise-risk-management-best-practices

‌ProofPoint. (2021). An In-Depth Look at User Awareness, Vulnerability and Resilience.

Retrieved from
https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-state-of-the-phi
sh-2021.pdf

Rock, T. (2022, December 20). Data Loss Human Error Statistics That Will Cost You. Invenio
IT. Retrieved from
https://invenioit.com/continuity/data-loss-from-human-error/?srsltid=AfmBOopEMb
C2MjKPu9brAIY54xcLH1ah-qWPM4afOyysbuw6Uc26qsYD

Saufi, M., & Rusuli, C. (December, 2014.). LINKAGE BETWEEN KNOWLEDGE

MANAGEMENT PRACTICES AND LIBRARY USERS’ SATISFACTION AT
MALAYSIAN UNIVERSITY LIBRARIES. Retrieved from
https://core.ac.uk/download/pdf/42955783.pdf

Scalese, R. J., Obeso, V. T., & Issenberg, S. B. (2008). Simulation technology for skills
training and competency assessment in medical education. Journal of general internal
medicine, 23 Suppl 1(Suppl 1), 46–49. Retrieved from
https://doi.org/10.1007/s11606-007-0283-4

SecureScan. (2023). Electronic Records Management: The Essential Guide. SecureScan.

Retrieved from
https://www.securescan.com/articles/records-management/what-is-an-erms-and-why-
do-you-need-one/

Strawser, M. (2021). Overcoming the challenges of records management. Retrieved from

https://secure360.org/2014/02/overcoming-the-challenges-of-recordsmanagement/

The Pew Charitable Trust. (2021). Most Americans Want to Share and Access More Digital
Health Data. Pewtrusts.org; The Pew Charitable Trusts.
https://www.pewtrusts.org/en/research-and-analysis/issue-briefs/2021/07/most-americ
ans-want-to-share-and-access-more-digital-health-data

22
Weise, C. (2013). 4 Business Drivers for Electronic Records Management Produced by AIIM
Training. Retrieved November 8, 2024. Retrieved from
https://cdn2.hubspot.net/hub/332414/file-526188975-pdf/PDC/Training-Briefing-Pape
rs/Fall_2013_How_To_Guides_-_7_docs/ERM.2013.4BizDrivers.pdf

Yaacob, R. A., & Mapong Sabai, R. (2011). Electronic records management in Malaysia: a
case study in one government agency.

Yaacob & Sabai. (2011). Electronic Records Management in Malaysia: A case study in One
Government Agency. Retrieved from
https://ir.uitm.edu.my/id/eprint/3520/1/K_RAJA%20ABDULLAH%20YAACOB%20
A-LIEP%20IM%2011.pdf

Yong H.S. & Foo X.Y. (2023). PDPA 101 - 1 of 3: Introduction to the Personal Data
Protection Act 2010. Wolterskluwer.com. Retrieved from
https://www.wolterskluwer.com/en-my/expert-insights/pdpa-101-1-of-3-introduction-t
o-the-personal-data-protection-act-2010#:~:text=Liabilities,subject%20to%20the%20
same%20penalties.

23
5.0 APPENDIX

Figure 1: Turnitin Result

24
 Page 1 of 20 - Cover Page Submission ID trn:oid:::1:3079812268

[email protected] [email protected]
imr turnitin.docx
06

Class_2024

Accounting Department

Document Details

Submission ID

trn:oid:::1:3079812268 16 Pages

Submission Date 4,735 Words

Nov 15, 2024, 9:36 AM GMT+7

29,011 Characters

Download Date

Nov 15, 2024, 9:37 AM GMT+7

File Name

imr_turnitin.docx

File Size

31.8 KB

Page 1 of 20 - Cover Page Submission ID trn:oid:::1:3079812268

 Page 2 of 20 - Integrity Overview Submission ID trn:oid:::1:3079812268

5% Overall Similarity
The combined total of all matches, including overlapping sources, for each database.

Filtered from the Report

Bibliography

Quoted Text

Match Groups Top Sources

3 Not Cited or Quoted 0% 4% Internet sources

Matches with neither in-text citation nor quotation marks
2% Publications
18 Missing Quotations 5% 2% Submitted works (Student Papers)
Matches that are still very similar to source material

0 Missing Citation 0%
Matches that have quotation marks, but no in-text citation

0 Cited and Quoted 0%

Matches with in-text citation present, but no quotation marks

Page 2 of 20 - Integrity Overview Submission ID trn:oid:::1:3079812268

 Page 3 of 20 - Integrity Overview Submission ID trn:oid:::1:3079812268

Match Groups Top Sources

3 Not Cited or Quoted 0% 4% Internet sources

Matches with neither in-text citation nor quotation marks
2% Publications
18 Missing Quotations 5% 2% Submitted works (Student Papers)
Matches that are still very similar to source material

0 Missing Citation 0%
Matches that have quotation marks, but no in-text citation

0 Cited and Quoted 0%

Matches with in-text citation present, but no quotation marks

Top Sources
The sources with the highest number of matches within the submission. Overlapping sources will not be displayed.

1 Internet

www.coursehero.com 1%

2 Publication

Joseph K Nuamah, Karthik Adapa, Lukasz Mazur. "Electronic health records (EHR) … 1%

3 Student papers

International Compliance Association 0%

4 Student papers

International Medical University 0%

5 Internet

meridian.allenpress.com 0%

6 Internet

static.helpsystems.com 0%

7 Internet

www.abacademies.org 0%

8 Internet

www.information-age.com 0%

9 Student papers

Griffith College Dublin 0%

10 Publication

Mpho Ngoepe. "Managing Digital Records in Africa", Routledge, 2022 0%

Page 3 of 20 - Integrity Overview Submission ID trn:oid:::1:3079812268

 Page 4 of 20 - Integrity Overview Submission ID trn:oid:::1:3079812268

11 Internet

rikinstitute.com 0%

12 Publication

John R. Vacca. "Security in the Private Cloud", CRC Press, 2019 0%

13 Student papers

University of South Africa (UNISA) 0%

14 Internet

ejum.fsktm.um.edu.my 0%

Page 4 of 20 - Integrity Overview Submission ID trn:oid:::1:3079812268

 Page 5 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

1.0 INTRODUCTION

Electronic records management (ERM) is the systematic process of creating, distributing,

using, maintaining, and disposing of electronic records inside an organization. ERM is
intended to enhance corporate operations, ensure it meets legal and regulatory obligations,
and safeguard valuable data. Johare (2001) defines ERM as managing electronic data and
guaranteeing that these records are legitimate, dependable, and accessible throughout their
existence (Johare R., 2006). This lifespan encompasses steps from record production to
destruction. It is frequently connected with standards such as ISO 15489, which guides
effective records management, assuring accountability, transparency, and protection against
unauthorized access (ISO 15489 Records Management, 2016).

ERM is also a method of preserving organizational memory, as electronic records include

significant data that may be utilized to make strategic decisions (National Archive, 2019).
According to the National Archives and Records Administration, a well-organized ERM
platform enables organizations to prevent data duplication, improve operational efficiency,
and speed up data retrieval procedures (NARA, 2022). Given the massive volume of digital
data generated every day, an ERM framework is critical for hindering information loss and
safeguarding from cyber-attacks (Bank Negara Malaysia, 2023)

ERM training programs are essential as they educate staff with the expertise and knowledge
to manage electronic documents responsibly. These classes address various topics, including
metadata comprehension, categorization system use, information security, and compliance
with applicable rules (ERM, 2023). According to Abdullah et al. (2023), training can
minimize mistakes during electronic record-keeping while increasing compliance with
organizational policy. For instance, in Malaysia's public sector, training on ERM helped solve
knowledge gaps in digital archiving, resulting in a major improvement in record accessibility
and compliance with legislative norms (Yaacob & Sabai, 2011).

In-house training is one practical strategy for improving ERM, as it allows organizations to
personalize training sessions to individual jobs and responsibilities. For instance, SecureScan
states that record management officers could profit through advanced training on archival
processes and digital preservation. At the same time, general personnel may receive guidance
on everyday record handling and best practices for protection (SecureScan, 2023). According
to the Devimpact Institute (2020), organizations can improve employees' capacity to handle

1
Page 5 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 6 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

records efficiently by tailoring ERM training to job functions. On top of that, in-house
training ensures that all staff are regularly updated on ERM regulations and procedures,
lowering the risk of violations and data mishandling.

Awareness campaigns complement these training efforts by informing employees and the
wider public about the larger significance of ERM. Public awareness campaigns are
important, especially in industries that deal directly with citizens, like healthcare and public
services. For example, The Pew Charitable Trusts (2020) explored how Americans are
becoming more engaged with their electronic health records, with increasing support for data
access and security measures. In Malaysia, public awareness initiatives might emphasize the
value of ERM in encouraging government transparency and protecting public data. These ads
should highlight how ERM enables digital transformation and reduces information silos in
the public sector (Yaacob & Sabai, 2011).

In Malaysia, public-sector training and awareness campaigns have highlighted issues specific
to the country's government structure, including legacy systems and poor digital
infrastructure (Yaacob & Sabai, 2011). As a result, regional ERM policies must consider
these restrictions, incorporating localized solutions that enable digital preservation while
allowing seamless compliance with documentation standards across sectors. Malaysia can
improve the performance of its ERM systems and promote best practices in digital
governance by developing training efforts that target these specific needs (Johare, 2001;
Abdullah et al., 2019).

2
Page 6 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 7 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

2.0 Importance of training and awareness programs

First, training and awareness in electronic records management (ERM) is essential and
is needed to improve data security in a company. Organisations are extremely vulnerable
to data breaches or ransomware due to the amount of sensitive data, from financial records to
client information, and all of this information is stored electronically in an increasingly digital
environment. It is supported by the Identity Theft Resource Center (2023) in their annual
report, which shows that in 2023, 3,205 data breaches were reported, which is 72% more than
the previous highest point in 2021. Many organisations were affected by these breaches, with
their frequency rate being high in healthcare, financial, and professional services. This
statement is also supported by the Identity Theft Resource Center (2023) in the same annual
report. Thus, training such as data awareness training is better able to comprehend and apply
security best practices that protect sensitive data, greatly lowering the possibility of breaches
and unwanted access. It can be seen through ProofPoint’s annual report that security
awareness training has decreased vulnerability to phishing, a type of ransomware, according
to 80% of organisations (ProofPoint, 2021). Through this annual report, it is seen that
fostering an understanding of security practices allows employees to act as a defence in an
organisation, reducing the chances of data breaches and creating a secure environment for
sensitive electronic records. This comprehensive focus on security within ERM training
ultimately strengthens the organisation’s overall data protection posture.

Next, training and awareness programs are needed in ERM to ensure employees can
1 perform their work effectively. One of the four reasons for designing a suitable education
and training program is to improve job performance in an electronic environment (Mariani,
1999). Every day, employees waste hours looking for information, which decreases
workflows and slows down decision-making. This statement is proved by studies by (The
McKinsey Global Institute, 2012), which states that finding information can take up to 20%
of a worker's day, which results in decreased production and heightened annoyance. Thus,
training programs focused on the basic knowledge of ERM can increase employee
productivity. A case study supported by Yaacob, R. A. et al. (2011) shows that the majority
of respondents in the study agreed that each employee involved in ERM management needs
to possess specialised knowledge and abilities, which includes metadata, preservation, and
life cycle of records from production to disposal. They believed that in order to do their jobs
effectively, they were required to know the fundamentals of records management. The study

3
Page 7 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 8 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

also shows that it is evident that, without personnel with expertise or with special knowledge
and skills, the implementation of ERM would be extremely difficult. From here, it can be
concluded that training is needed to ensure employees can do their jobs effectively which will
boost productivity.

Reducing human error in electronic records management (ERM) is one of the critical
needs of providing comprehensive training to employees. One of the main reasons for data
loss, mismanagement, and breaches is human error. This statement can be seen through
8 International Business Machines Corporation’s (IBM) Security Services 2014 Cyber Security
Intelligence Index report, which shows that over 95% of all security breaches were caused by
human error, as opposed to those that are solely the result of unexpected vulnerabilities in
system security (IBM, 2014). Thus, scenario-based training helps users become familiar with
the ERM system interface and standard operations through realistic tasks, leading to reduced
human error. This statement can be proven by a study from Nuamah et al. (2020), stating that
2 electronic health record (EHR)-specific simulation-based training, which is a subset of ERM,
2 a type of computer screen-based simulator, can be done to maximise the use of EHR as a
clinical tool, which leads to better navigating the system more confidently with fewer errors.
In the same study, she mentioned that previous research, which was done by Scalese et al.
2 (2007), shows that EHR-specific simulation-based training facilitates improved use of EHRs
for clinicians. With this training, it shows that most human performance errors can be
eliminated, but they are unlikely to be entirely prevented. Thus, training is one of the ways to
reduce the possibility of them happening (Human Error Solutions, 2020).

Next, the reason why training and awareness programs are needed for ERM is to
improve compliance and reduce risks. By ensuring staff members are aware of the
regulations when handling electronic records, training on this topic lowers the possibility of
paying the cost for non-compliance. This statement is supported by Weise, C. (2013) from
12 The Association for Information and Image Management (AIIM), which mentions that
training compliance addresses what the company is trying to achieve, along with increasing
efficiency, which addresses productivity and cost savings in organisations, to ensure business
continuity. He also stated that even with policies in place, monitoring and enforcement are
obviously crucial, and procedures and staff training are very necessary (Weise, C.,2013).
Another report that supports why training programs for ERM are needed by Globalscape

4
Page 8 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 9 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

3 (2017) shows that the average cost for organisations that experience non-compliance
problems is $14.82 million, a 45 percent increase from 2011, while the average cost of
6 compliance for the organisations in the study is $5.47 million, a 43 percent increase from
2011. At the same time, for instance, in Malaysia, companies must comply with the Personal
Data Protection Act (PDPA) 2010 (LAWS of MALAYSIA ACT 709 PDPA, 2010). Based on
the law, a data user, which is the organisation, who contravenes Section 5(1) of the PDPA by
4 committing an offence shall be liable to a fine of not exceeding RM300,000 or imprisonment
for not exceeding two years or both. (Yong H.S. & Foo X.Y, 2023). Thus, it can be said that
the cost of not complying is much greater (Globalscape, 2017), and it can be concluded that
investing in compliance training is more cost-effective than needing to pay for non-
compliance.

Lastly, training and awareness programs are needed for ERM to improve business
continuity. Continuity signifies business continuity, which ensures that companies may carry
on with operations even after suffering a significant loss or disruption (Weise, C.,
2013). Effective ERM training ensures that staff members are equipped to recover critical
documents from backup systems in the case of data loss, natural disaster, or system failures.
Planning for disaster recovery and business continuity depends on this. This statement is
supported by Pinky Priscylla Micheal et al (2023), stating that to reduce the chance of data
being lost or damaged due to recordkeeping errors, an organisation should develop backup
procedures, which one of them can be training for employees to ensure employees know what
to do during desperate times. In the same article, it is also mentioned that records will be
more organised, less redundant, and less of a burden on the company if all employees are
aware of the foundations of records administration. The statement is also proved by Strawser
(2021), stating that effective handling of records from the very beginning of their life cycle
makes the process go more smoothly and requires far less work, later on, to maintain them
secure.

In conclusion, awareness and training initiatives are essential for an organisation's

successful Electronic Records Management (ERM). These initiatives lower the risk of data
breaches and other cybersecurity threats by training staff members on data security (Identity
Theft Resource Center, 2023). By guaranteeing that employees can locate and handle records
effectively, they also increase productivity by reducing downtime and improving decision-
making (McKinsey Global Institute, 2012). Additionally, training promotes a culture of

5
Page 9 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 10 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

security and compliance throughout the company by lowering human error that results in data
breaches or mismanagement (Nuamah et al., 2020). By lowering the

financial and legal risks connected to regulatory violations, compliance training helps
businesses even more (Weise C., 2013). Lastly, these programs are crucial for business
continuity because they give staff members the tools they need to recover important data and
go on with operations in the event of unforeseen disruptions (Pinky Priscylla Micheal et al.,
2023). The necessity of strong training and awareness initiatives as a component of an
organization's overall ERM strategy is shown by these advantages taken together.

6
Page 10 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 11 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

3.0 Training and awareness programs for Effective ERMS

Training and awareness programs for electronic records management systems (ERMS) are
fundamental to fostering an effective and comprehensive records management culture within
organizations. Given the critical nature of electronic records in maintaining legal compliance,
supporting operational efficiency, and upholding organizational transparency, training
programs must be carefully designed and implemented to cater to various levels of expertise
and roles within the organization (Johare, 2006). The rapid evolution of digital technology
has underscored the need for robust education in ERMS to manage the risks of data
obsolescence, unauthorized access, and compliance failures (McLeod, Hare & Johare, 2004).
7 Training programs are essential to equip employees with the necessary knowledge and skills
13 to manage, preserve, and utilize electronic records effectively, ensuring the integrity,
authenticity, and accessibility of these records throughout their lifecycle (Mukred et al.,
2019).

3.1 Types of training and awareness programs

3.1.1 Awareness Training

Awareness training is the starting point for developing a culture of effective electronic
records management. This type of training is designed for all employees, emphasizing the
importance of records management with organizational compliance and risk mitigation
(Mukred, Yusof & Alotaibi, 2019). Through workshops, webinars, and e-learning modules,
employees are introduced to the basics of ERMS, including their roles and responsibilities in
maintaining records according to organizational policies and legal standards. Such training is
crucial for promoting awareness of the impact that poor records management can have on
operations, such as the loss of crucial data and potential legal ramifications (Mukred et al.,
2019). Employees must understand that proper records management contributes not only to
organizational efficiency but also to broader corporate governance and accountability
frameworks (Johare, 2006).

7
Page 11 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 12 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

3.1.2 Foundational Training Services

Foundational training serves as the entry-level approach, laying the groundwork for more in-
depth education. It introduces employees to essential concepts, such as the characteristics of
electronic records and the processes they undergo throughout their lifecycle—from creation
and storage to eventual archiving or destruction (Johare, 2006). This type of training
emphasizes the significance of records as strategic assets that underpin operational continuity
and organizational integrity (Mukred et al., 2019; McLeod et al., 2004). Employees benefit
from understanding how their roles contribute to the broader records management strategy,
fostering a culture of compliance and reducing the risk of data mismanagement and
unauthorized disclosures (McLeod et al., 2004).

3.1.3 End-User Training

End-user training is another essential type of program that focuses on enabling general
employees to use ERMS effectively. This form of training involves hands-on workshops that
teach users how to create, store, access, and retrieve records within the system, ensuring that
employees can perform their roles efficiently without compromising the system’s
functionality or security (Johare, 2006). Practical exercises and scenario-based training are
useful for illustrating common challenges that employees might face when interacting with
ERMS, helping to build their confidence and competence in using the system (Mukred et al.,
2019). End-user training is especially important in reducing resistance to new technology by
demonstrating the system’s relevance to daily tasks and simplifying complex processes into
manageable steps.

3.2 Focus group training

For IT personnel, records managers, and archivists, specialized technical training is a

prerequisite to ensure that they possess the expertise required to handle the complexities of
ERMS. This training encompasses system configuration, data migration techniques, and the
integration of ERMS with existing IT infrastructure (Johare, 2006). IT professionals must be
trained in managing system updates and security protocols to protect records from
10 unauthorized access and data breaches, which are critical for preserving the integrity and
10 confidentiality of organizational information (Mukred et al., 2019). Records managers and
archivists require advanced training in record classification schemes, metadata management,
and retention schedules to maintain compliance with international standards such as ISO

8
Page 12 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 13 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

15489. These professionals must be adept at handling metadata, which enhances the
searchability, context, and usability of records, making it easier to retrieve and use documents
when needed (Mukred et al., 2019).

Training programs must also extend to senior management and policymakers to ensure that
they understand the strategic importance of ERMS and can support its integration into
organizational strategies. Leadership-focused workshops and seminars provide senior
management with the tools needed to govern electronic records management initiatives and
link them to risk management and corporate governance frameworks (Mukred, Yusof &
Alotaibi, 2019). Senior executives need training that highlights how electronic records impact
organizational risk and the importance of supporting these systems through policy
development and resource allocation (Johare, 2006). Policymaker training can focus on
aligning organizational policies with national and international records management
standards, ensuring that these policies reflect best practices and regulatory compliance
(Mukred et al., 2019). By involving senior leadership in these training initiatives,
organizations can cultivate a top-down commitment to effective records management, which
is crucial for embedding ERMS practices into the organizational culture.

Comprehensive training and awareness programs for ERMS are integral to successful records
management within organizations. By providing targeted training that spans awareness,
technical expertise, user competency, continuous learning, and strategic leadership,
organizations can cultivate a knowledgeable workforce that can handle the demands of
electronic records management with confidence and compliance (Mukred et al., 2019). In
turn, it supports the overall operational effectiveness, compliance, and strategic resilience of
the organization, ensuring that electronic records continue to serve as reliable, authentic, and
accessible assets throughout their lifecycle (Johare, 2006).

9
Page 13 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 14 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

4.0 The training and awareness programs that can be conducted

First, one of the training programs that could be proposed at Universiti Teknologi MARA
(UiTM) is a research-based ERM education and interdisciplinary collaboration. It is a method
of Electronic Records Management (ERM) that blends scholarly study with real-world
implementation and interdisciplinary collaboration. The success of this program has been
demonstrated in Canada when Archivists, IT experts, and engineers from all around the world
were effectively brought together by the project to develop fundamental standards and best
5 practices for ERM (Johare R., 2006). As demonstrated by the University of British
Columbia's (UBC) International Research on Permanent Authentic Records in Electronic
Systems (InterPARES) project, this model involves bringing together professionals and
students from a variety of fields of study, including engineering, archival science,
information technology, and diplomatics (InterPARES Project, 2001). The project's
1 researchers also developed and pilot-tested ongoing educational and training materials, such
as workshops, distance education courses, annotated bibliographies, glossaries, and maybe
even case studies on ERM, that were made available for use by academic programmes and
professional associations and institutions in their continuing education
programming. (Duranti, 2001). Therefore, UiTM may look into ERM authenticity,
compliance, and innovation by forming an interdisciplinary research group, which could help
create educational resources for use in ERM courses. Research-based case studies, glossaries,
and workshops could be developed to enhance professional training and the ERM curriculum
here at UiTM.

Next, UiTM could implement a distance learning training program for Practicing
Professionals. For professionals who require flexibility because of job responsibilities, UiTM
may provide distance learning options for a Master of Science (MSc) or Advanced Diploma
Program in ERM. In an article by Johare R.(2006), Northumbria University, which provides
an MSc in Records Management by Distance Learning, has effectively used this strategy. The
1 primary core knowledge of ERM is electronic record-keeping, and the subjects center on
organizational record-keeping as practice in various contexts; thus, this program aims to
provide the information and comprehension needed by those planning to work as records
managers or who are currently employed. At the same time, it is to do so in a way that it
adapts to the electronic world. In the same article by Johare R.(2006), professionals have

10
Page 14 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 15 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

been successfully served by Northumbria's remote learning model, which enables them to
acquire advanced ERM expertise while they are employed. This strategy has made ERM
training more widely available and allowed students to use what they have learned in the
workplace, which frequently results in career progression and improved organisational
efficacy in ERM (Johare R.,2006).

14 Europe has created some advanced ERM education programs, such as the Education and
Training in Electronic Records Management (e-TERM) project, which focuses on training
people from different fields like administration, IT, and archives to work together on
managing electronic records (Johare R., 2006). Countries like Germany and Finland offer
ERM-specific courses at schools like the Bavarian Archives School and Mid Sweden
University, where students learn both the practical skills and theoretical knowledge needed to
manage electronic records in modern organizations (Johare R., 2006). These programs
prepare students to handle real-world ERM challenges by giving them hands-on experience
that matches the needs of actual workplaces (Johare R., 2006). UiTM could create a similar
program where students and professionals from various areas, such as IT, information
management, and archives, come together to work on ERM projects and solutions (Johare R.,
2006). By offering this kind of interdisciplinary training, UiTM would build a culture of
teamwork and shared knowledge across different fields, equipping future Malaysian ERM
professionals with the skills to ensure electronic records are reliable, authentic, and meet
legal and organizational standards (Johare R., 2006).

In the United States, although few universities offer specific programs in Electronic Records
1 Management (ERM), schools like the University of Michigan and the University of
California have made significant progress by including ERM courses within their broader
information science programs (Johare R., 2006). These universities have integrated ERM into
their Master of Science in Information programs, which cover various areas like digital
preservation, electronic document management, and modern record-keeping technologies
(Johare R., 2006). This type of curriculum gives students the skills and knowledge needed to
manage digital records effectively, especially within complex organizational settings (Johare
R., 2006). Additionally, outside of traditional university programs, some institutions offer
shorter courses designed to meet specific ERM needs. For example, University College
London (UCL) in the United Kingdom provides summer courses that address ERM
requirements arising from recent laws, like the Freedom of Information Act, aimed at both

11
Page 15 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 16 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

the public and private sectors (Johare R., 2006). Following this model, UiTM could offer
short-term training programs and workshops focused on Malaysia's specific legislative and
regulatory requirements (Johare R., 2006). For instance, UiTM could introduce courses on
ERM that help professionals comply with Malaysia’s Electronic Government initiatives and
public sector standards (Johare R., 2006). These courses would support Malaysia’s shift to
digital practices and strengthen UiTM's role in preparing professionals for this transition
(Johare R., 2006).

Expanding UiTM's Electronic Records Management (ERM) training program could

significantly benefit Malaysia by drawing on approaches used in other Asian countries
(Johare R., 2006). In China, universities such as Zhejiang University and Beijing Union
University integrate ERM into broader library and information science programs, allowing
students across disciplines to gain foundational ERM knowledge without a dedicated
program; UiTM could adopt a similar approach, aligning with Chinese institutions to prepare
students for digital record management within a comprehensive curriculum (Johare R., 2006).
Japan, however, focuses on historical document preservation, with institutions like the
National Institute of Japanese Literature largely excluding ERM (Johare R., 2006). UiTM
could differentiate itself by emphasizing digital record management and addressing digital
preservation, security, and access challenges, thus positioning UiTM as an ERM leader in
Asia (Johare R., 2006). Indonesia’s ERM education is often limited to diploma-level
traditional records management, leading professionals to seek advanced training abroad
(Johare R., 2006). UiTM could make ERM education more accessible by establishing a
comprehensive program that offers foundational to advanced ERM training and reduces
reliance on foreign programs (Johare R., 2006).

In Malaysia, the National Archives provides limited ERM-specific training, often sending
professionals abroad for advanced instruction due to a need for more local expertise (Johare
R., 2006). UiTM could address this need by establishing an ERM program within its Faculty
of Information Management, covering digital preservation, compliance with electronic
government requirements, and information security (Johare R., 2006). This program would
support Malaysia’s electronic government initiatives and equip professionals to meet local
and international standards for managing electronic records (Johare R., 2006). UiTM’s ERM
training program could not only provide Malaysian professionals with essential ERM skills

12
Page 16 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 17 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

but also position UiTM as a regional hub for ERM education, contributing to a sustainable
knowledge base in Malaysia (Johare R., 2006).

Overall, by adapting these proven models, UiTM has the potential to become a leading ERM
education provider in Malaysia, setting standards that align with the country’s digital
aspirations. Implementing these strategies at UiTM could lead to the development of
Malaysia-specific ERM competencies, preparing future professionals to manage electronic
records within local organizational and regulatory frameworks. Through partnerships with
government agencies, industry leaders, and international institutions, UiTM could establish
an ERM educational program that builds upon the success of established models, positioning
itself as a core institution for ERM knowledge and innovation in Malaysia.

13
Page 17 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 18 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

5.0 CONCLUSION

Training and awareness programs in Electronic Records Management (ERM) are critical for
data protection, increasing productivity, mitigating risks, and assuring business continuity.
Organisations in today's digital environment become more vulnerable to cyber dangers like
data breaches and ransomware attacks (paradigm, 2024). According to Steve Alder (2024),
3,205 data breaches were recorded in 2023, a 72% increase over 2021, with sectors such as
healthcare, financial, and professional services having the most impact. It emphasises the
necessity for reasonable data security training inside ERM systems. This could include
regular phishing awareness training, data classification and handling workshops, and incident
response drills. Awareness training can significantly reduce the possibility of data breaches
by instilling a security culture within the organisation (Keepnet, 2024).

Training programs not only strengthen security but also boost employee efficiency and
production. According to McKinsey Global Institute (2012), employees allocate up to 20% of
their workday looking for information, which slows decision-making and workflow (Chui et
al., 2012). Proper ERM training can address this issue by teaching staff how to find and
handle documents, resulting in increased productivity. Yaacob et al. (2011) provide more
support, emphasising the significance of specialised knowledge in metadata, preservation,
and record lifecycle. This specialised expertise guarantees that personnel can efficiently
manage ERM activities, which include document creation, storage, retrieval, and disposal,
thereby increasing organisational productivity.

Human error, a significant challenge in ERM, often leads to data loss, poor management, or
9 breaches (Rock, 2022). According to the IBM Security Services 2014 Cyber Security
Intelligence Index (IBM, 2014), human mistakes account for more than 95% of security
breaches (Ahola, 2021). Therefore, comprehensive training programs that effectively reduce
human error are crucial for safeguarding electronic documents, providing a reliable solution
to this common problem.

14
Page 18 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 19 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

Training programs are also vital for ensuring legal and regulatory compliance (Cleaned,
2024). According to the Journal of Management Policy and Training, programs are also
crucial for ensuring legal and regulatory compliance (Cleaned, 2024). According to the
11 Journal of Management Policy and Practice, Volume 25(1), 2024, compliance training helps
organisations meet regulatory obligations and mitigates non-compliance risks such as
penalties and legal challenges (Fiene, 2023). Training enhances decision-making and
corporate operations by increasing awareness of policies and procedures. Practical ERM
training also supports business continuity, as staff are equipped to recover essential records in
the event of data loss, natural disasters, or system failures, ensuring the organisation can
continue operating without significant disruptions (Program Framework, 2024).

The training programs necessary for successful ERM implementation are diverse and should
be tailored to different organisational roles (ERM, 2023). All staff should receive awareness
training, while IT personnel and records managers require specialised technical training. This
specialised training is crucial, as it ensures these staff members are equipped to secure
records from unauthorised access and understand system configuration, data migration, and
safety precautions. Furthermore, end-user training is essential to ensure that ordinary staff can
use ERMS effectively, including creating, saving, and obtaining records securely (Johare,
2006). Continuous professional development and refresher training are also vital to keep staff
up to date with the latest technology and regulatory standards governing ERM systems
(Johare, 2006).

In terms of higher education, institutions such as Universiti Teknologi MARA (UiTM) may
play a critical role in promoting ERM learning via innovative programs (Erma, 2023). One
such program may be Research-Based ERM Education and Interdisciplinary Collaboration,
which blends academic research with application in real life, as successful efforts in Canada
have shown (Johare, 2006). Another attempt could be to create remote learning programs for
practising professionals, such as the MSc in Records Management, which resembles effective
models at Northumbria University (Johare, 2006).

By adding such programs, UiTM can solve the particular difficulties of digital preservation,
security, and access while positioning itself as a pioneer in ERM education in Malaysia,
contributing to its digital transformation (Johare, 2006).

15
Page 19 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268
 Page 20 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268

In a nutshell, thorough training and awareness initiatives are required to adopt ERM systems
successfully. They protect against cybersecurity risks and boost organisational efficiency,
compliance, and business continuity (Cornette, 2024). As organisations continue to rely on
digital records, the need to train skilled ERM specialists must be recognised (IERP, 2024).
OrganisationsThrough strategic training efforts, organisations may build a strong foundation
for managing electronic documents, reducing risks, and guaranteeing long-term success
(Yaacob & Sabai, 2011).

16
Page 20 of 20 - Integrity Submission Submission ID trn:oid:::1:3079812268