Digital Recordkeeping Standard

 
 
August 2010
Issued under the Public Records Act 2005, section 27 SCOPE: All Public Offices and Local Authorities
STATUS: DISCRETIONARY 

Contents

Section One – New Zealand Context 

Chief Archivist’s Summary
Acknowledgements
Issue Statement
Adoption Statement
 
1. Introduction
1.1 Context: ICA-Req and ERKSS
1.2 Purpose
1.3 Scope
1.4 Advice and Guidance
 
2. Application
2.1 Interpretation of Functional Requirements
2.2 Relationship between the Digitial Recordkeeping Standard, supporting modules and the Mandatory Public Records Act Standards
 
3. Benefits of Using this Standard
3.1 Business Risks and Benefits
 
4 Key Terms

Section Two – Principles and Functional Requirements for Records in Electronic Office Environments (ICA-Req) Module One: Overview and Statement

1 Introduction
1.1 Scope and purpose
1.2 Audience
1.3 Related standards
1.4 Structure and use
 
2 Good practice: Digital Records and the role of Software
 
3 Guiding Principles
3.1 Records-related principles
3.2 Systems-related principles
 
4 Implementation Issues
4.1 Components of successful digital business information management
4.2 Risks and mitigations
4.3 Financial and organisational sustainability of digital systems
 
5 Other functional requirements referenced and evaluated
 
6 Glossary
 

Section One – New Zealand Context

Chief Archivist’s Summary

Issue Statement

The Digital Recordkeeping Standard, issued under s27 of the Public Records Act 2005 (the Act), applies to all public offices as defined in the Act. Compliance with the standard is discretionary. The standard replaces the Electronic Recordkeeping Systems Standard (ERKSS) issued in June 2005. The ERKSS is revoked as of 25/08/2010.

This standard applies to all electronic software applications that capture and manage records, including dedicated recordkeeping or records management systems (often abbreviated as EDRMS) and business systems/applications that create records.

Existing business systems/applications that were operational before the standard was issued on 25/08/2010, may not meet the requirements. I recommend that this standard is followed when making substantial changes to existing systems or installing new ones.
 

Adoption Statement

The International Council on Archives (ICA) Principles and Functional Requirements for Records in Electronic Office Environments (ICA-Req) Module One: Overview and Statement is adopted as the Digital Recordkeeping Standard. Section One has been added to explain how ICA-Req fits within the New Zealand recordkeeping environment and its relationship with other Archives New Zealand standards.

I am also adopting as supporting modules to the Digital Recordkeeping Standard:

• Guidelines and functional requirements for Electronic Records Management Systems – Module Two and;
• Guidelines and Functional Requirements for Records in Business Systems – Module Three

 

Figure 1: Diagram of Relationship between the Digital Recordkeeping Standard and the supporting modules  

 
Greg Goulding
Acting Chief Archivist & Chief Executive

Date August 2010
 
Back to top

Acknowledgements

The Digital Recordkeeping Standard was developed by Lisa Judge and Siobhan King, Senior Advisors, Anna Gulbransen, Advisor, Government Recordkeeping Programme and Stephen Clarke, Senior Advisor, Digital Continuity Team at Archives New Zealand with advice and guidance from an advisory group comprising of:

• Alice Patterson, New Zealand Trade and Enterprise & The Treasury
• Bruce Balfour, Western Bay of Plenty District Council
• Fiona Staples, Department of Internal Affairs
• James Geddes, Waikato Institute of Technology (WINTEC)
• Jeremy Knowles, Ministry of Defence
• Liz McLean, Capital and Coast District Health Board
• Maria Molina, GNS Science
• Meta Mair, Information Leadership
• Paula Smith, Techtonics

The Chief Archivist acknowledges the advice and guidance of the Advisory Group members, who have been central to the adoption of this standard.

The standard draws on international best practice - in particular, the work of the International Council on Archives (ICA) and the Australian Digital Recordkeeping Initiative (ADRI) project team to develop the three modules. The Chief Archivist gratefully acknowledges their assistance.
 
Back to top

1. Introduction

The Public Records Act 2005 requires public offices and local authorities to create full and accurate records of their activities in accordance with normal, prudent business practice, and ensure that these records are captured into systems which will maintain them in an accessible form for as long as they are required. Properly implemented, electronic recordkeeping systems and business systems can offer the technological support to efficiently manage the creation, capture and maintenance of records in an automated and efficient manner.
 

1.1 Context: ICA-Req and ERKSS

The International Council on Archives (ICA) developed ICA-Req with leadership from Archives New Zealand and the National Archives of Australia.

ICA-Req draws heavily from existing standards for electronic records management systems, including Archives New Zealand’s discretionary Electronic Recordkeeping Systems Standard (ERKSS) which this standard replaces. In particular Module 2, Guidelines and Functional Requirements for Records in Electronic office Environments was strongly informed by the content of the ERKSS standard.

Module one includes guiding principles, implementation issues, risk management and digital sustainability. This approach is consistent with other Archives New Zealand’s standards. It emphasises that good frameworks and processes are as important as delivery of technological solutions.
 

1.2 Purpose

The Digital Recordkeeping Standard establishes principles and good practice requirements for creating and managing records in digital systems, in accordance with the Public Records Act 2005. Archives New Zealand is issuing this standard to ensure electronic systems introduced to assist with the management of records are chosen appropriately and are fit for purpose.
 
The standard supports the ability of organisations to meet Archives New Zealand mandatory standards issued under the Act in terms of the development and implementation of electronic records management systems and business systems.
 

1.3 Scope

This standard is relevant to all public offices and local authorities that use or are intending to use systems that generate electronic records. The Digital Recordkeeping Standard (New Zealand context and ICA-req module one) articulates the high level principles that apply to all systems for example, records in shared drives.
 
The supporting modules Module 2, Guidelines and Functional Requirements for Records in Electronic office Environments and Module 3,Guidelines and Functional Requirements for Records in Business Systems provide specific guidance and requirements on the following:

Module Two:
Electronic Document and Records Management Systems (EDRMS)

Module Three:
Content Management Systems (CMS)
Financial systems
Human resource systems
Customer relationship management
Case management systems
Systems designed for specialised business processes

It is recommended that the standard is used to:

• Review recordkeeping functionality in existing software
• Integrate electronic records management principles into a business system
• Develop design specifications for in house software developments
• Evaluate software considered for purchase
• Assist in the procurement, deployment and configuration of electronic recordkeeping systems
• Design/re-design software products during software enhancement cycles
• Develop business cases for recordkeeping within electronic office environments

1.4 Advice and Guidance

Recordkeeping advice and guidance is available from Archives New Zealand.
 
Back to top

2. Application

 

The Standard is discretionary for all public offices and local authorities as defined in the Public Records Act 2005. Its discretionary status allows for increased flexibility in a time of evolving technology. Adoption as a discretionary standard is in line with Archives New Zealand’s Public Records Act 2005 Standards Programme Strategy 2009 – 2012.
 
 
 
Figure 2: Archives New Zealand’s advice framework (Under development)
 

2.1 Interpretation of Functional Requirements

The key terms must, should and may are used to indicate the relative importance of each requirement. The keywords are to be interpreted as follows:

• must – these requirements have an absolute obligation for compliance. However, compliance is not required under the Public Records Act 2005.
• should – agencies may choose not to implement these requirements if a valid reason exists and still complies. The implications of not implementing a specification must be understood, analysed and documented.
• may – requirements that use may are optional.

The Digital Recordkeeping Standard is discretionary, however agencies that wish to meet the requirements in terms of good practice, need to implement all the must requirements and where applicable, document their business decision for not implementing the should requirements.
 

2.2 Relationship between the Digital Recordkeeping Standard and Supporting Modules and the Mandatory Public Records Act Standards

The functional requirements from ICA- Req have been mapped to the principles in Archives New Zealand’s mandatory standards to demonstrate where the implementation of a requirement supports compliance and audit requirements of mandatory standards. The functional requirements of ICA- Req may support more than one mandatory standard and more than one principle.

As of 2010, the Chief Archivist issued four mandatory standards under the Public Records Act 2005, listed below.
 
S7 Create and Maintain Recordkeeping Standard specifies the minimum requirements for the creation of full and accurate records by public offices and local authorities. The principles of the Create and Maintain Standard are designed to ensure that records are appropriately created; available for access and maintained over time, and provide a basis for assessment of recordkeeping systems, policies and procedures for this purpose.
 
ICA-Req maps to S7 Create and Maintain Recordkeeping Standard as follows:
 

Create and Maintain Standard	ICA-Req
Principle 1: Recordkeeping must be planned and implemented	Module 1 – 4 Implementation Issues
Principle 2: Full and accurate records of business activity must be made	Module 2 - 3.1 - Capture Module 2 - 3.3 – Classification Module 3 – 3.1 Creating records in context
Principle 3: Records must provide authoritative and reliable evidence of business activity	Module 2 -3.4 – Managing authentic and reliable records Module 3 – 3.3 Supporting import, export and interoperability Module 3 – 3.4 Managing and maintaining records
Principle 4: Records must be managed systematically	Module 2 - 3.3 - Classification Module 2 - 3.6 – Retention and disposal

 
 
S9 Disposal Standard, specifies the principles and minimum requirements for the disposal of public records and local authority records under the Public Records Act 2005. Electronic recordkeeping systems can aid the management of disposal of electronic records.
 
ICA-Req maps to S9 Disposal Standard as follows:
 

Disposal Standard	ICA-Req
Principle 1: Disposal of records must be authorised	Module 2 - 3.4 Managing authentic and reliable records Module 2 – 3.6 Retention and Disposal Module 3 - 3.4 Retaining and disposing of records as required
Principle 2: Disposal of records must be planned and regularly implemented	Module 1 – 4 Implementation Issues Module 2 - 3.6 Retention and disposal Module 3 - 3.4 Retaining and disposing of records as required
Principle 3: Organisations must be able to account for their disposal activities	Module 2 - 3.4 Records management process metadata must be kept Module 2 – 3.8 Administration Module 3 - 3.4 Retaining and disposing of records as required
Principle 4: Disposal of records must be undertaken using appropriate security methods	Module 2 - 3.4 Managing authentic and reliable records Module 3 - 3.2 Managing and maintaining records

 
S8 Electronic Recordkeeping Metadata Standard establishes the principles and minimum requirements for creating and managing recordkeeping metadata in electronic environments. Electronic recordkeeping systems and business systems enable metadata to be systematically managed, and maintained over time.

ICA-Req maps to S8 Electronic Recordkeeping Metadata Standard as follows:
 

Metadata Standard	ICA-Req
Principle 1: The management of recordkeeping metadata must be defined, documented, assigned and integrated into policies and procedures for records and information management	Module 1 – 4 Implementation Issues Module 2 - 3.8 – Administration Module 3 – 3.2 Managing and maintaining records
Principle 2: Recordkeeping metadata must be created and managed	Module 2 - 3.1 – Capture Module 3 – 3.1 Creating records in context
Principle 3: Recordkeeping metadata must be maintained to reflect business and recordkeeping actions, to sustain the record object throughout its existence, and to enable the transfer of records between systems and organisations	Module 2 - 3.4 – Managing authentic and reliable records Module 3 – 3.3 Supporting import, export and interoperability Module 3 – Managing and maintaining records
Principle 4: Recordkeeping must be subject to the same controls on disposal as apply to all records	Module 2 - 3.6 – Retention and disposal Module 2 – 3.8 Metadata administration Module 3 – 3.4 Retaining and disposing of records as required

 
S2 Storage Standard establishes the principles and minimum requirements for the storage of physical records. Although the storage standard applies to the physical storage of records, many electronic recordkeeping systems offer the functionality to manage physical records, and therefore these system requirements support your ability to meet mandatory requirements.

ICA-Req maps to S2 Storage Standard as follows:
 

Storage Standard	ICA-Req
Principle 1: Records are controlled so that they are able to be identified and retrieved easily without damage or loss	Module 2 - 3.2 – Identification Module 2 – 3.5 - Hybrid records management Module 3 – 3.1 Creating records in context
Principle 4: Records are secure against theft, vandalism, misuse, or inadvertent release	Module 2 - 3.4 Managing authentic and reliable records Module 3 3.2 Managing and maintaining records

 
Other publications issued by Archives New Zealand with particular relevance to this standard are:

• S6 Digitisation Standard, which is used in the design and conduct of responsible digitisation by all organisations covered by the Public Records Act 2005
• TS Technical Specifications issued as a discretionary part of the suite of products released in association with the Electronic Recordkeeping Metadata Standard

 
Back to top

3. Benefits of Using this Standard

The Digital Recordkeeping Standard encourages an international approach to the management of electronic records in office environments. The benefits of using this standard for the New Zealand public sector environment are:

• Government agencies are provided with specific recordkeeping functionality when developing Electronic Records Management Systems and business systems
• Improved ability to facilitate information sharing via collaboration spaces and shared services
• Software developers and vendors have a ‘one-stop-shop’ for recordkeeping functionality requirements when developing electronic records management systems and business systems
• New Zealand Government Electronic Records Management Systems and business systems are developed in line with international practice, and there is a general convergence in development of systems internationally
• Archives New Zealand’s mandatory standards are supported by the guidelines and functional requirements of this discretionary standard
   

3.1 Business Risks and Benefits of Good Recordkeeping

Good recordkeeping can prevent the risks of poor or unfocused information management and produce benefits for the business.
 

High level business risks	Benefits of Good Recordkeeping
The inability of organisations to prove integrity, authenticity and reliability of their electronic records   Insufficient contextual detail to ensure that records are identifiable, and able to be managed and interpreted	Efficient management of electronic recordkeeping and business systems
The conduct of business activities is inconsistent and inefficient   Poor strategic planning and poor decisions made on inaccurate, incomplete or outdated information	Better management of electronic records will lead to improved retrieval and discovery
The deliberate and untraceable alteration of records   Increased risk of embarrassment to the chief executive, minister, the government, and private individuals	Improved security for records through systematic application of security models
Unlawful disposal of records   Failure to meet regulatory and compliance requirements	Reduced risk of data loss or accidental destruction of records through the accurate identification and management of electronic records
Organisational embarrassment, loss of credibility, lowered public confidence and damage to reputation	Increased public confidence in the integrity of an organisation’s records
Inability to automate business and recordkeeping processes   Business inefficiencies in key areas and disconnection of workflow management	Increased opportunities to automate business and recordkeeping processes, such as triggering disposal actions and integrating with workflow processes
Important information is not accessible for the conduct of business, dispute resolution, legal challenge or evidential purposes	Enhanced capability for cross-organisational and cross-business process interoperability
Responsibility for the loss of information that has enduring value to society and New Zealand’s cultural and national identity	The protection of organisational records of enduring value, through their transfer to archival repositories
Insufficient evidence to resolve disputes in a timely and authoritative manner   Inability to successfully defend legal challenges	Enhanced credibility and avoidance of financial or legislative penalties by timely production of accurate records of business activity
Dependencies on proprietary systems   Inability to retrieve and interpret records in obsolete formats or systems	An increased ability to plan for migration of records by identifying, in standardised and explicit ways, the software and hardware dependencies of records

 
Back to top

4 Key Terms

The standard contains a glossary to explain the relevant terms used. For terms to be used in the New Zealand context see the Archives New Zealand Digital Continuity Glossary
 
Back to top

Section Two – Principles and Functional Requirements for Records in Electronic Office Environments (ICA-Req) Module One: Overview and Statement

 

International Council on Archives

 

Principles and functional requirements for records in digital office environments

Module 1

 

Overview and statement of principle

 

1. Introduction

A variety of functional specifications for records management software has been developed in the international community. In 2006, the International Council on Archives agreed to develop a harmonised, generic suite of recordkeeping functional requirements for software products based on existing jurisdiction-specific specifications, and to do so in a manner consistent with the International Standard on Records Management, ISO 15489. It is hoped that this suite of guidelines and functional requirements will assist jurisdictions that are developing, or looking to adopt, their own functional specifications, as well as inform the update and revision of previously existing standards. The application of this set of functional requirements is not only meant to inform the development of digital records management software, but also to aid in the incorporation of recordkeeping functionality into generic business information systems software products, as well as specific line-of-business systems. These specifications can also be used by the private sector (for example, multinational corporations) as a stand-alone tool.

Principles and Functional Requirements for Records in Digital Office Environments was sponsored by the International Council on Archives as a project in its Digital Records and Automation Priority Area, lead by George Mackenzie, Director of the National Archives of Scotland. Adrian Cunningham (National Archives of Australia) was Project Coordinator. Archives New Zealand (Stephen Clarke) acted as the Secretariat for the project. Other participating countries included Cayman Islands (Sonya Sherman), United Kingdom – England and Wales (Richard Blake), Germany (Andrea Hänger and Frank Bischoff), Malaysia (Mahfuzah Yusuf and Azimah Mohd Ali), Netherlands (Hans Hofman), Scotland (Rob Mildren and Steve Bordwell), South Africa (Louisa Venter), Sweden (Göran Kristiansson), France (Olivier de Solan) and the United States (Mark Giguere). The project was also supported by the Australasian Digital Recordkeeping Initiative, a collaborative venture sponsored by the Council of Australasian Archives and Records Authorities. ADRI member Queensland State Archives (Rowena Loo and Anna Morris) contributed to the drafting of Module 3.
 

1.1 Scope and purpose

The aim of the Principles and Functional Requirements for Records in Digital Office Environments project is to produce globally harmonised principles and functional requirements for software used to create and manage digital records in office environments. There currently exist a number of jurisdiction-specific functional requirements and software specifications. The project’s objective is to synthesise this existing work into requirements and guidelines to meet the needs of the international archival community and to enable that community to liaise, in a consolidated manner, with the global software industry.

The objectives of the project are to:

• enable better recordkeeping in organisations at all levels of government regardless of juridical domain;
• support the business needs of an organisation by enabling greater effectiveness and efficiency of the operations;
• provide, through wider deployment of automated recordkeeping functionality, enhanced abilities to support auditing activities;
• improve capabilities to comply with statutory mandates specified in various information-related legislation (for example, data protection and privacy);
• ensure good governance (for example, accountability, transparency and enhanced service delivery) through good recordkeeping;
• increase general awareness of automated recordkeeping capabilities via the dissemination of key principles; and
• maximise cross-jurisdictional consistency regarding the articulation of recordkeeping functional requirements and to enable the global archival community to speak with one voice to the software vendor community.
• The primary focus of this suite of guidelines and requirements is the creation and management of digital records. While the modules support the long-term preservation of digital records, processes to achieve this are beyond the scope of the project. It is anticipated that the application of the requirements will be global in nature. Therefore, it is impossible, given the wide juridical range of potential applications, to include detailed implementation guidelines. In addition, as the ultimate testing environment for the basis of these modules is yet to be determined, inclusion of specific software test cases or scripts was deemed beyond the scope of the modules.

1.2 Audience

There are four key audiences for these modules:

• software developers and vendors – including non-records management software, so this document can serve as a universal benchmark for recordkeeping compliance;
• jurisdictional standard-setters – so these modules can serve as either the baseline for nascent standards development efforts, or as a basis for evaluating the already existing digital records management standards;
• government agencies – so that all business functions can be evaluated against, and facilitated via, the incorporation of automated records management capabilities; and
• private-sector organisations – so that they can incorporate automated digital records management into their business operations.

 

1.3 Related standards

The requirements are aligned with the records management principles in the International Standard on Information and Documentation – Records Management – Part 1 – General, ISO 15489, which sets out the records management requirements that also apply when records are captured and managed within digital records management systems.

The reference metadata standard for these requirements is ISO 23081 – 1: 2006, Information and Documentation – Records Management Processes – Metadata for Records, Part 1 – Principles. The high-level metadata element set found in ISO/TS 23081 – 2: 2007, Information and Documentation – Records Management Processes – Metadata for Records, Part 2 – Conceptual and Implementation Issues provides the basis for the requirements.

The requirements are core, high-level and generic requirements for records. Readers seeking guidance in other areas of software functionality not addressed in this document should refer to other more detailed specifications such as US DoD 5015.2 and MoReq2. Readers should also take account of other relevant jurisdiction-specific standards, statements of requirements and specifications.

1.4 Structure and use

The suite of guidelines and functional requirements is organised into three modules:

• Module 1: Overview and Statement of Principles: background information, organisation, fundamental principles and additional context;
• Module 2: Guidelines and Functional Requirements for Records in Digital Offices: a global high-level statement of core and optional requirements, including application guidelines and a compliance checklist; and
• Module 3: Guidelines and Functional Requirements for Records in Business Systems: guidelines and generic core and optional functional requirements for records in business systems.

Module 2 is intended for use by organisations seeking to implement dedicated digital records management systems. It is meant to be read in conjunction with Module 1.

Module 3 is intended for use by organisations wishing to incorporate records functionality into business systems. It is meant to be read in conjunction with Module 1.

Several non-mutually exclusive use scenarios are presented below to exemplify how these modules might be used:

• Reviewing recordkeeping functionality in existing software – an organisation could use these modules as a checklist to establish which required and desirable recordkeeping functions are present in deployed, non-recordkeeping software.
• Integrating digital records management software into a business system – an organisation could use Module 3 to selectively incorporate specific records management functionality into existing business systems.
• Using a design specification for in-house software development – an organisation’s IT staff could use Module 3 during their software design and testing documentation of software development efforts.
• Evaluating software considered for purchase – an organisation could use Module 2 as a basis for evaluating and comparing capabilities of commercial, off-the-shelf digital records management software.
• Procuring, deploying and configuring digital records management software – an organisation could use Module 2 to form the basis of a functional requirements statement in formulating a request for proposal for digital records management software procurement and implementation. The requirements presented in these modules may be tailored to suit the individual requirements of organisations, depending on their business needs.
• Designing/re-designing software products during software enhancement cycles – software developers could use Modules 2 and/or 3 as a checklist of potential functionalities that may warrant consideration and/or inclusion in upcoming planned releases of established software products (not necessarily limited to digital records management software products).
• Developing jurisdiction-specific specifications and standards – an organisation could use these modules as either the basis of its own juridical digital records management specification or as a comparative resource when considering the revision of existing local digital records management standards. Jurisdiction-specific requirements may be added to the generic requirements presented in these modules.

 
Back to top

2 Good Practice: Digital Records and the Role of Software

As organisations introduce new technologies and new methods for undertaking work, older methods and procedures for controlling records may become less effective. In many organisations, valuable records are kept in centralised databases or shared directories. Alternatively, and not mutually exclusively, they may be widely distributed and stored on the decentralised hard drives of individuals’ personal computers. Further complicating the situation, in either of these scenarios not all of the stored information may constitute records.

In either case, measures needed for integrity and authenticity may be overlooked and the digital records may not be available, understandable and usable to the organisation or the relevant archival institution.

Organisations that already rely on digital records to conduct and document business, or that are interested in eliminating paper records from their systems, are seeking solutions to issues of authenticity, management and retention of digital records. The decisions that organisations make today about the capability of their information systems, the organisation and structure of their information resources, and the policies and practices for recordkeeping in the digital environment will have a significant impact on the types of strategies and methods that archival institutions can employ to ensure long-term preservation of records with archival value.

Because the issues of archival management, especially in the digital environment, are closely linked to the design of systems and the establishment of new information policies, archivists have been driven to examine a broader set of records management issues in order to carry out the archival function in the digital environment. Software provides business process owners, records managers and archivists with substantial means of complying with the practice of good digital recordkeeping.
 
Back to top

3 Guiding Principles

Successful organisations need information systems for making, keeping and using authentic evidence (that is, records) of business activity to meet their business needs and legal obligations. In the digital environment, the development and implementation of such systems should be both driven by the organisation’s business needs and informed by the following principles:

3.1 Records-related principles

1. Digital business information has to be actively managed and reliably maintained as authentic evidence of business activity.
   As business processes become more completely automated, the digital information generated by such activities may serve as the only evidence of specific transactions or decisions. Maintenance of this evidence in the form of fixed records is necessary for operational viability and accountability of the organisation. This involves identifying a set of digital information that will serve as the evidential record.
2. Business information has to be linked to its business context through the use of metadata.
   In order for information to have the capability of functioning as a record, it is necessary to augment that information with additional data (that is, metadata) that places it in the context of the business operations and computing environment in which it was created. In the case of line-of-business systems accomplishing uniform transactions, this context is derived from the system and its documentation. In other systems, however, such contextual information must be appended to the record as it is necessary to provide the record with sufficient longevity for interpretation and to maximise its value and utility as evidence of business activity.
3. Business information has to be kept and must remain accessible to authorised users for as long as required.
   Design and deployment of business information software must ensure that records can be searched for, retrieved and rendered in accessible formats and media for as long as is required for business and legal purposes. In this context, organisations should avoid the misuse of digital rights management technology and encryption.
4. Business information has to be able to be disposed of in a managed, systematic and auditable way.
   A hallmark of appropriate recordkeeping is the retention and appropriate disposition of records generated by business processes according to specified rules. Systems need to be able to dispose of records in a systematic, auditable and accountable way in line with operational and legal requirements.
    

   3.2 Systems-related principles

5. Systems should support good business information management as an organic part of the business process.
   Although it is not necessarily appreciated as such, good recordkeeping practices are an integral part of any business process. When automating any business process, one should always evaluate the advisability of simultaneous integration of recordkeeping software.
6. Systems for capturing and managing business information have to rely on standardised metadata as an active, dynamic and integral part of the recordkeeping process.
   Automated recordkeeping solutions offer powerful capabilities to access and attach standardised contextual information, via standardised vocabularies and taxonomies, to record content at different times during the life of the record.
7. Systems have to ensure interoperability across platforms and domains and over time.
   Digital evidence, in the form of records, often has operational or juridical requirements for persistence over periods of time that may exceed the lifespan of the hardware or software that created it. As such, record information must be able to be presented in a manner that is understood and able to be modified, if necessary, for migration to other technology platforms.
8. Systems should rely as far as possible on open standards and technological neutrality.
   Many software products that create or manage records are developed using proprietary implementations. Hardware or software dependencies can have adverse effects on access and preservation of record material in the long term. Use of open standards ameliorates these technological dependencies.
9. Systems should have the capacity for bulk import and export using open formats.
   Digital records resulting from a business process and managed by recordkeeping software may contain hardware or software dependencies. Recordkeeping software should ideally incorporate capabilities to remove these dependencies via support for bulk re-formatting as part of ingest or export capability or, at a minimum, via non-proprietary encoding of record metadata.
10. Systems must maintain business information in a secure environment.
    For security purposes, systems automating a business process often incorporate safeguards that limit which actions particular individuals can take with digital information (for example, viewing, printing, editing, copying or transmitting). Systems must not allow unauthorised modifications to any records (including metadata), and where authorised modifications are performed, they must be fully documented.
11. As much metadata as possible should be system generated.
    Users are typically unwilling to interrupt their workflow more than three times in the accomplishment of tasks ancillary to executing the primary activity. It may be impractical and/or unnecessary to expect end-users to supply much of the metadata. Systems should be designed and implemented in a manner that allows automatic population of record metadata fields.
12. It should be as easy as possible for users to create/capture records of business activity.
    It is necessary to design systems/software that automate recordkeeping in a way, ideally, that makes such recordkeeping largely ‘invisible’ to the end-users.

 
 
Back to top

4 Implementation Issues

4.1 Components of successful digital business information management

Good software is only one component of successful digital business information management in organisations. Other components include:

• Policy frameworks – concomitant with the deployment of software with recordkeeping functionality, it is necessary to conduct an analysis of existing information management and security policies and laws to address areas where policy revision may need to occur due to gaps in software capabilities. This includes policies relating to recordkeeping responsibilities for different categories of employees, records retention and disposal. Associated with the policy frameworks that guide and support good business information management software may be tools such as classification schemes and metadata models.
• Business process analysis – it is a preferred practice that process analysis should ideally precede any IT deployment. This includes identifying, articulating and potentially reallocating roles and responsibilities.
• Project management – any IT deployment requires careful planning and monitoring across a series of discrete stages. Project management techniques are powerful tools that provide both temporal and fiscal accountability for such efforts.
• Change management – deployment of automation within an organisation changes not only the manner in which business processes are accomplished, but the roles and responsibilities of end-users of the system. Care must be taken to adequately prepare the human component of any IT deployment for these changes. Failures in the implementation of records software often result primarily from shortcomings in change management rather than from any shortcomings in the technology.
• Risk management – as with any IT system deployment, the decision to automate recordkeeping should be informed by an analysis of risks associated with an analysis of alternatives that are formulated as part of the business case. Ongoing post-implementation risk assessment should be incorporated into the organisation’s overall risk management framework.
• Sustainability – development and maintenance of automated systems generally straddle organisations’ budgeting cycles. When automating recordkeeping, care must be taken, as part of the development of a business case for the automation effort, to provide for the ongoing viability, operations and maintenance of the system.
• Capability development – software automation requires organisations to develop or enhance the technical capabilities of affected line staff, as well as others in the organisation, who in some cases may have no familiarity with the technology. Care must be taken to develop these capabilities, as well as the technical capabilities of the organisation necessary to support and maintain automation efforts.
• Quality management – deployment of automated solutions requires the development within an organisation of the capability to evaluate and accept software performance according to a variety of criteria. Additionally, criteria related to the impact of software deployment to a business process must be developed and evaluated.
• Configuration management – it is necessary to ensure that the software not only has the necessary recordkeeping capabilities, but that the capabilities are configured correctly and in such a way that enables it to operate appropriately in an organisation’s IT infrastructure.
• Corporate culture – it is vital that the culture of the organisation reinforces the value and importance of good recordkeeping and that it is something that is a standard expectation of all employees. Such expectations need to be regularly articulated by the chief executive through line management channels.
     

4.2 Risks and mitigations   

 

Risks typically associated with records software deployments fall into many categories. Some of these include:

• software selection risks – making an appropriate determination, from a range of commercial off-the-shelf products, of which product is best suited for deployment in an organisation;
• software development risks – experiencing difficulties related to dependence on software vendors or developers, including delays in releases of the software or inability of the vendor to be able to diagnose and fix software problems;
• technical compatibility risks – inadequately accounting for difficulties in integrating the digital records management software into the IT infrastructure of the organisation;
• communication risks – inability to effectively communicate progress and/or issues regarding the deployment to end-users or management;
• documentation risks – inability to implement adequate programmatic recordkeeping surrounding software deployment efforts;
• project management risks – inability to appropriately track schedules or concomitant resource expenditures can threaten the overall stability of a project;
• training risks – ineffective training on new software solutions that can engender difficulties in end-user acceptance of new technologies;
• risks associated with initial declines in productivity – until end-users become familiar with new automated business processes, overall productivity may initially suffer due to the introduction of software innovations;
• staff turnover risks – changes in either senior management championing, or in the responsibilities of key personnel implementing, a software deployment can have an adverse effect on the overall project;
• scalability risks – the extent to which software may need to ‘scale up’ to organisation-wide deployment needs to be considered and planned for at an early stage in the project; and
• organisational change – business environments often change significantly during the development or life of a records or business system. These changes may include the size, structure, work processes, functions and mandates of the organisation itself.
   

Any organisation deploying software should acknowledge that some prudent risk-taking is necessary when it comes to adopting new technology and changing business processes. One means of mitigating the risks associated with such deployments is to mount a pilot deployment in a section of the organisation before expanding use of the software enterprise-wide.

To minimise the risks associated with a pilot launch, the project team should:

• establish clear performance objectives and evaluation criteria;
• involve and continually encourage pilot project participants to use the system;
• perform prototype work sessions with the software before customising it;
• finalise system design;
• develop quality acceptance methodology;
• expand the pilot through incremental roll-out to other areas of the organisation and inclusion of other record formats; and
• assure that the pilot’s requirements are measurable and clearly understood by participants.
   

Enumerating problems that the project team is likely to encounter, and identifying possible ways in which to avoid or promptly address those situations, will minimise disruptions during the pilot. To better prepare for these eventualities:

• a review of similar projects will help to identify potential problems that may be encountered during an digital records management pilot; and
• conducting pre-planning brainstorming exercises with the project team can help anticipate the challenges ahead.
   

For each potential problem, develop a contingency plan. This best-management practice will increase the governance body’s confidence in the team’s ability to successfully implement digital records management organisation-wide. The following illustrate successful strategies for dealing with frequently encountered problems:

• Organisations often encounter resistance to changing work processes as digital records management is introduced. Many organisations find that introducing newly hired employees, at the beginning of their employment, to the importance of good records management is the best strategy for conquering resistance to change regarding digital records management.
• Ensure a version of the software will be up and running for use by the project pilot team before roll-out to the first group of pilot participants. Selecting individuals to train and work with the software during this pre-pilot phase will develop a cadre of relatively sophisticated users who can liaise with the pilot project participants. When the quality of this pre-pilot phase is deemed acceptable, you can formally launch your digital records management pilot.
• Managing users’ expectations throughout the pilot will minimise the risk of pilot failure. This can be achieved, in part, through user training and constant communication with pilot project participants. Establishing communication vehicles for the rest of your organisation (for example, an organisation-wide view of your pilot project website or online newsletter), keeping staff apprised of the progress being made vis-a-vis digital records management, reminds people that the project is ongoing. This will make deployment in their area easier if the solution is adopted organisation-wide.

Note: Adapted from S Asbury How to Implement a Successful AM/FM Pilot Project and State of Michigan, Records Management Application Pilot Project: Final Report for National Historical Publications and Records Commission Grant #2000-05, http://www.archives.gov/records-mgmt/policy/pilot-guidance.html#3.1.6

4.3 Financial and organisational sustainability of digital systems

Each juridical environment likely has established processes designed to ensure the financial and organisational stability of any capital investment. Although potentially conceptually over-simplified, the totality of analyses comprising a business case can be thought of as the collective means by which an organisation ensures this stability in the case of an IT investment, such as recordkeeping software.

In its simplest form, a business case articulates a variety of analyses that substantiate an acquisition proposal for the expenditure of an organisation’s capital in accordance with its capital asset strategy and inventory control of such investments. In the case of recordkeeping software acquisition, such a business case might consist of:

• acquisition strategy – summary of the funding requirement for project stages (including into future fiscal years);
• program management – detailing program management team membership and responsibilities;
• enterprise architecture – delineation of how a particular software acquisition relates to other existing and planned IT components within an organisation;
• analysis of alternatives – describing alternatives that were considered, and lifecycle costs and returns on investments associated with each;
• risk management – description of the major risks for the selected alternative, indicating the probability of occurrence, impact and mitigation strategies;
• performance goals – articulating which of the organisation’s strategic goals are supported by the proposed deployment, inclusive of existing baseline measures and resulting performance improvements according to specific proposed performance metrics;
• project management – presentation of detailed work breakdown structures delineating accomplishments and the cost of attaining major project milestones; and
• change management – for line-of-business and records staff.

 
Back to top

5 Other Functional Requirements Referenced and Evaluated

The aim of this project is to harmonise multiple existing jurisdiction-specific digital recordkeeping software specifications in a manner that complies with the general requirements set forth in the International Standard on Records Management, ISO 15489, Parts 1 and 2 (2001), and the International Standard on Records Management Processes – Metadata for Records, Part 1 – Principles and Part 2 – Conceptual and Implementation Issues, ISO 23081 (2006 and 2007). The jurisdiction-specific functional requirements considered in preparing these modules are as follows:

Archives New Zealand
Electronic Recordkeeping Systems Standard, June 2005

Cornwell Management Consultants plc
(for the European Commission Interchange of Documentation between Administrations Programme)
Model Requirements for the Management of Digital Records, March 2001
http://www.cornwell.co.uk/edrm/moreq.asp#moreqdownload

Department of Defense, United States
Design Criteria Standard for Digital Records Management Software Applications, DoD 5015.2-STD, June 2002

DLM Forum Working Group for the Development of MoReq
Scoping Report for the Development of the Model Requirements for the Management of Digital Records, February 2006

European Commission
Model Requirements for the Management of Digital Records Update and Extension, 2008, (MoReq2 Specification)
http://www.moreq2.eu/

International Council on Archives
Authenticity of Digital Records, ICA Study 13-1, November 2002

International Council on Archives
Authenticity of Digital Records, ICA Study 13-2, January 2004

National Archives and Records Administration, United States
Functional Requirements and Attributes for Records Management Services, December 2005

National Archives of Australia
Functional Specifications for Digital Records Management Systems Software, February 2006

National Archives of Australia
Functional Specifications for Business Information Systems Software, October 2006
http://www.naa.gov.au/records-management/publications/BIS.aspx

Public Record Office Victoria
Standard for the Management of Digital Records PROS 99/007 (Version 1), April 2000

Public Record Office Victoria
Standard for the Management of Digital Records PROS 99/007 (Version 2), July 2003

State Records of South Australia
Document and Records Systems Standard 2001, Version 1, January 2001

State Records of South Australia
South Australian Government EDRMS Functional Compliance Requirements 2002, Version 1.0, August 2002

State Records of South Australia
Across Government EDRMS Panel of Products Procurement and Pre-Implementation – Guideline, Version 1, October 2004

The National Archives, United Kingdom
Requirements for Digital Records Management Systems, 1: Functional Requirements, 2002 Revision – Final Version, 2002

The National Archives, United Kingdom
Requirements for Digital Records Management Systems, 2: Metadata Standard, 2002 Revision – Final Version, 2002

The National Archives, United Kingdom
Requirements for Digital Records Management Systems, 3: Reference Document, 2002 Revision – Final Version, 2002

The National Archives, United Kingdom
Requirements for Digital Records Management Systems, 4: Implementation Guidance, 2004

The National Archives, United Kingdom
Rationale for the Functional Requirements for Digital Records Management Systems, 2002

The National Archives, United Kingdom
Requirements to Sustain Digital Information Over Time, March 2006
 
The National Archives, United Kingdom
Functional Requirements for the Sustainability of Digital Records Management Systems, March 2006
 
Back to top

6 Glossary

This Glossary is a subset of the more complete glossary of terms found in Modules 2 and 3.
 

Term	Definition
Archives	Materials created or received by a person, family or organisation, public or private, in the conduct of their affairs and preserved because of the enduring value contained in them or as evidence of the functions and responsibilities of their creator, especially those materials maintained using the principles of provenance, original order and collective control; permanent records. Note: This definition differs to the IT sphere where it refers to ‘a copy of one or more files or a copy of a database that is saved for future reference or for recovery purposes in case the original data is damaged or lost.’ Source: IBM Dictionary of Computing, McGraw Hill, New York, 1994, p. 30.
Archival authority	The archival agency, archival institution, archival program agency or program responsible for selecting, acquiring and preserving archives, making them available and approving destruction of other records
Business case	A structured proposal for business improvement that functions as a decision package for organisational decision-makers. Includes an analysis of business process performance and associated needs or problems, proposed alternative solutions, assumptions, constraints and a risk-adjusted cost-benefit analysis.
Business system	For the purposes of this document, an automated system that creates or manages data about an organisation’s activities. Includes applications whose primary purpose is to facilitate transactions between an organisational unit and its customers – for example, an e-commerce system, client relationship management system, purpose-built or customised database, and finance or human resources systems.
COTS	Commercial off-the-shelf software
Disposition	A range of processes associated with implementing retention, destruction or transfer decisions which are documented in disposition or other instruments. Source: ISO 15489, Part 1, Clause 3.9
Digital record	A record on digital storage media, produced, communicated, maintained and/or accessed by means of digital equipment.
End-user	In IT, the term end-user is used to distinguish the person for whom a hardware or software product is designed from the developers, installers and servicers of the product.
Digital records management software	Specialised software used to automate the management of records.
Human factors	The study of how humans behave physically and psychologically in relation to particular environments, products or services. In a typical human factors or usability study, a group of hired or volunteer test subjects that represent future end-users is given tasks to do with a working prototype or early version of a product.
Information	Knowledge communicated or received. The result of processing, gathering, manipulating and organising data in a way that adds to the knowledge of the receiver.
Information technology	A term that encompasses all forms of technology used to create, store, exchange and use information in its various forms (business data, voice conversations, still images, motion pictures, multimedia presentations and other forms, including those not yet conceived).
Metadata	Structured or semi-structured information, which enables the creation, management and use of records through time and within and across domains. Source: ISO 23081 – 1: 2006, Clause 4. Structured information that describes and/or allows users to find, manage, control, understand or preserve other information over time. Source: Adapted from A Cunningham, ‘Six degrees of separation: Australian metadata initiatives and their relationships with international standards’, Archival Science, vol. 1, no. 3, 2001, p. 274.
Migration	The act of moving records from one system to another, while maintaining the records’ authenticity, integrity, reliability and useability. Migration involves a set of organised tasks designed to periodically transfer digital material from one hardware or software configuration to another, or from one generation of technology to another. Source: Adapted from ISO 15489, Part 1, Clause 3.13 and Part 2, Clause 4.3.9.2.
Pilot project	An experimental initiative lasting for a limited time, the results of which are systematically evaluated.
Proprietary software	Software that is owned exclusively by a single company that carefully guards knowledge about the technology or the product’s inner workings.
Record (noun)	Information in any format created, received and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business. Source: ISO 15489, Part 1, Clause 3.15.
Recordkeeping	he systematic creation, use, maintenance and disposition of records to meet administrative, legal, financial and societal needs and responsibilities.
Reformat	To create a copy with a format or structure different from the original, especially for preservation or access.
Return on investment	For a given use of money in an enterprise, the return on investment is how much profit or cost saving is realised. A return on investment calculation is sometimes used along with other approaches to develop a business case for a given proposal.

 
 
Issued August 2010
 
 
Back to top