Electronic Records – The Sequel
Arian D. Ravanbakhsh, NARANACRC Conference
July 14, 2007Richmond, VA
Outline
1. Re(over)view2. Getting RM and IT to work
together3. Best Practices4. Contact Information
Today’s Environment
Our documents have become increasingly digital—and will become still more so
This increase in digital documents has created a new environment with new challenges for records management, including: Media life limitations Software dependency Migration Sharing/distribution Security
File Format Considerations
Long-term access requirements should be a critical criterion for file format selection
Technology-neutral file formats are a must for long-term retention
Avoid proprietary, single-vendor products
Sustainability Factors
Formats should be sustainable over the long term. That is, be: Non-proprietary and openly documented In widespread use Self-Documenting (e.g. XML) Can be opened, read, and accessed using
readily-available software tools
Barriers to Success
The realities of the current relationships between the IT and RM worlds…
Barriers
IT builds the system—but does not manage the content
RM manages content—but the system may be lacking some necessary tools
Common Barriers
1. Records are not managed as business assets.
2. RM is not viewed as critical in business process.
3. There is a lack of training, tools, and guidance for staff.
4. RM and IT disciplines are poorly integrated in agencies/companies
Solutions
Integrate RM and IT Ensure that electronic records can be
located, shared, and accessed agency-wide Records and information, as well as tools,
must be managed by RM and IT working together
RM Staff Must… Understand how technologies affect electronic
records Know that they are key players Realize that records management requires
technological skills and understanding far beyond document tracking
RM Staff Skills Process mapping Analytical thinking Speaking IT’s language Managing projects Familiarity with the Systems Development Life
Cycle
Points where RM and IT intersect
IT systems development Capital planning, IT architecture, and
strategic planning Implementation of electronic signature
technologies Transfer of permanent electronic records
to archival custody E-mail Electronic recordkeeping
Systems Development Life Cycle
ConceptDevelopment
RequirementsDefinition
PreliminaryDesign Detail
DesignDevelopment
Integration &System Test
Development &Acceptance
Production
Product Plan
PhaseDeliverables
Testbeds and prototypesTo next phase
Pilots
To nextphase
Production and evolutionary releasesAnotherPhase?
Retirement &Roll Over
No
New PhasePlanning
Yes
Based on needs identified in BPD and approved in CPCPIncludes creation points for records
SDLC Phases
Product Plan and Initiation Phase Concept Phase Requirements Definition Preliminary and Detailed Design, Development Integration and System Test, Development,
and Acceptance Production and Upgrades, or Retirement and
Rollover
Bottom Line
Records Management must start at the earliest possible stage in the SDLC.
Evaluating a CPIC Proposal
Declare documentary materials as records Capture records in a secure repository Organize records for efficient retrieval Limit access to records to authorized users Preserve records for their entire lifecycle Allow for disposition of records based on
approved agency schedules
DoD 5015.2
Design criteria standard for electronic records management software applications (RMA)
Includes mandatory and nonmandatory requirements
Provides minimum RM requirements Fluid document
Always being updated
DOD Standard 5015.2
DoD Standard 5015.2 does the following: Sets forth the mandatory baseline requirements
for RMA software used by DoD components Also covers more detailed requirements, such as:
Accommodating dates and date logic Implementing standard data
(metadata/taxonomy) Backward compatibility Accessibility
Beyond DoD 5015.2
1. Determine ERM scope.2. Review infrastructure/IT architecture.3. Review agency records and information
resources, management guidance, and directives.
4. Review additional standards.5. Review requirements.6. Classify requirements.7. Involve stakeholders in review.
Beyond DoD 5015.2 (cont’d.)
1. Determine ERM scope. Ask what the system will and will not manage:
E-mail Paper Office automation software Web content Electronic forms
Identify and consult with stakeholders Review existing systems to determine:
What system creates or contains records? What types of records? What legacy systems will be integrated or migrated?
Beyond DoD 5015.2 (cont’d.)
2. Review infrastructure/IT architecture.Find out about:
Network servers and system software Security Desktop applications Standard desktop configuration
At what level will the system be administered?
Beyond DoD 5015.2 (cont’d.)
3. Review agency records and information resources, management guidance, and directives.
RM policies IRM policies Security policies Disposition and
retention schedules
Beyond DoD 5015.2 (cont’d.)
4. Review additional standards. Reach beyond your agency
for best practices Model Requirements for the
Management of Electronic Records (MoReq)
AIIM Standards Committee on Integrating Records Management and Document Management Requirements
Reports by Doculabs on ERM, EDM, and ECM systems
ISO 15489-1: Information and Documentation—Records Management
Beyond DoD 5015.2 (cont’d.)
5. Review requirements Does it:
Describe a system functionality? Express a single idea? Map clearly to specific organizational goals? Map directly to business processes or policies? Describe user’s needs?
Is it: Testable? Too vague? Too implementation-dependent?
Beyond DoD 5015.2 (cont’d.)
6. Classify requirements. Assess the functionality of each additional requirement
as to whether:
The system cannot function without it It provides significant savings in time or resources It smoothes the path for the end user It provides the Records Manager with useful tools It reduces risks to future access to the information
Beyond DoD 5015.2 (cont’d.)
7. Involve stakeholders in review.
Beyond DoD 5015.2 (cont’d.)
This step-by-step approach will allow agencies to develop requirements that:
Support business process Make best use of resources Harmonize with current system Produce system with tangible benefits
Selected Best Practices
Australian Work Process Standard Center for Technology & Government Minnesota State Archives USPTO FBI CIA
Australian AS 5090-2003
Work Process Analysis for Recordkeeping AS 5090-2003 Moves the focus of RM to the work process
and argues that recordkeeping should be a natural, integral part of the work process, rather than a separate activity
SUNY-Albany: Center for Technology in Government: Models for Action Tool
Requirement elicitation questions to ensure that recordkeeping requirements are identified
The Australian Work Process Standard
and the Models for Action Tool are both flexible and scalable methodologies
The Minnesota State Archives:Trustworthy Information Systems Handbook
Contains a checklist of criteria to consider when designing a system, but also includes questions which elicit process-specific information
Result is a clear, usable guide for IT or project management staff, which can be used even in weak RM environments
USPTO Electronic Records Management Technical Standard and Guidelines
Requires that systems developers fill out a comprehensive recordkeeping checklist as part of the standard Systems Development Life Cycle
Has a clear outline of the roles and responsibilities of the various players, as well as placement of the electronic records management activities in the Systems Development Life Cycle
The FBI Electronic Recordkeeping Certification Manual
FBI and CIA have well-elaborated electronic recordkeeping certification processes in place RM staff have authority to approve system design at
each of several major Systems Development Life Cycle control gates
The FBI’s Manual outlines four possible paths to certification, asking system owners to choose one during the project’s first phase Manual then outlines the process for certification for
both new and legacy systems
The FBI Electronic Recordkeeping Certification Manual (cont’d.)
Manual provides details on doing a project recordkeeping risk assessment, and includes sample tests and expected results for each of the ERK assessment criteria
All of these features are unique and make its documentation so thorough that an inexperienced system owner could figure out exactly how the process works
CIA’s Electronic Recordkeeping System (ERKS) Requirements
CIA now has a brief ERKS Certification Guide, including an overview of the process’s purpose and steps with a short list of requirements
CIA requires an Information Management Plan for each system to document all of the processes and procedures that will be used, to ensure that records are managed appropriately through creation, maintenance, use, and disposition Plan also includes a description of the system, system
records, and a traceability matrix for the ERKS requirements
On the Web: http://toolkit.archives.gov
Is a portal for various products and resources that provide guidance for managing e-records
Provides summary descriptions for quick searching as well as the full document
Includes resources and tools developed by NARA and other organizations
Can be searched by topic, occupation, organization that created the tool, or key word within the descriptive text
Questions/Contact Information
Arian D. RavanbakhshIT Policy Specialist
National Archives and Records Administration, Office of Modern Records Programs (NWM)
(301) [email protected]
The views and opinions expressed in this presentation are my own and do not represent any official view of NARA or the US Federal
Government.