2/16/08

Guidelines Manajemen Arsip Dinamis Elektronik

Ohio Electronic Records Guidelines

These Guidelines have been adapted from the Kansas State Historical Society's Electronic Records Management Guidelines, developed with funding from the National Historical Publications and Records Commission. The Guidelines have been approved by the Ohio Electronic Records Committee and forwarded to the State Record Administrator and Local Government Records Program for implementation.

Ohio Electronic Records Guidelines. 1

Introduction. 2

1.0 About the Guidelines. 3

1.1 Purpose. 3

1.2 Scope. 3

1.2.1 Definition of Records. 4

1.2.2 Jurisdictions Covered. 4

1.3 Revision History and Status. 5

2.0 Reasons for Managing Electronic Records. 5

2.1 Ensuring Accountability. 5

2.2 Meeting Legal Requirements. 6

2.3 Preserving Informational Assets. 7

2.4 Complying with Best Practices. 8

3.0 Introduction to Electronic Records Management 8

3.1 Best Times to Address Electronic Records Management 9

3.1.1 Business Process Redesign. 9

3.1.2 System Design and Procurement 9

3.1.3 Replacement and Upgrading of Information Systems. 10

3.2 Creating Electronic Records. 10

3.3 Capturing Electronic Records. 11

3.4 Identifying Electronic Records. 11

3.5 Managing Electronic Records. 12

3.5.1 Evidence. 13

3.5.2 Full and Accurate Records. 13

3.5.3 Essential Characteristics of Records. 13

3.6 Recordkeeping Systems Defined. 14

3.7 Building the Essential Characteristics into Recordkeeping Systems. 14

3.7.1 The Importance of Open Standards. 15

3.7.2 Content 16

3.7.3 Structure. 16

3.7.4 Context 17

3.8 The Problem of Legacy Records. 19

3.9 Ensuring Legal Admissibility. 20

4.0 Current Ohio Policy. 21

5.0 Responsibility for Recordkeeping. 22

5.1 The Agency's Role. 22

5.1.1 Creation and Maintenance of Electronic Records. 22

5.1.2 Implementation of Records Management Policies. 22

5.2 The State Archives' Role. 23

6.0 Developing and Maintaining a Recordkeeping System.. 23

6.1 Preliminary Investigation. 24

6.2 Analysis of Business Activity. 24

6.3 Identification of Recordkeeping Requirements. 24

6.4 Assessment of Existing Systems. 25

6.5 Identifying a Recordkeeping Strategy. 26

6.6 Design of Recordkeeping Systems. 26

6.7 Implementation of Recordkeeping Systems. 26

6.7.1 Records Management Software. 26

6.7.2 Configuring Existing Systems. 27

6.7.3 User-Based Management 27

6.8 Ongoing Management and Review.. 27

7.0 Deciding How Long to Retain Records. 28

7.1 Determining the Value of Records. 29

7.2 Appraisal Criteria. 29

7.2.1 Accessibility. 29

7.2.2 Manipulability. 30

7.2.3 Quality as Evidence. 30

7.3 Appraisal Strategies. 31

7.3.1 Involvement of the State Archives. 31

7.4 Records Retention and Disposition Schedules. 31

8.0 Providing Access to Electronic Records. 32

8.1 Responsibilities of Agencies. 32

8.2 The State Archives' Role. 32

8.3 Provision of Secure Access. 32

9.0 Transfer of Electronic Records into Archives Custody. 32

9.1 Criteria for Transfer 33

9.2 Management of Electronic Records Taken into Custody. 33

9.3 Contextual Information. 33

10.0 Specific Application Types. 33

10.1 Electronic Document Management Systems. 34

10.2 Electronic Mail 34

11 Resources for Additional Guidance and Advice. 34

Sources Consulted. 35


Introduction

During the past decade, the recordkeeping practices in public and private organizations have been revolutionized. New information technologies from mainframes, to PC's, to local area networks and the Internet have transformed the way state agencies create, use, disseminate, and store information. These new technologies offer a vastly enhanced means of collecting information for and about citizens, communicating within state government and between state agencies and the public, and documenting the business of government. Like other modern organizations, Ohio state agencies face challenges in managing and preserving their records because records are increasingly generated and stored in computer-based information systems.

The Ohio Historical Society serves as the official State Archives with responsibility to assist state and local agencies in the preservation of records with enduring value. The Office of the State Records Administrator within the Department of Administrative Services (DAS) provides advice to state agencies on the proper management and disposition of government records.

Out of concern over its ability to preserve electronic records with enduring value and assist agencies with electronic records issues, the State Archives has adapted these guidelines from guidelines created by the Kansas State Historical Society.

The Kansas State Historical Society, through the Kansas State Historical Records Advisory Board, requested a program development grant from the National Historical Publications and Records Commission to develop policies and guidelines for electronic records management in the state of Kansas. With grant funds, the KSHS hired a consultant, Dr. Margaret Hedstrom, an Associate Professor in the School of Information, University of Michigan and formerly Chief of State Records Advisory Services at the New York State Archives and Records Administration, to draft guidelines that could be tested, revised, and then implemented in Kansas state government.

1.0 About the Guidelines

1.1 Purpose

This publication is about maintaining accountability and preserving important historical records in the electronic age. It is designed to provide guidance to users and managers of computer systems in Ohio government about:

  • the problems associated with managing electronic records, special recordkeeping and accountability concerns that arise in the context of electronic government,
  • archival strategies for the identification, management and preservation of electronic records with enduring value,
  • identification and appropriate disposition of electronic records with short-term value, and
  • improving access to state government records.

1.2 Scope

These guidelines may be utilized by Ohio state government agencies. These guidelines apply and extend the policies and practices for records management to problems resulting from the transition from paper-based to electronic recordkeeping.

1.2.1 Definition of Records

Ohio agencies routinely create and accumulate records as they undertake government business. These records are vital to the process of managing and monitoring the use of state resources, and they provide a historical record of decisions, changes, and outcomes. Records have a significant role in the democratic process in that they

  • provide evidence to support the rule of law,
  • support the accountability of government administration,
  • are evidence of the interactions between the people of Ohio and their government, and
  • have value in documenting the history and culture of Ohio.

Records have traditionally been equated with physical objects, even though Ohio statutes define records without regard to their physical characteristics. According to the Ohio Revised Code 149.011 records are defined as:

any document, device, or item, regardless of physical form or characteristic, created or received by or coming under the jurisdiction of any public office of the state or its political subdivisions, which serves to document the organization, functions, policies, decisions, procedures, operations, or other activities of the office.

Records can be created and stored using many different media and formats, including paper-based files or computer systems, on a single medium or as multimedia. Records can also be transferred from one medium to another and from one context to another through copying, imaging or digital transfer. Electronic records are easily updated, deleted, altered and manipulated. If appropriate measures are not taken, the essential characteristics of records -- content, structure, context (see Section 3.5.3) -- can be altered or lost in the process. Careful planning and system design are required to ensure that these characteristics of records are both captured and maintained.

1.2.2 Jurisdictions Covered

The principles outlined in the Electronic Records Management Guidelines are applicable to all Ohio state agencies, and they should be considered in any situation where information is managed. Not all data in electronic information systems constitute records. Records have a distinct legal and administrative status that not all information and documents have. It is vital that state agencies understand the role of records within their business and manage their records as important resources with special requirements that may be distinct from other information resources. Electronic records management principles are relevant whenever computer systems are used not only to process information but also to provide reliable and authentic evidence that given activities or transactions have occurred.

These guidelines are intended to provide guidance to agencies on the management of electronic records throughout their entire lifecycle, from initial system design to the final disposal or permanent preservation of state records. This "records lifecycle" view is critical in an electronic environment because, by the disposition stage (when actions are taken regarding records no longer needed for current Government business), records may be unretrievable if not properly managed while they are in active use. The guidelines cover records created using all types of computerized environments, including such diverse elements as personal computers, distributed networks, mainframes, spatial data systems, and multimedia systems.

1.3 Revision History and Status

These guidelines are part of the ongoing effort to address the electronic records management needs of Ohio state government. As a result, this document continues to undergo changes. The first draft, written by Dr. Margaret Hedstrom, was completed in November of 1997 for the Kansas State Historical Society. That version was reorganized and updated and posted to the KSHS Web site on August 18, 1999. The Kansas Guidelines were modified for use in Ohio during September 2000.

2.0 Reasons for Managing Electronic Records

2.1 Ensuring Accountability

Public acceptance of Ohio state government and the roles of its employees depends on trust and confidence. This trust is founded on all of Ohio state government being accountable for its actions. Access to full and accurate records is at the heart of the accountability process. Records are the means by which the evidence of past and current action, decisions, procedures and policy are preserved for future analysis and access. Records are fundamental tools in the business of government and their absence can lead to inefficiencies or failure in operational procedures. The absence of records can open agency employees to accusations of fraud and impropriety, political embarrassment and an inability to defend the state of Ohio in cases of legal action or claims against the government.

Inadequate records and recordkeeping can result in:

  • failure of individuals or systems to make records in the first place;
  • failure to make records that adequately meet accountability and other organizational requirements;
  • failure to capture records into recordkeeping systems so that they are subject to arbitrary destruction or cannot be found when required;
  • failure to identify and retrieve the authoritative version of a record when multiple versions exist;
  • failure to maintain records for the period of time necessary to meet specific accountability requirements; and
  • failure to assign responsibility for different aspects of recordkeeping at appropriate levels in the organization, so that no one takes responsibility.

Electronic government provides both new opportunities and new hurdles to ensuring accountability. As government transactions are increasingly conducted through electronic media, the state of Ohio has the potential to provide more open and efficient access to records than ever before. The items listed above, however, can prevent this opportunity from becoming a reality.

Electronic government also allows agencies to share resources in order to fulfill functions that they have in common. This "virtual government" model can provide a more convenient and consistent interface to Ohio state government, often at a lower cost to taxpayers. When agencies collaborate with each other or outside contractors to provide services, however, it is essential that proper provisions are made for ongoing documentation of those services. Electronic government can only be effective if the government can still be held accountable for its activities.

2.2 Meeting Legal Requirements

According to Ohio state law:

All records are the property of the public office concerned and shall not be removed, destroyed, mutilated, transferred, or otherwise damaged or disposed of, in whole or in part, except as provided by law or under the rules adopted by the records commissions provided for under sections 149.38 to 149.42 of the Revised Code ORC 149.351

All public records shall be promptly prepared and made available for inspection to any person at all reasonable times during regular business hours. Subject to division (B)(4) of this section, upon request, a public office or person responsible for public records shall make copies available at cost, within a reasonable period of time. In order to facilitate broader access to public records, public offices shall maintain public records in a manner that they can be made available for inspection in accordance with this division. ORC 149.43 (B) (1)

If any person chooses to obtain a copy of a public record in accordance with division (B)(1) of this section, the public office or person responsible for the public record shall permit that person to choose to have the public record duplicated upon paper, upon the same medium upon which the public office or person responsible for the public record keeps it, or upon any other medium upon which the public office or person responsible for the public record determines that it reasonably can be duplicated as an integral part of the normal operations of the public office or person responsible for the public record. When the person seeking the copy makes a choice under this division, the public office or person responsible for the public record shall provide a copy of it in accordance with the choice made by the person seeking the copy. ORC 149.43 (B) (2)

Taken together, these requirements provide a powerful incentive for agencies to actively engage in electronic records management. Unless a retention and disposition schedule (defined below) is used to identify those electronic records that are appropriate to destroy - either through their inclusion in an existing records series reference or the approval of a new series to describe the electronic records - state agencies are legally obligated not only to retain all of the electronic records they create but also to provide public access to them (unless specifically identified as exceptions in the public records laws). The ongoing maintenance of systems to store and retrieve such large amounts of data would place an unnecessary burden on agencies. Through effective management and scheduling of their records, however, agencies can focus their resources on preserving only those records that have enduring value.

A records retention and disposition schedule is a timetable that identifies the minimum length of time that every record series created and maintained by an agency must be retained. A record series is a group of records normally used or filed as a unit that relate to a particular subject or result from the same activity.

There are two types of retention and disposition schedules that may apply to an agency's records. The General Records Retention and Disposition Schedule includes guidelines for common record series maintained by most state agencies, e.g. travel vouchers, meeting minutes, and employee personnel records. To address records not listed in the General Schedule, each agency also should have specific Agency Records Retention and Disposition Schedules that contain retention requirements for record series that are unique to the organization.

2.3 Preserving Informational Assets

Agency records represent valuable state assets. Agencies should consider the value of records when attempting to determine the return on investment of new information technology projects and systems. The resources spent on adding records management functionality to an information management system should not be regarded as an unrecoverable cost. Instead, the potential value of information technology will often go unrealized without proper electronic records management. Computer systems that were implemented to facilitate the work of agencies can quickly become a liability if they do not allow access to reliable and authentic records of agency activities.

The return on this investment in electronic records management will take various forms:

  • Improved staff management, training and workflow due to better documentation of past activities.
  • Decreased technological and human resource burden of staff developing their own record keeping systems because they do not trust or have easy access to agency record keeping systems.
  • Increased ability to gain funding for new programs based on thorough documentation of past outcomes.
  • Decreased technological and human resource burden of preserving records that no longer have retention value.
  • Lower resource burden when migrating records to new technology, due to the appropriate capture and maintenance of metadata.
  • Increased efficiency in meeting the access requirements of the public records law.
  • Avoidance of lawsuits based on the unwarranted destruction of or inability to provide access to records.

2.4 Complying with Best Practices

Whenever possible, state agencies should follow best practices for electronic records management. This is done by identifying and then adopting the best available policies, methods, procedures, tools, and processes that others are already using to address the particular organizational problem or need confronting an agency. Since both the technologies used to generate records and the methods designed to deal with record keeping issues continue to evolve, adoption of current best practices enables agencies to benefit from the best advice available from both the public and private sectors, while providing flexibility for improvements as methods and technologies evolve.

One major purpose of these guidelines is to serve as a source of best practice information on electronic records management for Ohio state agencies. These guidelines were developed by adapting current best practices for electronic recordkeeping from other organizations and jurisdictions to the particular needs of Ohio state agencies.

The Ohio Electronic Records Committee (ERC) is working to create, modify and adapt best practices and guidelines for use in Ohio. Please check the ERC web site periodically for the most recent tools available.

3.0 Introduction to Electronic Records Management

3.1 Best Times to Address Electronic Records Management

For the reasons stated in the previous section, it is in the best interest of agencies to address electronic records management issues as soon possible. Since effective management of electronic records depends so heavily on the information systems involved, however, agencies will have the most options for managing their electronic records effectively if they identify recordkeeping requirements when new systems are designed or when existing systems are upgraded.

3.1.1 Business Process Redesign

Business process analysis and reengineering are powerful tools that organizations are using to streamline their processes, eliminate redundant tasks and improve efficiency. Process analysis and redesign are excellent opportunities to also reconsider recordkeeping practices, since they often identify problems which could be alleviated through new workflow procedures and/or information systems. For example, process analysis may identify areas where electronic records are printed and filed unnecessarily because there were no provisions in the system to capture records electronically and transfer them to an electronic recordkeeeping system. If recordkeeping requirements are identified during process analysis, effective procedures and automated routines can be built into the revised processes to handle records more effectively.

3.1.2 System Design and Procurement

Another opportunity to consider recordkeeping requirements is during the process of system design and procurement. While business process analysis often precedes the design of new systems, sometimes modern information systems are acquired and designed to automate well-established manual procedures or to support the information handling and reporting requirements for new functions or programs. Several aspects of recordkeeping should be considered during the system design and procurement process. Does the agency require the system to support electronic recordkeeping, or does it plan to produce and file in hard copy all of the records that the system generates? If the system is expected to support electronic recordkeeping, then some customization of commonly available software may be needed. It may be necessary, for example, to establish special permissions which give different individuals authority to create, alter, and view records based on their authority and responsibility within a business or administrative process.

Special measures may be needed for routing documents from the active information processing environment to a recordkeeping system where records can be stored but not altered after they have been filed electronically. Since electronic records are easy to update and copy, they tend to exist in many versions and in multiple copies. Processes need to identify the official copy and handle version control. If the retention requirements are identified when the system is designed, routines can be designed for automatic purging of obsolete documents. If the system will store records with enduring value, a method will be needed for migration or export of the records to the next generation of technology.

3.1.3 Replacement and Upgrading of Information Systems

Recordkeeping requirements should be considered when information systems are being replaced or upgraded. In addition to the issues discussed when designing new systems, analysts can review the recordkeeping aspects of the system that is being phased out and use that analysis to identify opportunities for improvement. If users had difficulty identifying and retrieving the most current version of a document in the old system, for example, some form of version control may be needed in the new system. If users were reluctant to rely on the electronic records and instead printed and filed large volumes of paper records, the new system could incorporate better organization of records and better retrieval capabilities. If the old system was cluttered with obsolete files, the new system could be designed to automatically delete or transfer to offline storage specific types of files after a given time period. If users were not willing to trust the electronic versions of records, more effective authentication and system security measures could be implemented.

One important consideration when systems are replaced or upgraded is whether any of the electronic records stored in the old system need to be retained and migrated into the new system. This process can be routine if the records are stored in a simple structure or in a format that is compatible with the new system and if they are readily identifiable and well described. Often little thought has been given to the questions of retention or migration, however, so detailed analysis may be necessary to identify which records need to be retained and to determine how to transfer them to the new system.

3.2 Creating Electronic Records

The creation of records is a fundamental aspect of the management of any business operation, government or private. Ohio government agencies create records in order to:

  • produce evidence of individual and corporate performance,
  • account for the use of public resources,
  • document decision making processes in accordance with the law,
  • comply with statutes, regulations, instructions, guidelines and other rules that require Ohio agencies to create records,
  • preserve the corporate memory of the state enterprise and track business transactions over time,
  • enable the government to protect its interests and to substantiate the rights and entitlements of individual citizens,
  • ensure that records of significant government policies and activities are kept for posterity, and
  • provide a record of communications within and between agencies and between the government and its citizens.

It is important that agencies determine how and why electronic records are being created. Many of the considerations laid out in these guidelines - capture of appropriate content, creation of metadata, declaration of record type - are best addressed at the point of record creation. Electronic records management procedures are most effective when carried out at the point of creation or very shortly thereafter.

3.3 Capturing Electronic Records

Strategies for capturing electronic records will differ, depending on the opportunities presented by an agency's hardware and software environment. Locations at which records can be captured include software layers (especially suited to open systems environments) and at every interface between hardware components through which the relevant data passes. The technological environment will influence the decisions as to whether records are captured through:

  • the user interface layer,
  • modification of the application software,
  • the operating system,
  • the application program interface (API), or
  • the front end to a corporate filing system.

The organizational environment will also influence the point at which records are captured. This will include perceptions about what constitutes a record, assignment of responsibility, agency requirements to create records, and staff understanding of the technology involved.

Regardless of the approach an agency takes, it must be able to identify specific information objects (e.g. documents, email messages, database entries) as records and somehow distinguish between the types of records to which different business and retention requirements must be applied. Possible approaches include:

  • Business transaction information is identified in an "envelope" or file header, so the file does not need to be opened to be identified.
  • The record creator is responsible for capturing his or her own records and assigning management practices to them at the point of creation. This could be implemented as a screen the user fills in before documents can be saved or messages can be sent.
  • A user interface is designed so that users can choose between a number of icons representing business tasks or style templates, e.g., "send policy" or "make appointments." The choice of icon can engage the appropriate application, distribution lists, style sheets and records disposal authorities. The sender thus affects scheduling but need not make conscious decisions about assigning retention periods to records.

3.4 Identifying Electronic Records

Agencies have traditionally used records surveys and inventories to identify which records they maintain and to decide what to do with those records. In an electronic context, surveys of physical storage media (e.g. tape libraries or workstation hard drives) do not provide much useful information for determining which records exist or for deciding what to do with them. In order to enhance performance and convenience, most information systems make use of redundant data, through such practices as caching, disk duplexing, mirroring, clustering, client-side processing, desktop information management, disaster recovery measures, and routine system backups. Instead of attempting to inventory all of this data that exists at any one time, electronic records management requires the identification of agency functions, processes, transactions and activities to be documented. Once these have been identified, it will be possible to determine which data and associated metadata must be retained to serve as an official record.

3.5 Managing Electronic Records

Agencies need ready access to the right information at the right time to provide services and make informed decisions. An important part of that process is gathering information together to form the basis for decision making. Another part of the process is internal and external communication using various technologies. This communication process invariably involves conducting some form of business transaction (development of policy, delivery of benefit, ordering or paying for a product or service) which needs to be documented. The means by which agencies choose to conduct these business transactions invariably involve oral, written and/or electronic communication methods. In all cases, the objective is to conduct the business transaction satisfactorily and to maintain a record of what transpired for future reference.

When conducting transactions electronically, the first challenge is to maintain records in a way which will enable retrieval of all documents relevant to a transaction when they are needed. The second challenge is to ensure that the records are not retained for any longer than necessary, in order to avoid both overloading systems and to avoid indiscriminate dumping. A special problem with electronic records is that they lack familiar physical and visual clues about their origins, such as official letterhead, or their authenticity, such as written signatures. Special measures must be taken to ensure that they are also reliable and authentic.

Paper recordkeeping systems have traditionally been employed to file letters, minutes, reports, spreadsheets, invoices, notes, etc. These systems employ classified and indexed files at a subject or transaction level to consolidate and co-locate the documents generated or received in the course of a business activity. Separate folders provide a business context and link the individual documents to a particular transaction and into the wider agency recordkeeping system. In recent years, agencies have adopted records management, document management, workflow and imaging software. Regardless of the technology, however, the objective remains the same: capture records so that they can be easily retrieved at a later date, understood, and interpreted as evidence of what transpired in an agency.

"Virtual" records exist independently of their physical format. By reducing records to their essential characteristics, we can allow for the existence of records, regardless of the current technology. Systems must link the content of a record to its administrative or business context. In electronic environments, the essential characteristics mentioned in Section 3.5.3 rarely sit neatly together in a single, format-based package. Though all of the elements of a virtual record may exist within a single computer file, they may also be distributed across the entire state network. The integrity of these elements and the links between them are much more important than where they physical reside. If one is not able to place records in their appropriate administrative context, then they have seriously diminished value as evidence.

3.5.1 Evidence

In a court of law the evidence may be in documentary, oral, audio-visual, electronic or object form. It must satisfy the tests of evidence and be admissible in that legal context. Evidence as a concept, however, is not confined to legal contexts. Within business and public sector environments, the evidence from previous actions and decisions is used as a basis for the formulation of new decisions and actions. Organizations keep records as evidence or proof that an activity or transaction did or did not occur. Beyond this more immediate use, researchers also use records as historical evidence on which to base their conclusions.

3.5.2 Full and Accurate Records

Records should be full and accurate to the extent necessary to:

  • facilitate action by current and future employees, at all levels;
  • allow for proper scrutiny of the conduct of business by anyone authorized to undertake such scrutiny; and
  • protect the financial, legal and other rights of the agency, its clients and anyone else affected by its actions and decisions.

3.5.3 Essential Characteristics of Records

Full and accurate records must posses the following three essential characteristics:

  • Content -- that which conveys information (e.g. text, data, symbols, numerals, images, and sound).
  • Structure - appearance and arrangement of the content (e.g. relationships between fields, entities, language, style, fonts, page and paragraph breaks, links and other editorial devices).
  • Context - background information that enhances understanding of technical and business environments to which the records relate (e.g. metadata, application software, logical business models) and the origin (e.g. address, title, link to function or activity, agency, program or section).

In order for records to serve as evidence, these three essential characteristics must be maintained. Whenever one of the characteristics is altered, the ability of records to accurately reflect the activities of an agency is diminished. This means that records must:

  • have information content that is (and continues to be) an accurate reflection of what actually occurred at a particular time in the function, activity or transaction in question;
  • be able to be reconstructed electronically when required, so that each component is brought together as a whole and presented in an intelligible way;
  • be able to be placed in context so that the circumstances of its creation and subsequent use by an agency or person can be understood in conjunction with its information content; and
  • have been officially incorporated (either actively or passively) into an agency's or person's recordkeeping system.

One of the major differences between electronic records and those on traditional media is that electronic records are not human-readable, thus their physical appearance alone does not provide sufficient information to determine their origin, purpose, uses or other aspects of the context in which they were created and maintained. Maintaining content, structure and context of electronic records is, therefore, both more vital and difficult than with traditional records. Meeting these conditions requires high quality records management and a sustained commitment, on the part of state agencies, the State Records Administrator and the State Archives.

3.6 Recordkeeping Systems Defined

Recordkeeping systems are those systems that capture, manage and provide access to records over time. Records are often accessed just for their informational content, in which case they function the same as any other document or information source. Records are kept, however, to provide evidence of functions, activities and transactions, i.e., the business process. Recordkeeping systems are different from generic information systems in that they maintain linkages to the activities they document and preserve the content, structure and context of the records.

Unlike most other computer information systems, recordkeeping systems must often accommodate records that exist in more than one format (e.g. parallel paper case files and electronic case management systems). Recordkeeping systems should be able to identify all records, active and inactive, and the version of the computer software that supports access. They should be able to identify records stored off-line and off-site and on all media.

3.7 Building the Essential Characteristics into Recordkeeping Systems

The realities of modern administrative practice can often be impediments to effective recordkeeping. The pressure of the moment and the thought that documentation can wait have increasingly become a standard feature of modern organizations. The introduction of a greater commercial and service orientation in the public sector has created a culture which is focused on outcomes, sometimes to the detriment of documentation.

Effective electronic records management is not a goal to be attained at the expense of agency outcomes but is instead a necessary component of those outcomes. When successful outcomes are well documented, they can be sustained within an agency over time, accurately reported to the citizens of Ohio, and potentially reapplied across the state enterprise. When outcomes are not well documented, however, the state of Ohio can neither leverage its past successes nor avoid repeating its past failures.

The systematic creation and keeping of records have been undermined by the move away from centralized filing systems, the introduction of risk management, outsourcing, and the increasing use of technology in the administrative process. This is not to suggest that agencies return to the centralized and resource-intensive practices of the past. Rather, agencies should put systems in place which meet their accountability requirements without detracting from the benefits provided by modern technology and organizational change. When the system will support or provide services for several agencies, those agencies involved should work together to ensure that all of their respective recordkeeping requirements will be met.

The longer records are maintained, the more difficult it becomes to fully maintain their content, structure and context. In the process of upgrading, converting or migrating data to accommodate new systems, one or all of the essential characteristics of records may be compromised in some way. If the practices recommended in these guidelines are applied to the design, implementation and management of information systems, however, this loss of essential characteristics can be minimized and agencies can make better decisions about which characteristics warrant the resource commitment to maintain.

3.7.1 The Importance of Open Standards

Data management, interchange, interoperability, migration and ongoing accessibility all depend on the adoption of open standards. Though some components of agency computer information systems will inevitably be proprietary, electronic records management should not be dependent upon the software or hardware of one particular vendor. Whenever feasible, file formats, protocols and other system specifications adopted by state agencies should be those developed and adopted by recognized standards bodies. Since the requirements for fulfilling these standards are both publicly documented and generally supported by more than one vendor, agencies that adopt them will be much less likely to find themselves stuck with valuable but inaccessible records than will agencies that adopt more closed systems. The appropriate standards body will depend upon the nature of the technology involved, but three particularly important sources of standards relevant to electronic records management are the International Organization for Standardization (ISO), Internet Engineering Task Force (IETF) and World Wide Web Consortium (W3C).

3.7.2 Content

In order to maintain record content, agencies should follow best practices in the information technology profession for data integrity. Systems should be in place to ensure that:

  • the identity of a record's creator is verified (through the use of a password and possibly encryption),
  • permission to both read and write files is appropriately restricted,
  • periodic system audits are conducted,
  • data transmission includes data error checking and correction,
  • data are regularly backed up, and
  • data on offline media such as magnetic tape are regularly refreshed to avoid catastrophic loss of data due to medium degradation.

Data should also be encoded in such a way that the bits will continue to be readable over time. Records that contain American Standard Code for Information Interchange (ASCII) text provide an easy migration path with respect to content as long as ASCII remains an accepted base standard. Open Systems Interconnection (OSI) standards for other forms of content, e.g. Tag Image File Format (TIFF) for images, should also be considered for long-term retention of records. For nontextual materials, it is often important to distinguish between record copies and convenience copies. If a paper document has been digitized, for example, an agency may store a master copy of the document as a high-resolution TIFF image for preservation purposes but provide online access to a lower resolution Joint Photographic Experts Group (JPEG) or Graphics Interchange Format (GIF) image that serves only as convenience copy for easy reference.

As previously stated, the management of records should not be restricted to records that reside on just certain media types. The records of business processes may span different media and multiple systems. Business decisions to restrict record creation to certain media should be clearly articulated and communicated to staff. Recordkeeping systems should be designed to enable access to the complete record without hindrance. Where multiple recordkeeping systems are in place, links should be provided for records that span these multiple systems.

3.7.3 Structure

Recordkeeping systems need to capture and maintain information about the structure of records either as an integral part of the metadata associated with the records or in separate formal documentation. In many ways, structure is more difficult to maintain than content and is often neglected.

The simpler the record structure, the easier it is to preserve the record over time. As with the other characteristics of records, it is also best for record structure to be based on open standards. Standard Generalized Markup Language (SGML) and eXtensible Markup Language (XML) are both examples of open standards for document structure.

3.7.4 Context

A record's value is severely dimished or lost if its content becomes separated from key information about the agency and person(s) who made it, the time, place and reasons for its creation, and its relationship to other records. Its contents may still be of interest, but the record will have no value as evidence unless it can be placed in context. Contextual information, therefore, is information about the records and the administrative environment in which they were created and maintained. It can range from high-level information such as the name and location of the agency that created the record to more detailed information such as the date the record was made.

The depth of contextual information required will vary depending on the expected users and their level of knowledge. In the case of permanent records, more details will be necessary to enable future audiences to make sense of the records and place them in context. What is commonly known and assumed by today's records creators may not be readily evident to future users.

The ideal in the electronic environment is to link to records the metadata and contextual information necessary to read and understand them. A document indexed by sender, recipient, date, or purposes and organized in a standard filing system along with other documents from the same business function or administrative procedure is an example of this in the paper world.

Recordkeeping systems need to maintain and provide access to information about the business and administrative context in which records were created and used. For computer systems developed by information technology professionals, system design documentation, data dictionaries and related business documentation are fundamental to providing context for records that are held in those systems. Active data dictionaries - lists of all files in a database management system, the number of records in each file, and the names and types of each field - and computer-aided software engineering (CASE) tools - software that provides a common development environment for programming teams - automate much of the process of keeping metadata authentic.

Maintaining the context of records created and managed outside of systems developed by information technology professionals is more difficult. The ubiquity of personal computers allows records to be created, modified, copied, transmitted and deleted, often with little regard for business and legal records management requirements. Even if records are managed appropriately on an individual workstation, their existence may not be known to other users, and the contextual information may be inadequate for future retrieval. Consideration needs to be given to assigning and preserving meaningful document names, author, work group and organizational identifiers, designating whether records are draft or final versions and linking them to other documents or information objects. Off-the-shelf software exists to address these problems. Alternatively, if records cannot be supported in an electronic environment, they will need to be printed out and incorporated into a recordkeeping system based on paper, microfilm or some other analog medium.

Contextual Information Provided by Agencies

Contextual information needs to be collected, structured, and maintained from the time records are created. This involves identifying and labeling (or tagging) records and linking them to contextual information (i.e., keeping records about records). In some cases this can be achieved by embedding key contextual information into the metadata or electronic records themselves. The more that electronic records can be made self-describing the less need there is for maintaining separate information.

As described in Section 6.7, agencies can use some combination of the following methods to incorporate records management activities into their information systems:

  • Purchase and implement specific records management software.
  • Configure existing software to include records management functions.
  • User-based management. The users of information systems can manually engage in electronic records management functions.

Regardless of which of the above methods agencies adopt, agencies are encouraged to maintain contextual information relating to the:

  • agency or agencies that recorded or maintained the records,
  • other agencies that are, or have been, associated with the records,
  • purpose of the records in fulfilling agency functions;
  • age of the records,
  • time period to which the records relate,
  • frequency with which the records are, or will be, used,
  • value or significance of the records in relation to the functions of the agency,
  • recordkeeping system used in relation to the records,
  • relationship (if any) between the records and other records or materials, and
  • existence of any law, agreement, practice, procedure, arrangement or understanding affecting the records.

Such contextual information, while desirable for all records, is especially important for higher value records. While such contextual information is absolutely necessary for long-term retention of electronic records, it can also improve the quality of records in active use, support information sharing, and enhance their quality as evidence.

Contextual Information for Interagency Transfer

When electronic records are transferred from one agency to another following changes in government administrative arrangements or are transferred to the Archives, it is essential that they are transferred with sufficient metadata and contextual information. Agencies that take on the care and preservation of electronic records under such circumstances need to insist that the relinquishing agency supply adequate contextual information, system documentation and metadata at the time of transfer. Because of the risks involved, agencies transferring electronic records between themselves, either directly or through a contracted service provider, should follow verification procedures. This process is increasingly happening in real time. Systems for interchange must ensure not only the transfer of data but also sufficient metadata.

3.8 The Problem of Legacy Records

The lifecycle of information technology can be divided into four phases: introduction/emerging, growth/acceptance, stability and twilight. Regardless of what phase a system is in at the time of implementation, it will eventually enter the twilight phase. In order to maintain access to the records on these older systems, agencies must take measures to either continuously support those systems or migrate the records to newer systems. The record lifecycle is thus tightly connected to the technology lifecycle. In short, electronic records live and die with the systems that support them.

This dependency becomes a major problem in the case of legacy records, which are records that rely on legacy systems. Legacy systems are those systems that were designed using hardware and software systems that are rapidly becoming obsolete or are no longer supported by their vendors. Two leading experts on migrating legacy systems define a legacy information system (IS) as "any IS that resists modification and change" (Brodie and Stonebreaker, p. xv.). Legacy systems are a significant problem for organizations that rely on older, proprietary systems and technology because it is difficult to migrate either the functionality or the data to new generations of systems.

From a records management and archival perspective, legacy systems create problems when they are being used to store and retrieve records that need to be kept beyond the useful life of the system itself. There are a variety of methods that can be used to extract records from legacy systems, ranging from simply printing records to paper or microforms to using sophisticated extraction tools. Because migration is expensive, regardless of the approach used, it is important to thoroughly analyze the records and their retention requirements so that only those records that are needed for future use or required to be kept by law are migrated.

The most effective way to address the long-term retention of electronic records is to ensure that they never become legacy records. If agencies follow the recommendations in these guidelines about the capture of system metadata and thorough documentation of information systems, then electronic records will be much easier and cheaper to maintain over time. Of course, metadata that identifies the system requirements for accessing electronic records will be of no use if future users do not also have the tools needed to satisfy those requirements. This is why agencies should adopt open standards whenever possible. This will increase the chances that records can survive the transition to a new system without the need to significantly alter them in the process.

Even if agencies adopt open standards, however, cases will arise in which agencies no longer have access to software or hardware that can support a given standard or set of standards. In these cases, a factor that can greatly facilitate support for and/or migration from twilight systems is access to their source code, the sequence of statements that are written by and understandable to a human programmer. Without access to source code, agencies are more dependent on software vendors -- who may go out of business or require the purchase of a prohibitively expensive new release of their product -- to maintain the means to access their electronic records. Having access to the source code allows the agency using the software to contribute to its further development and more easily develop other software that interacts with it. There are several ways that agencies can ensure access to source code:

  • Develop software internally, then maintain and document the source code.
  • Make use of open-source software (OSS). OSS is software for which the source code is freely and publicly available, though the specific licensing agreements vary as to what one is allowed to do with that code. When using OSS, it is important to ensure that the software has been sufficiently documented by its developers.
  • Specify in contracts with vendors that they must provide source code along with the binary code of their software and any upgrades. Restrictions may be placed on how the agency can manipulate, reuse or distribute the source code.
  • Make arrangements with a trusted third party to hold the source code in escrow. There are a number of companies that provide such services, and escrow agreements can specify that agency access to the source code only be allowed under specific conditions.

3.9 Ensuring Legal Admissibility

Government agencies use a variety of systems and technologies to create, maintain and reproduce records. Many documents are created and many records are maintained in electronic form. While information technologies enable government agencies to streamline recordkeeping practices and reduce records creation and storage costs, they also present new problems in relation to establishing the authenticity of records. Information systems and records management policies need to ensure that agencies produce and maintain full and accurate records that are acceptable for legal, audit, and other purposes.

Meeting legal admissibility requirements in a complex, changing environment is a challenging undertaking that requires cooperation and coordination within and, increasingly, between agencies. An agency's business managers, records staff, legal counsel, and information technology personnel must all be involved in ensuring the legal acceptance and authenticity of records.

Evidence that is introduced in legal proceedings is subject to Federal Rules of Evidence, specific Ohio legislation, and precedents established through case law. Agencies may also be required by regulatory authorities to provide records as evidence. It is important to keep in mind that most administrative rulings can be challenged by the courts, making it advisable to follow legal rules of evidence if they apply a stricter standard for recordkeeping.

Courts readily accept records produced by common information processing methods and technologies, such as writing, typing, photocopying, and microfilming. Records produced or reproduced using newer technologies, such as digital imaging, workflow and document management systems, groupware, electronic data interchange (EDI), and electronic commerce may be subject to greater scrutiny, however, since recognized standards for the implementation and use of these technologies are not yet in place. Agencies need to take special precautions when implementing electronic systems to ensure that these systems are reliable and that they produce records which will be legally acceptable.

Agencies should follow good recordkeeping practices for records in any format. Courts are generally more likely to admit electronic records as evidence if agencies have taken the following precautions in the design and management of their recordkeeping systems:

  • use the recordkeeping system consistently and in the normal course of business,
  • develop and follow written policies and procedures,
  • provide training and support,
  • develop an adequate system of controls,
  • develop and implement system audit trails,
  • conduct routine tests of system performance,
  • test and document the reliability of hardware and software,
  • provide adequate security,
  • establish controls for accuracy and timeliness of input and output, and
  • create, maintain, and retain comprehensive system documentation.

Many of the measures recommended for good systems design, system maintenance, and electronic recordkeeping also enhance the quality of electronic records as legal evidence.

4.0 Current Ohio Policy

Policy can serve as an effective guide to the management of electronic records by establishing common goals and principles for state agencies and providing a framework for more specific procedures and practices. The Electronic Records Policy, OPP-030, provides a broad based policy for Ohio state government agencies. Specific guidelines and practices, including this resource, will continue to be developed.

The guidelines, standards, policies, and procedures developed for overall management of information resources and technology have significant implications for electronic records management, both within state and local agencies and at the State Archives. Decisions made during the acquisition and design stage of new systems, for example, often impact the ease with which records can be identified, accessed, disposed of, or transferred to new systems should their required retention extend beyond the life of the system in which they were originally created or stored. Hardware and software standards have the potential to either facilitate or hinder the exchange of records among agencies and between government and private citizens. These guidelines encourage addressing recordkeeping requirements when new systems are acquired, designed, or redesigned.

5.0 Responsibility for Recordkeeping

The Ohio Revised Code defines the responsibilities of state government agencies to organize, protect, provide access to, and properly dispose of their records, including the transfer of noncurrent records with enduring value to the Ohio Historical Society, State Archives Department. Cooperation between the agencies, the State Records Administrator and the OHS is even more important with electronic records, because they are more susceptible to loss, inadvertent destruction, mismanagement, and obsolescence. Within agencies, cooperation between management, staff who create and handle electronic records, specialists in information system design, and agency records officers is also essential for the management of electronic records.

5.1 The Agency's Role

The ability to maintain electronic records and ensure their accessibility over time is highly contingent on how records are created, organized, and maintained in the agencies that create or manage them. Individual agencies are most likely to understand their electronic systems and the specific applications required to maintain the records they contain. As technology changes over time, agencies are also best placed to ensure that records are successfully transferred or migrated as systems evolve. Currently, the OHS is positioned to provide advice on electronic recordkeeping but does not have the capacity to manage and maintain a wide range of electronic systems and records applications nor to manage the migration of records to other media and standards over time. In order to ensure that records are properly managed, agencies must also cooperate with any other public or private entities with whom they share data for the provision of services.

5.1.1 Creation and Maintenance of Electronic Records

Creation and maintenance of reliable and accurate electronic records is the responsibility of agency program managers, users of computer systems, agency records officers, and information technology staff who provide technical support and training. End users need to be informed of the policies governing recordkeeping and trained in the use of tools and systems that support electronic records management.

5.1.2 Implementation of Records Management Policies

The agency records officer has responsibility for overseeing the disposition of agency records and for ensuring that records are destroyed according to approved retention schedules. In extending these responsibilities to include electronic records, it will be necessary for the records officer to participate in studies and analysis of agency business processes and systems and to participate in the design, monitoring and refining of records storage and retrieval systems. The records officer will also have primary responsibility for applying existing records retention and disposition schedules to electronic records and for submitting new schedules for electronic records that do not have an approved schedule.

5.2 The State Archives' Role

The Ohio Historical Society is the official State Archives with responsibility to assist state and local agencies in the preservation of government records with enduring value. While in the past, preservation of such records has been achieved through their physical transfer to the State Archives, preservation of electronic records currently will depend on closer cooperation with agencies. The State Archives has developed these guidelines to help agencies manage electronic records efficiently and effectively.

The Archives can help agencies to:

  • identify the electronic records in agency custody that are of enduring value,
  • identify and obtain authorization to dispose of the electronic records in agency custody that are not of enduring value,
  • identify the metadata that needs to be captured and maintained with electronic records of enduring value if they are to remain identifiable and accessible over time,
  • determine the length of time electronic records should be maintained and made accessible in order to meet administrative or archival requirements

6.0 Developing and Maintaining a Recordkeeping System

Experience with electronic records management in other jurisdictions has shown that the following steps should be undertaken:

  • preliminary investigation,
  • analysis of business activity,
  • identification of a recordkeeping requirements,
  • assessment of existing systems,
  • identification of a recordkeeping strategy,
  • design of recordkeeping system(s),
  • implementation of recordkeeping systems(s), and
  • ongoing management and review.

When first addressing electronic records management requirements for an agency, it is advisable to follow the above steps in the order in which they are listed. Electronic records management is an ongoing process, however, and agencies will often need to revisit one or more of these steps over time. This process should also be integrated with other agency operations. Many of the steps we list are already being undertaken by agencies in order to develop business rules for information systems, conduct business process reengineering, write annual reports and administer agency services. Effective electronic records management draws from and facilitates these existing operations. It is not simply an extra set of tasks that an agency must conduct in isolation from the rest of its workflow.

6.1 Preliminary Investigation

Through the examination of documentary sources and interviews with staff, develop a profile of the role and purpose of the organization, the organizational structure, the organization's legal, regulatory, business and political environment and any critical factors affecting or associated with recordkeeping. Some useful questions to pose at this point could be:

  • What is the business purpose of your agency? What outcomes was it established to bring about?
  • Which legislation or other administrative arrangements establish its role and functions?
  • Which additional legislation or other administrative arrangements govern its operations (e.g., federal regulations, audit requirements, state laws and regulations, contracts, agreements)?
  • As a consequence, is the agency subject to any mandatory recordkeeping requirements in the legislation or administrative arrangements?
  • For what and to whom is the agency accountable?

6.2 Analysis of Business Activity

Following a similar process to the first step, identify and document each business function, activity, and/or transaction undertaken. Establish a hierarchy of business functions, activities and transactions and identify and document the flow of business processes and the transactions which comprise them.

  • Which business processes give rise to, or should give rise to, records that document policies, procedures and transactions?

6.3 Identification of Recordkeeping Requirements

Electronic records are best managed if recordkeeping requirements are identified when new systems are designed. Recordkeeping requirements derive from both the internal business needs of an agency and from external regulations imposed by federal and state laws and regulations, guidelines for professional practice, and other authorities. Agency personnel responsible for process analysis, systems design, administrative procedures, and internal controls are best able to identify the internal requirements for creating and maintaining records. Identifying external requirements can be a complex and time-consuming process that involves research and analysis. These guidelines recommend that agencies follow a systematic procedure to identify recordkeeping requirements, usually in conjunction with a system design or redesign.

Identify the requirements for evidence affecting each business function, activity, and transaction which must be satisfied through recordkeeping. These requirements for evidence can be derived from an analysis of the regulatory environment to which your organization belongs and from an assessment of risk of failure. Determine how each requirement for evidence may be satisfied through recordkeeping and then document the recordkeeping requirements. Questions to ask include:

  • What records does your agency need to keep to meet its business and accountability requirements?
  • At which points in a given business process or transaction should a record be created or captured?
  • What content is required to produce full and accurate accounting of a decision, transaction, or event?
  • How can we assure that an electronic record was created by the person responsible for an action and that it has not been altered?
  • Who may have access to records and for what purposes?
  • For which records should the access history be captured and maintained along with the record?
  • According to the retention schedule, how long do these records need to be kept?
  • How can records with long-term value be preserved?
  • How can business processes be redesigned to incorporate recordkeeping requirements for business and accountability purposes?
  • What are the agency's vital records, i.e. those records which, if destroyed or otherwise inaccessible, would immediately hinder the agency's ability to provide basic services and fulfill its mission?
  • What are the best practices in recordkeeping of government agencies and businesses that conduct similar activities?

6.4 Assessment of Existing Systems

Identify and analyze existing recordkeeping and other information systems and measure their performance against recordkeeping requirements. Some questions to ask:

  • What records does the agency currently maintain and do these meet the agency's accountability requirements?
  • In which areas is recordkeeping deficient or nonexistent, i.e. what agency activities can you identify as being insufficiently documented?
  • Do the recordkeeping systems conform with existing quality standards?
  • Where are the records that currently exist and how do you get and/or maintain access to them?

6.5 Identifying a Recordkeeping Strategy

The appropriate strategy should be determined by weighing the degree of risk involved in the failure to satisfy recordkeeping requirements (see Section 2.3 for a list of factors) against the cost of satisfying the requirements. Considerations should include the business function, systems environment, legal requirements and corporate culture within which the strategy must succeed.

6.6 Design of Recordkeeping Systems

Design a recordkeeping system that captures and maintains access to those records which have been identified in the earlier processes. Ensure that the system supports, and does not hinder, business processes. Assess and, if necessary, redesign business processes to incorporate recordkeeping requirements. The metadata required for the maintenance and accessibility of the records that need to be created and captured in the recordkeeping system should be identified.

6.7 Implementation of Recordkeeping Systems

Agencies should use some combination of the following methods to incorporate records management activities into their information systems. Regardless of what method is used, agencies should attempt to integrate the operation of their recordkeeping systems with business processes and related systems.

6.7.1 Records Management Software

Agencies can develop, or arrange to have developed, records management software that meets their particular needs. They can also purchase existing products known as records management applications (RMAs). Either solution should be integrated with existing agency applications to facilitate the management of records created within those applications. Functions performed by records management software can include:

  • Declaration of appropriate documents as records at the point of creation.
  • Classification of records into record series or types at the point of creation. These classifications are ideally based on the business functions to which the records are related, so that record retention can be based on the nature of the functions.
  • Application of retention and disposition schedules to records, based on that classification.
  • Documentation of the usage history of records.
  • Association of sufficient metadata with records to ensure their refresh, conversion and possible migration over time.
  • Integration of systems used to manage electronic and traditional records.
  • Tracking of the physical location and access to paper and microform records.

6.7.2 Configuring Existing Systems

The operating systems and applications used by agencies already create a great deal of metadata related to the data they process, e.g. file and folder names, created and modified dates, creator names, application-specific file name extensions, usage history, formatting templates. The capture, retention and association of the appropriate elements of this metadata can greatly facilitate electronic records management.

6.7.3 User-Based Management

The users of information systems can manually engage in electronic records management functions. Though this approach tends to require the least amount of technological investment, it still requires a significant human resource investment for training, implementation and audit of the policy. The more employees personally recognize and derive the value of good records in their own work, the more incentive they will have to create and manage records effectively. When implementing a system that makes extensive use of user-based management, agencies must be particularly attentive to the principles and methods of user-centered design.

6.8 Ongoing Management and Review

An agency should monitor the performance of the recordkeeping system and carry out random checks of the quality of records and control information, assess the performance of the system and initiate and monitor corrective action. While this methodology was originally designed for electronic records management, it is equally applicable to records and recordkeeping systems in any environment.

When incorporating recordkeeping requirements into new or existing information systems, an agency should assign responsibility to specific units or individuals for their development, maintenance, assessment, and upgrade. This process should involve teams drawn principally from agency management, information technology and records management.

Information managers, administrative support staff, and data processing professionals can take the following measures to ensure that records produced by automated information systems are accurate, reliable and accessible.

  • Produce written policies and procedures to define normal operations for development, maintenance, and use of information systems.
  • Provide training and support to help ensure that policies and procedures are understood and implemented by staff.
  • Capture records, which document business transactions, into recordkeeping systems as close as possible to the time of creation or receipt.
  • Develop adequate system controls to ensure the quality and reliability of the records the system produces.
  • Develop and implement system audit trails to detect who had access to the system, whether staff followed established procedures, or whether fraud or unauthorized acts occurred or might be suspected in the system.
  • Conduct routine tests of system performance. Automated information systems rely on system audits and routine testing to verify the accuracy and validity of data. System audits define the parameters of on-line system processing.
  • Test and document the reliability of hardware and software by:
    • routinely testing hardware and software according to a plan developed with the advice of the manufacturer;
    • retaining all documentation related to hardware and software procurement, installation, and maintenance for at least as long as any records that depend upon those systems for access are retained; and
    • maintaining operation logs and running schedules to document the reliability of system operation and performance.
  • Provide adequate security by developing routines that limit access and update privileges to the appropriate people and prevent unauthorized modification of data.
  • Establish controls for accuracy and timeliness of input and output through systematic procedures for data entry.
  • Create and maintain comprehensive system documentation on all aspects of system design, implementation, maintenance, and oversight.
  • Retain documentation describing how a system operated and describing the purpose, structure and origins of data for at least as long as any records that depend upon that system for access are retained.

It is essential that retention of records (as determined in records disposition schedules) is designed to facilitate future access as well as ensuring that records with only short-term value are systematically destroyed. The records designated for long-term retention must be periodically refreshed onto new media and migrated across software and hardware platforms in order to remain accessible and authentic over time. The software to access the records must also be maintained and associated with the appropriate records. This is particularly important in environments making use of storage area networks (SANs), Network-attached storage (NAS) or other means to separate data processing from storage management.

7.0 Deciding How Long to Retain Records

A key step in the process of managing electronic records, after we know what records we have now or should have, is to determine the length of time they need to be kept. A systematic process for determining the value of records will ensure that you only keep the minimum number of records necessary to meet your business and legal obligations. Failure to do this will increase the costs of doing business by clogging systems and hindering accessibility. It also increases the risk that valuable records could be lost or disposed of illegally in unsystematic 'spring cleaning' operations.

Not all records are valuable forever and, in fact, most records only have value for a relatively short time. This might seem like an obvious statement, but it is extremely important to remember when confronted with large volumes of records. How then do we decide what should be kept and for how long? The Archives' primary concern is to establish what is of enduring or archival value -- and, by implication, what is not -- through the appraisal process.

7.1 Determining the Value of Records

Although the State Archives determines which records have enduring value, these guidelines are designed to help agencies identify records with enduring value. It is in agencies' interest for these determinations to be made as accurately as possible.

7.2 Appraisal Criteria

The long-term or archival value of records is determined through a systematic assessment of the value of a body of records against a set of appraisal criteria. Archival value is defined as:

those values, administrative, fiscal, legal, evidential and/or informational, which justify the indefinite or permanent retention of records.

These are criteria against which agency personnel and staff of the State Archives can assess the values of particular groups of records and the functions to which they are connected. The State Archives uses these criteria to determine records value and balances that determination against the cost of maintaining access to them over time.

When appraising electronic records, in addition to the criteria already mentioned, there are some additional factors which need to be considered: accessibility, manipulability, and quality as evidence.

7.2.1 Accessibility

Accessibility of electronic records has two components:

  • It is possible to locate and retrieve records.
  • It is feasible to access the desired records, given the quality of the retrieval tools and volume of records.

If the records are not accessible and their value does not warrant the cost of rendering them accessible, then they have no value. This may occur when electronic records have been stored in a format or by a system that is not compatible with the current system. It also occurs in situations where we can read the contents of the storage media, but there is not enough associated metadata or contextual information to understand the meaning of the records.

These technological dependencies for access pose one of the most fundamental differences between traditional and electronic records. With paper records, the primary expense for long-term storage is the physical storage itself. A paper document that is left untouched in offsite storage will still be readable in 50 years, assuming the environmental conditions of storage are adequate. A digital document, however, requires a great deal of ongoing attention in order to remain readable for even 10 years, much less 50. Costs can be reduced significantly by moving records that require only occasional access onto cheaper and slower media (e.g. off of hard drives and onto tape) and supported with lower bandwidth, but the cost of keeping the records themselves accessible will remain. In the electronic context, appraisal and access are intimately connected. There is no value in retaining records that are no longer accessible, and the failure to destroy records that no longer have retention value makes access to the valuable records much more difficult. Anyone who has conducted research on the World Wide Web realizes that the more extraneous material one must search through, the more difficult it becomes to find what one is looking for.

If electronic records do remain accessible, however, their digital format offers distinct advantages over paper-based records. Access to electronic records and documents can be provided to multiple users at multiple sites, thereby overcoming one of the problems associated with traditional physical systems. This is one of the major reasons for keeping records and documents electronically.

7.2.2 Manipulability

A major characteristic which sets electronic records apart from other records is that they are manipulable as a group of records, as individual documents, and as the elements within individual records. The contents of a database can be manipulated much more readily and in ways traditional recordkeeping systems cannot. Specific documents can be retrieved from electronic document management systems and "repurposed" much more easily than records in manual filing systems. If there are no safeguards, however, individual records can be altered or deleted without leaving a trace. The advantage of manipulability can undermine the accuracy and authenticity of electronic records unless good security and system management are in place.

7.2.3 Quality as Evidence

As explained in Section 3.6, many information systems are not recordkeeping systems. When approaching the appraisal of electronic systems, it is important to establish whether any records are present or should be present before going any further. If information is stored in a system that lacks the means to determine when, how, and by whom its contents were created, then the value of the contents of the system as evidence is jeopardized. From an archival point of view, the lack of contextual information reduces the value of the records, even if the contents of the system might be useful for some types of analysis or reuse. If a system is used to create and store records, but it does not fully satisfy all recordkeeping requirements, one must decide whether the information contents are worth keeping and whether it will be possible to find or add documentation that will make the contents understandable and usable.

7.3 Appraisal Strategies

7.3.1 Involvement of the State Archives

The State Archives is involved in the appraisal of records through its review of requests from agencies to dispose of records and as a means to fulfill its statutory obligation to identify and protect records with enduring value. Because of the complexities and special vulnerabilities of electronic records, involvement of the State Archives from the beginning of any electronic records project is highly recommended.

The State Archives can assist in the process of determining recordkeeping requirements by providing a legal basis (the records retention and disposition schedule) for the disposal of records. A comprehensive appraisal of agency records backed by an active disposal program will greatly improve the chances of finding what is needed as well as preserving valuable records for the future. It will also ensure that resources are not wasted on managing and attempting to provide access to records of limited value.

7.4 Records Retention and Disposition Schedules

It is illegal for agencies to dispose of records without an approved retention schedule or adoption of the General Schedules. Ohio state agencies are thus encouraged to develop and submit records disposition schedules for approval by the State Records Administrator, State Auditor, and State Archivist. The schedules should be the result of an appraisal process.

Information technology and records management staff should ensure that all records including electronic records are being created and kept for the time specified in the schedule. The schedule can be used as a basis for implementing record retention periods in electronic information systems, although many Ohio electronic records have not yet been analyzed or scheduled for disposal.

The statutes, regulations, and guidelines which mandate that certain records be created also often specify how long they must be retained. If records are created and kept primarily to satisfy internal needs, then careful analysis is needed of the internal uses and potential external values for the records to determine appropriate retention periods.

8.0 Providing Access to Electronic Records

Access to Ohio State records is primarily governed by the Ohio Public Records Law. Government records are available to the public unless they contain information that is exempt under ORC Section 149.43 or other specific legislation. The Law provides for access to records by the public regardless of their physical format or location. A member of the public is entitled to access if the record is in the custody of the Archives, an agency or a service provider.

8.1 Responsibilities of Agencies

To operate effectively in an electronic environment, agencies need to:

  • understand the access provisions of the Public Records Law,
  • be able to make decisions about access to records,
  • implement a records access system for their own business purposes (including compliance with legislation),
  • provide access to records, either electronically or by producing printed copies, and
  • keep a record of access decisions and processes.

8.2 The State Archives' Role

At a broader level, the State Archives' role will be to:

  • advise government on matters related to access to records with enduring value,
  • set standards for their preservation and accessibility, and
  • work with agencies to identify the access requirements of records during system design, major modification or appraisal.

8.3 Provision of Secure Access

To avoid any compromise of the security, integrity and functioning of an agency's electronic recordkeeping system, it is recommended that public access not be given to the live system but rather to a mirror site or parallel system. Any sensitive or classified records should be appropriately encrypted to prevent unauthorized access. This comment applies to all records regardless of their archival or access status.

9.0 Transfer of Electronic Records into Archives Custody

9.1 Criteria for Transfer

A decision by the Archives to accept custody of electronic records will be on a case-by-case basis. The following matters (among others) will be taken into consideration for any transfer proposal:

  • The records have been appraised and have enduring value.
  • The records have sufficient metadata and contextual information to meet the Archives descriptive standards for electronic records, including system documentation.
  • The resource impact is assessed and is manageable.
  • The records proposed for transfer conform with media and formats which the Archives can support at the time.

9.2 Management of Electronic Records Taken into Custody

The basic principle for management of electronic records in the Archives' custody is that the records must conform with standards and media which the Archives can accommodate. This is so the records can continue to be accessed and preserved for the period required.

A transfer of custody may involve or result in a modification or reduction in the functionality of the records. Similarly, the structure of the records may have to be modified to facilitate management and access. Any such change will occur prior to transfer and will be specified in an agreement with the transferring agency.

9.3 Contextual Information

In cases where the Archives accepts custody of electronic records, all relevant contextual information maintained by the agency should also be transferred at that time. The contextual information to be supplied will encompass both administrative and recordkeeping elements and will be used by the Archives to prepare public finding aids for the records. It will also be used for monitoring purposes. Supplying of information to the Archives should not be taken as a reason for agencies to cease maintaining contextual information for their records. Periodic updates of the information supplied to the Archives may be necessary, e.g. following an administrative change or a change in the purpose or content of the records over time.

10.0 Specific Application Types

10.1 Electronic Document Management Systems

Document management, as a process, is not restricted to records and indeed may not manage records at all. A document management system, for example, can control the distribution and access to electronic publications such as manuals and guidelines, library material and other information sources. Documents that may need to be managed may include personal material, notes, calculations, and rough drafts that have yet to be introduced into the business process. Documents may also include copies of records that have been taken out of their business context, yet have value as information sources and research material.

If a system does not support the preservation and access to evidence of business processes then the system is not a recordkeeping system - it is a document management or information system. It is the contextual aspect of records, including the relationship to other records and their value as evidence of functions, events, activities and decisions that most easily distinguish a recordkeeping system from a document management or information system.

Document management systems, however, will often be called upon to manage records. In these cases, the systems should have all the attributes of a recordkeeping system as discussed in Section 3.7. To achieve effective document management, agency librarians, records managers, archivists and information managers must be involved when considering new systems or reviewing existing procedures and processes. These professionals have the skills and experience to support effective document management.

10.2 Electronic Mail

Electronic mail (e-mail) can be captured and kept as evidence of business functions, activities or transactions. When e-mail systems are used to conduct, support or document official business, the requirements to create and keep records in relation those business processes need to be carefully evaluated for existing systems and prior to the implementation of new systems.

Draft Guidelines for Managing Electronic Mail are currently being tested at two state agencies. Agencies are encouraged to review the Guidelines and implement their own procedures for the management of electronic mail messages based on the Guidelines.

11 Resources for Additional Guidance and Advice

Legal issues of state records creation, retention and access:

Records management and archival services:

  • Records Officer in your agency
  • Ohio Historical Society, State Archives
  • State Records Administrator

Sources Consulted

Archives Authority of New South Wales, Documenting the Future: Policy and Strategies for Electronic Recordkeeping in the New South Wales Public Sector, Sydney: Archives Authority of New South Wales, July 1995.

Australian Archives, Keeping Electronic Records: Policy for Electronic Recordkeeping in the Commonwealth Government, Commonwealth of Australia, 1995.

Brodie, Michael L. and Michael Stonebraker, Migrating Legacy Systems: Gateways, Interfaces and the Incremental Approach, San Francisco: Morgan Kaufman, 1995.

International Council on Archives, Electronic Records Committee, Guide for Managing Electronic Records from an Archival Perspective, Consultation Draft, June 1996.

Kansas State Historical Society, Kansas State Records Management Manual , June 1996.

New York State Archives and Records Administration, Center for Electronic Records, Building Partnerships Project, Final Report and Working Papers, Albany, 1995.

State University of New York, Office of Archives and Records Management, "Guidelines for Management and Preservation of Electronic Text Documents," SUNY Systems Administration, OARM, November 1995.

United Nations, Administrative Committee for the Co-ordination of Information Systems, Management of Electronic Records: Issues and Guidelines , New York: United Nations, 1990.

United States, National Archives and Records Administration, "Records Management Requirements for Electronic Recordkeeping," College Park, MD.: NARA, Office of Records Administration, 1996 (Draft).

University at Albany, Center for Technology in Government, "Models for Action, Project Concept Paper," Albany, NY, May 1996.

University of Pittsburgh, School of Library and Information Sciences, Functional Requirements for Recordkeeping .


Top of Page
Electronic Records Committee Home Page

No comments:

Total Pageviews