Implementing the Standard on digital

recordkeeping

Why? What? When? How?

Why a digital recordkeeping standard? Government has set a goal of ‘compliant digital recordkeeping’

by 2012 (Cabinet decision Nov 2006)

Existing recordkeeping standards not suitable for systems development / testing

Government business will be better supported by systems that comply

Reduced risk

Online business enabled

Management of digital information explosion

Digital records easier to manage over long term

What is the standard all about?

Defining digital records that your organisation wants to make and keep

Ensuring those digital records are kept in digital recordkeeping systems that will ensure their integrity and accessibility for as long as they are required

Maintaining adequate information about recordkeeping systems to manage them and the records they contain efficiently and cost effectively over time

What are digital records? A digital record is digital information, captured at a

specific point in time that is kept as evidence of business activity.

Digital records means:

'born digital' records such as emails, web pages, digital photographs, digital audio files, GIS files or database records, as well as

scanned versions of paper records that have been digitised in business processes.

What is digital recordkeeping? Digital recordkeeping is routinely saving digital records

into systems where they can be managed properly and made available as needed.

A good digital recordkeeping system can implement access, disposal and other rules so that digital records are managed as efficiently as possible.

Information Asset Management Software (IAMS) tools such as Electronic Document and Records Management System (EDRMS) or Enterprise Content Management (ECM) products often form the core of digital recordkeeping systems.

What are digital recordkeeping systems? A system that captures, maintains and provides access to

digital records over time. A digital recordkeeping system can be:

a business system with recordkeeping functionality, or

a business system linked with a dedicated records management / information asset management system, or

a dedicated records management / information asset management system.

What are the requirements?

Section 1: Minimum requirements for digital recordkeeping system functionality

Section 2: Minimum requirements for recordkeeping metadata

Section 3: Minimum requirements for recordkeeping metadata management

Requirement 1.1

The public office must define the digital State records that it will make and keep.

Note:

The level of detail used by the public office to define the digital records to be made and kept should be adequate for implementation purposes and based on an assessment of the risk associated with the records and the business they document.

Requirement 1.2

The digital State records that the public office has defined must be captured into an official digital recordkeeping system.

Note:

A digital recordkeeping system can be: a business system with recordkeeping functionality, or a business system linked with a dedicated records

management / information asset management system, or a dedicated records management / information asset

management system.

Requirement 1.3

Any digital recordkeeping system used for keeping official records must possess the following functionalities:

capture read only versions of digital records

retrieve and present digital records in human readable form

restrict or permit access to records by specified individuals or groups

capture and manage the minimum required recordkeeping metadata as defined in this standard.

Requirement 2.1 Digital records must be captured into a digital recordkeeping system with:

unique identifier

title

date of creation

who/what created the record

the business function/process it relates to

the creating application

record type (e.g. letter / memo / report / contract / fax / schematic / blog, or locally defined types)

Requirement 2.2Any of the recordkeeping processes (listed below) that are performed

on a record must be documented with:

the date of the action

identification of who/what undertook the action

what action was undertaken

The recordkeeping processes are:

registration into a recordkeeping system

apply or change access rules

transfer of control

destruction

migration

Requirement 2.3

The transfer of control or destruction of records must be documented with:

process metadata as above

an authorisation reference for the transfer or destruction (e.g. FA234 2.4.5; GA27 1.2.3; By court order etc.), and

in the case of transfer of the records, the name of the receiving organisation (e.g. Dept of X; State Records).

Requirement 2.4

At least the minimum required recordkeeping metadata as specified in this standard must be persistently linked with digital records and aggregations of digital records, including when they are transferred out of their original creating environment and through subsequent migrations.

Requirement 3.1

Recordkeeping metadata must be disposed of in accordance with the requirements of the State Records Act.

Requirement 3.2

Metadata mappings from the minimum requirements of this standard to organisational digital recordkeeping systems must be documented and maintained, including any changes to these.

When do I have to comply? By 30 June 2009:

For any new systems introduced from this date: digital records are defined, systems have minimum required functionality and metadata, mappings to the standard are prepared

For all existing recordkeeping systems: metadata is disposed of in accordance with relevant disposal authority

By 30 June 2011:

For all existing recordkeeping systems that support high risk business processes: digital records are defined

By 30 June 2012:

For all existing recordkeeping systems that support high risk business processes: systems have minimum required functionality and metadata, mappings to the standard are prepared

How to comply

Identify high risk business processes

Define digital records

Assess system functionality and metadata, bridge gaps between requirements and systems

Prepare metadata mappings

Identifying high risk business processes Use documentary sources: business classification scheme, workflow

definitions, FRDA, Annual report, audit reports, external investigations

Conduct interviews: risk manager, legal staff, line managers, CIO, CEO

Map high risk business processes to system(s)

Document and obtain sign off

Resources:

The DIRKS Manual - Strategies for Documenting Government Business – Step A ‘Preliminary investigation’ and Step B ‘Analysis of business activity’

Defining digital records At a level that is “adequate for implementation purposes and based

on an assessment of the risk associated with the records and the business they document.”

For example: Process: ? Recordkeeping requirements: ? Records defined: ?

Suggest that you define and consider remedial work to be done at same time to ensure feasibility of recordkeeping strategy

Resources: The DIRKS Manual - Strategies for Documenting Government

Business – Step C ‘Identification of recordkeeping requirements’ AS 5090-2003 Work process analysis for recordkeeping

Assessing systems & bridging gaps

Measures to bridge the gaps might be: Technological Policy based Based on re-engineering the workflow A combination

Resources: The DIRKS Manual - Strategies for Documenting Government

Business – Step D ‘Assessment of existing systems’ and Step E ‘Identification of strategies for recordkeeping’

ICA Guidelines and Functional Requirements for Records in Electronic Office Environments

Defining recordkeeping metadata

As part of design/redesign of systems

List how each element required under standard is implemented in the recordkeeping system – including system fields and business rules for users

Consider use of encoding schemes to aid automation

Resources:

Sample metadata mappings available in Appendix B of the Standard

AS ISO 23081 – 2007 Information and documentation – Records management processes – Metadata for records

NSW Recordkeeping Metadata Technical Specification v2 (2009)

Tools to assist with implementation

Standard on digital recordkeeping

Metadata specification (due early 2009)

IAMS contract and tool

Specifications for recordkeeping in business systems

GRDA for migratedrecords

Guidelines on managing

digital records(due early 2009)

Future Proof blog

Questions?

Cassie Findlay

Senior Project officer, Government Recordkeeping

Cassandra.findlay@records.nsw.gov.au

(02) 8247 8629

www.records.nsw.gov.au