Future Proof – Protecting our digital future

Each month we report on the digital recordkeeping enquiries we receive in the Government Recordkeeping area at State Records. We want to share information about what recordkeeping issues are being discussed in the NSW public sector, publish the advice we are giving to government agencies about digital recordkeeping issues, help others who may be facing similar issues, and open up our advice to broader scrutiny and feedback. If you have opinions on what we say then please, please don’t hesitate to tell us!

This month we have had a host of enquiries and what is interesting is the very wide range of topics that these enquiries covered.  Business systems, social media, websites, digital signatures, the cloud,  shared drives, PDF/A – read on, there is something for everyone!

Implementing the Standard on digital recordkeeping

One large local government body asked us to examine their whole-of-organisation business system assessments. The organisation had done extensive work in identifying the Council’s key business systems and assessing these systems against the requirements of the Standard on digital recordkeeping. In their assessments it was interesting to see how cloud computing is finding its way into diverse government business processes and systems. Their assessments also pointed to the fact that it is still relatively common for business systems to not have data export functionality as a standard component.

Their assessments were excellent and the only real improvements we could suggest were to, where possible, cross reference their disposal requirements with each of their business system assessments. By cross referencing retention requirements with the detailed business and technical knowledge they had assembled, they could create some really powerful information management frameworks. For example, in their assessments they flagged a number of systems that are due for redesign or upgrade in the next 12-18 months. By cross-referencing these with retention requirements, they will be able to migrate and redevelop these systems with an awareness of how long the data within them needs to be retained. Because of the transactional nature of many of the business systems identified, they will map quite directly to only one or two classes in the organisation’s disposal authority.

We suggested that discussing explicit information retention requirements with vendors at system design could also be a very effective way of simply and routinely being able to purge time expired data at regular intervals, and also potentially partitioning other data and metadata that may need to keep for longer periods. Cross referencing the whole business system list to disposal rules will also give a good indication of the information that the Council is going to need to keep for long periods of time, and this may help to clarify what data formats may need to be supported, what better metadata capture may be required in the creation environment to better provide long term accessibility and accountability, what systems definitely require export capacity and what data is going to require ongoing management once the system it is in is retired.

Developing recordkeeping strategies for websites

One organisation wrote to say that they need to assess the recordkeeping requirements that apply to their organisational website, but are unsure about how to prioritise this based on risk assessments.

We wrote back to say that before you assess the website, you need to have a good awareness of the business that the different parts of the website are supporting. Basically, the level of risk applying to your web resources directly relates to the levels of risk applying to the corporate business that these different web resources document. So, in a university, web pages about student entertainment services would likely have a lesser risk rating than pages about student exam procedures because from a risk perspective, the University would be more concerned about being able to defend its public statements on examination requirements than about which bands were playing on a specific date.

Recordkeeping strategies developed for the web site would build on these different business priorities and risks, with pages about examination requirements perhaps being exported and managed longer term in an EDRMS while student band updates might simply remain in the content management system and be deleted from there when no longer required.

Digital signatures

One organisation asked about the legal admissibility of digital signatures and requirements for when outgoing correspondence needs a handwritten or digital signature. We told them that State Records does not have any specific requirements around whether outgoing records need to be signed by hand or electronically. Our advice is that as with many business decisions, the decision to use electronic/digital signatures (or to capture records with paper-based signatures) needs to be a risk based one that is dependent on the risks associated with your specific business. For key processes, it would certainly be recommended that you develop policies or guidelines on how units should sign-off and manage digital documentation. It would be essential to ensure that all units follow these practices and process. For example, if a Council had rules that the CEO personally signs certain types of correspondence such as contracts, then the organisation may make the decision that this correspondence with the signature must be scanned and kept as the official record, whereas a bulk email notifications to residents about a development application might only require the capture of the electronic signature.

In terms of State Records’ own practice, the majority of our business transactions are email based and so email signature blocks and addresses are regarded as sufficient ‘signatures’.  Where business is still traditionally correspondence or document based (such as a signed version of Board minutes), we capture a digitised copy of the signed letter or document to the file. We also have security controls and audit trail metadata activated in our EDRMS as additional forms of identity management. Access to all business systems is also via login and so identification metadata is also captured and managed via this means.

Advice was also provided on the legal admissibility of digital signatures, with reference to the Evidence Act and the Electronic Transactions Act. Essentially, digital records and accompanying digital signatures are legally admissible but organisations do need to be able to demonstrate that they have formal business procedures, standard processes for the use of digital signatures and that their systems and processes can generate authentic and accountable records of business. A copy of the National Archives of Australia’s Commonwealth Records in Evidence was also provided as this useful guidance applies equally in NSW.

Cloud-based recordkeeping

One organisation reported that they are receiving lots of emails with links to attachments that are not part of the email itself, but are hyperlinks to documents located in the cloud. They wanted to know what their recordkeeping requirements are in this scenario – should they just keep the email or do they need to download and register the linked document as well? Our advice was that they need to keep both components – the email and the cloud-based document as the full record of this transaction. The organisation will need the email for the business context – where the message came from, the time and date that the organisation became aware of it, the staff that it was sent to etc. Then the organisation will need the linked document itself as the actual record of what was being communicated. Both the email and the document combine to make the complete transaction. Neither the email or the document on its own provides sufficient evidence or information.

Use of financial management system for recordkeeping

One organisation is scanning invoices into its financial management system and would like to retain them in this system rather than its EDRMS. They were advised that the system should meet requirements of Standard on digital recordkeeping. They advised that it does, except for the fact that it cannot automate the disposal of records. We said that disposal of the records would need to be managed when the system was upgraded or replaced, and a strategy put in place to migrate any records that still need to be kept into a new system.

PDF/A

Although State Records has not issued any formal record format-related requirements, we have in guidance such as Managing digital records stated that some formats are more robust than others and have listed PDF/A as a more robust format that should be considered for records that need to be kept for long periods of time.

We have had a few enquiries lately asking whether we have preference between PDF/A-1a and PDF/A-1b. We do not have any preferences or recommendations in relation to these formats and have instead just provided information to enquirers about the differences between the formats so that they can make up their own minds about what is most appropriate for their business operations.

An overview of the information we provide is as follows: PDF/A is maintained by the ISO Standard, ISO 19005-1:2005. PDF/A differs from regular PDF because it does not require any additional outside information to display properly – it is a fully self-contained format which should make it more robust and sustainable through time. PDF/A-1a is a category in the general PDF/A standard and is the more onerous standard and is fully compliant with the PDF/A requirements outlined in ISO 19005. PDF/A-1a  is referred to as Level A conformance. PDF/A-1b is referred to as Level B conformance and it outlines the minimum compliance requirements for PDF/A. Both PDF/A-1a  and PDF/A-1b are supposed to provide exact visual reproduction of the original record content, but PDF/A-1a offers additional functionality on top of this.

We based this advice on advice provided on vendor sites http://www.soliddocuments.com/pdf/_standards_format/253/11 and http://www.alliancegroup.co.uk/pdf-a.htm and http://acrobatusers.com/tutorials/print/dusting_off_archives

Anecdotally we have heard that converting documents to PDF/A-1a has sometimes resulted in errors and larger file sizes, whereas PDF/A-1b conversions are at this stage less problematic.

Blog recordkeeping

One organisation wanted to know the recordkeeping requirements associated with their corporate blog. We said that under the Standard on digital recordkeeping, digital records need to be kept and managed if there is an ongoing business need for them. Given blogs are public facing and are often a key source of organisational information,  recordkeeping in these environments is usually important.

We said that how you keep these records is often driven by the blogging technology you are using. Some technologies enable you to export a copy of posts which you can then save as PDF or Word docs into recordkeeping system. Many blog technologies however have no simple export functionality and so in these systems you need to work out other strategies. For our Future Proof blog we have signed up for the RSS feed service offered on the blog and this emails a version of each new blog post whenever these are updated. This email is captured onto the relevant electronic file. The email does not automatically provide author details so we manually apply this information the email is registered. Comments on the blog are also sent through as emails by the blogging software so we also capture these into the recordkeeping system. Other organisations take screen shots, others export regular XML dumps and capture these. XML dumps are not terribly useful for access but they are very comprehensive and can provide a useful backup strategy for blog content.

Changing metadata

An organisation had a question about changing metadata values in their EDRMS when a person changes their name.  Specifically they were asking about issues with changing metadata author values when someone changes their name. EDRMS software constraints mean that when the user name is changed, anything authored by that person before the name change would be changed to reflect their new name.

Our advice was that you should not change existing metadata. It’s an unfortunate design flaw in EDRMS software that people have to make these kind of choices that do either impact on accountability or useability. Our advice was that you should create a new login for the new name and then investigate ways of mitigating useability impacts. Explore whether your EDRMS can connect users – ie provide a link between the former and current names and present search responses for both user names if required. It’s not an ideal option but could people who have changed their name could add their old name in brackets to document titles to again facilitate searching and useability. Alternatively, business units that regularly search on particular names could be advised when these names change and then develop their own business search rules to account for these changes. The re-writing of metadata is an accountability problem so we can’t recommend it, but unfortunately at this stage there are not many simple solutions to this issue.

We also received another enquiry about photo image metadata standards. We referred them to Queensland State Archives excellent publication, Managing digital photographic images,  We also listed the minimum metadata requirements in the Standard on digital recordkeeping which apply to all records, including photos. In case they are planning to use their images online, we also referred them to the Trove database run by the National Library which is based on Dublin Core. We said that simple metadata, built with interoperability and reuse is key, provided it also takes account of any specific business needs and internal search or management requirements that also might apply to the images.

Shared drives

One organisation has locked down its shared drives and is now looking at options for managing the records of mid to long term value that were created on the drive. They asked whether it is possible to migrate these records and the limited metadata created about them off the shared drive and into an EDRMS.

Unfortunately, at State Records we are not aware of any transfers from a shared drive to an EDRMS that have been able to capture both the record and the metadata. If these records are to be moved off the shared drive they will generally have to do a bulk import into the EDRMS with limited metadata and limited differentiation between all the documents. This means the organisation will be unlikely to be able to take advantage of the EDRMS’s classification, disposal, search and other management capacities. If the records need to be accessed regularly, it may be most efficient to leave them in the locked down shared drive environment, rather than move them to the EDRMS while they are still being actively used. Our final advice to the organisation was to lock the share drives down completely, ensure there are very good business procedures and requirements for using the EDRMS appropriately in business areas for any new records, and to allow the records to live out the rest of their business use periods and legal retention periods locked down in the share drive environment.

Media enquiries

We had enquiries from two journalists this month wanting to discuss government use of the cloud and social media. We spoke to both journalists about State Records’ research and advice in these areas and referred them to our RIB on Cloud Computing, our social media survey results and our Future Proof flyer on social media recordkeeping.

Designing and Implementing Recordkeeping Systems Manual

An organisation asked whether State Records still supports the DIRKS Manual. We replied that it is our belief that DIRKS still has great value for a whole host of recordkeeping projects. It is a methodology outlined in the International Standard on Records Management, ISO 15489, and is a scalable, flexible, yet comprehensive design approach that can be used in many ways, including to develop disposal authorisation, design a metadata schema or develop a new business system. So yes, we still like DIRKS!

Naming conventions for shared drives

We had an enquiry from an ICT manager about naming conventions for shared drives. They were referred to our guidance on managing share drives . The risks of managing corporate information in shared drives were also outlined and the ICT manager was given the contact details for their corporate records manager so that these two staff could talk and discuss the best mix of strategies for effectively managing their corporate information.

Conversion format for VHS videos

One organisation asked about formats for the conversion of VHS videos and was referred to the ‘Managing audio and video recordings section’ of the Managing Digital Records guideline. They were also told that once they had been converted, the old video tapes would need specific disposal authorisation as the disposal authority for Source records that have been Migrated (GA33) does not encompass analogue source records.

Email

One organisation wrote in to say that when emails are saved in their system, the way they are saved means that the formatting, text size, font style, and spacing can appear different to how they were in the original email. They wanted to know whether this was allowable under State Records’s requirements. We wrote back to say that under the State Records Act, records must be authentic and reliable, must have integrity and must be useable. To ensure that email messages are authentic and reliable, they should be captured with details of their transmission (e.g. date and time sent and/or received), details of the sender and receiver (e.g. name, position and organisation) and attachments or enclosures with the message. Capturing this information will ensure that the message can be relied on as a full and accurate record. Aspects of emails such as format and text size may not be ‘essential characteristics’ as it is likely that these aspects of a message are not essential to its meaning, i.e. it will still be possible to understand the email message and use it as evidence if the formatting, text size, font style and spacing have changed.

The benefits of going paperless

A number of organisations seem to be assessing the benefits of going paperless and one organisation wrote asking for advice on how they could obtain organisational support for moving from paper based recordkeeping to digital recordkeeping.

We provided case studies of the NSW Police and the Department of Education who had found business benefits in transitioning from paper to digital processes. We also noted that  most business is purely digital nowadays and much of it cannot be represented in paper form.  If organisations insist on paper based recordkeeping practices business areas often do not realise that their digital information is actually a business record, as they don’t see it as something that fits within corporate recordkeeping frameworks. This information is therefore not captured in official corporate systems and this is a significant and increasing risk in many business environments.

Digital disposal

We received an enquiry about the disposal rules that apply to the retention of backup tapes, with particular reference to email backups. Our advice was that the disposal of backups is covered by normal administrative practice (NAP). We emphasised that backups are not a recordkeeping solution or system and should only be used for and regarded as disaster recovery mechanisms. We said that the records in the systems being backed up are official records and should be captured in recordkeeping systems and should not be managed in email networks or backup systems. These records will need to be kept for different periods depending on the retention rules outlined in the retention and disposal authorities issued by State Records.

We also received another enquiry about documenting digital disposal. The enquirer was told that essentially the same requirements that apply to the documentation of paper disposal apply to the documentation of digital disposal.

Digitisation

We received many enquiries about the appropriate processes for disposing of original paper records after they have been scanned, for the business procedures that need to be developed to support good scanning practices and for the business rules that should be established to enable good quality and accountable scanning practices.

So that was August! If you have any feedback, questions or advice for us, please do get in contact.