Key digital recordkeeping enquiries July 2012 August 2, 2012

This post is part of a new series where we report on some key digital recordkeeping enquiries received each month and the responses given. We hope that this information can assist others in managing their digital recordkeeping challenges. If you have feedback on the advice we have given or if you have additional suggestions, we would love to hear it.

It’s been another busy month for enquiries! Lots of organisations are being really proactive about assessing their business systems, managing business risks and understanding their requirements to make and keep records in the digital business environment.

This month we have featured some enquiries on digital ways of doing business, digital disposal, compliance with the Standard on digital recordkeeping , the definition of records and retention periods, SharePoint, cloud computing and the ever popular digitisation.

Digital business

This month we were approached by a number of councils enquiring whether there was any requirement in the State Records Act or our standards for them to create hard-copy minutes of council business (in addition to their electronic minutes). Councils can choose whether they keep minutes in hard copy or digital format. The only requirement State Records has is that if the minutes were created in hard copy prior to 2000 they cannot be destroyed after digitisation. See Disposal of original paper records after digitisation in the Managing digitisation programs and projects guidance for more information.

An organisation also enquired about whether corporate logos need to be captured with emails. The important thing when capturing email messages is that they can be full and accurate, authentic and reliable. They should be captured with details of their transmission (e.g. date and time sent and/or received), details of the sender and receiver (e.g. name, position and organisation) and attachments or enclosures with the message.  If the organisation decides that corporate logos do not need to be captured as an essential part of the record in order for it to be authentic and reliable, this decision and the way in which this will be achieved need to be documented. Interestingly, capturing corporate logos could potentially hinder the useability of the records if it affects their ability to be accessed or preserved for as long as required.

Compliance with Standard on digital recordkeeping

A number of organisations have enquired about compliance with the Standard on digital recordkeeping. They were referred to the Short guide to implementing the standard on digital recordkeeping and RIB 42, the Checklist for assessing business systems. They were also referred to a number of blog posts about defining and managing risks, high risk business and EDRMS implementations.

We also liaised with some organisations who are doing fantastic work in assessing the recordkeeping capacities of their high risk business systems, and who are developing pragmatic and sound approaches to improving any recordkeeping gaps they identify.

One organisation contacted us about a business system their contractors are using for construction which captures emails, contracts and other documentation. They asked whether these need to be in a particular format for archiving, such as PDF-A. State Records does not require records in a particular format. However, it is important in this kind of arrangement to ensure that when the organisation receives the records from the business system they can be read and searched without having to rely on proprietary software. In addition, they should not be kept on CD as these tend to be put away and forgotten about or lost. The records should be kept in a secure location and in a form that is easy and sustainable so records can be read and used. It is important also to keep metadata from the system to give the records context.

Digital disposal and retention periods that apply to digital records

Two organisations have been in contact this month to ask specific questions about record retention periods so that they can start to build this information into internal audit assessments for business systems and into system design and management criteria. We really applaud these types of proactive approaches to developing sound information management environments in digital business systems using existing disposal tools.

Another organisation sought out advice about the definition of records and retention periods for tendering documentation. We referred them to the retention requirements in the General retention and disposal authority for administrative records and indicated that the Authority outlines MINIMUM retention periods. Organisations should consider their internal business needs for the records and may choose to keep the records for longer periods should they have business needs to do so. Tendering activities are often highly scrutinised and there is the potential for corruption. As a result it is an area where it is important to keep detailed records that can be used to demonstrate organisational accountability in cases where the tender process or the award of the tender is questioned. Records should be retained in formats and systems where they can be maintained for as long as they are required.

SharePoint

A number of organisations wanted to know if they could meet mandatory requirements for recordkeeping using SharePoint. If SharePoint 2010 is implemented ‘out of the box’ (i.e. with little configuration of the available features and settings), it has limited capacities for capturing and keeping records in a way that supports their ability to function as authentic evidence of business. Its main weaknesses relate to:

  • its ability to easily capture email messages as records
  • its ability to capture, protect and maintain point of capture and recordkeeping process metadata for as long as required (e.g. if records are imported from shared or network drives to SharePoint, by default the date the record was created will be replaced with the date the record was imported to SharePoint and the name of the record’s creator will be replaced with the name of the person who imported the record)
  • security (security caveats and hierarchical security are not available in SharePoint; add-on software must be implemented to provide this functionality)
  • its ability to export records to another system if they need to be maintained beyond the lifespan of the SharePoint implementation or to State Records if they are required as State archives or to another organisation in the event of administrative change (e.g. records exported from SharePoint lose certain contextual metadata, only retaining any metadata embedded in each record)
  • its ability to manage vital records and physical records.

Earlier versions of SharePoint (including SharePoint 2007) have more limited recordkeeping capabilities and do not manage records appropriately.

The Wise Technology Management assessment of SharePoint against the International Council on Archives’ principles and functional requirements for records in electronic office environments found that with the right configuration and add ons, a high degree of recordkeeping functionality can be achieved. There are certainly a number of organisations in NSW Government and elsewhere involved in exciting work to develop SharePoint, particularly with regard to automating the capture, classification and management of records (i.e. so that the involvement of users is minimal). However, it is important to remember that this all requires considerable planning and configuration.

State Records has just released an exposure draft of guidance on the recordkeeping capabilities of SharePoint 2010.

We have also been liaising with another organisation who is planning the migration of a SharePoint system.

Cloud computing

We received more enquiries about State Records requirements in relation to cloud computing. Essentially, under the State Records Act, it is illegal to transfer records out of the State of NSW without permission. We have given permission in a General authority – Transferring records out of NSW for storage with or maintenance by service providers based outside of the State (GA 35). Permission is only granted if certain conditions are met.  In particular public offices must:

  • assess and address the risks involved in taking and sending records out of the State for storage with or maintenance by service providers based outside of NSW
  • ensure the service providers facilities and services conform to requirements in standards issued by State Records
  • ensure contractual arrangements and controls are in place to ensure the safe custody and proper preservation of records
  • ensure that the ownership of the records remains with the public office
  • monitor the arrangement to ensure the service provider is meeting relevant requirements.

Further information is available in Recordkeeping in brief 54 Storage of State records with service providers outside of NSW.

State Records has recently released FAQs about cloud computing (RIB62). We also produced a two-page flyer Managing recordkeeping risk in the cloud which includes a list of what you should ask service providers before entering into cloud computing arrangements. There are also a number of blog posts on cloud computing (see the categories listing to the right of this page).

Digitisation

One organisation enquired about PDF formats for digitisation. It is generally accepted that PDF/A-1 is the better ‘archival’ format for PDF. PDF/A-1 has fewer “bells and whistles” than traditional PDF which minimises future migration requirements. PDF/A-1 is more open than traditional PDF because it is maintained by the International Standards Organisation, not one specific vendor. The other option here is uncompressed TIFF; this has the advantage of being smaller file size, less complex and more open. They organisation was referred to the guidance Managing digitisation programs and projects on State Records’ website for further information about digitisation.

Another organisation enquired whether they need to keep paper originals for quality control if they scan, register the images into their EDRMS and check them straight away (as part of a business process digitisation program). They had noticed that we recommend retention of the originals for a minimum of 6 months or 1-3 months for low risk records to allow for quality checking. In this case it is up to organisation to manage its risk. If they are satisfied with the instant check and destruction of the original they can use this method. However, they might want to consider keeping the originals for a short period of time in case working on the records reveals missing or illegible scans. All choices about quality assurance measures should be documented.

Workshop on assessing recordkeeping risk in business systems

This month we ran another of our very popular free workshops. Again it was very well attended and again we had a range of participants with different levels of work experience in relation to digital recordkeeping: quite a few of the participants are still working with paper-based recordkeeping systems and others have very digital-based work environments. Because the workshop is very case study and discussion-based, there is scope for a very wide range of issues to be discussed and so we covered issues such as digitisation, migration, implementing new business systems, transitioning out of paper-based environments, pragmatic and scalable solutions to digital recordkeeping challenges and a range of other topics.

We intend to run the workshop two more times this year – on 12 September and 18 October in State Records’ Sydney city office. If you are interested in registering for either of these sessions, please contact govrec@records.nsw.gov.au

Further information about the workshop is available via the Training section of the State Records website.

Any other questions?

If you are from the NSW public sector and have an enquiry about digital recordkeeping, please contact govrec@records.nsw.gov.au Note: As resources are limited there may be some delay in responding to your enquiry.

 

Leave a Reply

You must be logged in to post a comment.