Recordmaking vs.
Recordkeeping Systems: Making
Sure IT Doesn’t Get Blindsided
Rick Barry, Principal, Barry
Associates
Virtual Handouts @
www.mybestdocs.com
© 2004, R.E.Barry
1
About “Recordmaking vs. Recordkeeping
Systems: Making Sure IT Doesn’t Get Blindsided”
Major systems that produce records—
recordmaking systems
How these relate to systems that
properly manage records—
recordkeeping systems
Options for getting them into line
How compliance requirements and
standards can help
Futures
© 2004, R.E.Barry
2
Stats
Stats: Indicative trends; Hide standard deviations
Information production: World population: 6.3 billion. ~ 800 MB
of recorded information produced p.c., p.a. Equivalent: ~ 30’books
Print, film, magnetic, optical storage media produced ~ 5
exabytes of new info in 2002. 92% magnetic media—mostly HDs
 1 exabyte = 1024 petabytes, each of which = 1024 terabytes
 5 exabytes? If digitized with full formatting, the 17,000,000
books in the Library of Congress contain about 136 terabytes;
5 exabytes is equivalent to info contained in 37,000 new
libraries the size of Library of Congress
Email: Average users in US spend 25+ hrs per month on Internet
at home and 74 hours at work. 19% use to do research for work
IM: 31% U.S. business Internet users used IM >/ once in May ‘02
WWW: 2000 estimated public (surface) Web volume: 20 to 50
terabytes; 2003 measured volume: 167 terabytes - 3X
BrightPlanet estimates deep web ~ 66,800 and 91,850 terabytes.
Blogs: 2003: ~ 2.9 million active weblogs containing about 81 GB
Source: “How Much Information? 2003,” UC Berkeley's School of Information Management
and Systems, http://www.sims.berkeley.edu/research/projects/how-much-info3
2003/execsum.htm
© 2004, R.E.Barry
USS Blue Action Report Re Dec 7, 1941: Excerpt
Recordmaking systems
Create documentation that meet
commonly accepted definitions of
records
Virtually all digital systems used to
create, communicate and record
business in support of business
processes (BPs)
© 2004, R.E.Barry
Human to human
Human to system
System to system
System to human
5
Core Recordmaking Systems
Old fashioned office systems, email, EDMS; new
fashioned instant messaging (IM) systems
Back room – Enterprise Resources Planning (ERP)
(SAP/PeopleSoft/Oracle/JDE)—finance, HR
Indiana Univ. project
www.indiana.edu/~librarch/phase.html
“OneStart/EDEN – A Description of IU's
Transaction Processing/Recordkeeping
Environment" by Rosemary Pleva Flynn
mybestdocscom Guest Authors
Front room – CIM, CRM
 Integrated voice/text/data systems
Workflow, forms management
Facility Management (CAD/CAFM/CMMS)
Business intranets, extranets, websites, blogs
© 2004, R.E.Barry
6
Survey of IT Directors
Association
23 CIOs, CTOs, IT Directors of South Carolina
State Agencies
What functions and systems were they
responsible for?
What kind of systems had their organizations
implemented?
What did they see as the major issues,
including electronic record
© 2004, R.E.Barry
7
CIO Organizations With/Without
Responsibility For:
100
IT
80
IM
60
Telecom
40
RM
20
Web Tech
0
%
Web Content
n = 23
© 2004, R.E.Barry
8
Major Systems
Implemented
100
WWWsite
80
Intranet
60
Extranet
40
EDMS
20
ERP
EDMS+
0
%
n = 23
© 2004, R.E.Barry
9
Topics Deemed Major Concerns
What main concerns face your IT Departments?
1=not at all/minor
Info Security
Staff Users
Elect Recs
Communicate
Public Users
Legacy Sys
Email
e-Gov
Text Sys
Multimedia
Other
70
2=somewhat
70
3=Major
60
50
40
30
20
10
48 48
43
39
26 26
22
9
4
4
0
% n = 23
Other: Continuing operations under current Legislative ‘Budget Priorities’
© 2004, R.E.Barry
10
CIO Organizations With/Without
Responsibility for Recordkeeping
7
30%
10
70%
8
With RK
6
W/O RK
4
With RK
Without RK
2
16
n = 23
Is your organization responsible
for records management?
0
ER-1
ER-2
Q: What main concerns face your ITD?
Electronic Records?
1=not at all/minor
© 2004, R.E.Barry
ER-3
2=somewhat
3=Major
11
Findings/Conclusions
E-recs tied for 2nd place among concerns
About 30% felt that the balance in their org was too
much on IT, too little IM
About 90% responsible for IM, 70% RM and ~½ for
web content
Nearly all operating websites & intranets; few had
EDMS, ERP systems or EDMS+ (EDMS + 5015)
Directors with RM responsibility for RM saw e-recs
as major issue
Directors without RM responsibility saw e-recs as a
minor or no issue
Responsibility for e-recs brings respect for issues
© 2004, R.E.Barry
12
Recordkeeping Systems (RKS)
ISO 15489 defines “records” as: “information
created, received, and maintained as evidence
and information by an organization or person, in
pursuance of legal obligations or in the
transaction of business” with following
characteristics: authenticity, integrity and
usability.
It defines “records system”: information system
which captures, manages and provides access
to records through time.
© 2004, R.E.Barry
13
Recordkeeping Systems (RKS)
Most, not all, business communications = records
What characterizes records? Content, context,
structure. Not technology platform.
Importance of the BP determines the value of
records they produce.
Assessment of BPs is how:
 value is determined
 disposition management policy is applied
Keep or not? If so, how long? Specified # yrs/Indefinite?
 disposition is carried out
All records can constitute legal evidence. They
can also be challenged as legal evidence.
© 2004, R.E.Barry
14
Trustworthy Recordkeeping Systems
Systems with robust archives & records
management (ARM) functionality for records
capture, maintenance of integrity, long-term
preservation & disposition management: Univ.of
Penn. Functional Requirements for Evidence in
Recordkeeping:
http://web.archive.org/web/20000818163633/www.si
s.pitt.edu/~nhprc
Trustworthy Electronic Recordkeeping Systems are
generally accepted as maintaining the integrity,
accuracy, authenticity and accessibility of electronic
records.
 Information Nation, Seven Keys to Information Management
Compliance, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004
 “Best Practices for Document Management in an Emerging
Digital Environment” by R.Barry,1994, www.mybestdocs.com,
15
Other Papers section
© 2004, R.E.Barry
Ergo:
A trustworthy recordkeeping system:
Maintains and permits continuing
management of records in a manner
consistent with rigorous recordkeeping
requirements and standards
Maximizes likely acceptance as evidence
A records management application
(RMA) is the software component of a
broader recordkeeping regime to
facilitate management of records
Most RMS are not RKS
© 2004, R.E.Barry
16
DoD 5015.2 Records Management
Applications standard
Meets minimal requirements for trustworthy
recordkeeping
Recommended by Archivist of US for all
federal agencies
www.archives.gov/records_management/policy_and_guidance/b
ulletin_2003_03.html
Most portions are applicable to private sector
About 60 products, product partnerships
certified under 5015.2 http://jitc.fhu.disa.mil/recmgt
© 2004, R.E.Barry
17
What 5015.2 Requires
RMAs shall provide capabilities to:
 Define file plan - record categories/series and
their associated disposition schedules
 Identify/declare records, provide context
 Store, preserve, protect electronic records
 Search for and retrieve electronic records
 Track records’ disposition schedule status
 Execute disposition instructions - cutoff,
transfer, destroy
© 2004, R.E.Barry
18
Beyond 5015.2 (V2 June 2002)
Possible topics for inclusion in V3
Incorporation of standard data elements
Interoperability within enterprise
environment/among disparate RMAs
Manual transfer of electronic records to NARA
Direct transfer of electronic records to archives
Minor changes in security section reflecting
recent amendment to Executive Order on
national security
Migration of some non-mandatory features to
mandatory, e.g., extraction/redaction, more DM
© 2004, R.E.Barry
19
FUTURES
Not necessarily a world of our making
Not necessarily one we want to see emerge
But one that is changing the way we must do
business and manage records
Few people are asking for our advice
And no one is asking our permission
© 2004, R.E.Barry
20
Futures
Business:
Increased focus on BPs as links between strategic
aims & assets: human, financial, facilities,
technology, information
More multi-national/international business
transactions & operations
Greater emphasis on post-911 info security needs
Further globalization of business transactions
under multiple RK/FOI practices and laws
Continued concerns over privacy issues
Legals:
Growing court discovery judgments—e-records
Efforts to harmonize e-bus laws/regulations
internationally
De facto changes in business law definitions of
records by lawyers with no ARM background
© 2004, R.E.Barry
21
Technology:
Futures
Tighter integration of BP & technology
 Greater consolidation of business-process
based: records, compliance, information security
and risk management
More standards: IM, RM, IT; increased use of open
source platforms (Linux www.linux.org/,
OpenReader www.openreader.com)
Ubiquitous recordkeeping
Burgeoning of wireless, natural language and video
business applications. More multimedia records
Computer-aided records detection, capture,
classification
More advanced personal electronic records tools
Business, government take-up of hip technologies—
IM, blogs, integrated mobile phones/PDAs, game
22
technologies for business purposes
© 2004, R.E.Barry
For more on blogs and other
such things…see
WWW.MYBESTDOC.COM
© 2004, R.E.Barry
23
www.mybestdocs.com
© 2004, R.E.Barry
24
Recordmaking Implications
Technology doesn’t (yet) change
‘recordness’ of documents/objects
Technology dramatically changes the ways
we must manage records
‘Hands-off’ recordmaking by computers
Location-independent computing –
universal workspace
Records created in homes, hotels, temporary
offices & outsourced organizations
Employees need remote access to records;
security
Workers need records in different
renditions/formats
25
© 2004, R.E.Barry
ARM Implications
Large-scale system replacement of legacy
recordmaking systems
1 ERP supplants many legacy ‘paperful’ systems
Systems producing massive volumes of records
without own recordkeeping capabilities
Web pages very dynamic
Public- or customer-facing Web pages often
reflect changing enterprise understandings or
commitments to public or other clients. Often
only place where records exist (See “Web Sites as
Recordkeeping and “Recordmaking” Systems, by R.E.
Barry, Information Management Journal, Nov/Dec 2004.)
New systems may use email/instant mail
interface; no humans involved
Records produced but not managed = risk
© 2004, R.E.Barry
26
Which way to turn?
© 2004, R.E.Barry
27
CEOs
Get up on top of the issues. Number of stakeholders
requires CEO to make it happen.
Put recordkeeping on your strategic agenda. Take
another look at organization/staffing of ARM
Call for risk analyses
 Revisit Y2K risk analyses, audits
 Do it in-house: See “Best Practices” paper with checklist at
www.mybestdocs.com in Other Papers
Provide management mandate to make high-risk
recordmaking systems into trustworthy recordkeeping
systems
Build alliances to keep you informed of risks, options
 Representative program managers, CIO, ARM manager,
general counsel, auditor, facility manager
 Adopt as enterprise standards:
 ISO 15489 for regime-level records management
 DoD 5015.2 for ECM system-level records management
 Metadata, document-access standard
 Others standards and regulations appropriate to business
© 2004, R.E.Barry
28
Standards
Unlike laws, regulations, standards are voluntarily
adopted or mandated by organizations as policy
ISO 15489 Records Management Standard—broad
recordkeeping regime standard
5015.2 Records Management Applications (RMA)
Standard (US DoD)—software standard
Metadata standards required for information discovery
 Dublin Core http://dublincore.org/; W3C Recommendation 10
Feb 2004 www.w3.org/TR/rdf-primer/
 Australian National Archives AGLS Metadata
www.naa.gov.au/recordkeeping/gov_online/agls/metadata_element_set.html
 XFML Core - eXchangeable Faceted Metadata Language
http://xfml.org/spec/;+RK elements
Long-term document access standards
 TIFF + ASCII; PDF, PDF-A, OpenReader
© 2004, R.E.Barry
29
Chief Counsels
Compliance Laws/Regulations
CFR 21 Part 11 Title 21 Federal Regulations Code:
Electronic Records; Electronic Signatures
www.fda.gov/cder/gmp/index.htm
www.fda.gov/ora/compliance_ref/part11/
Freedom of Information
www.usdoj.gov/oip/foia_updates/Vol_XVII_4/page2.htm
HIPAA—Health Insurance Portability &
Accountability Act www.hhs.gov/ocr/hipaa
ADA Section 508—Americans with Disabilities Act
www.section508.gov/
SOX—Sarbanes-Oxley Act of 2002
www.law.uc.edu/CCL/SOact/soact.pdf
www.sec.gov/divisions/corpfin/faqs/soxact2002.htm
SEC Rule 17a-4 -- Records to Be Preserved by
Certain Exchange Members, Brokers and Dealers
www.law.uc.edu/CCL/34ActRls/rule17a-4.html
© 2004, R.E.Barry
30
What’s wrong with this picture?
Finance
Legal
HR
Published here with the kind permission of Kevin Lindeberg.
© 2004, R.E.Barry
31
CIOs/ITDs, ARM Managers: Getting
recordmaking systems into line
ECMS+: also tested, certified/approved RMA
 Centralized IT is back; but scalability remains an issue
Pairing: Port products of ECMS, EDMS, ERP and
other recordmaking systems into a trustworthy
RMA or ECMS+/EDMS+ recordkeeping
Upgrade recordmaking system to become a
trustworthy RK systems—embed recordkeeping in
business processes
Hybrid of above
 Whichever way: implement at enterprise IM-IT
architecture level
 Implement small. Plan enterprise.
© 2004, R.E.Barry
32
Procurement/Acquisition Managers
Require bidding documents to require bidders to:
 Commit to maintain 5015.2 certification
 Specify which “Additional Baseline Requirements,”
(C2.2.10) features are supported by its product(s)
vs. expected of the user organization
 Specify other compliance requirements supported
by its product(s)
 Include costs of data conversion from legacy
information (including electronic records) to
proposed system
© 2004, R.E.Barry
33
Developers of B2E, B2B, B2C
Design systems for ARM
compliance
Partner with a certified RMA until
you get your own
Gain 5015.2 or similar certification
for use in other countries
Provide further functionality for
major compliance requirements
Adopt ISO/DoD standards for own
internal
operations
© 2004, R.E.Barry
34
CIOs and IT Directors
Take your archivist/records
manager to lunch
© 2004, R.E.Barry
35
Archivists & Records
Managers
Pay for the lunch
Ask the CIO to pay for the system
© 2004, R.E.Barry
36
www.mybestdocs.com
© 2004, R.E.Barry
37