2. Keep your digital records in recordkeeping systems (Guideline 22)
- 2.1 What is a recordkeeping system?
- 2.2 What systems should be recordkeeping systems?
- 2.3 What systems are not recordkeeping systems?
- 2.4 What if we don’t have recordkeeping systems?
- 2.5 Plan for disaster protection and recovery of your systems
- Other topics
Digital records will only have value for your organisation if they are accessible and if you can preserve their authenticity and integrity. A recordkeeping system is a system that captures, protects and provides access to records over time. Recordkeeping systems therefore make records accessible and also employ the necessary controls that can ensure record authenticity and integrity. They are necessary business tools for the use and preservation of your digital records.
Capturing or saving digital records into a recordkeeping system helps to demonstrate and preserve their authenticity and integrity. It also means that records are:
- stable and fixed in content and form
- easily accessible
- linked to metadata detailing their technological dependencies
- managed according to specified business rules
- protected against unauthorised action
- linked to their business context, and
- retained for the correct length of time.
Only when records are subject to the controls of a recordkeeping system will they gain the necessary context and safeguards to be able to survive over long periods of time and function effectively as evidence of business.
A good recordkeeping system:
- provides comprehensive access to all records of a particular business activity, at all relevant periods of its operation. For example, a good system will enable you to capture all revisions to a building’s design, all comments received, full project briefs, reports and associated correspondence, and
- contains recordkeeping controls that support the efficient management of records, in ways that preserve their authenticity, integrity and useability.
It is important to remember that a recordkeeping system is not just a software application. It is also the policy, procedures, people and business rules that are used to control and support the application.
The necessary functionality of a recordkeeping system is outlined in State Records’ Standard on digital recordkeeping.
Any system in your organisation that is used to perform business and which is required to maintain records of that business should be configured as a recordkeeping system.
Recordkeeping systems have no standard form. For example, a recordkeeping system could be:
- a business system with recordkeeping functionality, such as a database that has been configured to keep certain tables as records
- a business system linked with a dedicated records management / information asset management system, such as an online transaction system that has been linked to a dedicated records management system so that all online transactions are automatically captured in the records system eg some councils have linked their software for managing development and building applications with a records system so that all records are captured in the records system
- a dedicated records management system or an information asset management system, such as those listed on the Contract 2602 - GSAS information asset management systems (IAMS) software applications.
Case study: Gosford City Council
Like many local government authorities, many of the key business functions performed by Gosford City Council are reliant on accurate geographic data.
The Council has put in place practices to try to ensure that its geographic business system functions as a recordkeeping system.
Given geographic data is the basis for key council functions such as land use and planning, roads, waste management, parks and reserves, development and building controls, rates and valuations etc, the Council has configured its Geographic Information System (GIS) to ensure that the geographic data used as a key input into these business operations is as accurate as possible and is managed as a record.
To ensure data in the GIS is accurate, detailed quality assurance and quality control processes have been implemented by Council to regularly test the accuracy of GIS information. Records are kept of these assessments. In addition there are Corporate GIS Policies and Procedures which cover items such as access, data creation, editing/maintenance, application development, data capture, map production and data provision to external customers to again control the quality of the data in the system.
Because the GIS is not itself configured as a recordkeeping system, the Council has a policy of performing an XML export each quarter of the Corporate GIS database including metadata, users and permissions. These XML files are then registered into the Council recordkeeping system. This provides a regular, fixed record of the geographic information that was used at any one time as the basis for Council decision making. In this way Gosford Council has integrated recordkeeping into their business operations to provide accountability for their decision making and to improve their business practices.
Depending on the size of your organisation and how it performs its business you may need or have one recordkeeping system in your organisation or you may need or have dozens.
Recordkeeping systems keep and manage records and make them useable. By managing records they preserve their integrity and facilitate their long term preservation.
The following gives some examples of systems that should not be used as recordkeeping systems.
A backup system is not a recordkeeping system
Backup systems capture a complete image of a file server at a particular point in time. They serve disaster management purposes, allowing data to be restored as it was at that particular point in time. Backup systems are not recordkeeping systems and cannot be relied upon as the means maintain your organisational records.
Backup systems cannot be used as recordkeeping systems because:
|Backup systems provide very limited and difficult access to records||Backups are run incrementally to capture changes to data over time. This means that all files modified over any given week are scattered over a number of backup data sets. This makes it difficult to locate files.
Users themselves cannot easily access backup data. If backups are used to store records it means that users have limited access to corporate information and this limits business efficiency. IT staff are also required to mediate access to backups and this limits their productivity as accessing usable data from backups can be a time consuming process.
|Backups are not maintained long term||
Data on backup tapes is generally frequently overwritten so that a copy of the most current data is always maintained.
Records often need to be maintained for substantial periods of time and different records are subject to different requirements. Implementing these legal requirements is impossible in a backup system.
Even if backups are maintained for long periods of time, systems themselves change. Therefore it is unlikely that 5-10 year old backup tapes would be able to be read using standard office technology. Backups are therefore not a long term preservation solution.
|Backups may not be complete||Even when backups are stored long term, these backups are generally captured on a weekly or monthly schedule. This leaves significant gaps of time where substantial amounts of work can be lost.|
|Backups contain a lot of redundancy||Backups by their nature often contain multiple copies of identical information. Maintaining this redundancy is acceptable for very short term disaster management purposes but is inappropriate and costly for long term recordkeeping requirements.|
|Removable media, used for backups, is insecure||
Removable storage media is difficult to control, difficult to identify and easily overwritten. Data stored on this media is always at risk and this is not appropriate storage for important organisational records. See 1. Make digital recordkeeping achievable for your organisation for further discussion of the risks associated with removable storage media.
|Backups cannot incorporate business rules||
Backup systems cannot incorporate business rules of the management of records. Applying access and retention rules is therefore a very laborious and time consuming job that has to be done item by item.
A network environment is not a recordkeeping system
To some network environments look like good recordkeeping systems because they:
- already exist so they cost nothing to implement and create no additional administration costs
- already have password protection, firewalls and other security features to prevent outside access.
Networks however cannot be used as recordkeeping systems because they have no capacity to actually manage records. If implemented effectively they can make records useable and can apply necessary security restrictions but they do not have the capacity to manage and protect records. Specifically they:
- do not prevent accidental deletion or revision
- do not authenticate the information stored within them, for example networks do not have adequate audit trails that document how a record has been used and managed over its existence
- cannot incorporate business rules for the management of records. Application of necessary rules therefore has to be done manually and standard management tasks, such as disposal, cannot be automated
- provide very limited capacity for metadata description. This limits the immediate and long term useability and manageability of the record
- do not have in built version control
- cannot produce reports about key events in record history – use, alteration, management history etc
- do not necessarily preserve an historical view. For example, network log-ins and tools such as Active Directory represent current roles and positions, but do not keep a record of an individual’s roles and positions through time. When managing records, you need to ensure that the system doesn’t override earlier position information with what a person’s current position it. Previous ‘historical’ information needs to be maintained if a record is to be interpreted properly
- cannot integrate the management of paper and digital records
- may not be able to integrate the management of all forms of digital records, particularly email records created in certain email applications
- can be difficult to scale with appropriate security controls across an entire organisation
- can often be altered or manipulated by large numbers of users leading to a lack of consistent structure which can create problems with user access.
Networks can therefore be used at a very basic level to store information but they do not manage, protect, authenticate or help to preserve your records. The integrity of records managed in a network environment cannot be assured and therefore networks should not be used for the long term management of your organisation’s business information.
If you don’t have recordkeeping systems in your organisation you have two options. You can:
1. Purchase a records management software application as the basis of your recordkeeping system
There are a number of dedicated records management software applications that can be used as the basis for a recordkeeping system.
These systems ingest all the records your organisation creates, apply recordkeeping controls to them and make the records accessible to all those with relevant authority across your organisation. These systems can also usually be integrated with existing business applications and used as the repository to capture and manage the records created in your business applications.
If you wish to purchase records management software you should choose the specific application that best meets your needs from the products listed on Contract 2602 - GSAS information asset management systems (IAMS) software applications.
When purchasing records management software be sure to consider:
- its compatibility with your operating system
- hardware and software compatibility with other systems and applications in your organisation
- its ability to interface with your other business systems, such as property management systems or other key business systems that may require recordkeeping support.
- the User Guide for Contract 2602 - GSAS information asset management systems (IAMS) software applications
- State Records' Recordkeeping in Brief 2 - Selecting records management software.
2. Reconfigure your current business applications so that they can incorporate recordkeeping functionality
Rather than buy a specific software package, you can alter and reconfigure current business applications so that they have the capacity to preserve and manage records. Many standard applications can be reconfigured in this way. This can be a costly approach as it requires strong knowledge of systems, recordkeeping and business practice but it can produce an excellent system configured exactly to your business needs.
Tailoring your solution
If you are purchasing software or configuring your existing systems, you need to tailor these solutions to the specific needs of your organisation.
To tailor your recordkeeping system to your requirements you need to:
- understand your organisation and the business it performs
- identify the records that need to be captured in the system
- develop means to capture the records within the system.
Understand your organisation and the business it performs
The key to developing a good recordkeeping system is to understand your business. Good recordkeeping systems meet specific business requirements and need to be adapted to the particular needs of your organisation.
The following table provides examples of some organisational and business considerations that may impact on your system design:
|Questions:||System design implications:|
|Do you operate in a high risk environment?||Your system will need to be designed with this in mind and incorporate action tracking, audit logs and strict access controls to safeguard the integrity of records.|
|What are the laws, regulations, standards and codes of best practice that affect your organisation?||Some or all of these may impact on system design, for example, by regulating how information must be managed in the system, by specifying how it should be accessed etc.|
|What are the legal and best practice requirements that apply to the business that will be documented in the system?||
Specific requirements may relate to your business activities and these too must be accommodated in your system design.
|What are current work practices?||Your work practices may require your system to:
System design must take account of all such factors.
|What are your technological capacities?||
Your technological capacities for integration, configuration, extension etc may all impact on your system design plans.
For example, you may need to assess:
|What general recordkeeping rules and requirements apply to the business documented in the system?||You will need to identify whether the system should accommodate different tools to help manage and automate your recordkeeping activities – for example record retention and disposal rules, access controls, automated transaction of recordkeeping events, the capacity to apply functional classification tools etc.|
|Does information need to be shared and used across your organisation? Do you need to work with other offices across the state or nationally?||You will need to build data sharing capacities into your system and establish means by which all users can gain access to the records and supporting tools in the system (classification schemes, disposal authorities, security classifications etc) at an acceptable speed.|
Identify the records that will need to be captured within the system
To identify the records that need to be captured you will need to:
- identify the business processes that are performed in the system
- identify the transactions that make up these processes
- identify the points at which each transaction type is complete in order to determine when a record should be captured
- determine whether database tables or aspects of the system need to be brought together and fixed in order to make a record of the transaction, or identify whether staff need specific guidance as to which records they need to capture within the system.
The methodology for the design and implementation of recordkeeping systems described in the Australian Standard AS ISO 15489.1 Records management - Part 1: General, should be the basis for building new systems or re-designing existing systems to serve as recordkeeping systems.
More detailed guidance on how to carry out the steps in the methodology from AS ISO 15489 can be found in Strategies for documenting government business: the DIRKS manual.
As part of broader planning for the security of electronic information you should identify threats to records and recordkeeping systems, and the business functions, operations and services that depend on them. You also need to design means of protecting your records and implement disaster and continuity management strategies. This could involve:
- capturing records into recordkeeping systems as soon after their creation as possible
- routinely performing comprehensive system-wide backups. The frequency of system backups and period they are to be retained should be determined by a risk assessment and organisational needs. Backups should be as comprehensive as possible, including digital records stored offline
- storing copies of backups offsite
- maintaining secure storage facilities for equipment, digital records and backups
- maintaining high system security
- identifying high risk business records and, if necessary, designing additional controls around these
- designing means to assess data integrity, for example, checking to see if the records restored from backups are complete, accessible and useable.
For further information see:
- State Records’ Standard on counter disaster strategies for records and recordkeeping systems
- Premier’s Memorandum 2007-04, Security of electronic information
- Government Chief Information Office’s Information security guidelines.
 These last three points above it are derived from the InterPARES 2, Creator guidelines – making and maintaining digital materials: guidelines for individuals, viewed May 2008, < http://www.interpares.org/display_file.cfm?doc=ip2(pub)creator_guidelines_booklet.pdf>.