Standard on digital recordkeeping
- Printable version
- Table of commentary
- Compliance timetable
- Executive summary
- Introduction
- Using the Standard
- Requirements
- Appendix A: Supporting guidance
- Appendix B: Sample metadata mapping
Printable version
There is a PDF version (PDF, 245kb) of the standard for printing.
Table of commentary
An account of the comments received during public consultation on this standard is available in the accompanying Table of Commentary (PDF, 114kb).
Compliance timetable
There is a compliance timetable (PDF, 55kb) for this standard, with requirements phased in beween 2008 and 2012.
Executive summary
This standard sets out the minimum compliance requirements for NSW public offices for defining their digital records, digital recordkeeping system functionality and the creation and management of recordkeeping metadata for digital records.
By implementing systems in accordance with this standard, public offices can maximise the business benefits that can be derived from effective management of digital information. As the Government Chief Information Office has noted:
"Information is the basis of most activity in the public sector. It is used for planning, decision making and customer service. The better information is managed, the more effective these activities will be." [1]
Benefits of effective digital recordkeeping include improved service delivery through faster access to accurate business information and more effective use of public resources by avoiding the over retention of unnecessary data. Compliant digital recordkeeping systems can also minimise the risks associated with poor recordkeeping in the digital business environment. These risks include an inability to account for past actions or decisions, a lack of corporate information on which to plan and make future decisions and a failure to meet legal requirements.
This standard differs from others in the suite of records management standards issued by State Records in that it is an enabling standard. By meeting the requirements of the Standard on Digital Recordkeeping, public offices will be better able to comply with the other records management standards, in particular the Standard on Full and Accurate Records and the Standard on Appraisal and Disposal of State Records.
Compliance with this standard will be monitored by State Records and reported on in its Annual Report. There is a compliance timetable indicating how the requirements of the standard are to be implemented and by what dates. Public offices will be advised in advance of any compliance monitoring activities.
This standard is supported by tools and guidance on digital recordkeeping, see Appendix A.
Introduction
Purpose
The purpose of this standard is to establish minimum requirements for digital recordkeeping in the New South Wales public sector to enable NSW public offices to implement digital recordkeeping systems that will support business efficiency and organisational accountability.
By meeting the requirements of this standard, public offices can achieve basic recordkeeping functionality in the digital information environment. This functionality can then form a sound basis on which to build more customised functionality to meet their specific business needs.
Authority
This standard will be issued under s.13(1) of the State Records Act 1998 which enables State Records to 'approve standards and codes of best practice for records management by public offices.'
Application
This standard will apply to all public offices as defined in section 3 of the State Records Act, to which Part 2 of the Act applies.
Background
What are digital records?
A digital record is digital information, captured at a specific point in time that is kept as evidence of business activity. Digital records means 'born digital' records such as emails, web pages, digital photographs, digital audio files, GIS files or database records, as well as scanned versions of paper records that have been digitised in business processes.
Public offices create, generate, send and receive digital information every day – in word processing and email applications, using web authoring tools, in databases and by other means. Some of this information must be retained by the public office in order to meet business, accountability-related and other requirements for evidence. These are digital State records, and are subject to all the same requirements under the State Records Act 1998 as paper based records and files.
The following list contains some typical examples of forms of digital information that are digital State records if they are made and kept, or received and kept, by any person in the course of the exercise of official functions in a public office:
- an email complete with header information and attachments
- a web page
- a word-processed document
- output from a line of business application
- a digital audio recording
- fields from a database that together represent a transaction or group of transactions
- a text message
- a digital photograph
- a spreadsheet
- a scanned image of a paper document, or
- a computer aided drawing, map or plan.
What is digital recordkeeping?
Digital recordkeeping is routinely saving digital records into systems where they can be managed properly and made available as needed.
This standard does not require public offices to keep their records in digital form; for some smaller offices printing and filing may meet their needs. However, for business carried out using automated systems, capturing and keeping records in digital form is often the best method to ensure the complete record is captured. Keeping records in digital form also supports business efficiency and useability of the information in the records.
A good digital recordkeeping system can implement access, disposal and other rules so that digital records are managed as efficiently as possible. Information Asset Management Software (IAMS) tools such as Electronic Document and Records Management System (EDRMS) or Enterprise Content Management (ECM) products often form the core of digital recordkeeping systems. In some circumstances core business systems are adapted to keep records by interfacing with IAMS tools or, in a Service Oriented Environment, by creating recordkeeping services to interact with business systems. Another alternative is to carry out changes to core business systems (such as case management systems) to enable them to produce and keep records of transactions performed in the systems. It is also common in government today to see mixed or hybrid systems that are capable of managing paper and ‘born digital’ records and possibly also scanned / digitised copies of paper records.
There are a number of essential functionalities that any digital recordkeeping system used for keeping digital State records in the New South Wales public sector must possess. These are described in this standard, along with the essential recordkeeping metadata that the system must be capable of managing.
Another important aspect of digital recordkeeping is ensuring the authenticity and accessibility of digital records over time. Ability to reproduce digital information while preserving the fixity and essential characteristics that give it meaning as a record requires the adoption of a mix of strategies including planned and documented migration, creation and use of recordkeeping metadata and the adoption of stable, long term formats. Such formats include (but are not limited to):
- PDF/A-1, the ‘archival’ format for PDF. PDF/A-1 has fewer "bells and whistles" than traditional PDF which minimises future migration requirements. PDF/A-1 is more open than traditional PDF because it is maintained by the International Standards Organisation, not one specific vendor [2]
- Open Document Format (ODF), an open XML-based document file format for office applications to be used for documents containing text, spreadsheets, charts, and graphical elements
- Hypertext Markup Language (HTML)
- Extensible Hypertext Markup Language (XHTML), a version of HTML that conforms to the XML syntax and therefore allow automated processing to be performed using standard XML tools
- Open Office versions of Microsoft PowerPoint, Microsoft Excel
- Joint Photographic Experts Group File Interchange Format (JPEG or JFIF), Tagged Image File Format (TIFF), Portable Network Graphics (PNG) for digital images, and
Free Lossless Audio Codec (FLAC) for digital audio files.
For more information refer to State Records’ Policy on digital records preservation and supporting guidance.
What is recordkeeping metadata?
Recordkeeping metadata is an essential part of any digital recordkeeping system. It is structured or semi-structured information that enables the creation, registration, classification, access, preservation and disposal of records. In digital recordkeeping, recordkeeping metadata is often in machine readable form, allowing for the automation of many of these tasks.
Some examples of recordkeeping metadata that are commonly implemented in digital recordkeeping systems are:
- identifiers (to identify an entity in the system such as a record or a record author),
dates (such as date registered or date destroyed), and - information on the business function that a record relates to.
Effective implementation of recordkeeping metadata requires the creation and management of rules to govern how the metadata is created, captured and maintained. The New South Wales Recordkeeping Metadata Technical Specification (Word, 2.76MB) provides rules relating to metadata that can be customised for organisational implementation.
Structure
This standard contains nine minimum compliance requirements, divided into three sections:
- minimum requirements for digital recordkeeping systems
- minimum requirements for recordkeeping metadata, and
- minimum requirements for recordkeeping metadata management.
Definitions
Digital record
A digital record is digital information, captured at a specific point in time that is kept as evidence of business activity. Digital records means 'born digital' records such as emails, web pages, digital photographs, digital audio files, GIS files or database records, as well as scanned versions of paper records that have been digitised in business processes.
Digital State record
A digital State record that is made and kept, or received and kept, by any person in the course of the exercise of official functions in a public office, or for any purpose of a public office, or for the use of a public office.
Digital recordkeeping system
A system that captures, maintains and provides access to digital records over time. A digital recordkeeping system can be:
- a business system with recordkeeping functionality, or
- a business system linked with a dedicated records management / information asset management system, or
- a dedicated records management / information asset management system.
Disposal
A range of processes associated with implementing appraisal decisions. These include the retention, deletion or destruction of records in or from recordkeeping systems. They may also include the migration or transmission of records between recordkeeping systems, and the transfer of custody or ownership of records. (AS 4390 Part 1 Clause 4.9)
Metadata
Data describing data and data systems. In records management, recordkeeping metadata is data that describes the context, content and structure of records and their management through time. (AS ISO 15489 Part 1 Clause 3.12)
Migration
The act of moving records from one system to another, while maintaining the records' authenticity, integrity, reliability and useability. (AS ISO 15489 Part 1 Clause 3.13)
Metadata schema
Logical plan showing the relationships between metadata elements, normally through establishing rules for the use and management of metadata specifically as regards the semantics, the syntax and the optionality (obligation level) of values. (AS ISO 23081 Part 1 Clause 3.3)
For further definitions of general recordkeeping terms used in this document, see State Records’ Glossary of Recordkeeping Terms .
Acknowledgement
State Records is grateful to Archives New Zealand for giving us permission to use information from their Electronic Recordkeeping Metadata Standard (2008) in the development of this standard.
Further information
For more information on this standard, please contact State Records .
Using the Standard
This section provides information on implementing this standard.
Knowing what digital records must be made and kept
For a public office to successfully implement digital recordkeeping, it must first specify the records that will be captured into digital recordkeeping systems.
Decisions about what records to keep of organisational business processes should be based on an analysis of the regulatory environment, business and accountability requirements and the risk of not capturing the records. A useful technique for defining the records is to analyse business processes and identify the transactions that comprise them. Transactions will either automatically produce records that may need to be kept (for example an email or an automated reports from a business system), or will indicate where a record should be created or captured and kept (for example a note made after a meeting).
The level of detail used to define what digital records are to be kept depends on how much information is needed for implementation and the level of risk associated with the records and the business they document.
Digital records might be defined at different levels and in different ways, for example:
- organisational policy stating that all outgoing business related emails are saved by the sender into the organisation's EDRMS
- specifications for a database system that identify the fields to be saved as a record each time an entry in the database is updated.
See Appendix A for links to more information on defining digital records and using a risk management based approach to ensuring the creation and capture of digital records.
Implementing digital recordkeeping systems
A digital recordkeeping system may be either:
- a business system with recordkeeping functionality - that is a system that meets the recordkeeping functionality and metadata requirements specified in this standard, or
- a business system linked with a dedicated records management / information asset management system, or
- a dedicated records management / information asset management system.
A records management / information asset management system will usually have at its heart a software application such as an Electronic Record and Document Management System (EDRMS), a Records Management Application (RMA) or an Enterprise Content Management (ECM) system. For New South Wales Government agencies, there is a whole of government panel contract for Information Asset Management Software.
To be effective, a digital recordkeeping system must be implemented with policy, procedures and training to ensure that all users understand their role in meeting the organisation's recordkeeping requirements.
See Appendix A for links to more information on designing and implementing digital recordkeeping systems.
Managing recordkeeping metadata
Meeting the requirements of this standard is a starting point for New South Wales public offices in establishing metadata creation, capture and management rules for their own business environments.
In addition to documenting mappings from the minimum requirements of this standard to organisational digital recordkeeping systems, other elements that are needed to implement a more comprehensive recordkeeping metadata strategy are:
a customised recordkeeping metadata schema that describes the organisational recordkeeping entities (e.g. agents, records), their properties (e.g. title, identifier) and their relationships (e.g. authorised by, containing). NSW public offices can use the New South Wales Recordkeeping Metadata Technical Specification (Word, 2.76 MB) as a basis for the development of their own customised recordkeeping metadata schemas, and
business rules on how recordkeeping metadata will be captured and managed, from what sources and who will be responsible for monitoring the quality of the metadata.
See the Appendices for links to more information on defining structures and rules for recordkeeping metadata and managing recordkeeping metadata.
Requirements
1 Minimum requirements for digital recordkeeping system functionality
|
Requirement |
Benefits of complying |
Risks of not complying |
|
|---|---|---|---|
| 1.1 |
The public office must define the digital State records that it will make and keep. Note: The level of detail used by the public office to define the digital records to be made and kept should be adequate for implementation purposes and based on an assessment of the risk associated with the records and the business they document. |
|
|
| 1.2 |
The digital State records that the public office has defined must be captured into an official digital recordkeeping system. Note: A digital recordkeeping system can be:
|
|
|
| 1.3 |
Any digital recordkeeping system used for keeping official records must possess the following functionalities:
|
|
|
2 Minimum requirements for recordkeeping metadata
|
Requirement |
Benefits of complying |
Risks of not complying |
|
|---|---|---|---|
| 2.1 |
Digital records must be captured into a digital recordkeeping system with:
|
|
|
| 2.2 |
Any of the recordkeeping processes (listed below) that are performed on a record must be documented with:
The recordkeeping processes are:
|
|
|
| 2.3 |
The transfer of control or destruction of records must be documented with:
|
|
|
| 2.4 |
At least the minimum required recordkeeping metadata as specified in this standard must be persistently linked with digital records and aggregations of digital records, including when they are transferred out of their original creating environment and through subsequent migrations. |
|
|
3 Minimum requirements for recordkeeping metadata management
| Requirements | Benefits of complying | Risks of not complying | |
|---|---|---|---|
| 3.1 |
Recordkeeping metadata must be disposed of in accordance with the requirements of the State Records Act. |
|
|
| 3.2 |
Metadata mappings from the minimum requirements of this standard to organisational digital recordkeeping systems must be documented and maintained, including any changes to these. |
|
|
Appendix A: Supporting guidance
| Requirement | Guidance | |
|---|---|---|
| 1 | Minimum requirements for digital recordkeeping system functionality | |
| 1.1 |
The public office must define the digital State records that it will make and keep. Note: The level of detail used by the public office to define the digital records to be made and kept should be adequate for implementation purposes and based on an assessment of the risk associated with the records and the business they document. |
|
| 1.2 |
The digital State records that the public office has defined must be captured into an official digital recordkeeping system. Note: A digital recordkeeping system can be:
|
|
| 1.3 |
Any digital recordkeeping system used for keeping official records must possess the following functionalities:
|
|
| 2 | Minimum requirements for recordkeeping metadata | |
| 2.1 |
Digital records must be captured into a digital recordkeeping system with:
|
|
| 2.2 |
Any of the recordkeeping processes (listed below) that are performed on a record must be documented with:
The recordkeeping processes are:
|
|
| 2.3 |
The transfer of control or destruction of records must be documented with:
|
|
| 2.4 | At least the minimum required recordkeeping metadata as specified in this standard must be persistently linked with digital records and aggregations of digital records, including when they are transferred out of their original creating environment and through subsequent migrations. |
|
| 3 |
Minimum requirements for recordkeeping metadata management |
|
| 3.1 |
Recordkeeping metadata must be disposed of in accordance with the requirements of the State Records Act. |
|
| 3.2 |
Metadata mappings from the minimum requirements of this standard to organisational digital recordkeeping systems must be documented and maintained, including any changes to these. |
|
Appendix B: Sample metadata mapping
"To achieve implementations that are robust and which will enable easy updating, formalized mappings between the metadata schema adopted and the specific metadata within business systems should be maintained separately as an organisational resource." (AS ISO 23081.2-2007 Information and documentation - Records management processes - Metadata for records Part 2: Conceptual and implementation issues, 11.5 Registration)
Please note:
The sample mappings below map elements from two fictitious organisational digital recordkeeping systems;
- a dedicated records system using information asset management software [4] and
- a custom built case management system
to the minimum required metadata elements in this standard.
They are provided as samples only - it is not required that mappings are completed in precisely this format, nor does the information provided relate to any particular Information Asset Management Software application.
Organisational digital recordkeeping system 1: Information Asset Management Software system
|
Required metadata |
IAMS |
|
Unique identifier |
Record Number used for document and file level identification |
|
Title |
Record Title used for document and file level titling |
|
Date of creation |
Date Created |
|
Who/what created the record |
Author |
|
The business function/process it relates to |
Business Process |
|
The creating application |
Electronic Details |
|
Record type (e.g. letter / memo / report / contract / fax) |
Document Type = Project Report Document Type = Client letter Document Type = Document (default) |
|
Process metadata: Registration into a recordkeeping system |
|
|
The date of the action |
Date Created |
|
Identification of who/what undertook the action |
Creator |
|
What action was undertaken |
Details |
|
Process metadata: Changed access rules |
|
|
The date of the action |
Audit Events |
|
Identification of who/what undertook the action |
Audit Events |
|
What action was undertaken |
Audit Events |
|
Process metadata: Transfer of control |
|
|
The date of the action |
Audit Events |
|
Identification of who/what undertook the action |
Audit Events |
|
What action was undertaken |
Audit Events |
|
An authorisation reference for the transfer (e.g. FA234 2.4.5; GA27 1.2.3; By court order; NAP etc.) |
Disposal Schedule |
|
The name of the receiving organisation |
Details |
|
Process metadata: Destruction |
|
|
The date of the action |
Audit Events |
|
Identification of who/what undertook the action |
Audit Events |
|
What action was undertaken |
Audit Events |
|
An authorisation reference for the destruction (e.g. FA234 2.4.5; GA27 1.2.3; by court order; NAP etc.) |
Disposal Schedule |
Organisational digital recordkeeping system 2: Customer Management Database
|
Required metadata |
CMD system |
|
Point of capture metadata |
|
|
Unique identifier |
Customer ID |
|
Title |
Ref |
|
Date of creation |
Date created |
|
Who/what created the record |
UserID (Interface with LDAP) |
|
The business function/process it relates to |
Classification (Encoding scheme: Department’s business classification scheme) |
|
The creating application |
System log (Default value: CMD) |
|
Record type (e.g. letter / memo / report / contract / fax) |
Contact Type (Values: Complaint, enquiry, update details) |
|
Process metadata: Registration into a recordkeeping system |
|
|
The date of the action |
System log / Event date |
|
Identification of who/what undertook the action |
System log / UserID |
|
What action was undertaken |
Event Name |
|
Process metadata: Changed access rules |
|
|
The date of the action |
Event Date |
|
Identification of who/what undertook the action |
UserID |
|
What action was undertaken |
Event Name |
|
Process metadata: Transfer of control |
|
|
The date of the action |
Event Date |
|
Identification of who/what undertook the action |
User ID |
|
What action was undertaken |
Event Name |
|
An authorisation reference for the transfer (e.g. FA234 2.4.5; GA27 1.2.3; By court order; NAP etc.) |
Event Details |
|
The name of the receiving organisation |
Event Details |
|
Process metadata: Destruction |
|
|
The date of the action |
Event Date |
|
Identification of who/what undertook the action |
User ID |
|
What action was undertaken |
Event Name |
|
An authorisation reference for the destruction (e.g. FA234 2.4.5; GA27 1.2.3; by court order; NAP etc.) |
Event Details |
Footnotes
[1] 'Information as an asset', Government Chief Information Office website, accessed 12 August 2008 http://www.gcio.nsw.gov.au/ict-key-strategies/information-management-1/information-as-an-asset
[2] National Archives and Records Administration, Frequently Asked Questions (FAQs) about Transferring Permanent Records in PDF/A-1 to NARA, College Park,n.d.URL: http://www.archives.gov/records-mgmt/initiatives/pdf-faq.html (cited June 2008).
[3] Please note, the second edition of this Technical Specification is due in early 2009. However, public offices should feel confident that system built using either version will comply with the minimum requirements of this standard.
[4] A number of Information Asset Management Software (IAMS) applications are available for NSW Government agencies to purchase from a whole of government panel contract managed by the Department of Commerce.
© State of New South Wales through the State Records Authority of New South Wales, 2008.
First published September 2008
This work may be freely reproduced for personal, educational or government purposes. Permission must be received from State Records Authority for or all other uses. ISBN 978-0-9805148-5-8
