Overview | Why assess business systems? | The 'DIRKS' approach | Checklist | 1. Determine whether the system is subject to any recordkeeping requirements | 2. Collect general information on the current operation of the system | 3. Conduct a gap analysis | Using the results of the assessment | For more information
Overview
This guide provides a checklist against which an existing or new business system may be assessed to determine:
- whether the business the system supports is subject to any recordkeeping requirements
- how well the system is currently meeting recordkeeping requirements
- what action may be required to enable the system to meet recordkeeping requirements.
Why assess business systems?
In many organisations, business information systems that conduct significant business are not able to perform as recordkeeping systems. They have been introduced on an ad hoc basis, or without consideration of recordkeeping issues, and as a consequence do not manage, preserve and make accessible evidence of business operations.
Through not having recordkeeping systems, organisations can:
- place themselves at significant risk
- incur unnecessary expenditure, and
- deny themselves access to significant organisational information.
Therefore it is worth dedicated time and resources to ensuring that where they are required to do so, business systems are also meeting recordkeeping requirements.
The 'DIRKS' approach
This checklist has been based on the 'DIRKS' methodology. For more information on the identification of recordkeeping requirements, the assessment of business systems or the development of strategies to improve recordkeeping, see Strategies for Documenting Government Business: The 'DIRKS' Manual (2003).
Checklist
There are three parts to the checklist:
- Determine whether the system is subject to any recordkeeping requirements
- Collect information on the current operation of the system
- Conduct a gap analysis by comparing the current operation of the system with recordkeeping requirements
1. Determine whether the system is subject to any recordkeeping requirements
This part of the checklist is designed to help you to decide whether a business system will require remedial work to ensure records are made and kept of the business it supports.
By asking..
1. Is the information kept in this system unique evidence of official business? (ie. not published or duplicate information)
If the system contains duplicated information that has already been captured in an official recordkeeping system or which does not relate to official business of the organisation, there is no need for the recordkeeping assessment to continue.
2. Does the system relate to a business activity for which there is an identifiable disposal class in a General Retention & Disposal Authority or your organisation's Functional Retention & Disposal Authority?
If a there is a disposal class for records of the business the system supports in an authorised disposal authority which indicates a retention period, that is in effect a recordkeeping requirement.
3. Are there any legislative or business requirements to make and keep records of the business the system supports? Are these records already being created and kept in another system?
See Step C of the DIRKS Manual, ‘Identification of recordkeeping requirements’ for more guidance on how to identify requirements. (Go to: Strategies for Documenting Government Business: The DIRKS Manual )
List recordkeeping requirements on separate sheet. See DIRKS Manual for information on using risk assessment to determine final set of requirements.
4. Did this system replace a previous system or systems? If yes, were records kept of the business supported by the previous system?
If the answer is yes to this question, it is likely that this system will need to keep the same types of records.
2. Collect general information on the current operation of the system
This part of the checklist is for the collection of general information about the operation of the system. This may form part of a larger systems inventory that can be used for a range of purposes within the organisation, such as business continuity planning or the reduction of data duplication.
System assessment template
- Name of system
- Function/activity performed or supported by system
- Transactions performed within system
- Location of system
- System administrator
- Identified system risks / problems
- Size of system
- System controls/business rules implemented
- System users - number and location (business unit, external users)
- System interfaces - is the technology employed stand-alone or linked to other applications
- Type of data stored within system
- Frequency with which the information is collected/stored, accessed/used/disposed
- Metadata employed
- Physical form of information within system
- Budget allocation used for collection/storage/access/use/disposal of information within the system
- Privacy management implications of information within the system
- Standards applicable to the system
- How are records created in the system?
- How are they described?
- How are they used?
- How are they maintained?
3. Conduct a gap analysis
The purpose of this part of the checklist is twofold. It helps you to understand where there are gaps in the systems ability to meet:
- recordkeeping requirements specific to the system and the business it supports, and
- the minimum control requirements from the 'Record' entity of the NSW Recordkeeping Metadata Standard (NRKMS)
In assessing whether a requirement is met, either fully or partially, remember to consider aspects of the system like policy and procedures as well as the way the technology works.
Example of recordkeeping requirements specific to the system and the business it supports
|
Recordkeeping requirement |
Met? If not, describe gap |
|
All client contacts to be recorded with the following details:
| |
|
Client contact records documenting precedent matters to be kept as State archives; all other contact records to be retained for length of their account plus 2 years, then destroy. | |
|
Access to client contact records for Executive and staff of Customer Service department only |
Minimum control requirements from the 'Record' entity of the NSW Recordkeeping Metadata Standard (NRKMS)
What records do we have?
These elements capture basic information to identify records.
Number |
Title |
Purpose |
Comments |
|
1 |
Category type |
Identifies the type of record or group of records being described |
For example item, file or series. |
|
2 |
Identifier |
To uniquely identify a record. Usually numeric or alpha-numeric |
For example, file numbers or document numbers. |
|
3 |
Title |
The name of the record. May be controlled through the use of thesauri or classification schemes |
If using document-level registration, you will have both document titles and file titles |
|
4.1 |
Creation date |
Indicates the date the record was created |
Use a consistent format, eg YYYY/MM/DD |
Where are the records?
Being able to find records when required is essential.
|
6.1 |
Store location |
The standard or 'home' storage location for a record |
For example, in compactus, box number for commercial storage. |
|
6.2 |
Current location |
The current location of a record or group of records |
Commonly the name of the individual using the record |
What do the records relate to?
Records gain meaning from their relationship to the business activity that generated them, to related records and to the people and organisation responsible for their creation. These metadata elements capture this information.
|
7 |
Function |
The business function the record relates to. |
Usually controlled though a thesaurus or list of approved terms. May form a controlled, identified part of the record title (2) |
|
8.1 |
Related entity identifier |
The identifier of a related record |
Always used in conjunction with 8.2 |
|
8.2 |
Relationship type |
The type of relationship between records. Common record-to-record types include:
|
Always used in conjunction with 8.1 For example, file 01/2456 is the previous record of 02/7874 If using the full 3-entity metadata model (record, agent, function), this is also used to show record to function and record to agent relationships |
|
11.1 |
Creator |
The name of the person or workgroup that created the record |
The author of a document or the person who required the creation of a file |
|
11.5 |
Organisation responsible |
The name of the organisation responsible for the management of the record |
This may be added to over time due to administrative change |
Who can have access to the records?
These elements document who can and cannot access records. This can relate to staff or workgroups within the organisation, or the general public.
|
18.1 |
Access rights |
Use to identify staff of the organisation, or members of the public, that are entitled to have access to the records |
For example, "available to personnel staff" Either 18.1 or 18.2 should be used for all records |
|
18.2 |
Access restrictions |
Use to identify staff of the organisation, or members of the public, that do not have access to the records |
For example, restrictions such as 'commercial in confidence' Could be 'none' if the record is available to all Either 18.1 or 18.2 should be used for all records |
How are the records managed?
These elements document essential records management processes and controls such as registration, preservation and disposal.
|
4.2 |
Registration date |
The date the record was captured into a recordkeeping system. May be the same as the creation date. |
Use a consistent format, eg YYYY/MM/DD |
|
14.1 |
Preservation - storage |
Information about the media and format in which electronic records are stored to assist in preservation over time. |
Required for electronic records only |
|
14.5 |
Preservation - Migration |
Captures information about migration activities |
Required for electronic records only |
|
16.1 |
Disposal authorisation |
The retention and disposal authority that permits disposal of a record or group of records |
For example, GDA 2/4.3.1 |
|
16.2 |
Sentence |
The disposal sentence or retention period assigned to a record |
For example, "Destroy 20 years after action` complete" |
|
20.1 |
Event type |
Used to show the management of records over time. Common events include:
|
Used in conjunction with 20.4 and 20.8 |
|
20.4 |
Event date |
The date the event (20.1) occurred |
Used in conjunction with 20.1 and 20.8 Use a consistent format, eg YYYY/MM/DD |
|
20.8 |
Action officer |
The person responsible for undertaking or authorising an action on records or groups of records. |
Used in conjunction with 20.1 and 20.4 |
Using the results of the assessment
After this checklist has been followed, the results of the assessment of the business system will indicate the type of action required. This be:
- no action, since any records required of the business concerned are being kept elsewhere, or because there are no recordkeeping requirements at all, or
- taking steps to ensure that records are kept, either within the system itself or by building an interface to dedicated records/document management software application.
Any remedial work that is done to ensure recordkeeping requirements are met should be done in accordance with Step E of the 'DIRKS' methodology: 'Identification of strategies for recordkeeping'. The emphasis in this step is one the selection of an appropriate mix of strategies such as the adjustment of policy, the training of staff or reconfiguration of systems to meet identified requirements.
For more information
State Records Authority of NSW, Recordkeeping in Brief 18: Introducing recordkeeping metadata (2003).
State Records Authority of NSW, Standard on Full and Accurate Records (2004)
State Records Authority of NSW, Strategies for Documenting Government Business: The DIRKS Manual (2003).
© State of New South Wales through the State Records Authority, 2005.
FThis work may be freely reproduced and distributed for most purposes, however some restrictions apply. See our copyright notice or contact us.
ISSN 1440-3978