Integrating Records Management Requirements into Financial Management Information Systems (FMIS) Systems Requirements: Gap Analysis Tool

International Records Management Trust March 2006

CONTENTS

Page Section ne Section T"o Section Three Introduction Instructions and #$am%les The &a% 'nalysis Tool ! 2 (

SECTION ONE INTRODUCTION

The Tool %ro)ides a tem%late for assessing the degree to "hich an e$isting Financial Management Information System (FMIS) meets the core set of system requirements for records management as %resented in Module Fi)e of the Guide for Integrating Records Management Requirements into Financial Management Information Systems (the Guide). The Tool* "hich ma+es it %ossi,le to identify ma-or ga%s in records management functionality* follo"s a ,usiness %rocess dri)en analysis of the FMIS. It allo"s the analyst to record analysis comments a,out each of the core system requirements* "hile %ro)iding s%ecific information on the rationale and sco%e for each requirement and ad)ice on ho" the requirement can ,e im%lemented. The tool is designed for use by technical personnel such as system de!elopers system auditors and electronic records managers "ho are familiar "ith system analysis methodology and techniques. It is intended to supplement their other requirements analysis acti!ities. Modules T"o and Fi!e in the &uide should be re!ie"ed before using the tool in order to understand the origins and conte#t of the tool and to get the most benefit from its use. The Tool can ,e %rinted and com%leted in hard/co%y format. 0o"e)er* it is %rimarily intended to ,e used as an electronic document tem%late using Microsoft $ord or a com%ati,le "ord %rocessing a%%lication (eg %pen%ffice $riter) to com%lete the information. Instructions on ho" to use the Tool* "ith e$am%les* are %ro)ided in Section T"o ,elo". The Tool itself is di)ided into three main sections1

The Gap Analysis %!er!ie" is used to %ro)ide a descri%tion of the organisation* the FMIS and the ,usiness %rocesses that are ,eing e)aluated for com%liance "ith the core system requirements for records management. The Gap Analysis Summary %ro)ides a concise )ie" of ho" the FMIS scores ( compliant or not&compliant) for each of the t"enty/one core requirements. The 'etailed Gap Analysis records the information that the analyst used in scoring a gi)en requirement as compliant or not compliant. The tem%late %ro)ides quotations from the IS !234( Records Management Standard and the 5o5 20!2.2 Standard for #lectronic Records Management in order to define the sco%e and rationale for each core requirement and to gi)e the analyst additional information and o%tions on ho" the requirement should ,e integrated into the FMIS.

SECTION TWO INSTRUCTIONS AND EXAMPLES

2.1

Procedures for the G ! A" #$s%s

The &a% 'nalysis in)ol)es the follo"ing ste%s1 ' 6 7 5 Fill out the &a% 'nalysis )er)ie" Fill out the 'nalysis 7omments for each core requirement in the 5etailed &a% 'nalysis 8%date the (ompliant ) *ot (ompliant scoring in the &a% 'nalysis Summary Re%eat ste%s 6 and 7 until the FMIS has ,een analysed for com%liance "ith all t"enty/one records management requirements.

&%## out the G ! A" #$s%s O'er'%e(

The &a% 'nalysis )er)ie" is used to descri,e the organisation* ,usiness %rocess and technical architecture of the FMIS that is ,eing e)aluated. 8sing a ,usiness/%rocess dri)en analysis methodology* it follo"s the flo" of the information created and used ,y the FMIS to su%%ort a ,usiness %rocesses (eg accounts %aya,le). It identifies documents that need to ,e ca%tured and managed as records (eg requisition forms) for each of the %rimary ste%s in the ,usiness %rocess. This information is recorded in the 96usiness Process and Records: ro" in the &a% 'nalysis )er)ie". The ta,le ,elo" is an e$am%le of a &a% 'nalysis )er)ie"1

ORGANISATION ORGANISATIONAL UNIT)S* +USINESS PROCESS &MIS DESCRIPTION

Ministry of Pu,lic <or+s

'ccounting 5e%artment 'ccounts Paya,le The 'ccounting 5e%artment uses the 'ccounts Recei)a,le and Paya,le module of the +roduct ,-. Financials system. The a%%lication data is stored in a +roduct ,-. data,ase. The a%%lication is made a)aila,le to a total of !2 de%artmental users ,y +roduct ,-. a%%lication ser)er o)er a +roduct ,-. net"or+. ' +roduct ,-. %roduction scanner is used to scan )ouchers and recei%ts. These are then stored on a +roduct ,-. 75 -u+e,o$. +USINESS PROCESS AND PROCESS RECORDS
RECORDS

!. Raise Requisition 2. ,tain &oods and Ser)ices ;. Su,mit for Payment 3. Ma+e >edger #ntry

Requisition Form (FMIS data o,-ect) Recei%ts (%a%er scanned to 75 -u+e,o$) Payment =oucher (%a%er in tri%licate) 'ccounts Paya,le >edger (FMIS data o,-ect)

ANAL,SIS DATE)S* ANAL,SIS +,

March ? @ ( * 2006 Aohn 5oe

&%## out the A" #$s%s Co--e"ts for E ch Core Re.u%re-e"t %" the Det %#ed A" #$s%s

#ach ,usiness %rocess and the records it creates needs to ,e assessed in order to ensure that the FMIS is com%liant "ith the 2! core system requirements for records management. This should ,e done using standard system analysis techniques* for instance* re)ie"ing )endor and system documentation* inter)ie"ing de)elo%ers* administrators and users of the system* modelling system com%onents and %rocesses* and testing the functionality and features of the system. The result of the ga% analysis assessment for each requirement should ,e recorded in the 'nalysis 7omments ro" in each 5etailed Requirements 'nalysis Ta,le. The ta,le ,elo" %ro)ides an e$am%le of a 5etailed 'nalysis. The analyst:s comments are follo"ed ,y quotations from the IS !234( Records Management Standard and the 5o5 20!2.2 Standard for #lectronic Records Management rele)ant to the core requirement ,eing addressed. These "ill hel% the analyst to assess "hether or not the FMIS is com%liant "ith the requirement ,eing illustrated. The quotations under the heading I-!#e-e"t t%o" Co"s%der t%o" %ro)ide s%ecific e$am%les of ho" the res%onses to the requirements can ,e im%lemented and de%loyed. The analyst also "ill need to dra" on the conce%ts and guidelines %resented in the Guide to Integrating Records Management Requirements into Financial Management Information Systems . In this e$am%le* the analyst decided that the FMIS "as not com%liant "ith the requirement.

NOT COMPLIANT

2.2 The s$ste- -ust ss%/" the !!ro!r% te rete"t%o" "d d%s!os%t%o" ru#e to the record.
The %a%er %ayment )oucher is filed in a folder that is organised ,y calendar months. 0o"e)er* the accounts %aya,le cler+s are not mar+ing any dis%osition codes or rules on the folders. ne of the cler+s noted that the folders are -ust cleared out from the filing ca,inet and mo)ed to the ,asement e)ery cou%le of years or so "hen s%ace ,ecomes limited. <hen the %a%er recei%ts are scanned to the 75 -u+e,o$ they are assigned a unique identifier ,ut no additional classification codes. 's far as anyone can tell* they are +e%t %ermanently on these 75s (although they are only really required for a limited %eriod of time). ' default se)en/year retention rule is a%%lied to the 'ccounts Paya,le >edger. ('t that time* the FMIS data is archi)ed to a ,ac+/u% ta%e). 0o"e)er* this is -ust ,ased on common accounting %ractices and it has ne)er ,een )erified "hether this is in fact the legal retention %eriod for this organisation.
B'ny records created or ca%tured need to ha)e a retention %eriod assigned* so it is clear ho" long they should ,e maintained.B IS% /0123&4 1.4.1.4 'etermining documents to be captured into a records system & p.// BThe %rocess requires reference to a dis%osition authority (see 3.2.3) of a more or less formal nature de%ending on the siCe and the nature of the organiCation and its accounta,ilities.B IS% /0123&4 1.5.6 Identification of 'isposition Status & p./7 B'll records "ithin a records system should ,e co)ered ,y some form of dis%osition authority* from records of the smallest transactions to the documentation of the system:s %olicies and %rocedures.B IS% /0123&4 1.4.1.5 'etermining ho" long to retain records & p./4 I-!#e-e"t t%o" Co"s%der t%o"s BMany records systems* %articularly electronic records systems* identify the dis%osition status and retention %eriod of the record at the %oint of ca%ture and registration. The %rocess can ,e lin+ed to acti)ity/,ased classification and automated as %art of system design. IS% /0123&4 1.5.6 Identification of 'isposition Status & p./7

ANAL,SIS COMMENTS

RE0UIREMENT CITATIONS

For each requirement co)ered ,y the 5etailed 'nalysis Ta,le* there is an o%tion to select either com%liant (green) or not com%liant (red) in the left hand cell ne$t to the core requirement. If the tem%late is ,eing com%leted in hard co%y* the user can sim%ly circle the correct score. <hen using the electronic )ersion* the analyst "ill delete either COMPLIANT or NOT COMPLIANT as a%%ro%riate in the follo"ing manner1 ! Select ,oth the COMPLIANT and NOT1 COMPLIANT cells (ie scroll o)er the t"o cells to highlight them).

8se the Merge 7ells o%tion to ,lend them into a single cell (the cells "ill change colour "hen this is done).

5elete either COMPLIANT or NOT COMPLIANT as a%%ro%riate.

Right/clic+ on the same ta,le cell. Select the 8orders and Shading o%tion and choose the a%%ro%riate colour (red or green) from the colour %alette. #nsure that the 9a%%ly to: field indicates 9cell:.

<hen the 5etailed 'nalysis is com%leted for a gi)en core requirement* use the D,ac+ to to%E lin+ at the end of the 5etailed 'nalysis Ta,le to return to the &a% 'nalysis Summary (hold do"n the 7trl +ey and clic+ the lin+).

U!d te the Co-!#% "t 2 Not Co-!#% "t Scor%"/ %" the G ! A" #$s%s Su-- r$

<hen the analyst has decided "hether the FMIS is com%liant or not/com%liant "ith a gi)en core requirement* this scoring should ,e added to the &a% 'nalysis Summary* "hich %ro)ides a high le)el )ie" of the scores for each of the t"enty/one core requirements and hel%s to identify ma-or ga%s in records management functionality. This ta,le can ,e %rinted out and circulated to illustrate the final results of the ga% analysis e$ercise. It can also %ro)ide a sim%le and highly effecti)e quic+ reference tool that can ,e used in front of senior management audiences to sho"* at a glance* the le)el of ris+ the organisation is facing. Its effecti)eness can ,e enhanced e)en further if it is %roduced in colour. The e$am%le ,elo" sho"s a &a% 'nalysis Summary for requirements !.! / ;.21

COMPLIANCE

No.

CORE RECORDS MANAGEMENT RE0UIREMENT

COMMENTS AND CITATIONS

DPress 7trl and 7lic+ >in+E

1 CAPTURE AND REGISTRATION

!.!
NOT COMPLIANT COMPLIANT COMPLIANT

The system must ,e a,le to distinguish* identify and ca%ture those documents or data o,-ects that are records and distinguish them from non/record financial information. !.2 The system must ,e a,le to register records ,y assigning them unique identifiers that "ill remain "ith the records as long as the records e$ist. !.; The system must ,e a,le to lin+ conte$tual information (i.e. a metadata %rofile) to the record.

'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations

2 CLASSI&ICATION
2.!
COMPLIANT NOT COMPLIANT COMPLIANT

The system must inde$ records for retrie)al and access using the organisation/ "ide records classification scheme or other standard ta$onomies in use "ithin the organisation. 2.2 The system must assign the a%%ro%riate retention and dis%osition rule to the record. 2.; The system must assign a security classification code to the record.

'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations

3 STORAGE AND PRESER4ATION

COMPLIANT NOT COMPLIANT

;.!

The system must %ro)ide a relia,le storage re%ository that meets the records: requirements for file formats* storage )olume* and retrie)al time. ;.2 The system must %ro)ide a relia,le storage re%ository for the records: metadata and ensure that the metadata is %ersistently lin+ed to or em,edded in the record for its entire lifes%an.

To na)igate ,et"een the 5etailed 'nalysis Ta,le and the Summary Ta,le* use the hy%erlin+ in the right/hand column of the Summary Ta,le. 0old do"n the 7trl +ey and clic+ the lin+.

To indicate COMPLIANT or NOT COMPLIANT in the Summary Ta,le* use the formatting feature in the left/hand column as illustrated ,elo"1 ! 7om%lete the detailed ga% analysis for each of the requirements* right/clic+ on the a%%ro%riate ta,le cell under 97om%liance: and select the 8orders and Shading o%tion.

Select the a%%ro%riate colour (red or green) from the Shading %alette and %ress F. 'fter the colour is selected* +ey in either COMPLIANT or NOT COMPLIANT in the cell. This is im%ortant ,ecause if the summary is %rinted out in ,lac+ and "hite the reader "ill need to de%end on the te$t in the cell to understand if it is system is com%liant or non/com%liant.

SECTION T5REE T5E GAP ANAL,SIS TOOL

3.1 G ! A" #$s%s O'er'%e(

ORGANISATION ORGANISATIONAL UNIT)S* +USINESS PROCESS &MIS DESCRIPTION

+USINESS PROCESS AND RECORDS

PROCESS

RECORDS

ANAL,SIS DATE)S* ANAL,SIS +,

3.2 G ! A" #$s%s Su-- r$

!0

COMPLIANCE

No.

CORE RECORDS MANAGEMENT RE0UIREMENT

COMMENTS AND CITATIONS

DPress 7trl and 7lic+ >in+E

1 CAPTURE AND REGISTRATION

!.!

The system must ,e a,le to distinguish* identify and ca%ture those documents or data o,-ects that are records and distinguish them from non/record financial information. !.2 The system must ,e a,le to register records ,y assigning them unique identifiers that "ill remain "ith the records as long as the records e$ist. !.; The system must ,e a,le to lin+ conte$tual information (i.e. a metadata %rofile) to the record.

'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations

2 CLASSI&ICATION
2.!

The system must inde$ records for retrie)al and access using the organisation/"ide records classification scheme or other standard ta$onomies in use "ithin the organisation. 2.2 The system must assign the a%%ro%riate retention and dis%osition rule to the record.
2.; ;.! ;.2

'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations 'nalysis 7omments and Requirement 7itations

The system must assign a security classification code to the record. The system must %ro)ide a relia,le storage re%ository that meets the records: requirements for file formats* storage )olume* and retrie)al time. The system must %ro)ide a relia,le storage re%ository for the records: metadata and ensure that the metadata is %ersistently lin+ed to or em,edded in the record for its entire lifes%an. The system must %ro)ide ,ac+u% and disaster reco)ery functionality for the record and records metadata storage re%ository. The system must %ro)ide adequate security features to %re)ent unauthorised alteration or deletion of records or records metadata in the storage re%ository. The system must ,e su%%orted ,y a digital %reser)ation %lan that antici%ates and esta,lishes contingencies for technological o,solescence at the le)el of storage media* data formats* a%%lication soft"are and hard"are. The system must document all data format and media migrations that are carried out on the records in their metadata %rofiles as %art of their %reser)ation history. The system must %ro)ide the a,ility to search for* retrie)e and dis%lay records. The system must enforce user access and security restrictions.

3 STORAGE AND PRESER4ATION

;.; ;.3 ;.2

;.6

6 ACCESS
3.! 3.2 2.!

7 TRAC8ING
The system must trac+ the current location and custody of records* including chec+ed/out records or co%ies of records. !! logs on the access and use of records. 2.2 The system must maintain secured audit
2.;

The system must esta,lish )ersion control and differentiate original records from drafts and co%ies.

3.3 Det %#ed G ! A" #$s%s

1. CAPTURE AND REGISTRATION

B6usiness or %ersonal actions should ,e ca%tured as records "hen they commit an organiCation or indi)idual to action* render an organiCation or indi)idual accounta,le* or document an action* a decision or decision/ma+ing %rocess.B IS% /0123&/ 3./ 'etermining documents to be captured into a records system & p.// B7a%ture is the %rocess of determining that a record should ,e made and +e%t. This includes ,oth records created and recei)ed ,y the organiCation.B IS% /0123&4 1.5.4 (apture & p./1 I-!#e-e"t t%o" Co"s%der t%o"s BIn electronic records systems* the determinations a,out ca%ture and retention should ,e considered in system design at the IS% /0123&4 1.4.1 Records disposition authority & p./9 BInformation systems* ,usiness a%%lications and communication systems* and the ,usiness %rocesses "hich they su%%ort* should ,e designed* modified or redesigned so that adequate records can ,e created and ca%tured as a routine %art of underta+ing IS% /0123&/ 2. 'esign and implementation of a records system & p.2

!2

COMPLIANT NOT COMPLIANT

1.1 The s$ste- -ust 9e 9#e to d%st%"/u%sh: %de"t%f$ "d c !ture those docu-e"ts or d t o9;ects th t re records "d d%st%"/u%sh the- fro- "o"1record f%" "c% # %"for- t%o".

ANAL,SIS COMMENTS RE0UIREMENT CITATIONS

BStrategies ado%ted ,y an organiCation for documenting its ,usiness acti)ity should determine "hat records are required and "hen* ho" and "here they should ,e ca%tured into records systems.B IS% /0123&/ 2. 'esign and implementation of a records system & p.2 BRecords identified for continuing retention are li+ely to ,e those "hich1 / %ro)ide e)idence and information a,out the organiCationBs %olicies and actions* / %ro)ide e)idence and information a,out the organiCationBs interaction "ith the client community it ser)es* / document the rights and o,ligations of indi)iduals and organiCations* / contri,ute to the ,uilding of an organiCationBs memory for scientific* cultural or historical %ur%oses* and / contain e)idence and information a,out acti)ities of interest to internal and e$ternal sta+eholders.B IS% /0123&/ 3.4 'etermining ho" long to retain records & p./4 I-!#e-e"t t%o" Co"s%der t%o"s BRecords of some transactions "ithin a system are re%eatedly used to %erform further transactions. ' distinction needs to ,e made ,et"een the core records* "hich are those used re%eatedly* and records of multi%le indi)idual transactions* "hich refer to the core recordsG it may ,e %ossi,le to remo)e the indi)idual transaction records from the system shortly after the transaction is com%leted. For e$am%le* lea)e records in %ersonnel systems are only maintained for a limited %eriod* "hile the lea)e history "ill ,e maintained as long as the em%loyee is em%loyed. The relationshi% ,et"een core ,usiness records and other transactional records "ill determine ho" long each are needed "ithin the system. This is also de%endent on the nature of the ,usiness acti)ity ,eing documented. For e$am%le* transaction records relating to a %erson:s medical history may need to ,e retained longer than the accounts IS% /0123&4 1.4.1.5 'etermining ho" long to retain records & p.//&/4

[back to top]

!;

COMPLIANT NOT COMPLIANT

1.2 The s$ste- -ust 9e 9#e to re/%ster records 9$ ss%/"%"/ the- u"%.ue %de"t%f%ers th t (%## re- %" (%th the records s #o"/ s the records e<%st.

ANAL,SIS COMMENTS

RE0UIREMENT CITATIONS

BDRegistering records is theE act of gi)ing a record a unique identifier on its entry into a system.B IS% /0123&/ 5./2 Terms and definitions & p.5 BRM' DRecords Management '%%licationsE shall assign a unique com%uter/generated record identifier for each record they manage regardless of "here that record is stored: 'o' 09/0.4 :!.4 4994; (4.4.5. 'eclaring and Filing Records & (4.4.5.0 B'n element of metadata* a record identifier is a data element "hose )alue is system/generated and that uniquely identifies a %articular record. (72.T;.! / 8nique Record Identifier / mandatory* system generated* not edita,le)B 'o' 09/0.4 :!.4 4994; '</. '=FI*ITI%*S & '</./.63. BThe %rimary %ur%ose of registration is to %ro)ide e)idence that a record has ,een created or ca%tured in a records system* and an additional ,enefit is that it facilitates retrie)al.B IS% /0123&/ 3.1 Registration & p./5

[back to top]

!3

!2

COMPLIANT

NOT COMPLIANT

1.6 The s$ste- -ust 9e 9#e to #%"= co"te<tu # %"for- t%o" )%.e. -et d t !rof%#e* to the record: us%"/ t #e st the fo##o(%"/ ttr%9utes> * u"%.ue record %de"t%f%er 9* d te "d t%-e of record re/%str t%o" c* record cre t%o" d te d* record t%t#e or descr%!t%o" e* " -e of record cre tor or " -e of record user (ho c !tured the record

ANAL,SIS COMMENTS RE0UIREMENT CITATIONS

BSystems that ca%ture records also need to ca%ture metadata associated "ith the record.B IS% /0123&4 1.5.4 (apture & p./1 BRegistration s%ecifies the follo"ing metadata as a minimum1 a) unique identifier assigned from the systemG ,) the date and time of registrationG c) a title or a,,re)iated descri%tionG d) the author (%erson or cor%orate ,ody)* sender or reci%ientB IS% /0123&4 1.5.5 Registration & p./0 BMandatory record metadata com%onents are sho"n in Ta,le 72.T;1 72.T;.!. 8nique Record Identifier 72.T;.; Su,-ect or Title 72 T;.3 Media Ty%e 72 T;.2 Format 72 T;.6 5ate Filed 72.T;.? Pu,lication 5ate 72.T;.( 'uthor or riginator 72.T;.!2 rigination rganiCationB 'o' 09/0.4 :!.4 4994; (4.4.5. 'eclaring and Filing Records & (4.4.5.4. I-!#e-e"t t%o" Co"s%der t%o"s B#lectronic records systems can ,e designed to register records through automatic %rocesses* trans%arent to the user of the ,usiness system from "hich it is ca%tured and "ithout the inter)ention of a records management %ractitioner. #)en "here registration is not totally automated* elements of the registration %rocess (s%ecifically some of the metadata that are required for registration) can ,e automatically deri)ed from the com%uting and ,usiness en)ironment from "hich the record originates.B IS% /0123&4 1.5.5. Registration & p./0 BRM' DRecords Management '%%licationsE shall (for all records) ca%ture* %o%ulate* andHor %ro)ide the user "ith the ca%a,ility to %o%ulate the metadata elements ,efore filing the record. RM' DRecords Management '%%licationsE shall ensure that fields designated mandatory for data collections are non/null ,efore filing the record. 'o' 09/0.4 :!.4 4994; (4.4.5. 'eclaring and Filing Records & (4.4.5./9 B For records that are ,eing filed )ia the user interface* RM' DRecords Management '%%licationsE shall %ro)ide the user "ith the ca%a,ility to edit the record metadata %rior to filing the record* e$ce%t for data s%ecifically identified in this Standard as not edita,le. For autofiling* RM' DRecords Management '%%licationsE shall !6 %ro)ide the user the o%tion of editing the record metadata %rior to filing.B 'o' 09/0.4 :!.4 4994; (.4.4.5 'eclaring and Filing Records & (4.4.5.//. B RM' DRecords Management '%%licationsE shall lin+ the record metadata to the record so that it can ,e accessed for dis%lay* e$%ort*

[back to top]

2. CLASSI&ICATION
B7lassification is the %rocess of identifying the category or categories of ,usiness acti)ity and the records they generate and of grou%ing them* if a%%lica,le* into files to facilitate descri%tion* control* lin+s and determination of dis%osition and access status.B IS% /0123&4 1.5.1 (lassification & p./6 BRM's shall %ro)ide the ca%a,ility to associate the attri,utes of one or more record folder(s) to a record* or for categories to ,e managed at the record le)el* %ro)ide the ca%a,ility to associate a record category to a record.B 'o' 09/0.4 :!.4 4994; (4.4.5. 'eclaring and Filing Records & (4.4.5./. BThe degree of refinement of a classification system is at the discretion of the organiCation and reflects the com%le$ity of the function underta+en "ithin the organiCation.B IS% /0123&4 1.4.4 8usiness acti!ity classification & p.3 I-!#e-e"t t%o" Co"s%der t%o"s BThe fileHrecord is ,est classified at the same time as it is registered.B IS% /0123&4 1.5.5 Registration & p./6 B rganiCations need to determine the degree of classification control they require for their ,usiness %ur%oses.B IS% /0123&/ 3.0.4 (lassification systems & p./5 BRM's shall %ro)ide the ca%a,ility for only authoriCed indi)iduals to create* edit* and delete file %lan com%onents and their identifiers.: 'o' 09/0.4 :!.4 4994; (4.4./. Implementing File +lans & (4.4././.

!?

COMPLIANT NOT COMPLIANT

2.1 The s$ste- -ust %"de< records for retr%e' # "d ccess us%"/ the or/ "%s t%o"1(%de records c# ss%f%c t%o" sche-e or other st "d rd t <o"o-%es %" use (%th%" the or/ "%s t%o".

ANAL,SIS COMMENTS
BThe allocation of inde$ing terms may ,e restricted to the terminology esta,lished in the classification scheme or other )oca,ulary controls. Inde$ing terms are commonly deri)ed from1 a) the format or nature of the record* ,) the title or main heading of the record* c) the su,-ect content of the record* usually in accord "ith the ,usiness acti)ity* d) the a,stract of a record* e) dates associated "ith transactions recorded in the record* f) names of clients or organiCations* g) %articular handling or %rocessing requirements* h) attached documentation not other"ise identified* or i) the uses of the records.B IS% /0123&4 1.5.1.5 Inde#ing & p./7 BFurther descri%ti)e and control details can ,e attached to the record ,y using )oca,ulary controls such as a list of authoriCed headings or a thesaurus (see 3.2.;.! and 3.2.;.2).B IS% /0123&4 1.5.1.4 >ocabulary controls & p./6 BRM's shall %ro)ide the ca%a,ility to sort* )ie"* sa)e* and %rint user/selected %ortions of the file %lan* including record folders.B 'o' 09/0.4 :!.4 4994; (4.4./. Implementing File +lans & (4.4./.6. BSu%%orted ,y instruments such as )oca,ulary controls* classification systems %romote consistency of titling and descri%tion to facilitate retrie)al and useB IS% /0123&4 1.4.4 8usiness acti!ity classification & p.2 B'%%ro%riate allocation of inde$ terms e$tends the %ossi,ilities of retrie)al of records across classifications* categories and media.B IS% /0123&4 1.5.1.5 Inde#ing & p./6 I-!#e-e"t t%o" Co"s%der t%o"s BInde$ing can ,e done manually or ,e automatically generated. It may occur at )arious le)els of aggregation "ithin a records IS% /0123&/ 3.0.1 Inde#ing & p./1

RE0UIREMENT CITATIONS

!4

[back to top]

!(

COMPLIANT NOT COMPLIANT ANAL,SIS COMMENTS

2.2 The s$ste- -ust ss%/" the !!ro!r% te rete"t%o" "d d%s!os%t%o" ru#e to the record.

RE0UIREMENT CITATIONS

B'ny records created or ca%tured need to ha)e a retention %eriod assigned* so it is clear ho" long they should ,e maintained.B IS% /0123&4 1.4.1.4 'etermining documents to be captured into a records system & p.// BThe %rocess requires reference to a dis%osition authority (see 3.2.3) of a more or less formal nature de%ending on the siCe and nature of the organiCation and its accounta,ilities.B IS% /0123&4 1.5.6 Identification of 'isposition Status & p./7 B'll records "ithin a records system should ,e co)ered ,y some form of dis%osition authority* from records of the smallest transactions to the documentation of the system:s %olicies and %rocedures.B IS% /0123&4 1.4.1.5 'etermining ho" long to retain records & p./4 I-!#e-e"t t%o" Co"s%der t%o"s BMany records systems* %articularly electronic records systems* identify the dis%osition status and retention %eriod of the record at the %oint of ca%ture and registration. The %rocess can ,e lin+ed to acti)ity/,ased classification and automated as %art of system design. IS% /0123&4 1.5.6 Identification of 'isposition Status & p./7

[back to top]

20

COMPLIANT NOT COMPLIANT ANAL,SIS COMMENTS

2.3 The s$ste- -ust ss%/"

secur%t$ c# ss%f%c t%o" code to the record.

RE0UIREMENT CITATIONS

B rganiCations should ha)e formal guidelines regulating "ho is %ermitted access to records and in "hat circumstances.B IS% /0123&/ 3.7 Access & p./1 BThe more com%le$ the organiCation and the more com%le$ its ,usiness and regulatory en)ironment* the greater the need for standardiCation of %rocedures to a%%ly access and security categories to records.B IS% /0123&4 1.4.0 Security and access classification scheme & p./4

[back to top]

2!

3. STORAGE AND PRESER4ATION

BThe decision to ca%ture a record im%lies an intention to store it.B IS% /0123&4 1.5.7./ Record Storage 'ecisions & p./2 B'%%ro%riate storage en)ironment and media* %hysical %rotecti)e materials* handling %rocedures and storage systems should ,e considered "hen designing the records system.B IS% /0123&/ 2.5.5 +hysical storage medium and protection & p.3 BRM's should %ro)ide additional features for managing ,o$es of hard/co%y records and other off/line archi)es.B 'o' 09/0.4 :!.4 4994; (5.4. %ther ?seful RMA Features & (5.4./7. BRecords of continuing )alue* irres%ecti)e of format* require higher quality storage and handling to %reser)e them for as long as that )alue e$ists.B IS% /0123&4 1.5.3.4 (ontinuing Retention & p.49 BRecords identified for continuing retention need to ,e stored in en)ironments conduci)e to their long/term %reser)ation.B IS% /0123&4 1.5.3.4 (ontinuing Retention & p.49 BRM's shall manage and %reser)e any record in any su%%orted re%ository* regardless of its format or structure* so that* "hen retrie)ed* it can ,e re%roduced* )ie"ed* and mani%ulated in the same manner as the original.B 'o' 09/0.4 :!.4 4994; (.4.4.0 Storing Records & (4.4.0.5. BSince RM's are %rohi,ited (see su,%aragra%h 72.2.;.4.) from altering the format of stored records* the organiCation shall ensure that it has the a,ility to )ie"* co%y* %rint* and* if a%%ro%riate* %rocess any record stored in RM's for as long as that record must ,e retained.B 'o' 09/0.4 :!.4 4994; (4.4./9. Additional 8aseline Requirements. & (4.4./9.5.
[back to top]

22

2;

COMPLIANT NOT COMPLIANT

3.1 The s$ste- -ust !ro'%de re#% 9#e stor /e re!os%tor$ th t -eets the records? re.u%re-e"ts for f%#e for- ts: stor /e 'o#u-e: "d retr%e' # t%-e.

ANAL,SIS COMMENTS

RE0UIREMENT CITATIONS

BRecords should ,e stored on media that ensure their usea,ility* relia,ility* authenticity and %reser)ation for as long as they are needed. Records require storage conditions and handling %rocesses that ta+e into account their s%ecific %hysical and chemical IS% /0123&/ 3.6 Storage and handling & p./1 BRecords that are %articularly critical for ,usiness continuity may require additional methods of %rotection and du%lication to ensure accessi,ility in the e)ent of a disaster.B IS% /0123&4 1.5.7./ Record Storage 'ecisions & p./2 BThe system shall %ro)ide the ca%a,ility to re,uild from any ,ac+u% co%y* using the ,ac+u% co%y and all su,sequent system 'o' 09/0.4 :!.4 4994; (4.4.3. System Management Requirements & (4.4.3.1. BThe system shall %ro)ide for the monitoring of a)aila,le storage s%ace. The storage statistics shall %ro)ide a detailed accounting of the amount of storage consumed ,y RM' %rocesses* data* and records. The system shall notify indi)iduals of the need for correcti)e action in the e)ent of critically lo" storage s%ace.B 'o' 09/0.4 :!.4 4994; (4.4.3. System Management Requirements & (4.4.3.0. I-!#e-e"t t%o" Co"s%der t%o"s BFno"ing ho" long the records "ill need to ,e +e%t and maintained "ill affect decisions on storage media.B IS% /0123&/ 2.5.5 +hysical storage medium and protection & p.3 BThe %ur%ose ser)ed ,y the record* its %hysical form and its use and )alue "ill dictate the nature of the storage facility and ser)ices required to manage the record for as long as it is needed.B IS% /0123&4 1.5.7./ Record Storage 'ecisions & p./2 BIn some cases* "here the legal and regulatory en)ironment allo"s this* records may ,e %hysically stored "ith one organiCation* ,ut the res%onsi,ility and management control reside "ith either the creating organiCation or another a%%ro%riate authority. Such arrangements* distinguishing ,et"een storage* o"nershi% and res%onsi,ility for records* are %articularly rele)ant for records in electronic records systems. =ariations in these arrangements may occur at any time in the systemsB e$istence* and any changes to these arrangements should ,e tracea,le and documented.B IS% /0123&/ 2.5.1 'istributed management & p./9

23

[back to top]

COMPLIANT NOT COMPLIANT

3.2 The s$ste- -ust !ro'%de re#% 9#e stor /e re!os%tor$ for the records? -et d t "d e"sure th t the -et d t %s !ers%ste"t#$ #%"=ed to or e-9edded %" the record for %ts e"t%re #%fes! ".

ANAL,SIS COMMENTS
9Metadata DisE data descri,ing conte$t* content and structure of records and their management through time.: IS% /0123&/ 5. Terms and definitions p.5 9's "ell as the content* the record should contain* or ,e %ersistently lin+ed to* or associated "ith* the metadata necessary to document a transaction: IS% /0123&/ 7.4./ General p.7 B6usiness or %ersonal actions should ,e ca%tured as records and lin@ed "ith metadata "hich characteriAe their specific business conte#t "hen they commit an organiCation or indi)idual to action* render an organiCation or indi)idual accounta,le* or document an action* a decision or decision/ma+ing %rocess.B IS% /0123&/ 3./ 'etermining documents to be captured into a records system & p.// 9RM's shall* for records a%%ro)ed for accession and that are not stored in an RM' su%%orted re%ository* co%y the associated metadata for the records and their folders to a user/s%ecified filename* %ath* or de)ice. 9 'o' 09/0.4 :!.4 4994; (4.4.6.0. Transferring Records && (4.4.6.0.5.
[back to top]

RE0UIREMENT CITATIONS

22

COMPLIANT NOT COMPLIANT

3.3 The s$ste- -ust !ro'%de 9 c=u! "d d%s ster reco'er$ fu"ct%o" #%t$ for the record "d records -et d t stor /e re!os%tor$.

ANAL,SIS COMMENTS
BThe RM' system shall %ro)ide the ca%a,ility to automatically create ,ac+u% or redundant co%ies of the records and their metadata 'o' 09/0.4 :!.4 4994; (4.4.3. System Management Requirements & (4.4.3./. BThe system shall %ro)ide the ca%a,ility to re,uild from any ,ac+u% co%y* using the ,ac+u% co%y and all su,sequent system 'o' 09/0.4 :!.4 4994; (4.4.3. System Management Requirements & (4.4.3.1. BStorage conditions and handling %rocesses should ,e designed to %rotect records from unauthoriCed access* loss or destruction* and from theft and disaster.B IS% /0123&/ 3.6 Storage and handling & p./1 BThe records system should address disaster %re%aredness to ensure that ris+s are identified and mitigated.B IS% /0123&/ 2.5.5 +hysical storage medium and protection & p.3 BRecords that are %articularly critical for ,usiness continuity may require additional methods of %rotection and du%lication to ensure accessi,ility in the e)ent of a disaster.B IS% /0123&4 1.5.7./ Record Storage 'ecisions & p./2 I-!#e-e"t t%o" Co"s%der t%o"s BThe method used to ,ac+ u% RM' data,ase files shall %ro)ide co%ies of the records and their metadata that can ,e stored off/ line and at se%arate location(s) to safeguard against loss due to system failure* o%erator error* natural disaster* or "illful 'o' 09/0.4 :!.4 4994; (.4.4.3. System Management Requirements & (4.4.3.4. BIntegrity should ,e demonstra,ly maintained during and after reco)ery from disaster.B IS% /0123&/ 2.5.5 +hysical storage medium and protection & 3 BFollo"ing any system failure* the ,ac+u% and reco)ery %rocedures %ro)ided ,y the system shall1 72.2.(.;.!. #nsure data integrity ,y %ro)iding the ca%a,ility to com%ile u%dates (records* metadata* and any other I information required to access the records) to RM's. 72.2.(.;.2. #nsure these u%dates are reflected in RM' files* and ensuring that any %artial u%dates to RM' files are se%arately identified. 'lso* any user "hose u%dates are incom%letely reco)ered* shall* u%on ne$t use of the a%%lication* ,e notified that a reco)ery has ,een attem%ted. RM's shall also %ro)ide the o%tion to continue %rocessing using all in/%rogress data not reflected in RM' files.B 'o' 09/0.4 :!.4 4994; (4.4.3. System Management Requirements & (4.4.3.5.

RE0UIREMENT CITATIONS

26

[back to top]

COMPLIANT NOT COMPLIANT

3.6 The s$ste- -ust !ro'%de de.u te secur%t$ fe tures to !re'e"t u" uthor%sed #ter t%o" or de#et%o" of records or records -et d t %" the stor /e re!os%tor$.

ANAL,SIS COMMENTS
BRM's shall %re)ent su,sequent changes to electronic records stored in its su%%orted re%ositories. The content of the record* once filed* shall ,e %reser)ed.B 'o' 09/0.4 :!.4 4994; (4.4.5. 'eclaring and Filing Records & (4.4.5.2. BThe RM's shall %re)ent unauthoriCed access to the re%ository(ies).B 'o' 09/0.4 :!.4 4994; (4.4.0. Storing Records. & (4.4.0.4. BThe integrity of a record refers to its ,eing com%lete and unaltered. It is necessary that a record ,e %rotected against unauthoriCed alteration.B IS% /0123&/ 7.4.1 Integrity & p.7 BTo ensure the authenticity of records* organiCations should im%lement and document %olicies and %rocedures "hich control the creation* recei%t* transmission* maintenance and dis%osition of records to ensure that records creators are authoriCed and identified and that records are %rotected against unauthoriCed addition* deletion* alteration* use and concealment.B IS% /0123&/ 7.4.4 Authenticity & p.7
[back to top]

RE0UIREMENT CITATIONS

2?

COMPLIANT NOT COMPLIANT

3.7 The s$ste- -ust 9e su!!orted 9$ d%/%t # !reser' t%o" !# " th t "t%c%! tes "d est 9#%shes co"t%"/e"c%es for tech"o#o/%c # o9so#esce"ce t the #e'e# of stor /e -ed% : d t for- ts: !!#%c t%o" soft( re "d h rd( re.

ANAL,SIS COMMENTS
BThe storage of records in electronic form necessitates the use of additional storage %lans and strategies to %re)ent their loss.B IS% /0123&4 2.5.0 (on!ersion and migration & p./3 B rganiCations should ha)e %olicies and guidelines for con)erting or migrating records from one records system to another.B IS% /0123&/ 3.6 Storage and handling & p./1 BRecords of continuing )alue* irres%ecti)e of format* require higher quality storage and handling to %reser)e them for as long as that )alue e$ists.B IS% /0123&4 1.5.3.4 (ontinuing Retention & p.49 BRecords identified for continuing retention need to ,e stored in en)ironments conduci)e to their long/term %reser)ation.B IS% /0123&4 1.5.3.4 (ontinuing Retention & p.49 BRM's shall manage and %reser)e any record in any su%%orted re%ository* regardless of its format or structure* so that* "hen retrie)ed* it can ,e re%roduced* )ie"ed* and mani%ulated in the same manner as the original.B 'o' 09/0.4 :!.4 4994; (.4.4.0 Storing Records & (4.4.0.5. I-!#e-e"t t%o" Co"s%der t%o"s BPreser)ation strategies can include co%ying* con)ersion and migration of records. a) 7o%ying is the %roduction of an identical co%y "ithin the same ty%e of medium (%a%erHmicrofilmHelectronic) for e$am%le* from %a%er to %a%er* microfilm to microfilm or the %roduction of ,ac+u% co%ies of electronic records ("hich can also ,e made on a different +ind of electronic medium). ,) 7on)ersion in)ol)es a change of the format of the record ,ut ensures that the record retains the identical %rimary information (content). #$am%les include microfilming of %a%er records* imaging* change of character sets. c) Migration in)ol)es a set of organiCed tas+s designed to %eriodically transfer digital material from one hard"areHsoft"are configuration to another* or from one generation of technology to another. The %ur%ose of migration is to %reser)e the integrity of the records and to retain the a,ility for clients to retrie)e* dis%lay and other"ise use them. Migration may occur "hen hard"are andHor soft"are ,ecomes o,solete or may ,e used to mo)e electronic records from one file format to another.B IS% /0123&4 1.5.3.4 (ontinuing Retention & +.49 BThe organiCation may meet this D%reser)ationE requirement ,y1 72.2.!0.;.!. Maintaining the hard"are and soft"are used to create or ca%ture the record. 72.2.!0.;.2. Maintaining hard"are and soft"are ca%a,le of )ie"ing the record in its nati)e format. 72.2.!0.;.;. #nsuring ,ac+"ard com%ati,ility "hen hard"are and soft"are is u%dated* or1 72.2.!0.;.3. Migrating the record to a ne" format ,efore the old format ,ecomes o,solete. 'ny migration shall ,e %re/ 24 %lanned and controlled to ensure continued relia,ility of the record.B 'o' 09/0.4 :!.4 4994; (4.4./9. Additional 8aseline Requirements & (.4.4./9.5

RE0UIREMENT CITATIONS

[back to top]

COMPLIANT NOT COMPLIANT

3.@ The s$ste- -ust docu-e"t ## d t for- t "d -ed% -%/r t%o"s th t re c rr%ed out o" the records %" the%r -et d t !rof%#es s ! rt of the%r !reser' t%o" h%stor$.

ANAL,SIS COMMENTS

RE0UIREMENT CITATIONS

BSystems for electronic records should ,e designed so that records "ill remain accessi,le* authentic* relia,le and usea,le through any +ind of system change* for the entire %eriod of their retention. This may include migration to different soft"are* re%resentation in emulation formats or any other future "ays of re/%resenting records. $here such processes occur e!idence of these should be @ept along "ith details of any !ariation in records design and format.B IS% /0123&/ 3.6 Storage and handling & p./1

[back to top]

6. ACCESS
BRecords systems should %ro)ide timely and efficient access to* and retrie)al of* records needed in the continuing conduct of ,usiness and to satisfy related accounta,ility requirements.B IS% /0123&/ 2.5.6 Access retrie!al and use & p./9 BRM's shall su%%ort simultaneous multi%le/user access to all com%onents of the RM'* the metadata* and the records.B 'o' 09/0.4 :!.4 4994; (4.4.7. Access (ontrols & (4.4.7.0.
[back to top]

2(

;0

COMPLIANT NOT COMPLIANT ANAL,SIS COMMENTS

6.1 The s$ste- -ust !ro'%de the 9%#%t$ to se rch for: retr%e'e "d d%s!# $ records.

RE0UIREMENT CITATIONS

BRM's shall allo" users to ,ro"se the records stored in the file %lan ,ased on their user access %ermissions.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2./. BRM's shall allo" searches using any com,ination of the record andHor folder metadata elements.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.4. BRM's shall %ro)ide at least one %ortal that %ro)ides access to all associated re%ositories and data,ases storing electronic records and their metadata.B 'o' 09/0.4 :!.4 4994; (4.4.0. Storing Records & (4.4.0./ I-!#e-e"t t%o" Co"s%der t%o"s BRM's shall allo" the user to s%ecify %artial matches and shall allo" designation of I"ild cardI fields or characters.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.5. BRM's shall allo" searches using 6oolean and relational o%erators1 Iand*I Iand not*I Ior*I Igreater thanI (J)* Iless thanI (K)* Iequal toI (L)* and Inot equal toI (K J)* and %ro)ide a mechanism to o)erride the default (standard) order of %recedence.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.1. BRM's shall %resent the user a list of records andHor folders meeting the retrie)al criteria* or notify the user if there are no records andHor folders meeting the retrie)al criteria. RM's shall allo" the user to select and order the columns %resented in the search results list for )ie"ing* transmitting* %rinting* etc.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.0. BRM's shall allo" users the a,ility to search for null or undefined )alues.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.6. BRM's shall allo" the user to a,ort a search.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.//. BRM's shall %ro)ide to the userBs "or+s%ace (filename* location* or %ath name s%ecified ,y the user) co%ies of electronic records* selected from the list of records meeting the retrie)al criteria* in the format in "hich they "ere %ro)ided to the RM' 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.7. BRM's shall allo" users to select any num,er of records* and their metadata* for retrie)al from the search results list.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2./9. B <hen the user selects a record for retrie)al* RM's shall %resent a list of a)aila,le )ersions* defaulting to the latest )ersion of the record for retrie)al* ,ut allo" the user to select and retrie)e any )ersion.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.3. BRM's shall %ro)ide the ca%a,ility for filed e/mail records to ,e retrie)ed ,ac+ into a com%ati,le e/mail a%%lication for )ie"ing* ;! for"arding* re%lying* and any other action "ithin the ca%a,ility of the e/mail a%%lication.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.2.

[back to top]

;2

;;

COMPLIANT NOT COMPLIANT ANAL,SIS COMMENTS

6.2 The s$ste- -ust e"force user ccess "d secur%t$ restr%ct%o"s.

RE0UIREMENT CITATIONS

BSystems should include and a%%ly controls on access to ensure that the integrity of the records is not com%romised.B IS% /0123&/ 2.5.6 Access retrie!al and use & p./9 BStorage conditions and handling %rocesses should ,e designed to %rotect records from unauthoriCed access* loss or destruction* and from theft and disaster.B IS% /0123&/ 3.6 Storage and handling & p./1 BRM's shall allo" only authoriCed indi)iduals to mo)e or delete records from the re%ository.B 'o' 09/0.4 :!.4 4994; (4.4.0. Storing Records. & (4.4.0.1. BThe RM'* in con-unction "ith its o%erating en)ironment* shall use identification and authentication measures that allo" only authoriCed %ersons access to the RM'.B 'o' 09/0.4 :!.4 4994; (4.4.7. Access (ontrols & (4.4.7./. BManaging the access %rocess in)ol)es ensuring that1 a) records are categoriCed according to their access status at a %articular time* ,) records are only released to those "ho are authoriCed to see them* c) encry%ted records can ,e read as and "hen required and authoriCed* d) records %rocesses and transactions are only underta+en ,y those authoriCed to %erform them* and e) %arts of the organiCation "ith res%onsi,ility for %articular ,usiness functions s%ecify access %ermissions to records relating to their area of res%onsi,ility.B IS% /0123&/ 3.7 Access & p./0 I-!#e-e"t t%o" Co"s%der t%o"s BThe degree of control of access and recording of use de%ends on the nature of the ,usiness and the records they generate. For e$am%le* mandatory %ri)acy %rotection measures in many -urisdictions require that the use of records holding %ersonal IS% /0123&4 1.5.2 ?se and trac@ing & p./3 BRM's shall %ro)ide the ca%a,ility to define different grou%s of users "ith different access %ri)ileges. RM's shall control access to file %lan com%onents* record folders* and records ,ased on grou% mem,ershi% as "ell as user account information. 't a minimum* access shall ,e restricted to a%%ro%riate %ortions of the file %lan for %ur%oses of filing andHor searchingHretrie)ing.B 'o' 09/0.4 :!.4 4994; (4.4.7. Access (ontrols & (4.4.7.5 B't a minimum* the RM' "ill im%lement identification and authentication measures that require the follo"ing1 72.2.?.!.!. 8serid. 72.2.?.!.2. Pass"ord. (RM's shall %ro)ide the ca%a,ility for authoriCed users to define the minimum length of the Pass"ord field.) 72.2.?.!.;. 'lternati)e methods* such as 6iometrics* 7ommon 'ccess 7ards (7'7)* or Pu,lic Fey Infrastructure (PFI)* in lieu 'o' 09/0.4 :!.4 4994; (4.4.7. Access (ontrols & (4.4.7./ BIf the RM' %ro)ides a "e, user interface* it shall ;3%ro)ide !24/,it encry%tion and ,e PFI/ena,led* as "ell as %ro)ide all the mandatory access controls.B 'o' 09/0.4 :!.4 4994; (4.4.7. Access (ontrols & (4.4.7.1.

[back to top]

7. TRAC8ING
BTrac+ing of the mo)ement and use of records "ithin a records system is required to a) identify outstanding action required* ,) ena,le retrie)al of a record* c) %re)ent loss of records* d) monitor usage for systems maintenance and security* and maintain an audita,le trail of records transactions (i.e. ca%ture or registration* classification* inde$ing* storage* access and use* migration and dis%osition)* and e) maintain ca%acity to identify the o%erational origins of indi)idual records "here systems ha)e ,een amalgamated or migratedB IS% /0123&/ 3.2 Trac@ing & p./0 BThe trac+ing of records usage "ithin records systems is a security measure for organiCations. It ensures that only those users "ith a%%ro%riate %ermissions are %erforming records tas+s for "hich they ha)e ,een authoriCed.B IS% /0123&4 1.5.2 ?se and trac@ing & p./3
[back to top]

;2

COMPLIANT NOT COMPLIANT

7.1 The s$ste- -ust tr c= the curre"t #oc t%o" "d custod$ of records: %"c#ud%"/ chec=ed out records or co!%es of records.

ANAL,SIS COMMENTS

RE0UIREMENT CITATIONS

9The mo)ement of records should ,e documented to ensure that items can al"ays ,e located "hen required.B IS% /0123&/ 3.2.5 <ocation trac@ing & p./0 BThe system should trac+ the issue* transfer ,et"een %ersons and return of records to their home location or storage as "ell as their dis%osition or transfer to any other authoriCed e$ternal organiCation including an archi)es authority.B IS% /0123&/ 3.2.5 <ocation trac@ing & p./0 I-!#e-e"t t%o" Co"s%der t%o"s BTrac+ing mechanisms may record the item identifier* the title* the %erson or unit ha)ing %ossession of the item and the timeHdate of mo)ement.B IS% /0123&/ 3.2.5 <ocation trac@ing & p./0 BSystems for monitoring use andHor mo)ement of records range from / %hysical card/,ased mo)ement/recording systems to / ,ar/coding technology to / electronic records systems "here )ie"ing a record is automatically ca%tured as a system transaction.B IS% /0123&4 1.5.2 ?se and trac@ing & p./3 BTrac+ing systems ha)e to meet the test of locating any record "ithin an a%%ro%riate time %eriod and ensuring that all mo)ements are tracea,le.B IS% /0123&4 1.5.2 ?se and trac@ing & p./3

[back to top]

;6

COMPLIANT NOT COMPLIANT ANAL,SIS COMMENTS

7.2 The s$ste- -ust - %"t %" secured ud%t #o/s o" the ccess "d use of records.

RE0UIREMENT CITATIONS

BDRecords systemsE should %ro)ide and maintain audit trails or other methods to demonstrate that records "ere effecti)ely %rotected from unauthoriCed use* alteration or destruction.B IS% /0123&/ 2.5.6 Access retrie!al and use & p./9 BThe RM'* in con-unction "ith its o%erating en)ironment* shall %ro)ide an audit ca%a,ility to log the actions* date* time* unique o,-ect identifier(s) and user identifier(s) for actions %erformed on the follo"ing RM' o,-ects1 72.2.4.!.!. 8ser 'ccounts. 72.2.4.!.2. 8ser &rou%s. 72.2.4.!.;. Records. 72.2.4.!.3. 'ssociated metadata elements. 72.2.4.!.2. File %lan com%onents. These actions include retrie)ing* creating* deleting* searching* and editing actions.B 'o' 09/0.4 :!.4 4994; (4.4.2. System Audits & (4.4.2./. B The RM'* in con-unction "ith its o%erating en)ironment* shall %ro)ide audit analysis functionality "here,y an authoriCed indi)idual can set u% s%ecialiCed re%orts to1 72.2.4.;.!. 5etermine "hat le)el of access a user has and to trac+ a userBs actions. 72.2.4.;.2. Facilitate reconstruction* re)ie"* and e$amination of the e)ents surrounding or leading to mishandling of records* %ossi,le com%romise of sensiti)e information* or denial of ser)ice.B 'o' 09/0.4 :!.4 4994; (4.4.2. System Audits & (4.4.2.5. BRecords systems should contain com%lete and accurate re%resentations of all transactions that occur in relation to a %articular record. / These include the %rocesses associated "ith indi)idual records. / Such details may ,e documented as %art of the metadata em,edded in* attached to* or associated "ith* a s%ecific record. IS% /0123&/ 2.5.4 'ocumenting record transactions & p.3 BThe trac+ing of records usage "ithin records systems is a security measure for organiCations. It ensures that only those users "ith a%%ro%riate %ermissions are %erforming records tas+s for "hich they ha)e ,een authoriCed.B IS% /0123&4 1.5.2 ?se and trac@ing & p./3 I-!#e-e"t t%o" Co"s%der t%o"s BThe RM'* in con-unction "ith its o%erating en)ironment* shall not allo" audit logs to ,e edited.B 'o' 09/0.4 :!.4 4994; (4.4.2. System Audits & (4.4.2.6. BTrac+ing systems ha)e to meet the test of locating any record "ithin an a%%ro%riate time %eriod and ensuring that all mo)ements are tracea,le.B IS% /0123&4 1.5.2 ?se and trac@ing & p./3 BRM's shall %ro)ide the ca%a,ility to file the audit data as a record.B 'o' 09/0.4 :!.4 4994; (4.4.2. System Audits & (4.4.2.1. BThe RM'* in con-unction "ith its o%erating en)ironment* shall allo" only authoriCed indi)iduals to e$%ort andHor ,ac+u% and ;? remo)e audit files from the system.B 'o' 09/0.4 :!.4 4994; (4.4.2. System Audits & (4.4.2.0.

[back to top]

COMPLIANT NOT COMPLIANT

7.3 The s$ste- -ust est 9#%sh 'ers%o" co"tro# "d d%ffere"t% te or%/%" # records frodr fts "d co!%es.

ANAL,SIS COMMENTS
B'n organiCation may determine that RM's should ha)e the ca%a,ility to manage "or+ing and draft )ersions of documents and other %otential record materials as they are ,eing de)elo%ed.B 'o' 09/0.4 :!.4 4994; (5.4. %ther ?seful RMA Features & (5.4.//. BRecords management %olicies and %rocedures should s%ecify /"hat additions or annotations may ,e made to a record after it is created* /under "hat circumstances additions or annotations may ,e authoriCed* and "ho is authoriCed to ma+e them. /'ny authoriCed annotation* addition or deletion to a record should ,e e$%licitly indicated and tracea,le.B IS% /0123&/ 7.4.1 Integrity & p.7 I-!#e-e"t t%o" Co"s%der t%o"s B <hen the user selects a record for retrie)al* RM's shall %resent a list of a)aila,le )ersions* defaulting to the latest )ersion of the record for retrie)al* ,ut allo" the user to select and retrie)e any )ersion.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.3. B <hen the user selects a record for retrie)al* RM's shall %resent a list of a)aila,le )ersions* defaulting to the latest )ersion of the record for retrie)al* ,ut allo" the user to select and retrie)e any )ersion.B 'o' 09/0.4 :!.4 4994; (4.4.6.2. Searching for and Retrie!ing Records & (4.4.6.2.3.
[back to top]

RE0UIREMENT CITATIONS

;4

@. DISPOSITION
B5is%osition authorities that go)ern the remo)al of records from o%erational systems should ,e a%%lied to records on a systematic and routine ,asis* in the course of normal ,usiness acti)ity.B IS% /0123&/ 3.3 Implementing disposition & p./6 BRecords retention should ,e managed to meet the current and future needs of internal and e$ternal sta+eholders ,y follo"ing regulations of the a%%ro%riate archi)al authority "here a%%lica,le.B IS% /0123&/ 3.4 'etermining ho" long to retain records & p./4 BStatutory or other regulatory requirements may demand minimum retention %eriods or su,mission to an authoriCing ,ody such as an archi)al authority or auditors for any necessary a%%ro)al Dof the records dis%osition authorityE.B IS% /0123&/ 3.4 'etermining ho" long to retain records & p.// BRM's shall %ro)ide the ca%a,ility for only authoriCed indi)iduals to )ie"* create* edit* and delete dis%osition schedule com%onents of record categories.B 'o' 09/0.4 :!.4 4994; (4.4.4. Scheduling Records & (4.4.4./. BRM's shall %ro)ide the ca%a,ility for only authoriCed indi)iduals to define the cutoff criteria and* for each life/cycle %hase* the follo"ing dis%osition com%onents for a record category1 72.2.2.;.!. Retention Period (e.g.* fiscal year). 72.2.2.;.2. 5is%osition 'ction (interim transfer* accession* %ermanent* or destroy). 72.2.2.;.;. Interim Transfer or 'ccession >ocation (if a%%lica,le).B 'o' 09/0.4 :!.4 4994; (4.4.4. Scheduling Records & (4.4.4.5. BRecords systems should ,e ca%a,le of facilitating and im%lementing decisions on the retention or dis%osition of records. / It should ,e %ossi,le for these decisions to ,e made at any time in the e$istence of records* including during the design stage of records systems. / It should also ,e %ossi,le* "here a%%ro%riate* for dis%osition to ,e acti)ated automatically.B IS% /0123&/ 2.5.7 Retention and disposition & p./9 BRecords retention should ,e managed to meet current and future ,usiness needs ,y1 / retaining information concerning %ast and %resent decisions and acti)ities as %art of the cor%orate memory to inform decisions and acti)ities in the %resent and in the future* / retaining e)idence of %ast and %resent acti)ities to meet accounta,ility o,ligations* / eliminating* as early as %ossi,le and in an authoriCed* systematic manner* records "hich are no longer required* and / retaining the conte$t of the record "hich "ill ena,le future users to -udge the authenticity and relia,ility of records* e)en in cases "here the records systems in "hich they are retained ha)e ,een closed or ha)e undergone significant changes.B IS% /0123&/ 3.4 'etermining ho" long to retain records & p./4 BD' records dis%osition authority isE a formally a%%ro)ed schedule of classes of records* retention %eriods and a%%ro%riate dis%osition actions that is su,mitted for a%%ro)al ,y an e$ternal authority (on records dis%osition).B IS% /0123&4 1.4.1 Records disposition authority & p./9 B'll decisions on "hich records should ,e ca%tured and ho" long records should ,e maintained should ,e clearly documented and retained. 5ecisions may ,e %resented as a dis%osition authority.B IS% /0123&/ 3./9 'ocumenting records management processes & p./6 B5is%osition action may encom%ass1 a) immediate %hysical destruction* including o)er"riting and deletion* ,) retention for a further %eriod "ithin the ,usiness unit* c) transfer to an a%%ro%riate storage area or medium under organiCational control* ;( res%onsi,ility for the ,usiness acti)ity through restructure* sale or d) transfer to another organiCation that has assumed %ri)atiCation* e) transfer to a storage area managed on ,ehalf of the organiCation ,y an inde%endent %ro)ider "ith "hom a%%ro%riate contractual arrangements ha)e ,een esta,lished*

[back to top]

30

3!

COMPLIANT NOT COMPLIANT

@.1 The s$ste- -ust 9e 9#e to c #cu# te the rete"t%o" !er%od for records "d tr%//er the !!ro!r% te d%s!os%t%o" e'e"t (he" the rete"t%o" !er%od e<!%res.

ANAL,SIS COMMENTS

RE0UIREMENT CITATIONS

B'ny records created or ca%tured need to ha)e a retention %eriod assigned* so it is clear ho" long they should ,e maintained.B IS% /0123&4 1.4.1.4 'etermining documents to be captured into a records system & p.// BRM's shall %ro)ide the ca%a,ility to automatically calculate the com%lete life cycle* including intermediate %hases* of record folders and records not in folders.B 'o' 09/0.4 :!.4 4994; (4.4.4. Scheduling Records & (4.4.4.0. BRM's shall* as a minimum* ,e ca%a,le of scheduling and rescheduling each of the follo"ing three ty%es of cutoff and dis%osition instructions. 72.2.2.3.!. Time 5is%ositions* "here records are eligi,le for dis%osition immediately after the conclusion of a fi$ed %eriod of time follo"ing user/defined cutoff (e.g.* days* months* years). 72.2.2.3.2. #)ent 5is%ositions* "here records are eligi,le for dis%osition immediately after a s%ecified e)ent ta+es %lace (i.e.* e)ent acts as cutoff and there is no retention %eriod). 72.2.2.3.;. Time/#)ent 5is%ositions* "here the timed retention %eriods are triggered after a s%ecified e)ent ta+es %lace (i.e.* e)ent ma+es the record folder eligi,le for closing andHor cutoff and there is a retention %eriod).B 'o' 09/0.4 :!.4 4994; (4.4.4. Scheduling Records & (4.4.4.1. B5is%osition action may encom%ass1 a) immediate %hysical destruction* including o)er"riting and deletion* ,) retention for a further %eriod "ithin the ,usiness unit* c) transfer to an a%%ro%riate storage area or medium under organiCational control* d) transfer to another organiCation that has assumed res%onsi,ility for the ,usiness acti)ity through restructure* sale or %ri)atiCation* e) transfer to a storage area managed on ,ehalf of the organiCation ,y an inde%endent %ro)ider "ith "hom a%%ro%riate contractual arrangements ha)e ,een esta,lished* f) transfer of res%onsi,ility for management to an a%%ro%riate authority "hile %hysical storage of the record is retained ,y the creating organiCation* g) transfer to an organiCational archi)e* or IS% /0123&/ 3.3 Implementing disposition & p./6 I-!#e-e"t t%o" Co"s%der t%o"s BRecords "ith similar dis%osition dates and triggering actions should ,e readily identifia,le from the records system. For e$am%le* %a%er/,ased records "ith the same dis%osition dates and triggering actions can ,e stored %hysically together.B IS% /0123&4 1.5.3./ Implement 'isposition & p.49 BSimilar retention %eriods and dis%osition action are determined for grou%s of records %erforming or recording similar acti)ities "ithin the system. Retention %eriods should ,e stated clearly and dis%osition triggers clearly identified. For e$am%le1 9destroy $ years after audit: or 9transfer to the archi)es $ years after last transaction com%leted:.B IS% /0123&4 1.4.1.5 'etermining ho" long to retain records & p.//&/4 BRM's shall %ro)ide for sorting* )ie"ing* sa)ing* and %rinting list(s) of record folders andHor records (regardless of media) ,ased 32 on any com,ination of the follo"ing1 72.2.6.!.!.!. 5is%osition 'ction 5ate. 72.2.6.!.!.2. 5is%osition 'ction.

[back to top]

3;

33

COMPLIANT NOT COMPLIANT

@.2 The s$ste- -ust 9e 9#e to !reser'e those records th t re.u%re #o"/1ter- or !er- "e"t rete"t%o" %" ccord "ce (%th d%/%t # !reser' t%o" !# " )see Re.u%re-e"t 3.7* or tr "sfer the- to stor /e re!os%tor$ th t -eets #o"/1ter- !reser' t%o" re.u%re-e"ts.

ANAL,SIS COMMENTS
B5is%osition authorities that go)ern the remo)al of records from o%erational systems should ,e a%%lied to records on a systematic and routine ,asis* in the course of normal ,usiness acti)ity.B IS% /0123&/ 3.3 Implementing disposition & p./6 BRM's shall* for records a%%ro)ed for interim transfer or accession and that are stored in the RM'Bs su%%orted re%ository(ies)* co%y the %ertinent records and associated metadata of the records and their folders to a user/s%ecified filename* %ath* or de)ice.: 'o' 09/0.4 :!.4 4994; (4.4.6.0. Transferring Records & (4.4.6.0.4. B' transfer of o"nershi% or custody of records to another organiCation may include1 transfer to other organiCations "ith res%onsi,ilities for the records* transfer to outsourced or contractor organiCations* transfer to a storage facility* or transfer to IS% /0123&4 1.5.3.1 Transfer of custody or o"nership of records & p.4/ B<here records are remo)ed from the immediate %hysical en)ironment of the ,usiness unit into other %hysical areas controlled ,y the organiCation* the continuing res%onsi,ility for authoriCing the destruction or further dis%osition action is retained ,y that IS% /0123&4 1.5.3.4 (ontinuing Retention & p.49 BIn some countries* the dis%osition authorities may %rescri,e %ermanent %reser)ation* either "ithin the organiCation or in a se%arate archi)es institution.B IS% /0123&4 1.4.1 Records disposition authority & p./9 I-!#e-e"t t%o" Co"s%der t%o"s BMo dis%osition action should ta+e %lace "ithout the assurance that the record is no longer required* that no "or+ is outstanding and that no litigation or in)estigation is current or %ending "hich "ould in)ol)e relying on the record as e)idence.B IS% /0123&/ 3.3 Implementing disposition & p./6 BIf electronic records are transferred* such issues as the follo"ing need to ,e considered1 hard"are and soft"are com%ati,ilityG metadata (control and conte$tual information)G data documentation (technical information on data %rocessing and data structure)G licensing agreementsG and standards.B IS% /0123&4 1.5.3.1 Transfer of custody or o"nership of records & p.4/ B<here records are transferred to an e$ternal storage %ro)ider or an e$ternal archi)es authority* "hether as a result of im%lementing dis%osition action or for other reasons* documentation outlining continuing o,ligations to maintain the records and manage them a%%ro%riately* safeguarding their retention or dis%osition and accessi,ility* are formally esta,lished ,y agreement ,et"een the custodian(s) and the transferring %arty.B IS% /0123&4 1.5.3.4 (ontinuing Retention & p.49 BIn such cases "here records are ,eing remo)ed from the control or o"nershi% of the organiCation (for e$am%le* through %ri)atiCation of go)ernment agencies)* consent of the res%onsi,le archi)al authority may ,e required.B IS% /0123&4 1.5.3.1 Transfer of custody or o"nership of records & p.4/ B' +ey element in dealing "ith the transfer of o"nershi% of records is the determination of accounta,ility for records. #$am%les of questions in this conte$t include the follo"ing1 32 for transfer of the records ,een authoritati)ely esta,lishedN a) 0a)e the o%erational and administrati)e needs ,) 0a)e the issues of authority and accounta,ility for records ,een addressedN c) 0as the im%act on the transferring institution:s records ,een ta+en into accountN d) 0a)e the ongoing legislati)e* %olicy and regulatory o,ligations ,een fulfilledNB

RE0UIREMENT CITATIONS

[back to top]

36

3?

COMPLIANT NOT COMPLIANT

@.3 The s$ste- -ust 9e 9#e to co-!#ete#$ "d re#% 9#e e<!u"/e those records th t h 'e 9ee" ss%/"ed Adestruct%o"? s the%r f%" # d%s!os%t%o" ct%o" )%"c#ud%"/ "$ 9 c=u!: refere"ce or source co!%es*.

ANAL,SIS COMMENTS
B'll co%ies of records that are authoriCed for destruction* including security co%ies* %reser)ation co%ies and ,ac+u% co%ies* should ,e destroyed.B IS% /0123&/ 3.3 Implementing disposition & p./6 BThe using organiCation shall schedule the ,ac+u% co%ies and recycle or destroy the medium in accordance "ith the dis%osition 'o' 09/0.4 :!.4 4994; (4.4./9. Additional 8aseline Requirements. & (4.4./9.6. I-!#e-e"t t%o" Co"s%der t%o"s BMo dis%osition action should ta+e %lace "ithout the assurance that the record is no longer required* that no "or+ is outstanding and that no litigation or in)estigation is current or %ending "hich "ould in)ol)e relying on the record as e)idence.B IS% /0123&/ 3.3 Implementing disposition & p./6 BRM's shall* for records a%%ro)ed for destruction* %resent a second confirmation requiring authoriCed indi)iduals to confirm the delete command* ,efore the destruction o%eration is e$ecuted.B 'o' 09/0.4 :!.4 4994; (4.4.6.6. 'estroying Records & (4.4.6.6.4. B5estruction should al"ays ,e authoriCed.B IS% /0123&/ 3.3 Implementing disposition & p./6 BRM's shall restrict the records destruction commands to authoriCed indi)iduals.B 'o' 09/0.4 :!.4 4994; (4.4.6.6. 'estroying Records & (4.4.6.6.0. BRecords destruction should ,e carried out in a "ay that %reser)es the confidentiality of any information they contain.B IS% /0123&/ 3.3 Implementing disposition & p./6 BPhysical destruction of records is carried out ,y methods a%%ro%riate to their le)el of confidentiality.B IS% /0123&4 1.5.3.5 +hysical destruction & p.4/ BRM's shall delete electronic records a%%ro)ed for destruction in a manner such that the records cannot ,e %hysically 'o' 09/0.4 :!.4 4994; (4.4.6.6. 'estroying Records & (4.4.6.6.5. BRecords in electronic form can also ,e destroyed ,y reformatting or re"riting if it can ,e guaranteed that the reformatting cannot ,e re)ersed. 5elete/instructions are not sufficient to ensure that all system %ointers to the data incor%orated in the system soft"are ha)e also ,een destroyed. 6ac+u%s containing generations of system data also need to ,e reformatted or re"ritten ,efore effecti)e destruction of information in electronic form is com%lete. Physical destruction of storage media is an a%%ro%riate alternati)e* es%ecially if deletion* reformatting or re"riting are either not a%%lica,le or are unsafe methods for destroying digital information (for instance* information stored on < RM D<rite nce Read ManyE media).B IS% /0123&4 1.5.3.5 +hysical destruction 34 & p.4/ B5estruction can ,e underta+en ,y third %arties contracted for the tas+.B IS% /0123&4 1.5.3.5 +hysical 'estruction & p.4/

RE0UIREMENT CITATIONS

[back to top]

COMPLIANT NOT COMPLIANT

@.6 The s$ste- -ust docu-e"t rete"t%o" %"for- t%o" "d d%s!os%t%o" e'e"ts %" the record?s -et d t !rof%#e.

ANAL,SIS COMMENTS
B ther im%ortant Ddis%ositionE acti)ities are maintaining an audita,le record of dis%osition action.B IS% /0123&4 1.5.3./ Implement 'isposition & p.49 BRM's shall %ro)ide documentation of transfer acti)ities. This documentation shall ,e stored as records.B 'o' 09/0.4 :!.4 4994; (4.4.6.0. Transferring Records & (4.4.6.0.0. BRM's shall* for records a%%ro)ed for accession and that are not stored in an RM' su%%orted re%ository* co%y the associated metadata for the records and their folders to a user/s%ecified filename* %ath* or de)ice.B 'o' 09/0.4 :!.4 4994; (4.4.6.0. Transferring Records & (4.4.6.0.5. BThe organiCation may maintain an audita,le trail documenting all destruction of records.B IS% /0123&4 1.5.3.5 +hysical 'estruction & p.4/ BRM's shall %ro)ide documentation of destruction acti)ities. This documentation shall ,e stored as records.B 'o' 09/0.4 :!.4 4994; (4.4.6.6. 'estroying Records & (4.4.6.6.6. BRM's shall %ro)ide a field for authoriCed indi)iduals to enter the reason for freeCing a record or record folder. 72.2.6.3.3. RM's shall allo" authoriCed indi)iduals to search* u%date* and )ie" the reason for freeCing a record or record 'o' 09/0.4 :!.4 4994; (4.4.6. Retention and >ital Records Management & (4.4.6.1.4. B7ertificates of destruction are recommended for all destruction underta+en ,y third %arties.B IS% /0123&4 1.5.3.5 +hysical 'estruction & p.4/
[back to top]

RE0UIREMENT CITATIONS

3(

20