Information technology staff should be involved early in any electronic records planning and particularly when you are inventorying electronic records, conducting a needs assessment, or drawing up a list of specifications to design or purchase a new system for records.
Electronic Records Inventory
Electronic records inventories collect information on the records and the systems that contain them. During an inventory an IT professional who is a member of an in-house information technology unit or a vendor can help answer technology questions like these:
What are the records file type and format?
Examples may include word-processed files (.docx, PDF/As), databases (.accdb), spreadsheets (.xlsx), geographic information system (GIS), computer-aided design (CAD), email, etc. File type and format must be known to plan preservation and normalization needs. For example, to determine whether permanent records can be preserved in their native format or another format must be used for the preservation copy.
Are passwords, encryption, or compression applied to records in the system?
A description of the type of password protection and a list of any known passwords should be documented to ensure access to the records. The type of encryption must be known and a list of any known keys to decrypt the files, as well as the type of compression and the means to decompress the files, to ensure access and prevent data loss or accessibility issues.
What is the quantity and estimated growth of the records in the system?
Collecting this data will help plan storage and migration needs.
What hardware is required to retrieve or process the electronic records system, including its capacity and age?
The purpose of collecting data on hardware is to plan for hardware upgrades and data migration as needed and to ensure the electronic records are accessible for their full retention periods.
What software program is used and is it open or proprietary? If the latter, what is the name of the vendor that supports the software?
This must be known to plan for software upgrades, software migration, and data migration as needed to ensure access to the records for their full retention periods.
What type or types of storage media are used (magnetic tapes, optical discs, or other) and what is the storage density of the media in terms of gigabytes? Also, what records in the system are online, nearline or offline?
The information on media is needed to plan for the refreshing of media, copying data, without changing it, from old to new media before the media degrades or goes obsolete.
Is the system regularly backed up? What is the frequency of backups, media used, and other backup procedures?
Details about backups are necessary to ensure vital records protection. For example, to determine whether the system is backed up often enough or backups are located too close to the system itself.
Is there any documentation or knowledge on past system migration, upgrades, or other maintenance?
Background on migration can help ensure ongoing access to and use of records and help schedule migration at a frequency that ensures access but minimizes data loss.
Is there any information documenting the system that supports the creation, maintenance, or use of the electronic records or the records system itself, such as indexes, data entry manuals, and data dictionaries?
System documentation can ensure consistent creation of, access to, and full use of records for at least as long as their retention periods.
Designing or Purchasing New Electronic Information Systems
When designing a system, purchasing new software, or implementing any new technology intended to create and or store electronic records, have IT assist with the development of a needs assessment. A needs assessment should be part of the planning to help ensure that any change in technology is cost effective and an improvement. It should consider:
- the legal and recordkeeping requirements of any new system, including the creation of meaningful metadata and system documentation,
- the use of open technologies,
- the ability to extract records and metadata easily from the system,
- information security,
- retention and disposition, and
- any other requirements stipulated in laws and regulations.
IT can also participate in reviewing potential new systems and help answer these questions:
- Does our organization have the appropriate technical infrastructure to support a desired technology solution?
- What file formats does the system create and are they open or proprietary?
- What are the records management capabilities of system?
- How does the system capture, manipulate, and manage the data that the records contain?
- Can the system:
- Apply restrictions on access and use of certain active records series?
- Prevent unauthorized changes or destruction of records?
- Manage and maintain the electronic records in their entirety for their entire lifespan?
- Purge obsolete electronic records from the system and all backups?
- Place legal holds on the destruction of electronic records during litigation?
- Have appropriate back-up systems installed to prevent data loss in the event of a disaster?
Preserving Electronic Records
Preserving electronic records can be the most challenging part of managing them. IT should be involved to help determine whether requirements for preserving permanent electronic records outlined in the Regulations of the Commissioner of Education have been met. Specifically, sections 188.20 for state agencies and 185.8 for local governments.
IT should help answer the following questions to help meet regulation requirements:
- What should be addressed in policy to ensure records retention requirements are incorporated into any plan and process for design, redesign, or substantial enhancement of an information system that stores electronic records?
- How will electronic records be maintained to ensure they are accessible and useable?
- How will our organization prepare and store in a secure off-site facility copies of archival electronic records to safeguard against loss?
- How will detailed system documentation on all electronic records system(s) be maintained accurately, kept up-to-date, and be readily available if needed in language that is clear and understandable to all those who may need access to this information?
- How will regular audits of any information system be conducted and documented, and procedures developed for generating, reviewing, and maintaining system audits?
- How will IT, the RMO, and other appropriate staff work together to develop migration plans for any existing electronic record systems and ensure a migration plan is part of the planning for any new automated information system?
- How will migration plans include guidelines for maintaining data in non-proprietary formats, timelines for updating hardware and software, and strategies for keeping abreast of technological changes?
- How will migration, especially when it involves long-term or permanent information, be undertaken according to a planned schedule, judiciously and as infrequently as possible without loss of access to information?
- How will authenticity of electronic records be safeguarded to prove they have not been altered or suffered data loss?
- How will legal admissibility be proven when electronic records are presented in a court of law as the official copy?
- Are our electronic records regularly backed up and monitored for readability?
- Does our organization store at least one set of backup copies in a remote location unlikely to be affected by the same disaster impacting our primary site?