» Records Management at Brown
» Institutional Records Policy
» University Record Retention Schedule
» Guidelines for Managing Institutional Records
» Guidelines for Managing Electronic Records
» Institutional Records Glossary
» Guidelines for Transfer of Records to the Archives
» Guidelines for Transfer of Digital Files to the Archives
» About Data, Privacy, Compliance, and Records Management Committee
University Archives is located in the
John Hay Library.
For information contact:firstname.lastname@example.org
Records Management: Guidelines for Managing Electronic Records*
The purpose of these guidelines is to provide departments and offices with guidance on the responsible management of University electronic records that align and support the Institutional Records Policy. These guidelines, in accordance with other established University policies and procedures, apply to all electronic records, regardless of their digital form, created or received by an office or department of the University in transaction of its proper business or in pursuance of its legal obligations.
A number of new technologies create electronic records, and the record creation can be both active (e.g., adding data to a database) or passive (e.g., automated logging of system updates). Individual records may be created in electronic mail systems, as web-based publications, and as documents created and stored in administrative information systems.
There is a rapidly increasing volume of information which exists in digital form. Considerable opportunities are offered by digital technology to provide rapid and efficient access to information, but there is a very real threat that the digital materials will be created in such a way that not even their short-term viability can be assured, much less the prospect that future generations will also have access to them.
Practical experience in this area is still emerging. Much of the dialog on and research in digital preservation has focused, properly, on the difficult technical problems involved in packaging and otherwise managing digital material in ways that it can survive the passage of time and changing computational environments. But, as the digital world has increasingly come to realize over the years, technical solutions are only one aspect of the whole solution. Addressing the many issues surrounding digital preservation is of particular concern as we consider the needs of records management.
* Adapted from Records Policy and Procedures Manual (http://bentley.umich.edu/uarphome/manual/index.php), University of Michigan, Bentley Historical Library, University Archives and Records Program.
BENEFITS OF PROPERLY MANAGING DIGITAL RECORDS
The University has developed a well-researched and thoughtful approach to managing institutional records, and has prepared a policy, guidelines, and best practices for a comprehensive records management program. While the University policy provides the highest level of authority on all records management, there are additional protections, safeguards, and preservations associated with digital records. Adherence to the guidelines provides many benefits that include:
- fulfilling legal mandates
- facilitating records retrieval
- identifying strategies for the preservation of records
- reducing the costs of storing obsolete records
- ensuring the creation and management of accurate and reliable records
GUIDELINES FOR MANAGING ALL ELECTRONIC RECORDS
For the purposes of these guidelines, a digital record is defined as electronic information in any form created or received and maintained by an organization or person in the transaction of University business or the conduct of affairs and kept as evidence of such activity.
1. Electronic records should be reliably and securely maintained:
- In most cases, electronic records should be maintained in their electronic form, because preserving the context and structure of records and facilitating access to them are best accomplished in the electronic environment.
- Records created and maintained within reliable electronic recordkeeping systems should serve, in most cases, as the official record copy.
- Recordkeeping systems should meet legal and administrative requirements, national and international standards, and best practices for recordkeeping in an electronic environment.
- For the responsible management of electronic records, departments and offices should create and maintain written policies and procedure that fully and accurately document the overall management of their local system and/or needs.
- Electronic recordkeeping systems should include adequate system controls, such as audit trails, the routine testing of system hardware and software, and procedures for measuring the accuracy of data input and output.
2. Electronic records should be retained or disposed of in accordance with authorized and approved records retention schedules:
- Electronic recordkeeping systems should include an approved disposition plan.
- In accordance with an approved retention schedule, electronic recordkeeping systems should permit the deletion of records.
- Electronic equipment should be disposed of according to Computing and Information Services' Electronic Equipment Disposition Policy found at: http://www.brown.edu/cis/policy/eedispose.php
- Sensitive or confidential information stored on the hard drive of a machine that is to be discarded, sent to surplus or transferred to another individual or department should be disposed of according to Computer and Information Services' Data Removal Recommendations found at: http://www.brown.edu/cis/policy/datarmv.php.
3. Work processes and associated business procedures and tools should support the creation and management of electronic records:
- Recordkeeping should be built into the defined business processes and electronic work environment thereby ensuring that records are captured, understandable and usable for immediate and long-term use.
- Whenever possible, university offices and departments should create models of business processes to determine where and when electronic records are created and used in the course of completing business transactions.
4. Electronic records should be inviolate and secure:
- Electronic records should be protected from accidental or intentional alteration and from deletion while the record still has value.
- Only authorized personnel should be permitted to create, capture or purge electronic records.
5. Electronic records should be preserved without loss of any vital information for as long as required by law and policy:
- The future usability of electronic records should be ensured through the development of migration or conversion strategies designed to update hardware, software and storage media.
- Electronic recordkeeping systems should manage and preserve for the useful life of the record both the content of the record as well as the associated metadata that define or document the record's content, context, and structure.
- Electronic records should include or be linked to the essential metadata describing content and structure of the business record and the context of its creation.
- Accurate and reliable links between the electronic record and the business transaction that created it should be maintained.
- Accurate and reliable links between records of similar or like transactions should be maintained.
6. Electronic records should be accessible and retrievable in a timely manner throughout their retention period:
- Recordkeeping systems should be capable of exporting the content, structure and context of a record in an integrated presentation and in an accessible and useable format.
- Electronic records should be easily accessible in the normal course of business.
- Electronic records should be searchable and retrievable for reference and secondary uses including audits, legal proceedings, and historical research.
- Training and user support programs should be available to ensure that users can access and retrieve electronic records.
7. Access to electronic records should be controlled according to well-defined criteria (see: Computing Accounts Management Policy: http://brown.edu/cis/policy/acctmgmt.php). Recordkeeping systems should ensure that electronic records are protected from unauthorized access:
- University offices should take measures to prevent unauthorized access to private and confidential electronic records by identifying records that are subject to legislative, regulatory and institutional policy restrictions.
- Records should be accessed to the minimum amount necessary to perform a business activity or function.
ORGANIZATION OF DIGITAL RECORDS
All records, regardless of format, need to be organized in order to be useful. File cabinets, file folders, and folder labels are all tools to organize paper documents. Similarly, file names, directories and sub-directories are tools to organize digital records. Like the file cabinet, an organized directory structure can present a hierarchy of folders and sub-folders that logically organize files by content, relationships, purpose, and originator. The benefits of good organization include better file retrieval, greater efficiency, and the need for less storage space through the identification and routine purging of non-essential records. Shared folders, allowing one central location for digital records, are recommended for departments to ensure a common location for record keeping and management. An example of a standard hierarchy is:
- Department Name
- Sub-Department (if necessary)
- Shared Content
- Word Documents
- Staff Folders
- Staff member A
- Staff member B
- Project A
- Project B
- Shared Content
- Sub-Department (if necessary)
If deemed appropriate, and approved by the department, a printed copy should be managed under the guidance provided in the University Institutional Records Policy.
MAINTENANCE AND LONG-TERM PRESERVATION
To ensure that active digital records are readable for future use it is recommended that a proactive maintenance plan be implemented. The maintenance plan would involve migrating records when operating systems and/or software applications are changed or upgraded. It is best practice to create a documentation trail when files are migrated from one system to another, and this documented trail file should include: systems and software specifications, date of migration, name and job title of person responsible for migration, and description of any loss of information that may occur during the migration process. The file can be maintained in a paper or digital filing system as long as it is known where the file is stored. For assistance in guidance relative to a specific electronic system, please consult with Computing and Information Services.
DIGITAL STORAGE MEDIA
Digital records are best maintained in a managed environment that includes regular system back-ups and a disaster recovery plan. Digital records can be stored on-line, near-line (for example, a department document management system), or off-line. A good example of an on-line system is an electronic mail system. The downside to managing on-line records over time can be the extensive accumulation of records and the associated costs. This type of storage does afford immediate access and retrieval; however, sharing records within a department or work group can be problematic. Examples of near-line storage include document management systems and electronic recordkeeping systems. A key benefit to using an electronic recordkeeping system is that these types of systems can provide a secure environment for documents with administrative and historical value. For digital records that are stored off-line, the best storage media currently available include magnetic tape and optical media (such as CD or DVD). While this type of storage may be most familiar, it requires a certain amount of monitoring to guard against environmental degradation and changes in technology that will cause the information to become unreadable. Items to consider are temperature, humidity, light levels, and the presence of magnetic fields.
Externally label the off-line media with a brief description of the content, software applications and versions used, date range of files, and date when the content was transferred to the medium. It is also recommended that an internal label such as an ASCII "read me" text file be included in case the external label becomes separated from the media. Knowing which software applications and versions were used to create the digital records is a key element in ensuring the readability and usability of the records over time. In addition, digital records stored on physical media such as tape are subject to degradation and should be periodically refreshed to new media. It is recommended that such digital media be refreshed every 3-5 years.
TRANSFERRING DIGITAL RECORDS TO THE UNIVERSITY ARCHIVES
In some cases, digital records are best retained within the environment in which they were created. Please contact the University Archives to determine whether this type of ongoing custody by the office of origin is advised. If digital records are transferred to the University Archives, the transfer can either utilize file transfer protocol (FTP) or digital storage media. To transfer through FTP, complete the transfer form for digital records and contact the University Archives to make arrangements before transferring the records. To transfer digital records on digital storage media such as CD or DVD, complete and include the transfer form for digital records. (http://dl.lib.brown.edu/libweb/collections/archives/etransfer-form.pdf)
Include the following information with every digital records transfer:
- Digital Files Transfer Form including contract information, technical documentation, and brief description of the files.
- ASCII text copy of directory structure and list of files.
- Internal and/or external label on physical media such as CD or DVD, or other digital storage media.
GUIDELINES FOR WEB-DISSEMINATED RECORDS
The University conveys much information and conducts many of its administrative activities via the web. The following guidelines are divided into two categories: design and preservation. The design section covers best practices to aid in making the website usable and understandable in the future. While it is certain that technologies will continue to change, the preservation or the "archiving" process will be more efficient when there is consistency and standardization embedded in the creation of the original web file.
The following design elements will better ensure that a web page maintains the content and "look and feel" in the future as it was originally presented.
- Use standard HTML markup when tagging university web pages. Because web technology continues to change, the best practice is to create HTML pages that are XML compliant.
- Include the name of the department, date the information was last changed, and contact information on each page.
- In order to preserve the functionality of the original webpage, minimize the dependence on proprietary software applications by using non-proprietary file formats (i.e. TIFF, JPEG, MPEG, PDF).
- It is important to remember that functionality provided by Java script, plug-ins, third-party search engines, and databases is problematic to preserve.
- In order to preserve the original navigation within the website, build hypertext links using relative Uniform Resource Location (URL) path addresses rather than absolute path addresses.
- Use metadata elements to aid search and retrieval, and provide documentation about the website. It is recommended to include some description about the website within its main webpage. The description is embedded within the tags of the HTML file and is not visible to the user.
Guidelines for a Website Snapshot Record
The strategy each department employs in the management of web-based records will depend on the available resources as well as legal and administrative requirements of the department. For many departments, an internal policy and procedure that stipulates an annual "snapshot" of the website may be sufficient. A website snapshot is a point-in-time capture of the content, presentation, and functionality of the department's website. A snapshot is not considered a back-up copy of the system; rather, it is a digital record that will be readable on other platforms. The goals of the snapshot are to create and maintain a digital record that is as full and complete as possible for a given point in time, and to create and maintain a record that will continue to be readable and understandable in the future.
- Determine the best time for the snapshot to be taken during the school year.
- Assign the responsibility to an appropriate department and/or individual.
- Back up the website before creating the snapshot record.
- If possible, convert all external links by rerouting them to their original initiation addresses. Insert a message where external links occurred stating that the links have been terminated.
- It is important to preserve the original directory and file structure.
- Document any functionality of the original website that is lost in creating the snapshot (e.g., Java scripts, search engine, database, plug-ins).
- Make two copies of the snapshot record. One will serve as a back-up copy.
- The "archived" website should be read-only.
- Documentation about the snapshot record should be tracked and kept with the files over time.
ELECTRONIC MAIL COMMUNICATIONS
Many consider electronic mail a distinct category of records that should be handled differently from other records created in the office. However, electronic mail is essentially a mode of transmission for messages or information and effectively it is the same thing as sending a memo or a letter in "hard copy." It is a widely used communication system and as we become more comfortable with the technology it is being used to facilitate a wide range of business activities. As such, electronic mail can be an official record of the University. One of the most difficult aspects of the current electronic mail systems is that the systems are not designed as recordkeeping systems. This means that management of electronic mail is not part of the system design, rather e-mail needs to be managed by understanding what types of records are created using e-mail communication systems. Just as with "traditional" paper records, a good place to start in the management of electronic mail is to develop guidelines on how electronic mail records should be classified, retained, and stored.
Below is an outline of some of the guidelines that should be considered in the overall management of e-mail:
- The responsibility for the daily management of electronic mail communications should fall on individual employees.
- Determine the types of records created using electronic mail systems (for example, public, regulated, FERPA, student, financial, etc) and determine the retention period required for the records in each category. The retention period is based upon legal, fiscal, historical, and administrative requirements.
- Investigate the levels of filtering options of the e-mail systems that are in use within the office or department. Many systems now include features such as filtering that can aid in managing communications.
- Non-transitory electronic mail communications (i.e., email that is to be saved) should be filed in a way that will ensure that the communications are easily retrievable. A useful practice is to create a directory structure based on the functions and activities of the office. Developing a set of shared directory names within the office will aid in information retrieval over time.
- The record creator and recipient need to make the individual decisions regarding the disposition of electronic mail communications.
- Determine how electronic mail communications will be stored. Records selected for retention can be stored on-line or near-line in a document management system or record-keeping system. Alternately, they can be stored off-line on a physical medium. This decision should be based on the needs of the department and cost associated with the storage options. Each user and department must realize that space is not unlimited.
- If it is determined that email for an individual, office or department is deemed historical, please contact the University Archivist for advice on the proper handling and transfer of these records.