Raising standards for record-keeping

Barbara Reed, Director, Recordkeeping Innovation, is Head of the Australian Delegation to the International Standards Organisation Committee TC46, SC11 (Records Management), Deputy Chair of the ISO TC46, SC11 Committee, a member of IT 21, Standards Australia’s Committee on Records Management, and a member of the Expert Review Group for MoReq2010. Barbara sorts through the array of standards that apply to the recordkeeping discipline and explains why they matter.

What is it about standards, anyway? Why are there so many of them? Who sets them? Do they all fit together somehow, in a way we mere mortals can understand? And what do standards mean for the systems designed to manage records?

The key to understanding the standards landscape is to understand that there are a lot of different bodies setting standards, often independently. Within the Australasian recordkeeping community we have been working hard to keep the framework consistent, so confusion is minimised and standards are consistent. Well, we’ve been trying but the standards landscape is painted on a broad canvas!

Formal standards

The summit of the standards-setting heap is ISO, the International Standards Organisation. This body is a non-government organisation that coordinates the development of consensus standards across a network of 163 separate national standards bodies. Individual countries belong to nominated committees within the ISO structure, and depending on the fees they pay, can vote, participate or observe.

Australia has the Secretariat for ISO TC46, SC11 which is the committee responsible for establishing record-keeping standards. But it is not a straightforward place – particularly in the digital world where everyone is discovering the relevance of standards for the management of digital documents and records. ISO doesn’t really patrol disciplinary practice domains, so often times different communities working under different committees spring up writing standards that have relevance to recordkeeping. In particular, at the moment, the imaging community is writing relevant standards under a different committee (TC171).

All International Standards issued under ISO have gone through a (very painful) process of development. First the countries subscribed to the relevant committee nominate experts, who jointly work on the development of drafts. These drafts are subjected to a number of rounds of international voting by those countries at the relevant level of membership, and only get through if the final draft is approved by 75% of those countries. Getting international agreement on these things can be tough!

Underneath ISO, each individual country has a national standards body. The national standards body for Australia is Standards Australia. Within Standards Australia we have a committee – IT21 for Records Management. This body shadows the work done internationally, but also develops documents for issue as Australian Standards. Our committee shadows both the records and document management committees internationally (TC46 SC11 and TC171). In addition, we work very closely with Standards NZ to issue joint standards in this space.

We’ve been productive over the last 10 years, and many of our Australian Standards (Records Management, Recordkeeping metadata, work process analysis) have been picked up and translated into international standards which have greater breadth of impact.

Jurisdiction based standards

Each jurisdiction, that is, the Australian Commonwealth, each of the States and Territories, and New Zealand, has independent public recordkeeping legislation that applies to their own patch. All public records legislation now includes the requirement to establish standards for their jurisdiction, against which public agencies are monitored (this is a feature of so-called second-generation public records legislation ).
So, each jurisdiction has a mandate to issues standards and guidelines specifically relevant to their own agencies. And issue them they do.

Individual jurisdictions can adopt or endorse international or Australian standards, but often because of the perceived constraints of their legislation, they write standards specific to their jurisdictions. So we find many different standards and guidelines covering the same basic space, but with particular relevance to individual localised jurisdictions.

Of particular importance in understanding the standards framework are jurisdictional standards for recordkeeping metadata and VERS. The iterative development of understandings about recordkeeping metadata has meant that nearly each jurisdiction has got a recordkeeping metadata element set, but the date of their issue will determine their sophistication.

Because of this, Standards Australia was approached to provide a harmonised view of recordkeeping metadata and that work is in progress. Important, too, in this space is the development of the VERS standard (see more below).

However, while this sounds complicated, it is not so bad, because all the recordkeeping regulatory agencies work collaboratively together. There are two overriding collaborative bodies, CAARA and ADRI. CAARA (Council of Australasian Archives and Records Authorities www.caara.org.au) meets regularly and keeps the information flow going between the bodies.

CAARA focuses on cross jurisdictional issues, statistics, cooperation, and so on. Generally speaking, jurisdictions keep in touch about standards and guidelines. The second body, ADRI (Australasian Digital Recordkeeping Initiative www.adri.org.au) is a subset of CAARA and has essentially the same members, but is more focussed on digital recordkeeping issues.

Collaborative projects are undertaken, as well as some joint standards, - export protocols for digital records transfer, for example.

One of the most important products ADRI has produced is the 3-part Principles and Functional Requirements for Records in Electronic Office Environments (see table). There are also standards that are set by professional bodies. ICA, the International Council on Archives, is perhaps the most relevant to this discussion. The ICA, working through a co-sponsorship agreement with ADRI, developed the 3 part Principles and Functional Requirements for Records in Electronic Office Environments referenced above. So the ICA documents and the ADRI documents are the same thing (more about this below).

In the area of functional requirements, there are a number of projects that have relevance. The European Commission working with DLM Forum established a de facto European functional specification for records management software: MoReq (Model Requirements for the Management of Electronic Records). MoReq was revised to become MoReq 2 in 2008, and is currently being reconfigured into a more modular structure (MoReq2010). MoReq 2 (and its replacement MoReq2010) are compliance standards – that is, vendors can submit their products for certification against the technical specifications.

In the US, the very influential Department of Defense(DoD) has developed a set of functional requirements for records software initially for use within the DoD, itself. It has a compliance component, and vendors can submit their products against the functional specifications for certification. Within the US, this specification and program has been endorsed by the US government’s records regulator – National Records and Archives Administration (NARA). This has become an industry de facto standard because of its widespread voluntary adoption by vendors.

What does it all mean?

So many standards! But if you look at them, you can see they are all building on and referencing each other. They are not in conflict at all. This is very clearly by design. There is no point in building contradictory standards. And it also shows that there is a wealth of guidance.

There are lots of great documents out there. Standards are not mandatory, but voluntary and they represent either international or national consensus on professional best practice. A lot of our Australasian work has been influential at the international level. The formal standards are supported by Technical Reports which are more for general best practice guidance. They represent areas which are more subject to change as technology and implementation practice changes with time.

In particular, take note of the digitisation technical report (which is based on work by Archives New Zealand), and the work process analysis technical report (based on an Australian standard). These are really useful documents. The two handbooks issued by Standards Australia are great resources – one for Compliance against ISO 15489; and a very recent product, the Records Classification Handbook. The other thing that we can see is that there is a lot of work currently going on and just about to come to fruition. The things marked ‘in progress’ in the above table should be issued either this year or early next year.

So, we’ve got an industry flagship standard – ISO 15489, and high level standards for recordkeeping metadata – ISO 23081. Other standards are relevant in this space, but have not been developed by our own community. These include Dublin Core for resource discovery (ISO 15386) and OAIS for digital repository design (ISO 14721).
A strategic realignment for recordkeeping is being proposed with the Management System for Records Standards (ISO 30300 and ISO 30301). These standards are currently being voted on, and have caused some controversy. The motivating idea for this initiative is to elevate recordkeeping ‘out of the basement and onto the management agenda’ as a critical cross organisational infrastructure piece.

As a Management System, these record-keeping standards become equated with Quality Management Systems, Environmental Management Systems and Information Security Management Systems. This is a strategic alignment of importance to us. However, in the process, Management Systems are also being made consistent, so there is a lot of text which is required to be consistent. There are standards bodies for Management Systems within the International Standards Organisation itself!

The individual jurisdictions also issue their own standards, as indicated above. These are relevant to the public sector bodies falling within the specific jurisdiction – and many are mandatory for specific jurisdictions, although there are too many to list here.

In general, it is fair to say that they will all reference Australian or International Standards, and provide tailored views of specific practices suited to the specific jurisdiction. Generally speaking, the guidance issued is compatible, and certainly references others in development. But, if you are a private organisation, you are not required to comply with any of these standards. On the other hand, they offer a great set of resources to reference for current best practice. It may be there is a need to bring in someone to navigate the number and complexities of the standards but the content can be highly valuable once identified and applied.

Functional requirements for records systems

This is a somewhat controversial area for standard setting, with one view being that codifying software requirements stifles innovation in the technical means of achieving an outcome. This is an area of particular importance to software vendors who are often required to demonstrate compliance with specific functional requirements. For vendors, a unified set of standard requirements across the industry would make life easier. So, what requirements are out there?

There are 4 major specifications of relevance. These are DoD 5015.2, MoReq, ICA/ADRI/ISO, and VERS. So let’s paint this corner of the picture:

DoD 5015-2: Department of Defense 2007

The current specification of DoD 5015-2 is the third version of the specification. It defines the basic requirements based on operational, legislative and legal needs that must be met by records management application (RMA) products suited for use by the US Department of Defense. It also has additional modules which outline how RMAs should manage security classified records and for requirements to support the Freedom of Information Act, Privacy Act, and systems interoperability.
This specification, while developed for a specific organisation, has gained de facto standard status by its endorsement in 2008 by NARA (National Archives and Records Administration, US) and by its compliance program. Vendors submit products for certification against the requirements through demonstrations against performance scripts. A list of products which currently hold this certification is available at http://jitc.fhu.disa.mil/recmgt/register.html.
It is particularly important in the US market.

MoReq 2 (2008) and MoReq 2010

MoReq, Model Requirements for the Management of Electronic Records, was first issued in 2001 and substantially revised for MoReq 2 in 2008. MoReq seeks to create a common European set of functional requirements for records. It is issued under the joint auspices of the European Commission and the DLM Forum. MoReq has been an important and influential statement of functional requirements.
With the reissue of MoReq2, a compliance program was established. Comments received from industry have led to a recent project, MoReq 2010, a current project to reconfigure MoReq 2 into a more streamlined specification featuring a mandatory core component and a set of extensible modular components. This project has just commenced and community consultation on requirements is currently underway.
MoReq has been particularly important in the European market.

ICA Modules

In 2005, following a spate of specifications for records management software issued in different jurisdictions, ADRI co-sponsored with ICA (International Council on Archives) the development of a standardised framework for records management specifications. National Archives of Australia was the lead agency in this work, which was collaborative across Australasia and subsequently the international community. The result of this work is a 3-part publication, known by various different names depending on who is publishing it. But the ADRI, NAA and ICA publications are the same thing.
The three parts are:
Part 1: Overview and Statement of Principles
Part 2: Guidelines and Functional Requirements for Records in Electronic Office Environments
Part 3: Guidelines and Functional Requirement for Records in Business Systems.
The inclusion of Part 3 in particular was a significant advance on other specifications, in that it recognised and addressed the reality that records are being created (if not managed) in line of business systems. ICA proposed to the International Standards Organisation that these specifications be adopted as international standards. Voting on this proposal has just been finished, with adoption of Part 1 and Part 3 as international standards (ISO 16175).
Part 2, the functional requirements for records management software, did not receive the requisite approval votes.
The ICA and ISO documents do not have a compliance or certification framework associated with them. Because of the genesis of the development of these documents, these have particular relevance in the Australasian market, but representatives from 12 countries participated in developing these documents.
With the current work on MoReq2010 and the need to fill the vacuum of the absence of Part 2 of the ICA specifications, collaboration between these two initiatives is underway. While still in very early stages, it is expected that a single functional specification will be produced out of the MoReq2010 process which will address ICA’s requirements also.

VERS

Standing separately to these general functional requirements, is the VERS standard. VERS is an initiative of the Public Record Office of Victoria. The VERS standard consists of 5 different specifications. At its heart, it is a format standard, specifying technical components required to create records as VEOs (VERS encapsulated objects) out of a current records management software system into a format which can be referenced, exported and imported, and be sustainable over changes to software systems.
Originally issued in 1999 (making it a very early and innovative specification) VERS was revised in 2003 to version 2 which continues to be current.
The VERS standard has a compliance component associated with it, and certification against any of the five specifications available. Compliant products are listed on the VERS website.

What standards are relevant to records management in Australasia?

  ISO Australian Standards (Defacto)standards Jurisdiction based standards
Management level

ISO 30300 (in progress)

ISO 30301 (in progress)

     
Records Management – General

ISO 15489-1

ISO 15489-2

Adopted  
Analysis Techniques ISO TR 26122 To be adopted MIKE 2.0 methodology e.g. DIRKS methodology
Compliance   HB 278    
Capture      
Classification   HB 8317 (in progress)  
Digitisation ISO TR 13028 To be adopted  
Long term electronic storage and access

ISO TR 18492
ISO TR 15801
ISO 14721

Adopted  
Recordkeeping metadata ISO 23081-1
ISO 23081-2
Adopted (element set in progress)  
Discovery metadata ISO 15836 AS 5044-1
AS 5044-2
 
Physical storage   AS 1015 (in progress)  
Conversion and migration   ISO TR 13088 (in progress)  
Software specifications ISO 16175-1 (in progress)
ISO 16175-3 (in progress)
  DoD 5015-2
MoREQ 2 (in revision)
ICA Modules 1-3


VERS

International Standards

ISO 14721- 2003 Open Archival Information Systems
ISO 15489-1:2001 Records Management, Part 1: General
ISO 15489-2:2001 Records Management, Part 2: Guidelines
ISO 15836:2003 The Dublin Core Metadata Element Set
ISO 23081-1:2008 Metadata for Records, Part 1: Principles (adopted Australian Standard 2009)
ISO 23081-2:2008 Metadata for Records, Part 2: Conceptual and Implementation issues

International Standards in progress

ISO 16175-1 Principles and Functional Requirements for Records in Electronic Office Environments. Part 1: Overview and Statement of Principles
ISO 16175-3 Principles and Functional Requirements for Records in Electronic Office Environments. Part 3: Guidelines and Functional Requirements for Records in Business Systems
ISO 30300 Management System for Records – Fundamentals and Vocabulary
ISO 30301 Management System for Records - Requirements
International Standards: Technical Reports (in numeric order)
ISO TR 13008 (in progress): Digital Records Conversion and Migration Processes
ISO TR 13028:2010 Implementation Guidelines for Digitisation for Records (to be adopted as Australian Standard)
ISO TR 15801:2007 Electronic Imaging – Information Stored Electronically – Recommendations for Trustworthiness and Reliability (adopted in Australia)
ISO TR 18592:2005 Long Term Preservation of Electronic Document-based Information (adopted in Australia)
ISO TR 26122:2008 Work Process Analysis for Records (in progress as adoption for Australian Standard)

Australian Standards in addition to those above (in numeric order)

AS/NZ 5044-1:2002 AGLS Part 1: Reference Description
AS/NZ 5044-2:2002 AGLS Part 2: Usage Guide
AS/NZ 1015 (in progress) Records Management: Physical

Australian Standards: Handbooks

HB 278:2009 Recordkeeping Compliance
HB 8317 (in progress) Records Classification

Defacto Standards

DoD 5015.2 Department of Defense (USA) Electronic Records Management Software Applications – Design Criteria Standard
ICA Modules 3 part Principles and Functional Requirements for Records in Electronic Office EnvironmentsMIKE 2.0 Method for an Integrated Knowledge Environment. Open source methodology for Enterprise Information ManagementReq European Commission and DLM Forum Model Requirements for the Management of Electronic Records

Jurisdictional standard

VERS Victorian Electronic Records Standard.

REFERENCES

Standards Products

International Standards Organisation Products Catalogue: http://www.iso.org/iso/iso_catalogue.htm

Standards Australia Products Catalogue: http://infostore.saiglobal.com/store2/

Jurisdictional Standards and Guidelines

New Zealand: Archives New Zealand: http://continuum.archives.govt.nz/recordkeeping-publications.html

Commonwealth of Australia: National Archives of Australia: http://www.naa.gov.au/records-management/publications/index.aspx

NSW: State Records NSW: http://www.records.nsw.gov.au/recordkeeping/government-recordkeeping-manual

Victoria: Public Record Office of Victoria http://www.prov.vic.gov.au/records/standards.asp

Queensland: Queensland State Archives http://www.archives.qld.gov.au/government/Publicationsbytype.asp

South Australia: State Records South Australia http://www.archives.sa.gov.au/management/publications.html

Western Australia: State Records Office of Western Australia http://www.sro.wa.gov.au/government/publications.asp

Tasmania: Archives Office of Tasmania http://www.archives.tas.gov.au/legislative/staterecords

Northern Territory: Northern Territory Archives Service http://www.nt.gov.au/nreta/ntas/records/ntg/index.html

ACT: Territory Records Office http://www.territoryrecords.act.gov.au/standards

Functional Requirements

Department of Defense DoD 5015.2 Standard: http://jitc.fhu.disa.mil/recmgt/standards.html

European Commission and DLM Forum MoReq 2: http://www.moreq2.eu/moreq2

European Commission and DLM Forum MoReq 2010 consultation portal: http://contribute2moreq.eu/portal

Public Record Office of Victoria: VERS Specification: http://www.prov.vic.gov.au/vers/standard/