In order to comply with regulations or for management purposes, it is increasingly required that information be stored for long periods of time. Moreover, to retain their legal value, such records need to have the following properties: authenticity, reliability, integrity and usability. But how can these characteristics be guaranteed in an electronic environment? This problem is of major concern in Luxembourg, where a large part of the economy consists of service companies with a strong technological background.
To solve this problem, it is necessary to use Electronic Records Management Systems (ERMS) that satisfy the requirements related to good records management. However, these requirements are complex and not uniformly defined in the literature. It is thus a real challenge to manage electronic records and create an ERMS.
ERMS activities can be structured as illustrated in Figure 1. The workflow starts when a document meets the requirements of the capture policy: it is then captured by the ERMS and becomes a record. The workflow ends when a record reaches the end of its legal or internal use duration and needs to be deleted (if the law gives such instruction or if the organization no longer needs it). Otherwise, it can be archived, but has lost its legal value.
Figure 1: Workflow of the ERMS.
While the workflow of the ERMS is important, how can we guarantee that the probing value and the characteristics of the record are preserved during the whole process? Many standards have been defined in attempts to deal with this issue.
The ISO 15489 standard was published in 2001. Its objective is to define the scope and benefits of records management (RM), to provide guidance in determining the responsibilities of organizations for records and records policies, procedures, systems and processes, and to provide guidance in the design and implementation of a records system. However it does not include the management of archival records within archival institutions. This standard is generic, and does not specifically address the electronic question.
MoReq2 is a model prepared in 2008 for the European Commission. It can be seen as an electronic and operational approach to the ISO 15489 standard. The main objective is to describe a way to create specific software for electronic records management. This model does not deal sufficiently with organizational aspects. The DoD 5015.02-STD from the US Department of Defense is quite similar.
The ISO 14721 defines a model (Open Archival Information System; OAIS) that targets long-term archiving of electronic information. The main goal of OAIS is to ensure that the Designated Community is still able to understand the content of the archived documents without any additional explanation. OAIS does not cover the entire process of RM, because it deals with archived documents rather than records.
The NF Z42-013 standard provides specifications for technical and organizational measures for capturing, storing and retrieving electronic records in an information system, to assure integrity and preservation during the whole record’s lifetime. This standard is general in the conception of the system.
To meet the requirements of the Luxembourgish activities, a combination of these standards would be necessary.
NormaFi-IT (Normalisation, Finance & Information Technology) is a joint R&D project started in 2009 between ILNAS (Institut luxembourgeois de la normalisation, de l'accréditation, de la sécurité et qualité des produits et services), the Luxembourgish organization responsible for norms and accreditation, and CRP Henri Tudor which aims at investigating the state of the art of electronic records management.
From this perspective, a Working Group has been set up to define the present and future needs and objectives of electronic records management in Luxembourg, and has already broadened the vision of the field. Indeed, while the ISO 302XX series (Management System for Records) is still under development, the need for a standard (or at least guidelines) is urgent for many sectors of the Luxemburgish economy.
Any future guidelines or standards might be complementary with the Luxembourgish PSF/S (Professionnel du Secteur Financier/Support", an organisation managing key business process or data for a financial organisation) status, which allows financial professionals to trust certified third-party service providers for their outsourcing. A major step will be the introduction of the third-party archiving status, and the description of accreditation methods. Moreover, players in the process need to be identified, and their roles and obligations clearly defined.
Furthermore, NormaFi-IT will rely on future legislation on dematerialization in Luxembourg, which will potentially create equivalence between paper-based and electronic-based (born digital or otherwise) probing value for audits, for administration or in front of a court. The creation of a new legal and normative framework will need the consensus of all concerned players.
Finally, a new research study will start to allow private individuals to take advantage of ERMS, in administration, e-invoicing and other areas.
CRP Henri Tudor, Luxembourg
Tel: +352 42 59 91 - 421