- - - - - - -- - - -- - - - - - -- - - - - - -- - - -- - - - - - -- - - - - - -- - - -- - - - - - -- - - - - - -- - - -- - - - - S E ELECTRONIC RECORDS MANAGEMENT CI N AND E G A ARCHIVES MANAGEMENT POLICY - - - - - - - - -- - - - - - -- - - - - - -- - - - -- - - - - -- Guidelines on Electronic Records Management - - - -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ---- NNNNAAAATTTTIIIIOOOONNNNAAAALLLL AAAARRRRCCCCHHHHIIIIVVVVEEEE OOOOFFFF MMMMAAAALLLLAAAAYYYYSSSSIIIIAAAA -- -- -- ARKIB NEGARA MALAYSIA Projek Pemeliharaan Rekod Elektronik Sektor Awam (e-SPARK) Project Documentation Guidelines on Electronic Records Management e-SPARK Guidelines on Electronic Records Management Preface This Guideline was produced as a result of the e-Spark initiative. Sponsored by the Arkib Negara Malaysia and involving departments and agencies from across the Government of Malaysia, the purpose of this initiative was to develop policies, standards and practices, technical specifications and training plans to enable the Government of Malaysia to manage records in electronic form. Also included was a strategic plan reflecting the roles and responsibilities of public offices and various central and lead agencies. The Arkib Negara Malaysia, within its legislative mandate to facilitate the management of records in any physical form and to acquire, preserve and make available those of archival value, is the lead department responsible for facilitating the government-wide management of electronic records. In this capacity and in cooperation with other central agencies and public offices, it is responsible for issuing standards and guidance to public offices on the management of electronic records. Guidelines on Electronic Records Management was produced by the Arkib Negara Malaysia to help public offices to manage electronic records. More specific guidelines addressing the management of electronic records in specific environments are also available. These are as follows: Managing Electronic Records in the Unstructured Environment, Managing Electronic Records in the Structured Environment, and Managing Electronic Records in the Web Environment. All are available from the Arkib Negara Malaysia. These guidelines should also be used in conjunction with Electronic Records and the Akta Arkib Negara 2003 (available from the Arkib Negara Malaysia). This publication supports the implementation of the Akta Arkib Negara 2003 and the requirement by government departments not to dispose of their records without the approval of the National Archivist and to transfer records assessed as having archival value to the control of the Arkib Negara Malaysia. For additional information, please contact: Arkib Negara Malaysia, Jalan Duta, 50568 Kuala Lumpur Tel. 603-62010688 Fax. 603-62015679 Web Site: http://arkib.gov.my i Copyright Arkib Negara Malaysia e-SPARK Table of Content 1 INTRODUCTION 1 2 CONCEPTS AND DEFINITIONS 3 2.1 Introduction 3 2.2 Purpose of a Record 3 2.3 Attributes of a Record 5 2.3.1 Authenticity 5 2.3.2 Reliability 5 2.3.3 Integrity 5 2.3.4 Usability 5 2.3.5 Accuracy, Adequacy and Completeness 6 2.4 Principles for Electronic Records Management 6 2.5 Conditions for Electronic Records Management 8 2.5.1 Records are captured 8 2.5.2 Records are maintained 9 2.5.3 Records are usable 10 2.6 Business process environments 11 3 MANAGING ELECTRONIC RECORDS 13 3.1 Creating Electronic Records 13 3.1.1 Creating Information About Electronic Records 14 3.2 Determining How Long to Keep Electronic Records 17 3.3 Storing Electronic Records 18 3.4 Securing Electronic Records 23 3.5 Preserving Electronic Records for the Long Term 26 3.5.1 Planning for technological obsolescence 27 3.5.2 Creating an electronic records preservation strategy 27 3.5.3 Techniques for electronic records preservation 28 3.5.4 Choosing an approach to electronic records preservation 30 3.5.5 When should a digital preservation treatment be applied? 30 3.5.6 Planning to implement a preservation strategy 31 3.5.7 Implementing the preservation strategy 31 3.5.8 Requirements for a successful preservation strategy 32 3.5.9 The Arkib Negara Malaysia approach to digital preservation 33 3.6 Providing access to electronic records in agency custody 34 3.6.1 Provision of secure access to electronic records 35 3.6.2 Determining when a digital record can be open for access 35 3.7 Disposing of Electronic Records 36 3.7.1 Obtaining approval for the disposal of electronic records 36 3.7.2 Methods of disposing of electronic records 36 3.7.3 Disposal in digital systems 37 3.7.4 Transferring electronic records to the Arkib Negara Malaysia 37 3.7.5 Transferring electronic records between agencies 38 ii Copyright Arkib Negara Malaysia e-SPARK 3.8 Destruction of electronic records 38 3.8.1 Deletion is not destruction 39 3.8.2 Methods of destroying electronic records 39 3.8.3 Retaining electronic records permanently within public offices 39 3.8.4 Retaining archival value electronic records in agency custody 39 3.9 Documenting records management processes 40 4 GOVERNANCE 41 4.1 Governance of Electronic Records Initiatives 41 4.1.1 Problem Definition 41 4.1.2 Cost Benefit-Analysis 42 4.1.3 Project Initiation 42 4.1.4 Requirements 43 4.1.5 Design 44 4.1.6 Implementation 44 4.1.7 Maintenance 46 4.1.8 Review and Evaluation (Quality Assurance) 46 4.2 Governance of Electronic Records Management Programs 47 4.2.1 Governance at the Government-wide level 47 4.2.2 Governance at the level of the public office 49 5 SPECIAL TOPICS 53 5.1 Electronic Records and Business Continuity 53 5.1.1 Establishing a business continuity plan 53 5.1.2 Counter disaster strategies 54 5.1.3 System backups 55 5.2 Vital records 56 5.2.1 Electronic records of archival value 56 5.2.2 Managing Encrypted Electronic Records 57 5.2.3 Record keeping for encrypted records 58 5.2.4 Key management 59 5.2.5 Recordkeeping, security and information management framework 59 5.2.6 Policy and strategy 59 5.2.7 Identify record keeping requirements 60 5.2.8 Assign responsibilities to records, business and IT managers 60 5.2.9 Records to be retained as national archives 62 5.3 Managing Electronic Records Created Outside Public Offices 64 Appendix 1 Key Concepts and Terms 66 Appendix 2 Definitions 74 Appendix 3 Managing Storage Media for electronic records 79 iii Copyright Arkib Negara Malaysia e-SPARK Guidelines on Electronic Records Management 1 Introduction Records in electronic form are valuable assets that can be lost or destroyed unless they are managed as an asset. Records are created, received and maintained in the conduct of business activities. To support the continuing conduct of business, satisfy applicable legal requirements, and provide necessary accountability, public offices must create and maintain authentic, reliable and usable records, and protect the integrity of those records for as long as they are required to exist. To do this, public offices should institute and carry out a comprehensive records management program, which includes1: a) Determining what records should be created, what information needs to be included in the records, and what level of accuracy is required. b) Deciding in what form and structure records should be created and captured. c) Determining requirements for retrieving and using records and how long they need to be kept to satisfy those requirements. d) Deciding how to organize records so as to support requirements for use. e) Ensuring that records are created and maintained in accordance with these requirements. f) Preserving the records and making them accessible over time, in order to meet business and societal requirements. g) Complying with legal and regulatory requirements, applicable standards and organizational policy. h) Ensuring that records are retained for as long as required. The Government of Malaysia and the Arkib Negara Malaysia (ANM) have reached an established level in the area of records management and archives management for paper / conventional records. ANM has the capability and expertise, coupled with strong principles in records management and archives management as well as efficient methods, tools and procedures to ensure that public records and archives are well maintained and preserved. As the Government of Malaysia shifts increasingly to electronic service delivery channels, ANM is extending its capacity to support the archival management of electronic records. The Akta Arkib Negara 2003, which forms the basis of this guideline, amends the Akta Arkib Negara 1966 to include records created electronically. Where existing international or other standards exist, they inform the guidelines specified below. 1 These attributes are derived from ISO 15489, Information and Documentation – Records Management, 2001 Copyright Arkib Negara Malaysia Page 1 of 86 e-SPARK Following this introduction, Section 2 provides an overview of the concepts and definitions that underpin the guidelines described in subsequent sections. Section 3 provides general guidance on the management of electronic records throughout their life cycle (i.e. creation, preservation, use, disposition). Section 4 presents a checklist of management and governance considerations that should be addressed to ensure that a sustainable program for the management of electronic records is in place. Section 5 addresses specific topics such as the management of encrypted records. Specific guidance on the management of electronic records in specific business process environments can be found in three companion guides: Managing Electronic Records in the Structured Environment Managing Electronic Records in the Unstructured Environment Managing Electronic Records in the Web Environment For additional information please contact: Arkib Negara Malaysia, Jalan Duta, 50568 Kuala Lumpur Tel. 603-62010688 Fax. 603-62015679 Web Site: http://arkib.gov.my Copyright Arkib Negara Malaysia Page 2 of 86 e-SPARK 2 Concepts and Definitions 2.1 Introduction This Section describes some of the basic concepts associated with recordkeeping and the management of electronic records. It is a foundation section upon which the standards provided in subsequent Sections can be understood more clearly. According to the Akta Arkib Negara 2003 and in accordance with the Policy on the Management of Electronic Records, "records" means materials in written or other form setting out facts or events or otherwise recording information and includes papers, documents, registers, printed materials, books, maps, plans, drawings, photographs, microfilms, cinematograph films, sounds recordings, electronically produced records regardless of physical form or characteristics and any copy thereof; "public records" means records officially received or produced by any public office for the conduct of its affairs or by any public officer or employee of a public office in the course of his official duties and includes the records of any Government enterprise and also includes all records which, on the coming into operation of this Act, are in the custody or under the control of the National Archives of Malaysia established under the Akta Arkib Negara 1966 [Act 511 ]; Electronic government records are those records that fulfill these criteria and which are created and maintained in electronic format. 2.2 Purpose of a Record The purpose of a record is to serve as an authoritative, authentic, and reliable source of information and as the means of documenting decisions. Adequate records enable public offices to2: (cid:1) Conduct business in an orderly, efficient and accountable manner. (cid:1) Help deliver services in a consistent and equitable manner. (cid:1) Support and document policy formation and managerial decision-making. 2 Derived from ISO 15489, Information and Documentation – Records Management, 2001 Copyright Arkib Negara Malaysia Page 3 of 86 e-SPARK (cid:1) Provide consistency, continuity and productivity in management and administration. (cid:1) Facilitate the effective performance of activities through an organisation. (cid:1) Provide continuity in the event of a disaster. (cid:1) Meet legislative and regulatory requirements including archival, audit and oversight activities. (cid:1) Provide protection and support in litigation including the management of risks associated with the existence of or lack of evidence of organizational activity. (cid:1) Protect the interests of the organization and the rights of employees, clients and present and future stakeholders. (cid:1) Support and document current and future research and development activities, developments and achievements, as well as historical research. (cid:1) Provide evidence of business, personal, and cultural activity. (cid:1) Establish business, personal and cultural identity. (cid:1) Function as corporate, personal or collective memory. Records are an integral part of business processes and must be managed and retained for as long as they are needed to support the functions of the government and to provide evidence of decisions and activities (see Figure 2.1). MMAANNDDAATTEE GGoovveerrnn BBUUSSIINNEESSSS EEssttaabblliisshh AAccccoouunntt ffoorr CCoommppeetteenncciieess ooff EExxeeccuuttiioonn ooff AArree EEvviiddeennccee ooff AArree RReessppoonnssiibbllee ffoorr PPEEOOPPLLEE AAuutthheennttiiccaattee RREECCOORRDDSS ((AAGGEENNTTSS)) SSeerrvvee aass:: AAuutthhoorriittaattiivvee SSoouurrcceess ooff IInnffoorrmmaattiioonn CCoolllleeccttiivvee aanndd CCoorrppoorraattee MMeemmoorryy FFiigguurree 22..11:: RReeccoorrddss aass aann IInntteeggrraall PPaarrtt ooff tthhee BBuussiinneessss AAccttiivviittyy Copyright Arkib Negara Malaysia Page 4 of 86 e-SPARK 2.3 Attributes of a Record3 In order to serve as reliable evidence of decisions and activities, records must have the following qualities: 2.3.1 Authenticity An authentic record is one that is proven both to be what it purport to be and to have been created or sent by the person who purports to have created or sent it. To demonstrate the authenticity of records, public offices should implement and document policies and procedures which control the creation, transmission and maintenance of records to ensure that records creators are authorized and identified and that records are protected against unauthorized addition, deletion and alteration. To be authoritative, a record should be created at the time of the transaction or incident to which it relates, or soon afterwards, by individuals who have direct knowledge of the facts or by instruments routinely used within the business to conduct the transaction. 2.3.2 Reliability A reliable record is one whose contents can be trusted as a full and accurate representation of the transactions, activities or facts to which they attest and can be depended upon in the course of subsequent transactions or activities. 2.3.3 Integrity The integrity of a record refers to its being complete and unaltered. It is necessary that a record be protected against alteration. Records management policies and procedures should specify what additions or annotations may be made to a record after it is created, under what circumstances additions or annotations may be authorized, and who is authorized to make them. Any authorized annotation or addition to a record made after it is complete should be explicitly indicated as annotations or additions. 2.3.4 Usability A useable record is one, which can be located, retrieved, presented and interpreted. It should be capable of subsequent presentation as directly connected to the business activity or transaction, which produced it. The contextual linkages of records should carry the information needed for an understanding of the transactions that created and used them. It should be possible to identify a record within the context of broader business activities and 3 These attributes are derived from ISO 15489, Information and Documentation – Records Management, 2001 Copyright Arkib Negara Malaysia Page 5 of 86
Description: