exact phrase  any/all
Managing the enterprise information network
denotes premium content | Sep 19 2014 

Feature

posted 3 May 2006 in Volume 2 Issue 10

Negotiating the RM standards maze

Standardisation is meant to make life easier for everyone, but the profusion of records management standards – and their comings and goings – has not necessarily made life easier for records managers.

By Jessica Twentyman

In October 2004, members of East Dorset District Council were presented with a document, written by the council’s Freedom of Information Officer Richard Jones, which made a case for the implementation of an electronic records management (ERM) system.

The assembled councillors and council officials – all part of East Dorset’s information and communications technology working group – were asked to approve the installation of an ERM package from supplier Meridio at an estimated cost of £60,000. 

Jones’s business case pointed out that investment in some sort of records management system was inevitable. More and more of East Dorset’s vital records were created, managed and stored in an electronic format. Members, he noted, would be aware from previous reports on e-government priority services that various legislative drivers – among them the Freedom of Information Act, the Data Protection Act and the Disability Discrimination Act – were all bringing influence to bear on the way the council handled these electronic records. An ERM system, he argued, would efficiently support the business and compliance needs of the council for "good record-keeping in the electronic age".  

In making the case for choosing a piece of software, he advised that the National Archives (TNA) had provided functional specifications for records management software for central government departments. "No such specification exists for local government and defining a specification for use of ERM within a local authority would be an unachievable task within the resource and time available within this project," he said.  

The Lord Chancellor, moreover, was encouraging local authorities to use [the TNA] specification in developing their ERM software projects, he pointed out. The latest National Archives specification (TNA 2002) for ERM, therefore, would be taken as the starting point for defining the requirements for any chosen system.  

In addition, said Jones, TNA also provided an approval scheme for ERM products assessed against their functional requirements. "It would similarly seem sensible to proceed with an approved product," he added, such as Meridio’s package. Thus the case was made – and that discussion is in no way unique to East Dorset District Council. It has been heard in public sector bodies up and down the UK in recent years as they have scrambled to get electronic records in order in time to meet government targets.

Huge influence

As a result, The National Archives’ specifications for records management have quickly acquired huge influence, lining the pockets of software suppliers that achieved early certification of their products with TNA standards, such as Meridio and Tower Software. "Early certification certainly attracted a lot of interest to our products," agrees Tony Sumpster, UK managing director of Tower Software.  

But that advantage came at a hefty price, Sumpster adds. The certification documents, he says, "took us weeks and weeks to prepare". And once those documents were submitted to the National Archives, the real waiting began: "The process was extremely slow. The big issue was funding, and although they were charging us £8,000 for certification, that simply wasn’t enough to cover their costs," he says.  

Other vendors were soon flocking to the National Archives to get certification for their products, hampering the organisation’s already over-stretched resources still further, to the frustration of the larger ECM vendors, such as EMC Documentum and FileNet.  

"The first time we went through the accreditation process, we failed," admits Graham Haddingham, product marketing engineer for FileNet’s records management products. Then, when in early 2005, FileNet employees were reviewing the points the National Archives had raised in coming to its decision, the organisation announced that it had decided to discontinue its testing and accreditation scheme.  

The National Archives stopped taking submissions in March 2005, although it still had a hefty backlog to work through – a backlog which, one year on, it has still to clear, say some vendors.

Disconcerting proposition

For customers of records management software, that raises a disconcerting proposition: Since TNA accreditation only lasts for two years, even the most recently accredited software will see their certificates expire in early 2008. For many, the answer will be MoReq, the pan-European Model Requirements for the Management of Electronic Records.  

The intellectual ownership of this set of requirements has been transferred from the European Commission to the DLM Forum, an independent body heavily dominated by representatives of the National Archives of European Union member states. In fact, the TNA 2002 model already incorporates a number of key requirements from MoReq and its chair, Sarah Tyacke, was previously the head of the UK’s National Archives. This has led many in the industry to speculate that there will be strong convergence between TNA 2002 and MoReq.  

In its favour, MoReq is equally applicable to both the public and the private sectors. That will be of great benefit to users in the private sector as they face a slew of compliance initiatives governing the way that records are managed and retained.  

Take, for example, the requirements of Mifid – the Markets in Financial Instruments Directive – with which European financial services companies must comply by January 2007. "Mifid has enormous records management implications in terms of the way documents should be managed and retained," says Nigel Horncastle, business development manager at Diagonal Solutions.  

But that also means that MoReq is designed to outline a far wider set of requirements than TNA 2002. "MoReq as it stands was not designed as a certification process. It merely provides a model for requirements, leaving users to pick out those requirements that fit their own business needs," says Andrew Bale, chief architect of electronic document and records management (EDRM) at enterprise content management software supplier Vignette. "Some of the requirements contradict each other because MoReq is so all-encompassing."  

And, as yet, MoReq lacks a testing regime, under which records management software suppliers can get their products certified. "It’s too easy for a software company to claim they provide a product that fits a broad model of requirements – so a testing process is vital," says Bale.  

That will require a major update – and progress on MoReq 2 is so far difficult to gauge. Some clues were given by Ian Macfarlane, head of the electronic records management development unit at the UK National Archives, at a meeting of the DLM Forum in Budapest in October 2005.

Working group meetings in March and October 2005, he said, had laid the groundwork for MoReq 2. The group had received a good response to a wide call for comments – around 170 comments from 18 countries. And a ‘scoping report’ had been produced and submitted to the European Commission. "The overall targets are the publication of MoReq 2 in 2007 and a start to compliance testing," he said.  

Others are more skeptical that these statements represent real progress – particularly on the thorny issue of a testing process. "There’s a lot of nice words being said about MoReq 2 and a lot of work is being done by the DLM Forum on the legal position of establishing a testing and accreditation scheme, but no-one seems too clear on that yet," says Paul Sutcliffe of SteepleDoc Consulting, who previously worked with the authors of the original MoReq specifications, Martin Waldron and Marc Fresko.  

However, according to Haddingham of FileNet, a testing process is very much envisaged, but rather delayed – a point made clear at an April 2006 DLM Forum meeting in Vienna. "As I understand it, the timing has slipped a little already. The DLM Forum is currently looking for consultants to write the MoReq 2 standard by the third quarter of this year, with a view to publishing it around a year later," he says.  

The plan, adds Haddingham, is that testing for the basic modules of MoReq 2 will be done centrally, while the DLM Forum will set up country chapters for testing for local requirements. "But it’s my view that we are looking at the first quarter of 2008 before any testing starts," he says.  

In the meantime, the main alternative to TNA 2002 and MoReq for organisations across the world is the International Organisation for Standardization’s ISO 15489 specification. This has already provided the basis for the TNA 2002 and MoReq specifications, but is generally deemed too broad for most users.  

What is clear is that, as a set of requirements, TNA 2002 will almost certainly start to look dated some time before a MoReq 2 testing programme comes into effect. "TNA 2002 does give some level of reassurance but there is some concern that it cannot reflect the way the market – and customer requirements – are changing for too many years into the future," says Bale of Vignette.  

In particular, he says, MoReq only "gives a brisk nod to wider document and content management issues", while software buyers are increasingly less inclined to purchase a records management ‘point’ product and favour instead an end-to-end ECM ‘stack’ capable of handling all types of corporate content. That is an issue that MoReq 2, at least, proposes to address, according to Macfarlane of TNA.  

"Electronic records management alone is not enough. The problem is that various systems create and hold information that should be captured as records. They need to be integrated to manage information and avoid losing records," he told the Budapest DLM Forum meeting in October.  

In response, MoReq 2 will provide clear guidelines on integration with other core business systems, and in particular, ECM packages. "Content management for these purposes means the management of documents and records in a variety of contexts, including Internet Protocol-based environments and browsers," says MacFarlane.  

The main challenge, he says, is the need for robust control of records across public web sites, intranets and extranets. It will be possible, he says, to take this to several levels:

  • Simple content management, where there is "a capability to publish a single document or object from the enterprise records management environment to a website"; and
  • Web content management, where "complex compound objects from various sources are published to web sites".

"Enterprise content management is where the previous environments have all been integrated with the ERM system," says Macfarlane. In addition, guidance on issues such as workflow, management of physical (non-electronic) records, encryption, watermarking and electronic signatures will also be enhanced.  

But on the whole, Macfarlane and the DLM-Forum are preaching a message of evolution, rather than revolution. "In scope, MoReq 2 is to be an evolutionary update to the original MoReq, not a radically different product. MoReq 2 is not intended to shift its focus from mainstream management of electronic records to a new area, such as specialist management of archives," he says. For users, that can only be a good thing. They can at least be sure that there are unlikely to be any radical changes of course or direction in standards for records management. The danger, however, lies in how long it will take for MoReq 2 to emerge.  

 

Key international records management standards

  • Department of Defense (DOD) 5015.2 – A U.S. standard and certification for records management developed by the Department of Defense;
  • The National Archives (TNA) – A UK standard replacing the older Public Records Office (PRO) standard;
  • Document Management & Electronic Archiving (DOMEA) – A German standard for records management and document management;
  • Victorian Electronic Records Standards (VERS) – An Australian standard with records management guidelines;
  • Information & Documentation on Records Management Guidelines (ISO 15489) – The first international standard for the implementation of records management;
  • Model Requirement for Management of Electronic Records (MoReq) – An emerging European standard for records management.

Source: Gartner, 2005

 

Influences on MoReq 2

MoReq 2, according to Ian Macfarlane of the DLM Forum Moreq 2 working group, will take into account developments in record management since 2001, including:

  • ISO15489, the over arching Records Management standard;
  • The work in operation under the The National Archives of the UK’s TNA 2002 requirements;
  • Likewise with the German Domea standard;
  • Other national projects.

Compatibility with key standards such as metadata for records – principles (standard ISO 23081) and with the OAIS standard (ISO 14721).

 

Best practice records management

All the talk of records management standards overlooks an important point, says Cameron Craig, a lawyer with DLA Piper Rudnick Gray Cary. "It’s my view that simply conforming with a standard doesn’t necessarily lead to compliance," he says.  

"It’s certainly a start – and I’m not saying MoReq won’t be a useful tool – but organisations need to know that there is an inherent legal risk in relying on it as anything other than a tool in their records management armoury."  

What is needed, say records management experts, is a clear set of policies and procedures – involving an enterprise-wide effort – governing the identification, capture, management and retention of corporate records.  

Best practice in records management, according to analysts at Gartner, involves the following key tasks:

  • Establish a project management office or steering committee that includes at least one representative from each of the following: a) your organisation’s legal advisors; b) a senior executive that will act as a corporate sponsor of the project; c) existing records management staff; d) the IT department;
  • Have legal advisors review existing organisational policies with consideration for electronic records, making whatever policy changes are needed and reporting back to the committee;
  • Conduct an internal assessment of all organisational data and content (both physical and electronic) and categorise by group, purpose and handling, providing examples of each;
  • Establish and group data/content into category types, flagging those believed to have legal implications;
  • Legal advisors must review this collection, defining which are legal records and how they should be managed (for example, how modifications should be made, and what policies should be implemented for the retention and/or disposal of these records);
  • Based on these requirements, develop the organisational options and associated costs for the systems, policies and procedures to meet these legal requirements, including establishment of an enterprise metadata schema in which fields for electronic records management are established as well as development of XML tagging standards that include records management tags for the growing volume of XML data;
  • Ensure that all new systems are designed to be in compliance with the organisation’s records management policies;
  • Re-assess the above on an annual basis at least.

 

Sponsored links

Subscribe to the EI e-newsletter. Keep up-to-date with the latest news from EI magazine

Intranets and Portals report
Copyright ©1994-2005 Ark Group Ltd All rights reserved. No part of this site or the publications described herein
may be reproduced in any form without the permission of Ark Conferences Ltd, Registered in England, No. 2931372.