1 document management and long term storage – technology is not the end… abd – bvd 60th...
Post on 18-Dec-2015
223 views
TRANSCRIPT
1
Document Management and long term storage –
Technology is not the end…ABD – BVD 60th anniversary
KBR, Brussels, November 19, 2007
Phédra Clouner and Christian Grey
p. 2
Phédra Clouner
Specialist in document management Project manager at the Belgian Ministry
of Justice President of document@work since
January 2006 [email protected]
p. 3
Christian Grey
ECM Consultant since 1985 Founding member of the BeLAIIM (now
document@work) in 1991 Now Chairman of the “Outsourcing & industrialised
documents” Special Interest Group (SIG) Principal Consultant at Getronics Belgium
A subsidiary company of KPN [email protected]
LinkedIn http://www.linkedin.com/in/cgrey
p. 4
document@work (1)
In existence since 1991 as BeLAIIM Since 2006, operates under the name of
document@work Mission
To bring together a group of experts and document- & workflow management practitioners and academics to Share information and expertise Promote a better understanding of document-
&workflow management best practices, methods, tools and training
Independence and neutrality
p. 5
document@work (2) - Actions
Different type of members ABD-BVD is one of our Partners!
Organization of seminars around Document Management, BPM, RM, KM, etc
Organization of annual congress Creation of Special Interest Groups on our website
Legal aspects and Records management, BPM, ILM, KM, etc
A specialist to answer user’s questions for each group
Contribution to the proof-reading of European norm MoReq2
p. 10
Business Process Management
Auditable electronicarchives
Humanprocessing
Auditable physicalarchivesDisposal
Where?
Costs?
Intrusion, fire, pest
Availability
What to keep?
How to destroy?
What file format?
How to keep track
who did what and
when?
What media?
When?
Retention vs. need
for evidence
Problem: lifecycle
Compliance
CobiT
AS ISO 15489
SOX, BASEL
II
IFRS
Freedom of Information
Act,
E-GIF / e-GMS,
DOMEA
CSSF / PSF
p. 11
Problem: being virtual and dynamic
Static content causes less problems
Dynamic content presents partial results that are not necessarily under control Embedded queries to databases
Who can foresee the result? Content fed by RSS
What are the news today? Reference to http://.../.../...
Is there still someone out there? Broken link?
p. 12
Problem: being virtual and dynamic
Simple example (with some text editor) Today
Create a file using a blank template Use the function INSERT -> DATE You should read today’s date (e.g. Nov 19, 2007) Save the file as 20071119.RTF
Change your computer’s date to Nov 20, 2007 Open the file 20071119.RTF What do you read?
Question If the same computer file can display two different content values, then Where is the document? What is the document?
This problem has been fixed since a few years in major text editors For newly created documents! But not for previously created documents…
p. 13
Problem: perennial aspects of the whole chain
Lifespan of the medium Optimistic: 100 years More realistic: 5 to 25 years Refreshing reads needed
Technological constraints Hardware changes
Economical opportunities Lifespan of the drives
Spare parts, connectors, software drivers, operating system Lifespan of the content
Character sets (ASCII, EBCDIC, Unicode) File formats (ODA / ODIF ???) File system (FAT16, NTFS, EFS)
Plan for migration from Day 1 Your decision, not a fatality
p. 14
Problem: away from optical, non rewriteable media
Non-rewriteable optical media had / have a long lifespan expected
They are no longer the legal panacea Electronic signature is now the key element for probative
value Having recourse to advanced / qualified certificates As defined by the EU Directive 99/93/EC on a Community
framework for electronic signatures In Belgium
Loi sur la signature électronique et les prestataires de services de certification du 9 juillet 2001
Arrêté royal du 6 décembre 2002 organisant le contrôle et l’accréditation des prestataires de service de certification qui délivrent des certificats qualifiés
Robust, affordable and auditable magnetic storage solutions now available on the market
p. 15
First question: Why do we want long term preservation of documents?
They serve as indispensable instruments of accountability, a means of protecting individual and corporate rights, and as sources of information for future generations
For an organisation: For legal reasons, as a proof (probative value) For their informational value Several regulations/law exists (SOX, Basel II)
compliance For the society in general
For scientific and historical research
p. 16
Second question: Why do we want long term preservation of electronic documents?
Paper preservation need a lot of storage space
More and more documents are created electronically, they are the only original that exists and the document to preserve
It’s a critical challenge for present and future archivists
p. 17
Elements of solution
Norms and standards Mechanical
Technical environment File formats
Semantic Preserving metadata
p. 19
Why do we respect norms? (1)
To develop and offer products and services meeting specifications that have wide international, European and / or national acceptance in the sector
To insure a better exchange between the different actors and a better management of the organization
p. 20
Why do we respect norms? (2)
To insure the respect of the principles of Records management.
A record is Authentic Accurate Accessible Complete Comprehensive Compliant Effective Secure
Norms are about technology types to use But not only…
p. 21
As we said technology is not the end…
Several norms exist around the world to help respecting long term preservation of electronic document
Theses norms apply to the concepts of document and records
We’ll talk especially about records
p. 22
What is a record?
Information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business (ISO definition)
A record can be either a tangible object or digital information which has value to an organization
We speak here about electronic records
p. 23
What is a document?
A document is any piece of written information in any form, produced or received by an organisation or person.
Could be really ephemeral and have a short term value
All records start off as documents, but not all documents will ultimately become
records
p. 24
By the way, what is records management?
“The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records” (ISO 15489)
p. 25
International: ISO 15489 (1)
Published in 2001 A new version is announced for 2008 or
2009 Part 1: General
Guidance on how to manage records Part 2:Guidelines
Provides a methodology for its implementation
p. 26
International: ISO 15489 (2)
What is in ISO 15489? conception and implementation of an ERMS
Processes Activities Classification Retention period Selection and recording Storage Access Traceability Final disposition of the record
p. 27
European: MoReq Stands for
Model Requirements for the Management of Electronic Records Modèle d’exigences pour l’organisation de l’archivage électronique
From whom? Contracted to Cornwell Management Consultants By the DLM Forum at the request of the European Commission
Why MoReq? First, there was US DoD 5015.2 (1997), originally for US Defence
sector. Not really suitable for use in Europe. MoReq is a Requirements Specification (2001), originating in
Europe, now used around the world and widely translated. Operational approach of the ISO15489 To help when buying an ERM system To help when designing an ERM system
Its advantage is that vendors need in future orient their products to just one European standard, instead of different implementation standards for each country.
100 Pages, 390 Requirements
p. 28
European: MoReq2 (1)
Publication of a MoReq2: beginning 2008 Why MoReq2?
No maintenance Enhancements Technology evolution
No software testing regime At the end of 2007, the new MoReq2 and its
associated test and certification procedures will be made available for records management products
No governance
p. 29
European: MoReq2 (2)
What is in MoReq2? Chapter zero: for national variations Classification scheme Control and security Retention and disposition Capturing records Searching retrieval and presentation Administrative functions Testing
p. 30
European: MoReq2 (3)
Optional modules Physical records Document management/ collaboration Workflow integration Case work Content management integration Electronic signatures, encryption, etc. Distributed systems Offline and remote working Record keeping processes (new); Fax integration Security
p. 31
National with international impact: US DoD 5015.2
Stands for Department of Defense, Electronic records management software applications design criteria standard
Design criteria standard for electronic records management software applications
First version: 1997 Last version (v.3): April 25, 2007
Major additions: requirements to support the Freedom of Information Act (FOIA), Privacy Act, and interoperability
Originally for US Defence sector, must be adhered by all manufacturers hoping to sell to the US government in military and similar areas
Gradually spread throughout USA: de facto standard Defines the basic requirements for documents and records
management systems
Made to address the US market
p. 32
DoD5015.2: Alignment with ISO Standard 15489
ISO 15489 focuses on RM program management and addresses:
– Form and structure– Metadata requirements– Retrieval requirements– How to organize records– Assessing risks– Security– Records retention
DoD 5015.2 is focused on core electronic records management software functionality
There is no certification program for the ISO 15489 Standard
DoD 5015.2 has a long established program for testing and certification
DoD 5015.2 certified RMAs are tools to help organizations meet the goals and objectives of ISO 15489
p. 33
National with international impact: France AFNOR Z 42-013
Latest version 2001 New version foreseen in 2008 Technical and organisational elements to
implement for the record, the storage, and the restitution of electronic documents to insure conservation and integrity
Considers only WORM media! Especially for scanned documents
p. 34
National with international impact: UK TNA
Origin Originates from The National Archives
Background UK standard replacing the older Public Records Office (PRO) The National Archives updated the functional requirements for
ERMS in collaboration with the central government records management community in 2002
Revision in 2006 Takes account of international standards since 1999
What is in TNA? Functional requirements Metadata standard (XML scheme for exchange, interoperability) Glossary, access control model, Optional modules: case management and workflow Implementation guidance Formal test scripts
There are 20 scripts for the core requirements and additional ones for the optional modules.
List of approved systems
p. 35
NationalGermany: DOMEA
Document management and electronic archiving
The German DOMEA concept is an example of a detailed standard for digital process management systems.
It describes the requirements for document management and electronic archiving in public administration, and permits the testing and certification of products in this area.
DOMEA compliance is a requirement in many RFP
p. 37
Preservation of technology (1)
Computer Museum Strategy Storage of the original hardware and software, with
which the electronic records were created or managed Not possible for medium-term and long-term storage
Emulation The required platform is simulated on newer computer
configurations Records are consulted in their original file format Technically complex A lot of development and of maintenance costs Conversion or migration of emulation program A lot of emulation program in an organisation
p. 38
Preservation of technology (2)
Conversion Conversion of digital documents from a
lower to higher version of the same file format
Certain file formats change often Properties could be lost of changed less
easier to guarantee authenticity Digital documents continue to be stored in
a software or version dependant format
p. 39
Preservation of technology (3)
Migration Digital document are transformed into adequate
and standardised archiving file format Independent Specification of file format is available For some file formats it doesn’t exist suitable
archiving file formats Properties and functionalities of the original format
can rarely integrally be transferred, loss Don’t forget to preserve the media!
p. 41
File Formats - Proprietary
File formats supported by an editor, without Commitment to perennial coherence and
support Community developments Public documentation Absence of royalty
p. 42
File Formats - Open EPS Open Document Format (ODF) OpenXML PDF/A TIFF XML …
Analyse your requirements regarding Text vs. Image Signature B&W, colour Single- or multi-page Exchange with your business partners
Examples A TIFF file doesn’t support electronic signature
Is this a problem for you, your auditors, the probative value you expect from these files in all countries where your organisation is active?
p. 43
Semantic – Using thesauri as abstraction layers
Preservation of some metadata can be achieved using thesauri Applicable to controlled vocabulary only
Example A document was created in 1995 where metadata
COUNTRY=ZAIRE Fact of life: in 1997, the name of the country becomes
DEMOCRATIC REPUBLIC OF (THE) CONGO After that, the thesaurus is modified to make ZAIRE and
DEMOCRATIC REPUBLIC OF (THE) CONGO synonyms After the modification of the thesaurus, queries on ZAIRE
will work as queries on DEMOCRATIC REPUBLIC OF (THE) CONGO
No need to modify metadata => preservation
Not just technologies …
p. 45
Conclusions
We need to use the adequate technology but in a formal context
Adequate technology is fundamental but not sufficient Without adequate classification scheme, metadata,
process, etc, no long term preservation possible in the context of Document & Records management
document@work’s mission is to give some keys to organizations about Records management and existing norms and the necessity if they want to be compliant, preserve their document as proof, etc to respect these norms
p. 47
Acknowledgment Norms
ISO 15489 MoReq and MoReq2 Afnor Z 42-013
M.-A. CHABIN, Records management et gestion des archives, stage Archives de France, http://www.archivesdefrance.culture.gouv.fr/fr/formation/courantexposesintervenants2006/Marie-Anne%20CHABIN%20(France).pdf, 17 nov 2006.
Les principes techniques et organisationnels de la préservation des documents numériques Catherine Lupovici, Département de la bibliothèque numérique,
Direction des services et des réseaux, Bibliothèque nationale de France
The importance of the new MoReq2 standard for Document Management in Europe MARC FRESKO, Cornwell Management Consultants plc
Convergence of Document and Records Management Richmond AIIM/ARMA, Chapters Joint Seminar, September 15,
2004
p. 48
Acknowledgment
InterPARES 2 Project International Research on permanent Authentic
Records in Electronic Systems http://www.interpares.org
F. BOUDREZ, J. DUMORTIER et al, Digital Archiving: the new challenge?Legal and archival issues, Louvain-La-Neuve, 2005
Information Management Compliance, PROJECT CONSULT Whitepaper Dr. Ulrich Kampffmeyer DLM Network EIIG, Manager MoReq2 Editorial Board, Mitglied http://www.PROJECT-CONSULT.com Hamburg, September 2007