Basic Requirements of an Electronic Recordkeeping System at EPA
These are the basic EPA and federal requirements for recordkeeping systems that manage records on electronic media. Collectively these requirements cover:
- life cycle management
- permanent records
EPA has selected Documentum as the standard platform for enterprise content management (ECM). Documentum includes an electronic recordkeeping system that meets these requirements. The selection, which was announced in a joint memorandum from EPA's Office of Information Collection and Office of Technology Operations and Planning, resulted from an evaluation of criteria in five major areas:
- Functional requirements for electronic document and records management.
- Technical requirements.
- Integration requirements.
- Market presence.
This document expands upon the records management functions that were evaluated and the practices necessary to carry out those functions effectively.
An electronic recordkeeping system must meet National Archives and Records Administration (NARA) requirements and be able to:
- Collect, organize, and categorize records.
- Facilitate the preservation, retrieval, use, and disposition of records.
Life Cycle Management
The system must manage records throughout their life cycle and be able to:
- Distinguish between record and nonrecord material.
- Match each record to the applicable records schedule.
- Indicate whether the record, or the file containing the record, is closed.
- Identify the final disposition date, which is calculated from the date of closure.
- Allow for the separation and removal of temporary records and nonrecords for destruction and permanent records for transfer to the National Archives.
- Ensure that temporary records authorized for destruction are deleted in accordance with approved records schedules and are not recoverable following their deletion.
The system must capture metadata about the records it manages and be able to:
- Identify each record sufficiently to enable authorized personnel to retrieve, protect, and carry out the disposition of the records in the system. Appropriate identifying information may include:
- office of origin,
- file code,
- key words for retrieval,
- addressee (if any),
- authorized disposition (coded or otherwise), and
- security classification (if applicable).
- Correlate records maintained in the system with related records on paper, microform, or other media.
- Preserve transmission and receipt data of any e-mail records managed by the system.
- Retain names of addressees on distribution lists for any e-mail records managed by the system.
The system must retrieve records and be able to:
- Permit easy retrieval in a timely fashion.
- Ensure that records are accessible by individuals who have a business need for information in the records.
- Provide a method for all authorized users of the system to retrieve desired documents, such as an indexing or text search system.
- Permit retrieval of both individual records and files or other groupings of related records.
The system must ensure the integrity of the records it manages and be able to:
- Minimize the risk of unauthorized alteration or erasure of the records.
- Allow only authorized personnel access to the records in the system.
- Allow only authorized personnel to perform administrative functions such as creating or deleting directories, altering the parameters of metadata fields, and assigning access rights.
The system must provide an appropriate level of security for the records its manages and be able to:
- Comply with EPA and federal requirements for safeguarding information resources.
The system must allow for records to be backed up to protect against information loss and be able to:
- Be backed up on a regular basis to safeguard against the loss of information due to equipment malfunctions or human error.
- Provide for recovery of the records that have been copied during the backup.
- Allow duplicate copies of permanent or unscheduled records to be maintained in storage areas separate from the location of the records that have been copied.
The system must allow records to be migrated and be able to:
- Retain the records in a usable format for their required retention period and until their authorized disposition date.
- Ensure that information is not lost because of changing technology or deterioration.
- Provide a standard interchange format (e.g., ASCII or XML) to permit the exchange of electronic documents between EPA offices using different software or operating systems.
- Allow for the conversion of storage media to provide compatibility with EPA's current hardware and software.
- Maintain a link between records and their metadata through conversion or migration.
- Ensure that the authorized disposition of the records can be implemented after conversion.
The system must permit permanent records to be transferred to NARA and be able to:
- Meet NARA transfer requirements outlined in 36 CFR Subpart C or standards applicable at the time.
- Meet EPA transfer requirements described in Preparing Electronic Records for Transfer to the National Archives.
- Permit the migration of the permanent records at the time of transfer to a medium which is compliant, if it does not meet EPA and NARA transfer requirements.
- Provide for transfer of the records and any related documentation and indexes to NARA at the time specified in the applicable records schedules.
- Provide an alternative to the use of floppy disks for the long-term storage of permanent records.
EPA organizations should implement procedures to establish the trustworthiness of their electronic records and their records disposition practices. These procedures should include:
- The system's operation and the controls imposed upon it.
- Regular recopying, reformatting, and other necessary maintenance to ensure the retention and usability of electronic records throughout their authorized life cycle.
- A standardized approach to creation and retrieval for similar kinds of records generated and stored electronically.
- Security processes to prevent unauthorized addition, modification or deletion of a record and to ensure system protection against such problems as power interruptions.
- Identification of the electronic media on which the records are stored throughout their life cycle, the maximum time span that records remain on each storage medium, and the approved records disposition instructions.
- Documentation of which records are deleted at the end of their authorized retention period.
- Removal of deleted records from backup storage.
- Identification of unscheduled records for which a new records schedule should be requested.
EPA organizations should train staff on the electronic recordkeeping system, including:
- The operation, care, and handling of the equipment, software, and media used in the system.
- The distinction between federal records and nonrecord materials.
- Procedures for designating federal records.
- Safeguarding sensitive or classified records.
- Managing e-mail.
- National Archives and Records Administration (NARA) regulations at 36 CFR Part 1236 Electronic Records Management and 36 CFR Subpart C Electronic records.
- Electronic Records/Document Management System Requirements prepared by EPA's Records Management Application (RMA) Work Group (January 31, 2002).
- Design Criteria Standard for Electronic Records Management Software Applications, DoD 5015.2-STD.