IT quiz
IT 380
Electronic Document and
Record Management
Systems
Unit 6: EDRMS Requirement Analysis
Instructor: Dr. Michelle Liu
Topics
▪ EDRMS Standards
▪ Overall Requirements
▪ Components of EDM
▪ Components of ERM
▪ Workflow
▪ Compliance
2
ERMS Standards
3
▪ DOD 5015.02
▪ Electronic Records Management Software Applications Design Criteria Standard
▪ April 25, 2007
▪ ISO 16175-3 ▪ Information and documentation – principles and functional
requirements for records in electronic office environments
▪ Part 3 – Guidelines and functional requirements for records in business systems
▪ December 2010
▪ ISO/TR 13028 ▪ Information and documentation – Implementation Guidelines
for Digitization of Records ▪ December 2010
▪ National Archives accepts DoD standard
International Standards
▪ ISO 16175 ▪ Information and Documentation – Principles and functional
requirements for records in electronic office environments
▪ Part 1 – Overview and Statement of Purpose
▪ Part 2 - : Guidelines and functional requirements for digital records
management systems
▪ Part 3 -Guidelines and functional requirements for records in
business systems
▪ ISO/TR 13028 ▪ Information and documentation – Implementation guidelines for
digitization of records
▪ ISO 19005 ▪ Document management _electronic document file format for long-
term preservation
▪ Specifies pdf: PDF/A (specialized for use in the archiving and
preservation of electronic documents)
4
Federal Standards
▪ DoD 5015.2-STD ▪ Defines the basic requirements based on operational, legislative
and legal needs that must be met by records management
application (RMA) products that are acquired by the Department
of Defense (DoD) and its components
▪ This Standard sets forth mandatory baseline
functional requirements; defines required system
interfaces and search criteria; and describes the
minimum records management requirements that
must be met, based on current National Archives
and Records Administration (NARA) regulations
5
Federal Standards, Cont’d
▪ National Archives and Records Administration
(NARA) ▪ Managing partner of the E-Government Electronic Records
Management Initiative
▪ Endorsed DoD 5015.02-STD for all government records
offices
▪ Records Management Handbook ▪ Federal requirements for including records management in
agency electronic information systems
▪ Toolkit for Managing Electronic Records
▪ http://www.archives.gov/records-mgmt/toolkit/
▪ Records management language for contracts
▪ Guidance and resources for integrating records management
into electronic information systems 6
Requirements Standards ▪ Model Requirements for the Management of
Electronic Records (MoReq) ▪ Commissioned by the Interchange of Data
Software Administrations (IDA) Program of the
European Commission
▪ Multiple revisions
▪ MoReq2010® in 2011
▪ Products tested and certified as complaint
with the DoD 5015.2 Standard for
Recordkeeping Applications
▪ http://jitc.fhu.disa.mil/projects/rma/index.
aspx 7
Requirements: Paper vs. Electronic
▪ Requirements are not much different than
what we would like to see in an ideal paper
system
▪ Differences: ▪ In many cases the requirements need to be
automated and executable by the system
▪ Reflects the fact we can do a better job
documenting recordkeeping in an automated
environment
8
Overall Requirements
▪ Compliance
▪ Record capture
▪ Classification scheme
▪ Authenticity
▪ Audit trail
▪ Metadata
▪ Retention and disposal
▪ Access and use
▪ Documentation
▪ System Testing
▪ Non-electronic record handling 9
Let’s Brainstorm: Define
Requirements
10
▪ Develop a records management system for the
university’s Registrar’s department to collect
and preserve all the necessary records form
admission to graduation
▪ What significant questions that need to be
asked to ensure that we can build an effective
and secure electronic documents and records
system ▪ …
Basic Components of EDMS
11
▪ Document Repository
▪ Integration with Desktop Applications
▪ Check-In and Check-Out
▪ Versioning
▪ Auditing
▪ Security
▪ Classification and Indexing
▪ Search and Retrieval
Document Repository
12
▪ All EDMS require a document repository
▪ System stores documents that are under its management
▪ Location of documents should be in a centralized location
▪ Will fail if users do not place documents in the repository when they are created ▪ Make users save documents in repository
▪ System also needs a database to store information about the documents
▪ Folder structure: ▪ Established by system administrator
▪ Company structure, project, etc.
Integration with Desktop Applications
13
▪ EDMS needs to integrate with desktop
applications
▪ Allows users to save documents straight from
the application that created the document
▪ Vast majority of EDMS integrate with many
popular desktop application ▪ MS Office
▪ Open Office
▪ Must be updated as these applications evolve
Check-In and Check-Out
14
▪ Controls who is editing a document and when it is being edited
▪ Ensures that no more than one person edits a document at any one time
▪ Once a document is checked out to one person, all others only have read-only access
▪ Once edits are completed, the document is checked back in ▪ Others can now access the updated document ▪ Someone else can now change it
▪ What information should you get if a document is checked out?
Version Control
15
▪ After a document has been updated, there
needs to be a mechanism by which the
system can keep track of the changes made
to that document
▪ Assigning the document a version number ▪ Start with version 1.0
▪ Rules for next version as 1.1 or 2.0?
▪ System should allow authorized access to
previous versions of the document ▪ Read-only
Auditing
16
▪ Audit trail: A chronological record of system activities that
is sufficient to enable the reconstruction, reviewing and
examination of the sequence of environments and activities
surrounding or leading to an operation, a procedure, or an
event in a transaction from its inception to final result
▪ Keeps a check on which users made changes to a
document and when
▪ Allow authorized users to find out the changes that have
been made to the document since it was first created ▪ Who
▪ What
▪ When
▪ Auditing is important for ensuring the chain of custody in a
legal or forensic sense
Security
17
▪ Extremely important component in a properly
implemented system
▪ Needs to be tightly integrated with the
system
▪ Security access permissions at different
levels based on: ▪ User
▪ Individual document
▪ Individual user vs. group permissions ▪ Read/Write/No Access
▪ File/Folder/Group of Folder
Classification and Indexing
18
▪ All documents should be classified and indexed using metadata ▪ Main purpose is retrieval at a later date
▪ Typical metadata: ▪ Date created
▪ Subject
▪ Who created
▪ Document title
▪ Keywords
▪ Classification
▪ Other?
Search and Retrieval
19
▪ The more intuitive the classification and indexing, the easier it will be to locate them using the search and retrieval mechanism
▪ Should have multiple ways to locate a document: ▪ Browse the folder structure
▪ Basic search
▪ Advanced search
▪ Index terms vs. full text
▪ Must use Optical Character Recognition (OCR) to get full text from paper documents
▪ Search should return list of documents with enough information to select the right one ▪ What information?
Components of ERMS
20
Repository
Classification, Indexing, and Metadata
Capturing and Declaring Records
Retention and Disposal of Records
Record Security
Managing Physical Records
Search and Retrieval
Auditing and Reporting
Compliance with Standards
Scanning and Imaging
Collaboration
Workflow
Repository
21
▪ Needs to have a repository where the
records are archived
▪ Physically, the records will be located in a
central location
▪ Must be protected so that records cannot be
changed
▪ Allows for a folder structure that supports the
archiving function and the maintenance of
security
Classification, Indexing, and
Metadata
22
▪ All records in the system need to be
categorized and indexed within the folder
structure
▪ Need to use metadata to ensure that
archived records in a systematic manner
▪ Need to assist users to find their documents
much later in the future ▪ What indexing terms make sense?
▪ How much effort should be put in indexing?
Capturing and Declaring Records
23
▪ Needs a mechanism that automatically
capturing and declaring records otherwise
repository will not be complete
▪ Need to decide which documents form the
records ▪ Documents
▪ Letters
▪ Blog entries
▪ Text messages
▪ Others?
Record Security
24
▪ Need to employ stringent security around the
archiving of records ▪ Organization’s security
▪ Compliance
▪ Electronic records, with no paper record,
face special security challenges ▪ Ensuring they are not tampered with?
▪ What types of tampering can happen?
▪ System administrator must control security
by record type and by user
Auditing and Reporting
25
▪ Allow authorized users and administrators to
produce audit trails
▪ Information: ▪ Date created
▪ Create standard and ad-hoc reports to meet
potential future demand
Compliance with Standards
26
▪ Legislation ▪ Freedom of Information Act
▪ Privacy Act
▪ HIPAA
▪ Standards ▪ DoD 5015.2
▪ ISO 15489
▪ Must apply to the relative legislation and
standards that apply to both the industry and
the country
Scanning and Imaging
27
▪ Need facilities to scan and image paper-
based documents ▪ Comprehensive electronic records
▪ Save space in file rooms
▪ Should allow the organization to scan
documents in batches
▪ Also need to index the documents
▪ Quality control is a primary concern
Collaboration
28
▪ Allow people and teams within the organization
to communicate and share information ▪ Work on documents together
▪ The need to collaborate electronically ▪ With employees
▪ With clients
▪ With partners
▪ With consultants
▪ With others, dependent on type of business
▪ Impact of globalization
▪ Need to reduce time frames for work
▪ Desirable rather than mandatory requirements
Workflow
29
▪ Also called business process management
(BPM)
▪ Manage the flow of information around an
organization
▪ Ensure necessary process is followed ▪ Approval process
▪ Scanning and indexing process
▪ Desirable rather than mandatory features