Library
(Search
Room)
Electronic Records Initiative
**** DRAFT ****
Mississippi Department of Archives and History
Public Records - Standards
Management of Electronic RecordsA. PURPOSE
The purpose of these rules is to provide the standards necessary to ensure that electronic public records created and/or possessed by state agencies and other governmental entities, and retained only in digital format, will remain accessible to the public, state agency, or governmental entity for the full period that the record must be retained, as detailed in a properly approved records control schedule. These rules are supplemented by a companion set of guidelines compiled by the Mississippi Department of Archives and History to explain more thoroughly its policies pertaining to electronic records and to assist agencies and entities with compliance.
These rules must be followed by state agencies or other entities of the State of Mississippi when planning for the management and retention scheduling of electronic records. The rules apply to records scheduled as permanent through the Mississippi Department of Archives and History's (MDAH) records control scheduling process. The rules also outline best practices for records retained administratively for short and medium terms. If an approved records control schedule is not in place, however, the agency or entity must treat all unscheduled records as though they are permanent and comply with these rules. If an agency or entity does not comply with the rules as specified here, MDAH may not be able to accept its permanent electronic records.
B. AUTHORITY
There are two statutory authorities for the establishment of these rules.
Mississippi Code of 1972, Annotated, §25-59-1 through §25-59-31 comprise the "Mississippi Archives and Records Management Law of 1981," as amended. The law designates the Mississippi Department of Archives and History as the archival and records management agency of the state of Mississippi, establishes the State Records Committee to review and approve records control schedules, and sets forth records management duties of state agencies and officials. §25-59-9 provides that "The department shall adopt such rules and regulations deemed necessary to carry out its duties and responsibilities under this chapter, which rules shall be binding on all agencies and the persons affected thereby. The department shall publish said rules and regulations in accordance with the provisions of the Administrative Procedures Act, Sections 25-43-1 et seq., Mississippi Code of 1972."
Mississippi Code of 1972, Annotated, §25-61-1 through §25-61-17 comprise the "Mississippi Public Records Act of 1983," as amended. The law codifies state policy regarding access to public records, stating that public records as defined by the law (see definitions list) are open for inspection unless otherwise provided by law. §25-61-2 stipulates that "providing access to public records is a duty of each public body and automation of public records must not erode the right of access to those records. As each public body increases its use of, and dependence on, electronic record keeping, each public body must ensure reasonable access to records electronically maintained, subject to records retention."
C. SCOPE
- These rules are applicable to all custodians of public records, including state agencies and other entities of the State of Mississippi.
- These rules establish the minimum requirements for the management and retention scheduling of four genres of electronic public records: records generated by networked desktop systems, email, webpages, and enterprise databases.
- These rules apply to records series which have been scheduled as permanent by the State Records Committee and to any records which have not been scheduled at all, pending execution of an approved records control schedule.
D. INTENT
Electronic records are subject to the same legal recordkeeping requirements as are paper records. Inventory and appraisal of electronic records, however, should be carried out as early as possible, preferably when computer systems are first being put into place, to reduce the risk that information may be lost or become inaccessible through changes in information technology. Because computers have been used in Mississippi state government for more than thirty years, and this is the first specific rule for their management to appear, there are many legacy systems in place that may be based upon technical standards that are not in compliance with the standards outlined in these rules. It is not the intention of the Department of Archives and History to impose standards upon an agency or state government entity that will reduce the benefit of an existing or planned electronic application, provided that the Department can be confident that steps are being taken to insure the safe retention of existing records until such time as they can be scheduled. Existing electronic records and electronic records systems that have not yet been scheduled can and should be inventoried, appraised, and scheduled as soon as feasible, and the Department of Archives and History stands ready to assist any agency or governmental entity in this task. New systems should meet the standards detailed herein from their inception and should be scheduled as part of the design and/or acquisition process. The mutability of electronic records requires that system designers incorporate both records retention requirements and descriptive metadata within the system at the time of design.
E. DEFINITIONS
Conditional Scheduling: When an agency is required by law or policy to retain custodianship of electronic records that are determined to be of permanent value, special arrangements must be written into the records control schedule to guarantee that the records are retained securely in readable form as long as they are in agency custody, in spite of software and equipment improvements, obsolescence, and replacement. Agencies have a legal requirement to "ensure reasonable access to records electronically maintained, subject to records retention" (Mississippi Code of 1972, Annotated, §25-61-2). As agency systems administrators and records managers upgrade, convert, or otherwise move electronic records, quality control procedures must be in place to ensure that the records are readable, accessible, and unaltered once they reside in the new software and/or equipment. "Conditional" records control schedules should clarify and formalize the terms of agency custodianship, detailing what will be retained, why it will be retained, how it will be preserved, and when it will be preserved. Such schedules must specify retention periods but also spell out a long-term agreement with the agency on handling migration and ensuring accessibility to the records over time. Continuing contact with the agency must be provided for in the schedule, so that MDAH is notified of software changes or other occurrences affecting migration. "Conditional" schedules can be renegotiated should agencies decide that conditions have changed and they wish to make altered arrangements with MDAH.
Content Analysis: In records management parlance, analysis of the value of records prior to the preparation of a schedule. The content analysis must assess administrative, evidential, informational, and legal values in order to determine whether the records' permanent value to the public warrants their permanent retention.
Desktop Systems: This term is meant to refer to networked PCs using a standard suite of programs, including especially word processor and spreadsheet programs, as well as personal databases and other more specialized application programs.
Dublin Core: International metadata standard, designed for Internet implementation, consisting of a 15-element set of metadata tags for recording a wide range of contextual information pertaining to an electronic record; see http://purl.oclc.org/dc/documents/working_drafts/wd-guide-current.htm.
Electronic Document Management System/Records Management (EDMS/RM): For the purposes of this rule, any one of a number of systems tested and approved under U.S. Department of Defense standard 5015.2 or its successor, designed to implement business and records management rules on networked personal computers. This standard has been mandated by the U.S. National Archives for implementation in all Federal agencies by 2007. For the standard, see http://web7.whs.osd.mil/text/p50152s.txt, and for the website for DoD testing and approval see http://jitc-emh.army.mil/recmgt/.
Electronic Records: Records that require a computer or comparable electronic device in order to be created, perceived, modified, or deleted.
Email: Electronic mail created using a standard desktop client program and sent via the Internet using standard protocols.
Enterprise database: A database is a collection of data that is organized so that its contents can easily be accessed, managed, and updated record by record or in various aggregates. The present rule is aimed at so-called "enterprise" databases, which contain centralized data shared by many users throughout one or several government entities. Enterprise databases may be dynamic/transactional (constantly changing, with periodic additions, deletions, and alterations), or static/cumulative (information is added but not altered or deleted).
Escrow Archiving: Retention periods for electronic records are easily determined when it comes to clearly understood short-term administrative needs or long-term permanent or quasi-permanent retention, either determined by historical or informational values or by legal requirements. Where electronic records create a problem is in the case of those that are designated for permanent retention, during the period after they have been created but before they have become administratively unnecessary. Under normal circumstances, agencies would be obliged to keep such records readable, secure, and unchanged in spite of system upgrades and even software changes. "Escrow" archiving is a workable solution to this problem. If records will often have a lengthy administrative retention period, for whatever reason, they can be scheduled to be "escrowed" into the custody of MDAH (i.e., provided to MDAH in a certifiable copy under terms formally established by records control schedule). MDAH will then bear responsibility for maintaining and migrating such records, while the record creator is free to alter or dispose of his copy as and when convenient. The record creator must provide public access to it if requested unless he chooses to make prior arrangement for MDAH to do so by means of an approved records control schedule. Ownership is transferred from the agency to MDAH at the end of the scheduled administrative retention period.
Metadata: Metadata is data about other data. It describes a record by adding contextualizing information that cannot be derived from the content of the resource alone. The primary purposes of assigning metadata are to help users find an information resource and to assist the owner in the management of the resource. A metadata set consists of a set of attributes, or elements, necessary to describe a resource. Metadata can be created at the time of the resource's creation by the agency or governmental entity or created later as part of a transfer or cataloging process by MDAH, and it can function at several scales, as it describes the individual record or the entire system. It can be stored in a number of ways, including but not limited to Hypertext Markup Language (HTML) metatags stored within the resource itself; Resource Description Framework (RDF) metatags stored either within the resource itself or separately from it; a database stored separately from the resource; or a records management system, stored separately from the resource. The Dublin Core metadata standard, which forms the basis of the metadata element set described in these rules, does not prescribe either type of linkage, leaving the decision to each implementation. Under these rules this flexibility is retained.
Migration: Transfer of records from one computer system, hardware or software, to another, while preserving functionality and documentation.
Public Document: Public documents, as defined in legislation that directs the Library Commission to disseminate them, are "the public records issued by any government agency for public distribution" (Mississippi Code of 1972, Annotated, §25-51-1). Although the "publication" addressed in the statute does not envision the existence of website posting as a substitute for paper publication, agencies and other entities are already using website posting to supplement paper publication in order to lessen costs, and it is likely that this practice will continue.
Public Records: "All books, records, papers, accounts, letters, maps, photographs, films, cards, tapes, recordings or reproductions thereof, and any other documentary materials, regardless of physical form or characteristics, having been used, being in use, or prepared, possessed or retained for use in the conduct, transaction or performance of any business, transaction, work, duty or function of any public body, or required to be maintained by any public body" (as defined in Mississippi Code of 1972, Annotated, §25-59-3).
Records Control Schedule: "Records Control Schedule shall mean a set of instructions prescribing how long, where or in what form records shall be kept. . . .Such records control schedules, once approved, shall be authoritative and directive, and shall have the force and effect of law" (Mississippi Code of 1972, Annotated, §25-59-3 and §25-59-7).
Redaction and encryption: Mississippi law includes the requirement that "Before a public body acquires or makes a major modification to any information technology system, equipment, or software used to store, retrieve, or manipulate a public record, the public body shall adequately plan for the provision of public access and redaction of exempt or confidential information by the proposed system, equipment or software" (Mississippi Code of 1972, Annotated, §25-61-10). This must be done as part of a broader review of the records with respect to the potential need for restrictions on access, beginning with Mississippi's Public Records Law (Mississippi Code of 1972, Annotated, §25-61-1 through §25-61-17), which requires that all state records are open for public inspection with the exception of those specifically exempted by law. Once records and title to them have been transferred to MDAH, they are open for public use "with the exception of those records specifically prohibited from being opened to inspection by state law, federal law, court order, by contractual agreement with a private third party or by agency request consistent with law" (Mississippi Code of 1972, Annotated, §25-59-27). Therefore the approved records control schedule must leave no doubt regarding the public use status of the records, on the whole and in part, and must specify requirements for the agency or MDAH to redact or encrypt any portion of the records.
Webpages: Webpages are the individual collections of text, graphics, and other contents, designated by unique Uniform Resource Locator addresses and transmitted to users connected to the Internet in response to their request to the computer server on which the pages reside.
F. SPECIFIC REQUIREMENTS: DESKTOP SYSTEMS
Whenever possible, the use of automated systems for the collection of metadata for desktop-generated records is preferred so that the process may be standardized and easily documented. A number of networked electronic document management systems (EDMS) having built-in records management (RM) capabilities are available that meet MDAH's requirements for the management of desktop records and their related metadata. Acceptable EDMS/RM software must include the ability to attach required metadata elements and to implement recordkeeping policies and records control schedules. They must also be capable of exporting both records and metadata to other systems. Such EDMS/RM systems, when properly configured and maintained, can guarantee the legal integrity of an agency's recordkeeping. As a result of the development by the Department of Defense (DoD) of a set of requirements and qualifying test procedures for such systems, a set of systems meeting MDAH's requirements have already been tested and approved through the DoD approval process (see the approved EDMS/RM list developed by the Department of Defense at http://jitc.fhu.disa.mil/recmgt/).
Another option for the collection of metadata and the implementation of records control schedules for networked desktop systems is the use of existing software along with some programming and user activity that attaches metadata and archives records according to an approved records control schedule on a routine basis. To do this requires network capabilities, applications capable of collecting and exporting metadata, and the establishment of a central storage repository to collect archival records with their attached metadata and to maintain schedules. Whether an EDMS/RM system is purchased or built, it must itself be documented to establish that the records were reliably created in the "normal course of business" and are legally defensible.
Whether an agency attaches metadata within EDMS/RM system or agency-designed system, the application of these rules will preserve relationships among desktop records, archival series to which they belong, and records control schedule. MDAH requires that following items be attached scheduled for permanent retention:
Title. For some desktop records, such as reports, the title is self-evident, but others require the addition of a descriptive title.
Author/Creator. In the case of most desktop records, the author/creator is the person who actually generates the record on the individual desktop in question. If this person is generating this record on someone else's behalf and with that person's authority, that person should be listed as author/creator.
Subject/Keywords. Although the standard places no limits on the number of keywords, in practice the agency should develop keyword-assignment conventions and should document them.
Publisher. The agency or other governmental entity of which the desktop system is a part. Although this item is mandatory, it can be added upon receipt by MDAH if so agreed in the schedule.
Date. Should include both the date created and the date made available.
Format. The originating format (e.g., Microsoft Word .doc file plus version) of the record.
Relation. Specifies the records series to which the record belongs and the records control schedule that applies to it.
Addressee's Name. In the case of correspondence or memoranda or other applicable records, this item is mandatory.
Status of Transmission. Draft or final version. Mandatory for desktop records to establish versioning.
G. SPECIFIC REQUIREMENTS: EMAIL
The state of Mississippi has at present no privacy laws affecting state employees except for a very few exempted types of personnel records. These exempted types do not include electronic mail generated by state employees in their normal work, which for retention purposes must be treated like any other correspondence. Because email is generated electronically and does its work electronically, however, and because transfer to another medium lessens its accessibility, MDAH believes that the law that provides for public accessibility to electronic records also requires that agencies archive email electronically.
Automatic capture of email records in an EDMS/RM with subsequent schedule-driven archiving to MDAH would be ideal, since it would manage and retain email according to specific business rules incorporating approved records control schedules. But most agencies have no such systems in place. When such systems are planned, however, an email component must be specified as part of the system.
In the absence of EDMS/RM software in the agency to regulate email according to a set of pre-established policies and records control schedules, it is still the responsibility of the agency to retain all email that is scheduled for retention or, because unscheduled records may not be destroyed, all email that is not covered by an approved records control schedule. To deal with this common problem MDAH has developed a general schedule that can be applied universally to all state government email systems. This schedule will permit agencies to dispose of certain well-identified email and to "escrow archive" the remainder with MDAH for further processing at such time as appropriate schedules are in place for other related records. The general schedule provides rules of email capture and specifies schedules for transfer to MDAH. MDAH will recommend appropriate filtering software to carry out general screening of email to eliminate general classes of email known in principle to be excluded from retention requirements, such as advertisement spam and listserv and newsgroup emails. Anything not excluded should be collected at the server level and transferred to MDAH to be retained in escrow according to an agreement executed with the agency. MDAH intends to process such emails in bulk using automated methods to carry out its normal appraisal tasks.
All email, regardless of the software used to generate and transmit it, has the following familiar fields: Subject, Date, From, To. Some email may have additional information, such as gateway timestamps, blind carbon copies, and more. Because any email presently being created can be relied upon to have at least these four fields, they form the basis of the minimal metadata set required, necessitating no additional effort to collect, as they are part of the message itself:
Author/Creator. This is the account in which the electronic message was composed, as represented in the "from" line.
Subject/Keywords. This should be the "subject" line of the email, as given by the sender.
Date. This is the "date" when the email was sent, which is supplied by the originating server.
Addressee's Name. This is the account to which the email is directed, as represented in the "to" line.
MDAH will append additional metadata at the time of transfer from the agency:
Publisher. This will be the agency from which the the email was collected.
Resource Type. This will of course be email in every case, but attachments can be accommodated here as well.
Format. Information about the mail client/server system at the agency from which the electronic mail was transferred, as recorded during application of the general schedule.
Resource Identifier. Record number as assigned by MDAH's management database.
Additional information automatically contained within the email may be placed in additional elements or may be discarded, but the agency is not required to remove it or examine it.
H. SPECIFIC REQUIREMENTS: WEBPAGES
The definition of "public records" in Mississippi's Public Records Law encompasses "any other documentary materials, regardless of physical form or characteristics" (Mississippi Code of 1972, Annotated, §25-61-3). Websites and their component pages fall under this umbrella. The broadly public nature of webpages, which are actively and intentionally made available to the entire planet, is incontrovertible. Further, at least a subset of webpages consists of records that are also published and disseminated in paper form as "public documents" (see Mississippi Code of 1972, Annotated, §25-51-1).
The Department of Archives and History has determined that webpage scheduling can be vastly simplified through the application of a general schedule to an agency or entity's entire website, requiring that the publishing agency or entity simply send a copy of the entire website to MDAH at stated arbitrary intervals and on the occasion of a major revision, as regulated by official adoption of the general schedule or a modification of it negotiated with MDAH.
As the schedule can be simplified considerably, so can the metadata requirement. Because webpages are creatures of the electronic environment and really have no paper counterpart, they have the potential for inclusion of self-documenting elements integral to their structure and function. For this reason metadata has a very specific meaning when it refers to webpages. It refers to the keywords used to describe that webpage, defined within a particular part of the HTML source code for the page called the "metadata tag." The Dublin Core metadata tag set, which forms the basis of MDAH's metadata standard for all electronic records, was originally conceived for author-generated description of Web resources, which makes it particularly well-adapted to the description of webpages. Six, or in the case of "public documents" seven, Dublin Core metadata tags are required on each webpage for compliance with this rule. Several of these metatags will be identical for all pages belonging to a given agency, while others can be generated automatically by a style sheet. MDAH has prepared an appropriate template for agencies to use in generating these metatags.
Title. This can be taken directly from the <title> tag on the page in most cases. The title metatag requires distinct wording only if the <title> tag is frivolous or non-descriptive of page contents.
Subject/Keywords. Carefully-applied keywords here can improve the visibility of webpages in cyberspace as well as assist in their cataloging.
Author/Creator. Generating author(s). This can be either the webmaster creating the document and/or the office within the agency that assumes creative responsibility for webpage content and display.
Date. The generation date of the page, when it was first posted to the site.
Publisher. The name of the agency or entity that produces the webpage.
Identifier. The absolute URL for the page.
Source. This metatag is only required if the agency is posting a "public document," to define it as such. "Source" then specifies the title of the published paper document.
I. SPECIFIC REQUIREMENTS: ENTERPRISE DATABASES
The law speaks specifically to the case of enterprise databases in state government. It provides that "A public body may not enter into a contract for the creation or maintenance of a public records data base if that contract impairs the ability of the public to inspect or copy the public records of that agency, including public records that are on-line or stored in an information technology system used by the public body" (Mississippi Code of 1972, Annotated, §25-61-10). Because the statute sets no time limit to this requirement, only the records control schedule can define database retention requirements and permit the destruction of database records.
As with all records, the appraisal of databases includes content and technical analyses. The results of these analyses determine whether and how the records should be preserved. If records of permanent value have been identified as part or all of the database, the records should be preserved in electronic format, because part of the long-term value of a database lies in its structure. Technical analysis of the system must identify those points in the system life cycle at which records can be extracted for preservation; establish requirements for technical documentation necessary to permit reading and interpreting of the records; and analyze system and software dependencies to determine how they affect transfer, preservation, or retrieval of the records.
For database records to be meaningful, the systemic environment of which they are a part must be documented and the documentation retained. Best practices in database management require the maintenance of thorough documentation of the logical structure and content of the database. Such documentation should reside in a permanently-maintained data dictionary. It is especially important that the data dictionary clearly define any data items explicitly exempted from public records law.
The complexity of databases and the need to provide for the preservation of whole databases with legally protected fields encrypted requires the introduction of flexibility to the scheduling process. This makes them ideal candidates for "conditional" scheduling, whereby the agency agrees explicitly to maintenance and migration standards as long as the database is in active use and to specific conditions under which records of permanent value will be transferred to MDAH for permanent retention.
In addition to documentation covering the content of the database, agencies should compile and maintain documentation of its creation and use as long as it is in current use. Properly implemented audit trails are required to provide documentation of how records were created, modified, stored, and reported. They can detect who had access to the system, who used it and how, whether staff followed established procedures, or whether unauthorized acts may have occurred. Such security software programs are necessary to establish that the record was reliably created in the "normal course of business" and is legally defensible. In conjunction with the keeping of database statistics, this information must be kept not only for audit purposes but also as historical data.
Accordingly, the Department of Archives and History requires that the following series-level documentation be maintained for enterprise databases, whether such databases are specified through properly-executed records control schedules to contain records of permanent value or whether they are not yet scheduled and therefore bound by Mississippi Code of 1972, Annotated, §25-61-10.
Title. Complete and/or short title, distinguishing the database from all others owned by the agency.
Author/Creator. Name of the agency, organization, section, branch, etc. that controls access to the database.
Subject/Keywords. Keywords identifying the subject(s) covered by the database.
Description. Narrative description of the database, including the reason(s) for the existence of the database, specifying the agency requirement, function, or goal that prompted the creation of the database or was responsible for its continued maintenance and the major agency program or mission supported by the database, citing any legislative actions or authorities requiring operation of the database.
Publisher. The agency, bureau, or other entity responsible for making the database or any part of it available to the public when requested.
Date. Start date and end date (if not current) for data included in the database.
Format. For databases these include flat file (non-relational), relational, hierarchical, spreadsheet, document management, image management, geographic information system, and whether the representation includes objects in any specific formats.
Rights Management. List of data elements closed to the public, citing pertinent state or federal regulations. Description of any special physical conditions, impediments, or enhancements associated with accessing the database. Description of any additional constraints or enhancements (security, copyright, etc.) affecting public access to the database and requirements for encryption or redaction of specific fields.
In addition to the above Dublin Core data elements, the following elements referring to the database as a whole must also be collected as part of the initial records control schedule and updated whenever major version or usage changes, defined in the schedule, take place:
Database Data Modules. List of pertinent database tables, files, spreadsheet worksheets, or similar modular units of data. A database may consist of a single data module or a collection of related data modules.
Data Dictionary. Annotated listing of data fields for each pertinent database data module. For coded data, it must include code translation tables (codebooks). Specific redacted or encrypted fields must be so annotated.
Database Update Frequency. Daily, weekly, bi-weekly, monthly, quarterly,semi-annually, yearly, as needed, continuously, or other.
Database Statistics. Size of the database, number of primary records, and estimated number of records to be added in the next twelve months. Agency should update quarterly and retain history, to be added to the records control schedule whenever a major version revision takes place.
Available Printed Reports. Listing with brief descriptions of standard reports output in printed form from the database. Include query-language statements to specify what is retrieved.
Available Electronic Reports. Listing and brief descriptions of standard reports output digitally from the database to digital storage media. Include query-language statements to specify what is retrieved.
Support for Custom or ad hoc Reports from Database. Description of any options available for the design and creation of custom reports by agency staff or other users.
Format(s) of Electronic Copies of Database. Listing of digital formats in which the database can be copied or reproduced using the agency's computer facilities.
Database Computer System. Description of the computer system supporting the database, including name of hardware manufacturer, name of hardware model, name of operating system and version, name of database development software, name of database engine, name of query language or other middleware (if applicable), and name(s) of any pertinent database level add-ins or modifications. As modifications are made, the schedule must be updated and amended. This documentation need not be duplicated in the enterprise database schedule if it is captured under the records control schedule governing an agency's Information Systems (IS) production records, but the relevant schedule should be cross-referenced.
In addition to the database itself, records control schedules for databases must include the retention and disposition of its digital and paper input and output, including the following:
Input data and/or forms. Specific retention periods and disposition instructions must be part of the database schedule.
Output and Reports. Retention and disposition of paper and digital database reports must be specified by the schedule, as must the system's ongoing capacity for generating reports and the capability of MDAH to recreate them once the data has been transferred.
Documentation. Retention of system documentation specific to the enterprise database (requirements, design, modification, maintenance) must be incorporated into the records control schedule.
Migration requirements
In addition to the "conditional" schedule's need to specify migration requirements to ensure long-term accessibility to records, it must detail specifically what data must be migrated for preservation purposes. A migration plan must be in place from the beginning to prevent the loss of accessibility to public records. Any database migration activity must be documented.
All methods and tools used by vendors or agency staff must be documented, for migration planning, backup and recovery review, installation of products and temporary fixes, migrating database structures, transferring data, and migration validation. This documentation need not be duplicated in the enterprise database schedule if it is captured under the records control schedule of an agency's IS production records, but the relevant schedule should be cross-referenced.