Standards for an Electronic Records Policy
Committee on Institutional Cooperation
University Archivists Group (UAG)
The purpose of this policy is to outline a set of institutional requirements for the responsible management of electronic records and information systems.
This set of records policy standards applies to all electronic records and information systems created and managed within the twelve teaching and research universities that comprise the academic consortium known as the Committee on Institutional Cooperation (CIC).
- Statement of Authority
The University Archives and Records Management programs within the CIC institutions are authorized to establish and promulgate standards, policies and procedures for the effective management of university records within the context of state and federal laws.
- Statement of Benefits
The implementation of sound records management practices and procedures for electronic records results in a number of benefits: fulfill legal mandates, reduce costs for the retrieval of records, identify strategies for the preservation of records, reduce the costs of storing obsolete records, and ensure the creation and management of accurate and reliable records.
- Statement of Responsibility
Maintaining and providing access to electronic records over time is a shared responsibility. Establishing and operating effective electronic recordkeeping systems and good business practices are best achieved through a multidisciplinary approach. University offices shall make effective use of the necessary range of expertise available throughout the university. Effective teams would include individuals with expertise in archives and records management, information technology, data and information management, business system analysis and design, auditing, risk management, and law.
- Review Process
Departments, units, and administrative office designing or modifying information systems shall consult with the University Archives at the start of these projects to discuss archival and records management requirements.
- Core Elements of an Electronic Records Policy A. Electronic records shall be created and captured for all defined university business functions and activities.
- For the purposes of this policy, records shall be defined as recorded information in any form created or received and maintained by an organization or person in the transaction of business or the conduct of affairs and kept as evidence of such activity.
- Electronic records shall be maintained in reliable recordkeeping systems.
- In most cases, electronic records shall be maintained in an electronic form, because preserving the context and structure of records and facilitating access to them are best accomplished in the electronic environment.
- Records created and maintained within reliable electronic recordkeeping systems shall serve, in most cases, as the official record copy.
- Recordkeeping systems shall meet legal and administrative requirements, national and international standards, and best practices for recordkeeping in an electronic environment.
- Electronic recordkeeping systems shall have written policies, assigned responsibilities, and formal methodologies that fully and accurately document the overall management of the system.
- Electronic recordkeeping systems shall include adequate system controls, such as audit trails, the routine testing of system hardware and software, and procedures for measuring the accuracy of data input and output.
- Records, including electronic records, shall be retained or disposed of in accordance with authorized and approved records retention schedules.
- Electronic recordkeeping systems shall include an approved disposition plan.
- In accordance with an approved retention schedule, electronic recordkeeping systems shall be capable of deleting records.
- Work processes and associated business procedures and tools shall support the creation and management of electronic records.
- Recordkeeping shall be built into the defined business processes and electronic work environment thereby ensuring that records are captured, understandable and usable for immediate and long-term use.
- Whenever possible, university offices and units shall create models of business processes to determine where and when electronic records are created and used in the course of completing business transactions.
- Electronic records shall be inviolate and secure.
- Electronic records shall be protected from accidental or intentional alteration and from deletion while the record still has value.
- Only authorized personnel shall be permitted to create, capture or purge electronic records.
- Electronic records shall be preserved without loss of any vital information for as long as required by law, policy and best practice.
- The future usability of electronic records shall be ensured through the development of migration or conversion strategies designed to update hardware, software and storage media.
- Electronic recordkeeping systems shall manage and preserve for the useful life of the record both the content of the record as well as the associated metadata that define or document the record s content, context and structure.
Business conducted by electronic means shall be documented adequately to meet recordkeeping requirements.
- Electronic records shall include or be linked to the essential metadata describing content and structure of the business record and the context of its creation.
- Accurate and reliable links between the electronic record and the business transaction that created it shall be maintained.
- Accurate and reliable links between records of similar or like transactions shall be maintained.
- Electronic records shall be accessible and retrievable in a timely manner throughout their retention period.
- Recordkeeping systems shall be capable of exporting the content, structure and context of a record in an integrated presentation and in an accessible and useable format.
- Electronic records shall be easily accessible in the normal course of business.
- Electronic records shall be searchable and retrievable for reference and secondary uses including audits, legal proceedings, and historical research.
- Training and user support programs shall be available to ensure that users can access and retrieve electronic records.
- Access to electronic records shall be controlled according to well-defined criteria. Recordkeeping systems shall ensure that electronic records are protected from unauthorized access.
- University offices shall take measures to prevent unauthorized access to private and confidential electronic records by identifying records that are subject to legislative, regulatory and institutional policy restrictions.
- University offices shall define the rules governing access to private and confidential records within the context of state open records laws and federal FOIA requirements.
The Committee on Institutional Cooperation University Archivists Group endorsed this document December 2001. For questions about this document, please contact: Phil Bantin, Indiana University email@example.com Nancy Deromedi, Bentley Historical Library, University of Michigan, firstname.lastname@example.org Nan Kunde, University of Wisconsin Madison, email@example.com Patrick Quinn, Northwestern University, firstname.lastname@example.org
Last updated June 28, 2002.