Applying the COSCA Principles of Records

Management National Association for Court Management

2014 Annual Conference

Greg Linhares, Missouri State Courts Administrator

Nial Raaen, CRM, NCSC Principal Consultant

2012-2013 Policy Paper

To Protect and Preserve: Standards for Maintaining andManaging 21st Century Court

Records

http://cosca.ncsc.org/

Records Management An Essential Component

•Support for judicial decision making •Documentation of legal status and rights

•Public access to court proceedings •Enforcement of court orders and judgments

•Preservation of record for appellate review

•Preservation of historical information

Records Defined – (ISO 15489-1)

Information created, received, andmaintained as evidence and

information by an organization or person, in pursuance of legal

obligations or in the transaction of business.

Court Records Defined – CCJ/COSCAAny document, information, or other thing that is

collected, received, or maintained by a court or clerk of court in connection with a judicial proceeding;

any index, calendar, docket, register of actions, official record of the proceedings, order, decree, judgment, minute, and any information in a case

management system created by or prepared by the court or clerk of court that is related to a judicial

proceeding; and Information maintained by the court or clerk of court pertaining to the administration

of the court or clerk of court office and not associated with any particular case. (CCJ/COSCA

guidelines, 2002)

The Records Lifecycle The span of time of a records existence from its creation or receipt, through its useful life, to its final disposition, whether that disposition is destruction or retention as a historical record.

-ARMA International

The “Continuum of Care”The management of records requires a “continuum of care” throughout the life cycle, beginning with creation and continuing through disposition and destruction.

The Challenges…▫Meeting the growing demand for access

▫Maintaining both paper and electronic systems

▫Managing unstructured records

▫Coordinating multi-media retention and disposition

▫Managing increasing amounts of information

▫Rising to the challenge of information governance

COSCA Principles of Judicial Records Management

ACCESS GOVERNANCE COMPLIANCE

INTEGRITY PRESERVATION DISPOSITION

Principle of Compliance The requirement that management practices are in line with applicable statutes, rules of court, administrative orders, and organizational policies.

Records Practices Must Comply With:

•Statues and court rules •State financial and labor relations laws •Applicable federal regulations

▫FLSA▫Equal Pay Act ▫FMLA ▫Immigration laws … and others

Compliance Fundamentals •Oversight and assignment of staff responsibility

•Policies and procedures •Audits and reviews •Classification systems •Retention requirements

“Unstructured” Records •Office automation work products

▫Documents▫Spreadsheets ▫Presentations

•Social media •Web content •Email

Key Issue: Email Compliance

•Email is not a records series•Email must be managed and retained according to content

•Email must be classified and preserved accordingly

•Messages created or received by employees in connection with official business are generally considered public records

15

When is Email a Record? •Is the message evidence of work? •Is the message the completion of a message string?

•Are other records available about this issue/topic?

•Do confidentiality requirements apply to the content of certain messages?

Principle of Integrity

The principle of Integrity addresses the need for records to be created and preserved in a manner that guarantees their authenticity, reliability and accessibility.

ISO 15489 – Characteristics of Records Authenticity – Proven to be what it purports

to be, created or sent by the person purported to have created or sent it, and created or sent at the time purported.

Reliability –Trusted as a full and accurate representation of the transactions, activities, or fact to which it attests.

Integrity – Complete and unaltered.Usability – Can be located, retrieved,

presented, and interpreted.

Integrity Fundamentals Technical and Infrastructure •Backup and redundancy•Updated security and virus checking •Tracking and audits of changes •Review of audit trails and system logs •Documentation record of chain of custody

•Sampling of media for corruption or failure

Processes and Procedures

•Control of physical security and user access

•Training and documentation •Quality control •Necessary metadata •Internal compliance audits •Hazard mitigation and disaster planning

Key Issue: E-record Integrity

Techniques/processes to ensure integrity:

•Encryption •Access control and security •Check sums/hash algorithms •Audit trails and access logging

Principle of AccessThe principle of Access addresses the ability of court staff, litigants, and the public to access information to which they are entitled.

Access Fundamentals •Metadata and indexing to facilitate retrieval by staff and the public •Storage and security appropriate to the

type of record and storage media (preservation)

•Non-proprietary formats ensure long-term availability of electronic records

•Security and access controls appropriate to the record type and users/requestors

Metadata MattersMetadata is data that describes or

characterizes a digital object, whether internal or external to the object itself.

It is essential to record retrieval and integrity.

Types of metadata include descriptive, administrative, structural, and preservation.

Metadata Standards & Guidelines

Dublin Core – 15 metadata elements adopted as an ISO standard 15836

OAIS – Open Archival Information System Extensible Markup Language (XML)PREMIS - Preservation Metadata:

Implementation StrategiesMETS – Metadata Encoding and

Transmission Standard …and more

Security and Access Control Critical for E-records ▫Access controls that identify rights, (input, change, delete)

▫User authentication, authorization, and audit trails

▫Application and operating system protection from intrusion and attack

Key Issue: Third Party Use of Court Information •Should there be increased obligations for data collectors to “sunset” information?

•Should there be a “right to forget”?•Who would have the duty to remove records to protect a “right to forget”?  

•Should court record retention periods be revised?

Digital Rights Management The use of encryption to allow the creator

to control use of a document, such as:•Who can access •How long the document can be read •Prevent printing •Require network logging •Restrict email forwarding•May not be appropriate for records

requiring long-term preservation

Principle of Disposition

The principle of Disposition recognizes that all records reach a point in their lifecycle where they are committed to long-term archival storage and preservation, or are scheduled for destruction.

•Appraisal

•Archiving

•Destruction

Records Appraisal

The evaluation of a document’s worth or value for retention or archival purposes, based upon its current or predicted future use(s) for administrative, legal, fiscal, research, or historical purposes.

~ARMA Glossary, 4th edition

Business Legal

Fiscal Historical

Record

Value

Disposition by ArchivingTransferring records is the process of moving records from one storage system to another within the organization.

Accession is the movement of records to the custody of another agency, such as a state archives.

Disposition by Destruction •Disposition methods should be

appropriate to the type of record and media

•Methods for electronic records:▫Degaussing ▫Overwrite, encryption, file deletion ▫Physical destruction of media

•Documentation, audit trails and metadata •Standards are available for reference

Disposition Fundamentals •Maintain records according to established state and local retention schedules

•Remove non-essential, obsolete or duplicate records

•Use destruction methods appropriate to record content and media

•Conduct a periodic records inventory and appraisal

Key Issue: Multi-media Retention Management Are you a “digital hoarder”

•How long is too long?•Coordinating paper and electronic retention schedules

•Managing the deletion/retention of interrelated information

Principle of Preservation The principle of Preservation addresses the need to maintain the integrity and accessibility of judicial records throughout their life cycle.

Preservation Fundamentals •Proper levels of protection •Audits and validation •Monitoring, disaster preparation and recovery planning

•Third party compliance with requirements

•Selection of appropriate media and storage systems to sustain access and usability

Key Issue:Long Term Digital Preservation

The Technical Issues

▫Media longevity and

obsolescence

▫Hardware lifespan and

compatibility

▫Software and file format

obsolescence

Preservation Risk Factors

Preservation risk increases with the following variables:

•Age of the record(s) •Frequency of access to the record and media

•Complexity of the record and its features •Volume of the record series •Storage media

Hardware Challenges •Storage medium may be superseded by

newer versions or by new types of media—smaller, denser, faster, and easier to read.

•Computers are continually superseded by faster and more powerful machines that can store and process more content.

•Computer components and media physically fail due to human error, natural events, and normal aging.

Remember When?8 inch floppy: 1971-81

5.25 inch floppy: 1972 – mid 1980s

12 inch optical: 1985 – 1992

Jazz disk: 1996 – 2002

source: Cornell University Chamber of Horrors

Software and Formats •A file format may be superseded by new versions,

no longer be supported by the current vendor •Software used to create, manage, or access digital

content may be superseded by newer versions or newer generations with more features

•Characteristics as hidden text and change history, macros, and animations may be difficult to archive

•Vendors compete, merge, or go out of business leaving application software unsupported

Methods of E-PreservationPASSIVE

• Ensures the integrity of, and access to, digital objects and their associated metadata.

• Attempts to keep the original object intact without changing the storage or access technologies.

ACTIVE • Ensures continued

accessibility by active intervention to move the digital object from legacy to current storage environments.

• May involve technologies not in existence when the record was created.

Migration •Migration is a strategy for avoiding

obsolescence•Cycle is approximately every 10-15 years, or

less•Electronic records should be periodically

migrated to stable media and stable file types

•Media and file types must provide a reliable and stable repository for preservation and access

•A migration strategy and schedule should be established for specific media and file types

Other Preservation Approaches Emulation - Applications software that

recreates the legacy technical environment required to run earlier programs

Refreshing – moving records from one medium to another, primarily as a preventive measure

Preservation – maintaining the original technical environment

Open Formats ▫TIFF (?)

▫XML

▫JPEG

▫PDF/A

48

Cloud TechnologyAdvantages:

•Shared cost•Quick startup •Shared resources

•Scalable to need

Concerns:

•Security •Ownership •Access •Vendor viability

Have a Preservation Strategy▫Identify acceptable risk for record types

▫Assess current capabilities and capacity

▫Survey existing tools for adoption

▫Apply standards and use open formats

▫Consider emerging technologies

Trusted Digital Repositories •Scheme developed by the National

Archives and Records Administration •Audit mechanism for assessing ability of

repositories for secure and reliable long-term preservation of digital records

•Includes technical requirements as well as organizational infrastructure and policies

•Provides a set of assessment criteriahttp://public.ccsds.org/publications/archive/65

0x0m2.pdf

Open Archives Information System (OAIS) Model

OAIS Elements • Ingest. The steps required to transfer items from

their current location into the archive in a managed manner.

• Archival Storage: The storage of the bulk data using standard storage management tools.

• Data Management: Tools to manage the storage of the archive, including the metadata

• Administration: A set of tools to administer the system and access to it.

• Access: Tools to search, browse and download the contents of the archive

• Preservation Planning: The module that manages the information for long term access.

Principle of Governance

The principle of Governance addresses the need for organizational authority and control over records, as well as accountability.

Governance Fundamentals Features of a comprehensive records management program – •Roles and responsibilities clearly defined

•Strategy to ensure preservation and access

•Documentation of systems and processes

•Oversight and accountability ▫Goals & performance measures ▫Auditing and review ▫Adoption of standards

Standards Organizations

▫ International Organization for Standardization (ISO)

▫ National Archives and Records Administration (NARA)

▫ Association for Information and Imaging Management (AIIM)

▫ ARMA International

▫ American National Standards Institute (ANSI)

▫ Department of Defense (DoD)

▫ European Commission (MoReq2)

Key Issue: Enterprise Management

The Growth of InformationOver the next 20 years there will be a 40% increase in information growth

•57% office documents •65% email•75% email attachments •81% instant messages

- John Mancini, AIIM President

Gartner Forecast…

The rise of big data, social networking and mobile interactions, coupled with an accelerating increase in the amount of structured and unstructured information enabled by cloud-based technologies, is creating an information crisis.

The Need for Greater Collaboration

▫Coordination among multiple record holders

▫Maintaining strategic alignment

▫Acquiring adequate resources

▫Anticipating future needs

Assessing Your Records Program The Records Management Maturity Model

•Original concept developed at Carnegie-Melon

•Based on ARMA RIM principles and model•Follows the COSCA principles framework •Four levels of maturity •Key elements under each principle •Self-assessment and scorecard available

at:

http://survey.confirmit.com/wix8/p2776972228.aspx

Other NCSC & COSCA Initiatives

•Joint Technology Committee – addressing the principles of disposition and preservation

•Development of RIM training programs •Refinement of maturity models •Identification of best practices and model programs

•Engagement with the records management community

Resources ARMA International – www.arma.org  Association for Information and Image Management – www.aiim.org   National Archives and Records Administration – www.archives.gov   Council of State Archivists - www.statearchivists.org

National Association of Government Archivists and Records Administrators – www.nagara.org