The purpose of this publication is to provide guidance on effective management of electronic records to North Dakota state agencies and county, city, and park district offices.

1. Introduction
2. Background
3. What is Electronic Records Management?
4. Creating Electronic Record Systems
5. Using Electronic Record Systems
6. Maintenance of Electronic Records
7. Disposition of Electronic Records
8. Establishing a Records Management Program
9. Security of Electronic Records

1. Introduction

In March 1997, Information Services Division formed an ad hoc committee to address the issues related to the management of electronic records. The goal of the Electronic Records Committee was to draft guidelines for state agencies and county, city, and park district offices to use in the management of electronic records. The Electronic Records Committee consists of representatives from thirty-four state agencies. These guidelines are the collective outcome from many other organizations’ products, including National Archives and Records Administration, State Historical Society of Wisconsin, Delaware Public Archives, Florida Department of State, Utah State Archives, and the Archives Office of Tasmania.

The extensive use of automation to conduct government business has resulted in the proliferation of electronic state records. Electronic records create many new concerns regarding the management of such records.

1. Records in electronic format are hardware and software dependent. These records can only be read and understood if the storage medium can be read by existing equipment and if the programs used to create the digitized data are still available.
2. With the move from mainframe applications to individual and networked personal computers, the risk of data loss increases and the likelihood of regular migration decreases. Desktop users are less likely to be aware of necessary documentation procedures to ensure that data can be read in the future.
3. Currently, most electronic information systems used to create, receive, and store these records do not provide full records management functionality. Agencies need to adopt electronic information systems that provide proper controls over the creation or acquisition of records, maintenance of records in context with the function or activity performed, and disposition according to approved retention schedules in order to manage their records in electronic form. Only systems possessing these characteristics can be defined as “Electronic Recordkeeping Systems.”

2. Background

Why should state agencies and county, city, and park district offices be concerned about the management of electronic information?

1. Information is vital to the operation of government offices. All state agencies and county, city, and park district offices depend on electronically-generated data to accomplish their basic functions.
2. Information is among the most valuable assets that state agencies and county, city, and park district offices have at their daily disposal. It is the basis for decision making, justification of resources, determination of benefits, as well as a variety of other routine government operations.
3. Information is expensive to create and maintain. Especially in times of limited resources, state agencies and county, city, and park district offices need to manage their resources to achieve the greatest benefit possible.
4. While technology gives state agencies and county, city, and park district offices the capability to respond to the growing demand for information, it also presents a number of concerns, including:
   1. Long-term retrievability
   2. Compatibility
   3. Accessibility
   4. Security
5. State agencies and county, city, and park district offices must insure that government records, in any format, are managed in compliance with records laws and requirements.
   1. Records maintenance and disposal, North Dakota Century Code Chapter 54-46.
   2. Open Records Law, North Dakota Constitution Article XI, Chapter 6 and North Dakota Century Code Section 44-04-18
   3. Rules of Evidence, Federal and State
   4. Confidentiality of specific records, Federal and State laws
   5. Privacy laws relating to personal information, North Dakota Century Code Section 44-04-18.1
   6. Retention requirements of specific records, Federal and State laws.

Prior to the large-scale networking of personal computers, automated equipment, such as electronic typewriters, word processors, and stand-alone computers were mainly used by support personnel to produce correspondence, reports, forms, and other records which were printed, distributed, and filed. Currently, government agencies continue to maintain “official” files in paper form because their automated systems lack the functionality for the management of electronic records. However, as more personnel, including professional and technical staff, use networked computers, the production of more and more records is left to individual staff members, and the records are less likely to be placed in office files.

Each individual on a computer network who exercises control over electronic information, such as electronic mail messages, must assess whether the record was made or received pursuant to law or in connection with the transaction of official business and take appropriate action to ensure that the electronic information that are official records are properly maintained.

Not all electronic information is considered a record that is required by law to be included on a record retention schedule. The technology or medium in which a document is created, stored, used, or presented is not what decides whether it is a record or not. What makes a document a record is the fact that it documents a business transaction or is made or received pursuant to law.

The advent of personal computers has transferred the responsibility for records management from central records management sections to individual employees. Increasingly, employees are responsible for the creation and management of their own records. They may often be working without a clear understanding of the value of the information resource under their control nor their legal obligations and duties. Without guidelines in this area, the potential exists for significant losses in terms of history and accountability.

These guidelines are designed to assist agency management to develop appropriate and consistent procedures for the management of electronic records. The records management principles outlined are widely understood in the context of paper records but should now be applied in the electronic context.

Definitions

The manual assumes a basic understanding of records management practices and some familiarity with technology. Following are some definitions:

Content

The text or image of the electronic message; basic data or information carried in a record.

Context

The information documenting the source and destination of the electronic message and other related information usually found in the header. Relationships of the information to the business and technical environment in which it arises, can include origin, date, and time.

Data Element

Specific entries under a field.

Electronic Documents

A subset of electronic records. They are collections of data which may be produced in the following ways:

• Original output (typically created as a text document, small database, spreadsheet, or graphics)
• A combination of existing data (which may be extracted from databases, text files, e-mail, etc.)
• Data received from outside the organization (i.e. via e-mail, scanning)

Electronic Information System

A system that contains and provides access to computerized records and other information.

Electronic Records

Records that are in machine-readable form. Electronic records may be any combination of text, data, graphics, images, video or audio information that is created, maintained, modified or transmitted in digital form by a computer or related system.

Electronic Recordkeeping System

An electronic system in which records are collected, organized, and categorized to facilitate their preservation, retrieval, use, and disposition. Recordkeeping systems are distinguished from information systems by links to activities they document and their ability to preserve and provide access to the content, structure, and context of the records.

Long term

A period of time greater than ten years.

Metadata

The description of data and its underlying applications and programs. Data that must be captured along with electronic records to enable them to be understood and verified, as well as support their management and use. Includes data dictionary, logical and physical models, diagrams and other systems and software details.

Migration

The transfer of electronic information so that it remains compatible with current technology storage and retrieval methodologies.

Non-record Material

Includes library and museum material made or acquired and preserved solely for reference or exhibition purposes, extra copies of documents preserved only for convenience of reference, and stocks of publications and of processed documents.

Official Record

A record that was made or received pursuant to law or in connection with the transaction of official business.

Record

The complete set of documentation, regardless of media or format, which serves to document the organization, functions, policies, decisions, procedures, operations, or other activities of the agency.

Record Series

A group of logically related records with the same retention and disposition value. An electronic record series may support one or more operations within an organization.

Structure

The layout or format of the message and the links to attachments and related documents for a particular transaction.

Electronic records are part of complicated recordkeeping systems which must be analyzed in total. Electronically-produced records deserve special attention because they are relatively new, easily altered and erased, and their status as valuable parts of the public record is still unclear to many people.

Data become records when the content, context, and structure are tied together to provide both meaning and functionality.

A further distinction is that the particular medium (magnetic tape, optical disk, paper) in which information may be carried or embodied is NOT the record. The information carried on that medium is the record.

3. What is Electronic Records Management?

Electronic records management is the efficient management of records stored on computerized systems. The key to electronic records management is to be able to support such documents through their entire life cycle.

Life Cycle of Records Concept

The life cycle of records is a management concept that all records and information pass through three stages: creation, maintenance and use, and disposition. Within the framework of an information system, these stages are not always distinct. Agencies should track all user information needs and determine records retention requirements throughout the life of the system to as great an extent as possible.

Whenever agency staff create purge criteria for data in information systems, they are setting retention and disposition policy for the record or parts of it. Agencies need to be aware that established purge criteria should reflect retention and disposition schedules approved by ITD Records Management and the Records Management Task Force. The Records Management Task Force includes the State Records Management Administrator, State Archivist, and representatives from the Attorney General’s Office and the State Auditor’s Office.

Application of the life cycle concept to an information system may follow these stages:

• Identify policy or program needs for development of a new system or modification to an existing system.
• Maintain currently active records in primary storage, on-line or immediately available.
• Migrate semi-active or inactive records to less expensive, slower storage media.
• Identify records/data that are eligible for disposition or deletion, erasure, or transfer to the State Archives.

4. Creating Electronic Record Systems

Electronic recordkeeping systems must have accurately documented policies, assigned responsibilities, and formal methodologies for their management.

Electronic recordkeeping systems must meet the following criteria:

1. Consistent: recordkeeping systems must process information in a manner that assures that the records they create are credible.
2. Complete: contain content, structure, and context generated by the transaction they document.
3. Accurate: quality controlled at input to ensure the information in the system correctly reflects what was communicated in the transaction.
4. Preserved: records must continue to reflect content, structure, and context within any system by which the records are retained over time.

For electronic records systems that produce, use, or store data files, disposition instructions for the data shall be incorporated into the system's design.

State agencies and county, city, and park district offices shall maintain adequate technical documentation for each electronic records system, including documentation of system design, implementation, use, and migration. The following documentation is required:

1. Narrative description of the system;
2. Physical and technical characteristics of the records, including a record layout that describes each field including its name, size, starting or relative position, and description of the form of the data (such as alphabetic, decimal, or numeric), or a data dictionary or the equivalent information associated with a database management system including a description of the relationship between data elements in data bases; and
3. Other technical information required to access or process the records.

Written Procedures/Training

Since computer systems are used to create and store records, agencies should write procedures to control the use, access, and productivity on the personal computer. Personal computers require a great deal of financial resources for up-front costs, maintenance, and training time and expenses. If the “automated” information on the personal computer cannot be located or costs more, but offers little improvement in access, accuracy, quality, or productivity, the consequence is a wasted investment of time and money.

All employees with access to computers should receive guidance on the following issues:

• How to distinguish official records from nonrecord material;
• How to know when receipts or acknowledgments for e-mail messages are needed for recordkeeping purposes;
• How and when to generate a recordkeeping copy of e-mail messages, receipts or acknowledgments, spreadsheets, word processing documents, and data base reports;
• How to mark or classify documents for filing or incorporation into an electronic system with recordkeeping capabilities, when appropriate; and
• How to contact the record coordinator in their agency or the records analyst from ITD Records Management for assistance.

Computer Directories and Subdirectories

State agencies and county, city, and park district offices should use directories and subdirectories to organize and control information on computers. An electronic directory acts like a folder or drawer in a filing cabinet. You use a directory to group electronic applications, documents, files, and subdirectories into a logical association, just as you would in a paper file folder or file cabinet. This is the primary means to control information placed on a computer.

The directories and files on the computer’s main or root directory are the operating system and were created when it was installed. The operating system needs these directories and files to function. The application programs installed on the computer will also create directories, subdirectories, and files needed to run the program. You will have no control over the directories and files automatically created by operating systems or application programs. Your chief concern is the directories you create to manage your files.

Directories allow you to specify the content and location of information on your computer. Within each directory you can create one or more other directories called subdirectories. The structure created by placing directories within directories is usually called the directory tree or nesting. Subdirectories help users organize electronic documents by subject, document type, originator, or some other grouping. Although subdirectories are an excellent control method, creating more than three or four directory levels is not recommended. The deeper you place a file in a series of subdirectories, the more difficult it becomes to remember all the subdirectory names.

Standard Naming Convention

There are many advantages to standardizing the terminology used to name computer directories and electronic documents. Standardized directory and file names provide the ability to:

• Access files easily and rapidly
• Reduce redundancy of files
• Avoid loss of information
• Find the latest draft or desired version of a document
• Name files quickly, easily, and consistently
• Share files easily between employees

Each state agency should develop a standard naming convention for electronic documents based on their specific program needs and the types of documents created.

ITD Records Management recommends using the North Dakota Subject Classification System when creating directories and subdirectories.

The following directories/subdirectories should be created as needed for the types of files maintained on your computer. New files should be named and stored under the appropriate category subdirectory.

Example of Subdirectory Listing

Directory C:\Employee\

• 01 (ACT) <DIR> 4/16/2009
• 10 (AS) <DIR> 10/4/2010
• 14 (AOC) <DIR> 9/24/2010
• 60 (PER) <DIR> 6/10/2008
• 72 (REF) <DIR> 12/14/2009

Example of Files Within a Subdirectory

Directory C:\Employee\60 (PER)\

• Evaluation.pdf 107KB 3/31/2010 8:16 AM
• Interview.doc 14KB 2/26/2007 3:08 PM
• PIQSection.pdf 115KB 10/30/2009 9:10 AM
• Raise.doc 25KB 7/28/2010 10:45 AM

5. Using Electronic Record Systems

Legal Issues

Authentication

Agencies shall implement the following procedures to enhance the legal admissibility of electronic records:

1. Document that similar kinds of records generated and stored electronically are created by the same processes each time and have a standardized retrieval process.
2. Substantiate that security procedures prevent unauthorized additions, modifications, or deletions of records and ensure protection of the system against such problems as power interruptions.
3. Identify the electronic media on which records are stored throughout their life cycle, the maximum time span that records remain on each storage media, and the official retention requirements.

Admissibility

Electronic documents are legally admissible as evidence with proper documentation according to NDCC 54-46.1-02.1, NDCC 54-46.1-03, and NDCC 31-08-01.1.

Open Records Law

According to North Dakota Century Code 44-04-18 and the North Dakota Constitution, all records of public entity are public records, open and accessible for inspection during reasonable office hours, except as otherwise specifically provided by law.

Access to Open Electronic Records

1. Information stored electronically on a computer can be a record.
2. Requester has the choice between the printed document or other available medium.
3. A computer disk is not an available medium if the closed or confidential information cannot be excised.
4. An entity is not required to reformat or reorganize an electronic record so long as the information is useable.
5. Access to a computer terminal is not required.
6. A public entity may charge a “reasonable fee” for making copies, mailing copies, or both. “Reasonable fee” means the actual cost to the public entity of providing or mailing the copies, or both, including labor, materials, postage, and equipment.
7. A public entity may not charge the requester for costs associated with locating and providing access to open records, or for excising closed or confidential information from open records.

Confidentiality

1. Identify confidential records maintained on the system.
2. Confidential or exempt information must be masked when it is necessary to deliver censored copies.
3. Access to confidential records will be restricted based on security level and defined in user security permissions.

Electronic/Digital Signatures

In response to North Dakota Century Code chapter 9-16, the state records administrator created Electronic Signature Guidelines, effective October 2004, for the use and acceptance of signatures in the state of North Dakota. These guidelines should be used as a best practice tool and provide basic information regarding electronic signatures.

System Documentation and Metadata

The metadata, or information about the information, defining the ‘context’ of the record is important in maximizing its evidentiary value and ensuring future access. The metadata must document when and how the record was created and used, ensure the inviolability of the record, and capture a history of subsequent transactions in which it is involved. Key attributes, such as author, title, and time and date created, should be reflected in the metadata in electronic systems. They should be an intrinsic part of the document and remain as the contextual information of that document throughout its life cycle.

Documentation for electronic records systems shall meet the following standards:

1. Each agency shall identify all inputs and outputs; contents; policies on access and use; purpose and function of the system; rules for adding, deleting, or changing information; and methods to ensure authorized disposition.
2. Each agency shall specify the location and media on which electronic records are maintained and maintain inventories of electronic records systems.
3. No agency shall enter into a contract with any person or entity which impairs the rights of the public to inspect or copy the agency's public records existing on-line, or stored on a device or media connected with a computer system or imaging system.
4. Before any agency acquires or modifies any computer or imaging system, it shall assure such proposed system adequately provides for the rights of the public to access public records throughout their approved retention period.

Migration

It must be possible to export records to other systems without the loss of information.

State agencies and county, city, and park district offices should require vendor certification of compliance with ANSI/AIIM TR31-1994, “Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems.”

Selection of Electronic Records Storage Media

For storing public records throughout their life cycle, agencies shall select appropriate electronic records storage media and systems which meet the following requirements:

1. Agencies shall select appropriate media and systems for storing state records throughout their life cycle, which:
   1. Permit easy and accurate retrieval in a timely manner
   2. Facilitate distinction between record and nonrecord material
   3. Retain the records in a usable format until their authorized disposition date
   4. Meet requirements for transferring historical records to the State Archives, when appropriate
2. The following factors shall be considered before selecting a storage medium or converting from one medium to another:
   1. Authorized retention of the records as determined on the retention schedule
   2. Maintenance necessary to retain the records
   3. Cost of storing and retrieving the records
   4. Density
   5. Access time to retrieve stored records
   6. Accessibility of records over time due to program/instructions/equipment requirements
   7. Portability of the medium - selecting a medium that will run on equipment offered by multiple manufacturers
   8. Ability to transfer the information from one medium to another
   9. Whether the medium meets current North Dakota Information Technology Standards
3. Agencies will not use removable data storage devices (CDs, thumb drives, flash drives) for the exclusive storage of long-term or permanent records.
4. Agencies shall ensure that all authorized users can identify and retrieve information stored on removable disks, tapes, or optical disks by establishing and adopting procedures for external labeling of the contents of storage devices. Identification should include the name of the organizational unit responsible for the data, descriptive title of the contents, identification of software and hardware in use at the time of creation, and security requirements or restrictions, if applicable.
5. The following information shall be maintained for each media used to store long-term or permanent electronic records:
   1. File title
   2. Dates of creation
   3. Dates of coverage
   4. Recording density
   5. Type of internal labels
   6. Volume serial number, if applicable
   7. Number of tracks
   8. Character code/software dependency
   9. Information about block size
   10. Sequence number, if the file is part of a multi-media set
6. Agencies will ensure that information is not lost due to changing technology or deterioration of storage media by converting storage media to provide compatibility with the agency's current hardware and software. Before conversion of information to a different media, agencies must determine that authorized disposition of the electronic records can be implemented after conversion.
7. Agencies will back up electronic records on a regular basis to safeguard against the loss of information due to equipment malfunctions or human error. Duplicate copies and appropriate indexes of long-term or permanent records will be maintained in storage areas located in buildings separate from the location of the records that have been copied.
8. Agencies will scan documents at a density of 200 dots per inch or higher.

6. Maintenance of Electronic Records

There is often the presumption that because information is stored in the computer or on tape, it is somehow automatically preserved for all time. This brief section is included to provide some basic preservation concerns. No electronic media is considered to be archival in terms of long-term storage.

Environmental Controls

• Keep food and drink away from storage media as well as equipment.
• Store disks and tapes in a vertical position in a dust-free environment.
• Store disks and tapes at a constant temperature between 60 and 68 degrees Fahrenheit and a constant relative humidity from 35% - 45%. Frequent or extreme fluctuations in temperature and humidity can accelerate the deterioration of disks and tapes.

Media Controls

• Avoid using removable data storage devices (CDs, thumb drives, flash drives) for the exclusive storage of long-term or permanent records.
• Back up electronic records on a regular basis to protect against loss of information due to equipment malfunctions or human error.
• Maintain duplicate copies in environmentally controlled storage areas separate from their original location.
• Annually test a statistical sample of magnetic computer tapes and disks to identify any loss of data and to discover and correct the causes of data loss.
• Copy all long-term or permanent electronic records before the media are 10 years old to tested and verified new media. The test will verify that the media is free of permanent errors.
• Keep disks and tape drives clean.
• Keep disks and tapes away from strong electrical or magnetic fields, including telephones.
• Do not allow unauthorized persons access to computers, tapes, disks, and documents.
• Agencies shall issue written procedures for the care and handling of direct access storage media based on recommendations from the manufacturer.

7. Disposition of Electronic Records

Electronic records may be destroyed only in accordance to records retention schedules approved by the Records Management Task Force. Each agency shall ensure that:

• Electronic records scheduled for destruction are disposed of in a manner that ensures protection of any confidential or closed information.
• Magnetic recording media previously used for electronic records containing confidential or closed information are not reused if the previously recorded information can be compromised by reuse in any way.
• All back-up copies of records scheduled for disposition must be destroyed.

The State Archives' Role in Preserving Electronic Records

The State Archives is responsible for the care, maintenance, and reference use of state records with enduring value, regardless of media. The fragile nature of electronic media makes it imperative that archival considerations be incorporated into the design of the information system during its development stage. The State Archivist will work with agencies in the identification of historical information.

The State Archives will accept electronic records identified as having historical value or will cooperate with agencies in preserving and accessing electronic records maintained in agency custody. Because of the variety of formats of electronic records, issues of proprietary software and specialized hardware, decisions need to be made, in consultation with State Archives staff, as to whether to transfer records or maintain them in the agency of origin. If a transfer decision is made, the method, frequency, and format of the transfer must be determined cooperatively by the agency and State Archives staff.

The timing of the actual physical transfer of electronic records should be determined through the records scheduling process. State Archives personnel need to be involved early in the process to ensure that archival requirements are met. Special preservation measures are often required to preserve electronic records.

Electronic records may require conversion to a medium and format suitable to ensure long-term access and readability. All appropriate system documentation must accompany the transfer of electronic records. A computer database without minimum documentation is useless because the contents cannot be read or interpreted.

Electronic records containing confidential information will, like other records containing confidential information, be under the same restrictions in the State Archives as they are in the agency of origin. Transfer to the State Archives does not affect statutory restrictions on access to confidential information.

8. Establishing a Records Management Program

Electronic information is included in the statutory definition of “records.” Therefore, the records must be included on an approved record retention schedule prior to the disposal of the information. Apart from fulfilling statutory records retention requirements, there are other benefits to the state agency. Approved retention schedules offer a mechanism for:

• Routine recycling of storage media.
• Ensuring accessibility and utility of specific electronic data for appropriate periods of time.
• Preventing unauthorized disposition of data.
• Assisting agencies in establishing policies for ensuring that routine data is erased promptly.
• Protecting data of long term or permanent value.

Inventory

The purpose of a records inventory is to gather information about the characteristics of an organization’s electronic records. Electronic records are inventoried by identifying and analyzing the automated information systems with which they are associated.

Systems Approach

The systems approach addresses records issues in relationship to each other and tracks information flow within an agency. A systems approach to scheduling electronic records ensures that all component parts of an information system are considered during the analysis and appraisal process.

ITD Records Management personnel will meet with each state agency to develop an inventory of information systems for retention scheduling purposes.

Retention of Electronic Records

The appraisal of the value of the record is developed through a partnership with the state agency and the Records Management Task Force. It involves the appraisal of the function that the records document from the agency perspective, and the potential legal, fiscal, and historical value.

The appraisal should be completed at an early stage when systems are being developed. For records identified as having continuing or long-term value it must be possible to ensure that their content, structure, and context will be preserved and be retrievable over time. It is also necessary to identify the retention periods of more temporary records in the system design specifications to enable record to be automatically deleted when no longer required.

Agencies shall establish policies and procedures to ensure that electronic records and their documentation are retained as long as needed for administrative, legal, fiscal, and historical purposes. These retention procedures shall include provisions for:

1. Scheduling the retention and disposition of all electronic records, as well as related access documentation and indexes.
2. If specified as having historical value, transferring a copy of the electronic records and any related documentation and indexes to the State Archives as specified in section VII. DISPOSITION OF ELECTRONIC RECORDS.
3. Establishing procedures for regular recopying, reformatting, and other necessary maintenance to ensure the retention and usability of the electronic records throughout their authorized life cycle.
4. Disposition of records on the electronic mail system. The agency should take the necessary steps to preserve electronic mail messages with ongoing value in a recordkeeping system along with all appropriate transmission data. Disposition of electronic mail records that have been transferred to an appropriate recordkeeping system is governed by the records retention schedule that control the records in that system. Examples of a recordkeeping system include storing the record on the electronic mail system, storing the record to a separate drive/subdirectory on the computer, or printing and filing the record in a paper system.

9. Security of Electronic Records

Electronic records must be protected from accidental or intentional damage or destruction and from any modification.

Access

System administrators must set access privileges to protect records from unauthorized users.

Validation

Validation involves ensuring the data is accurate, authentic, and captured as part of the normal course of business activity.

Electronic records must be:

• Accurate, in that there is a quality control check to ensure correct data
• Understandable, in that the relationship between the information is represented in a way that supports their meaning
• Meaningful, in that the contextual linkages of records must carry information that support a correct understanding of the transactions they support