Home > Records Management > Standards and Guidelines > Systems Design Considerations

Systems Design Considerations

It is important to build good recordkeeping into new systems. The involvement of the records manager in the design of new systems is essential. This will help to ensure that records are identified and methods are used to capture fixed records to provide evidence of an activity. The records manager can help articulate what systems and rules are needed to ensure those records are captured and maintained, how long the records should be kept to meet business and other requirements, how they should be stored, and who should have access to them.

Business rules that dictate what is a record, how and when records will be created or captured, how they will be maintained and used, and for how long need to be built into new systems as they are being designed. Too often systems have been designed with no recordkeeping requirements and valuable records that protect the rights of citizens, provide evidence of government accountability and document specific and significant government historical events have been lost. Sometimes this lack of incorporating recordkeeping requirements has caused records that need to be destroyed to be kept longer than required. The cost of managing and storing these records places an unnecessary financial burden on valuable and scarce public funds.

Here are some recordkeeping requirements to consider when developing a new system:

1. What records need to be created or kept that document the functions/activities in this new system:
   • What is necessary to capture?
   • Who will rely on the information?
   • Will it be necessary to provide a fixed record of what was relied on to make decisions by the organization?
   • Will it be necessary to provide a fixed record of what was relied on to make decisions by the organization’s stakeholders or the general public?
   • How will the information be verified for authenticity, completeness, and accuracy before it is captured into a fixed record?
   • Is an outside contractor being used [e.g., to receive inputs from stakeholders that are then converted to be ingested into the new system], if so:
     • Will inputs need to be captured as received from the stakeholders?
     • How will the information be verified for authenticity, completeness, and accuracy before it is captured into a fixed record?
     • How long will records being received and created by the contractor need to be maintained and accessible?
     • All recordkeeping requirements should be documented in the contract with the contractor.
2. What will be required to supply appropriate content, context and structure of the records before the records are captured in a fixed method:
   • Are there automated tools that can be integrated to provide date of creation/receipt; owner; classification information as the type of record [draft, version #, final official record, duplicate copy], records series [to be able to link the records to their retention periods and to other salient records related to the same business activity], and access restrictions [including the ability to redact restricted information from the records when required by an open records request]; and other metadata that will enhance the retrievability of the records [such as appropriate and approved keywords found in the organization’s official thesaurus]?
   • What will be necessary to ensure a smooth transition when the records are migrated to another new system?
3. How will these records be captured so they are fixed?
4. If retention periods for the records change, how will the new retention period be transitioned into the system?
5. How will records be maintained through the retention period:
   • How will the records be protected from unauthorized access?
   • How will the records be protected from unauthorized destruction?
   • If there are plans to move records near-line or off-line, what protocols will be built in to ensure that the media is refreshed and the bit error rate is corrected on a regular basis?
   • What indexing systems will be used to ensure the records are accessible?
   • What migration strategies will be in place to regularly replace the media and to refresh the data?
   • What migration strategies will be used to convert the records without loss or corruption to the next version or another system?
   • What will be the backup strategy used for the new system:
     • How will the strategy provide business continuity/vital records protection?
     • How will the strategy provide for the reliability and integrity of the records should a server crash or if a security violation occurs?
     • How will the strategy provide for times when the system is down:
       • How will the records be available?
       • How will new records be captured?
       • How will captured records be put into the system after it is back up and running?
     • How will the strategy provide for the deletion of records once their retention period has lapsed, even on backup media?
   • What records will need to be created for audit purposes within the new system:
     • Will the system need to record who captured, retrieved or deleted records and when?
6. How will any downloads of data be managed so that renegade standalone systems are not created without the proper recordkeeping requirements attached to them?
7. How will records be deleted from the system when their retention period has lapsed?
8. Will the organization want to delete all associated metadata when the records are deleted, if not, what will need to be retained and for how long?
9. How will records be protected from deletion when there is a hold on destruction?
10. How will the records with permanent retention be preserved and accessible over time?
11. What system documentation will need to be created to document recordkeeping processes?
12. What training will be provided to users to ensure they are aware of their recordkeeping responsibilities?

top of page