Here are some possible initiatives that the Standards Committee might pursue in coordination with NARA, NIST, DOJ, GSA, GPO, and other interested Federal, State, and local agencies. We might also pursue grant funding from NSF, NIST, and/or other agencies, particularly if we partner with academic institutions. The potential for participation by private organizations should also be explored - including such organizations as the Association for Information and Image Management (AIIM), Business Forms Management Association (BFMA), and Workflow Management Coalition (WfMC). Pilot projects could be pursued with individual vendors who are committed to supporting open-systems standards in their COTS products.
If we decide to pursue a bold agenda, we could establish a goal to win a Hammer Award from the Vice President and/or similar recognition from other institutions. Other specific measures of success should also be considered. If the Committee agrees, perhaps this listing or some variation of it might be posted on FIRM's Web site and brought to the attention of potential partners.
1. Records Schedule Elements - Propose a Governmentwide standard set of data elements (metadata) by which all Records Series should be classified in the Records Schedules of all agencies. In addition to retention/disposition, such elements should address the requirements for:
a. Privacy under the Privacy ActPart of the problem is that NARA bureaucratically disclaims any authority or responsibility for E-FOIA despite the facts that: 1) access is the only reason for maintaining records, and 2) the use of electronic tools vastly improves access - not only public access but, even more importantly, within the agencies themselves. Effective leadership has also been lacking on implementation of the Privacy Act.(1)
b. Public access pursuant to E-FOIA
c. Others?
2. Document/Record Types - Propose a relatively small standard set of generic, top-level document/record types identified in plain language terms that are meaningful to the public. Such a set might be established as a validation/lookup table in COTS 5015.2-compliant ERMSs to be implemented by all agencies. Agencies would establish more specific second- and third-level document/record types below each of the generic types. Retention/disposition time lines would be based upon the most specific type. However, citizens would not need to know the specific types in order to conduct online searches or to submit FOIA requests.
3. Government Functions - Identify and distinguish government functions from each other in (plain language) words and phrases that are meaningful to the average citizen, without reference to the agency or level of government performing them. This would be an extension of the Vice President's Blue Pages initiative, which has been led by GSA, to improve government listings in the telephone directories. The intent would be to incorporate such terms into Internet-based ERMSs so that the public can search for records directly, without having to contact an intermediary.
To be most effective, a geographic component would be needed, since many government office responsibilities are based upon local or regional boundaries. If such a component is included, the Federal Geographic Data Committee (FGDC) may be a source of grant funding. State and local agency participation would be highly desirable.
GSA has already conducted some focus groups. However, it would be good to conduct a rigorous and comprehensive study, with a particular focus on identifying E-records as opposed to phone numbers.
4. Freedom of Information - Specify what "freedom of information" truly means to the average citizen. This would be a superset of the other three concepts and might be a good opportunity for involvement of the academic research community. Still more expansively, it could entail international participation to define the E-records responsibilities of democratic and developing nations worldwide. It could encompass two distinct aspects:
a. DocTypes, government functions, and perhaps other standard parameters (record metadata) expressed in "plain language" that is meaningful to the average citizen.5. Standards Inventory - We have already established an objective to identify and summarize on FIRM's Web site those standards that are applicable to records management. However, we might embark upon a longer-term initiative to improve upon, expand the scope of, facilitate the maintenance of, and ensure ongoing institutional support for this emerging collection of E-records. NIST, NARA, or AIIM might be likely candidates. A key objective should be to build awareness of the importance of taking longer-term retention and accessibility of information into account. Otherwise the benefits of technical standards may, by definition, be fleeting.b. The technical standards, protocols, and tools to make such metadata readily available for online queries by the public.
6. Format Standard(s) for E-records - Attention is already being given to image formats and XML seems to be an emerging standard for many types of documents. Two competing standards have been proposed for highly structured electronic documents (E-forms) used to gather data - XFDL and XFA. The W3C is expected eventually to adopt such a standard. With reference to the Government Paperwork Elimination Act (GPEA) and the need to maintain E-forms as E-records apart from the databases to which they write, our potential involvement is fivefold:
a. To stimulate and participate in a study to specify all of the pertinent requirements for such a standard with respect to records management;Taking a lesson from TQM's focus on the "cost of poor quality," the cost of poor records management practices and systems should be assessed. In particular, two practices that entail needless expense include: 1) the continued reliance on paper as a medium for maintaining E-records, and 2) the failure to coalesce around, implement, and use open-systems standards for E-record formats.b. To ensure that those requirements are fully considered by the W3C;
c. To encourage E-forms vendors to incorporate the standard effectively and expeditiously into their COTS products;
d. To promote the usage of standards-compliant products by government agencies;
e. To encourage the integration of such E-forms applications with 5015-2-compliant ERMSs.
In addition to reducing costs by ensuring unfettered, long-term accessibility of E-records, other potentially avoidable costs involve security, backup, and recovery of files that may be corrupted due to the failure to effectively capture and manage E-records on inalterable media as early as possible in their life cycles.
A distinct but related set of needless costs arise from the inappropriate use of E-mail to circulate copies of word processing, spreadsheet, and database files because the original E-records are not being managed and made readily available in Internet-based, DoD-certified EDMSs/ERMSs. Such misuse of E-mail needlessly raises the cost of storage, backup, recovery, and security as well as indexing, retrieval, access, disposition, and use of E-records.
Still other needless costs result from the failure to capture and manage the appropriate elements of metadata so as to facilitate the retrieval, evaluation, management, and use of records throughout their life cycles, regardless of their formats or media on which they are stored.(2)
And, of course, yet another concern is the inherent inaccessibility of paper records. Paper is and probably always will be a perfectly acceptable medium for the display of many types of information in many settings. However, it is not an appropriate means of keeping or managing records generated in digital processes. Like anything else, tools have a life cycle. Paper has had a long and glorious history as an enabler. However, in the cyberspace of the digital age, paper is a dis-enabler, not only for people with recognized disabilities but for everyone else.
Disability is a relative term, but paper dis-ables all of us. By law, agencies as well as private organizations are required to make reasonable accommodations for disabled persons. Thus, it is important to make provisions for those who are "digitally challenged," particularly if they are among our external stakeholders. However, no employee of the taxpayers should be above learning to use better tools, and it is the antithesis of a "government that works better and costs less" to build needless impediments into any of our business processes. As far as records management and information accessibility are concerned, paper is a large barrier to efficiency and effectiveness.
Wherever possible, paper should be eliminated from business processes. Not only does it make good business sense to do so, but as far as Federal agencies are concerned, it is also the law. Likewise, E-mail and databases are wonderful tools when appropriately applied. However, neither of those tools is intended or designed to serve the purpose of longer-term preservation of records. Thus, the inappropriate use of E-mail and/or databases in lieu of 5015.2-certified EDMSs and ERMSs inevitably leads to needless costs.
Business process reengineering (BPR) is about eliminating unproductive costs. Any or all of these needless costs would be fertile grounds for research and cooperative corrective action.
7. Record Series Classification/Scheduling Tool/BPR - NARA is already engaging in BPR. If we succeed in establishing a metadata standard for the classification of Records Series, a natural extension would be to actually implement the standard in an Internet-based E-forms/workflow automation system. If we do decide to pursue such an initiative, it would be good to invite participation by commercial vendors of E-forms/workflow automation products that are compliant with the applicable open-systems standards for interoperability. In addition to the primary benefit of classifying E-records under the new metadata standard, potential incidental benefits might include:
a. Enabling the vendors to demonstrate the interoperability and compliance of their COTS products with the applicable standards;The pilot could focus on a particular agency or groups of agencies. Their stakeholders could be invited to participate in terms of commenting online concerning the proposed retention periods and public access provisions for records of interest to them. (Interest groups and individuals could be given a "free pass" to establish identities via ACES in order to authenticate their submissions, thereby helping to pilot ACES. However, strong authentication of members of the public would not necessarily be a requirement for the consideration of their comments.) Special dispensation could be sought from NARA, perhaps under the Fast Track procedures, to make this a "live" exercise for the participating agency(ies).b. Demonstrating to NARA what BPR actually means, without endless study; and
c. Leadership of records managers in piloting the Federal PKI. (See also item 9.f.)
8. Computer Security - After Y2K, computer/network security has been deigned the next priority for attention by the CIOs and technical folks in the new millennium. However, few, if any of them recognize that information security is at it core a records management issue. The potential for the Standards Committee is to:
a. Facilitate the specification of the requirements for computer/network security in terms of records management,9. PKI Record-Keeping - GPEA requires agencies to give the public the opportunity to submit information by electronic means, including the use of digital signatures. Meanwhile, debate is raging over the principles and protocols for encryption, which is required to support digital signatures. Due to the complexities involved, Public Key Infrastructure (PKI) has taken on an almost mystical quality. However, much of the discussion is taking place in absence of understanding of the direct relationships to records management, which are both inherent as well as reciprocal.b. Foster education and understanding of those requirements, and
c. Promote the implementation of standards-compliant COTS products meeting those specifications.
That is, digital signatures and encryption are of the essence to the management of many E-records. At the same time, the electronic files required to support digital signatures and encryption are themselves E-records that need to be managed like any other Record Series - albeit a highly sensitive series that must be subject to strict access controls and usage logs.(3) (Of course, usage logs are also series of E-records to be managed.)
The potentials for the Standards Committee include:
a. Identification of the relationships between records management versus information, computer, and network security;Records scheduling may be a particularly appropriate business process in which to pilot PKI not only in light of the inherent relationships with records management but also because (unlike financial transactions, for example) the records generated by the process do not entail high risk factors. Thus, the opportunity for cross-fertilization, mutual benefit, and team learning is great across the PKI and records management disciplines, while the risk associated with failure would be low.b. Specification of the technical requirements for information security in terms of E-records management principles and systems;
c. Support for the adoption of open-systems standards to meet those requirements;
d. Encouragement to vendors to implement such standards in their COTS products;
e. Promotion of the usage of such products by government agencies, thereby avoiding the waste of the taxpayers' money reinventing home-grown, proprietary stovepipe E-records management systems for purposes of PKI; and
f. Facilitation of a pilot of the Federal PKI focusing on Records Managers, for the purpose of digitally signing the SF 115 and/or other documents in a reengineered process for scheduling records.
2. See "What Every CIO Needs to Know About Metadata" (February 1999) on the CIO Council's Web site, at http://cio.gov/metadata.htm.
3. The assumption of the Public Key Infrastructure (PKI) seems to be that the treatment of private keys (i.e., the electronic file that embodies an individual's "personal" encryption code) is not a matter of public concern. Indeed, PKI advocates avow that no one but the individual him or herself should have access to a "private" key, and privacy advocates abhor the thought that anyone else might. However, the maintenance and management of "private" keys is of the essence to the preservation of public records that have been encrypted via their "public" key counterparts. The use of "public" keys to encrypt public (and corporate) records makes their "private" key counterparts quasi-public (or corporate) records. In that event, the so-called "private" keys become "public (or corporate) person keys" rather than truly personal keys. In the parlance of PKI, the management of private keys by an employer or other third-party is called "key escrow" and the retrieval of such E-records is sanctimoniously called "key recovery". In many instances the obligation of individuals to manage their own records efficiently and effectively may be limited. They may be the only ones to suffer from their own failure to do so. However, such is not the case with public or corporate records. In essence, the focus has been misplaced on privacy rather than preservation of the public (or corporate) record. No private citizen will be forced to use digital signatures in order to do business with the Federal Government, at least not under the terms of GPEA. However, if they choose to do so, certain requirements are implicit with respect to the management and longer-term retention of E-records.