Structured Approach to

Implementing Information
and Records Management
(IDRM) Systems

Alan McSweeney
Objectives

• Provide an overview of a structured approach to

analysis, design and specification of Information,
Document and Records Management (IDRM) systems
• Provide
introduction to generic reference models for
IDRM that can assist in solution definition

November 26, 2009 2

Information, Document and Records
Management (IDRM)
• Information Management tends to be IT related — backup/restore of information under
the control of IT systems
− IT systems tend by their nature to be centralised
• Records Management tends to be associated with the management of paper records
− Records tends to be managed in multiple locations across an organisation, local and central
filing systems
− Records are seen as red tape - a relic of the old process-driven way of doing business - a cost
to be reduced, if not eliminated
− Filing, dusty files and basements
• Document Management tends to associated with systems to manage paper (and other)
records electronically, either at a departmental or enterprise level
• There is a division between IT information and its management and non-IT managed
business records
• Spread of electronic systems has lead to a tendency towards ad hoc or substandard
IDRM practices and processes
• Need to bridge the gap:
− They all share the same management requirements
− Common business goals and requirements
• Take an integrated approach

November 26, 2009 3

Information, Document and Records
Management (IDRM)
• Information,
document management and records
management, retention and deletion procedures are
becoming increasingly important
− Driven by many regulations
− Standards around correct storage and retrieval of business
records and electronic communications

November 26, 2009 4

IDRM Challenges

• Budgets - Systems must be implemented in the context

of limited budgets
• Information Growth - The annual rate of growth of
information to be managed in over 50%
• Compliance and Regulations - There are multiple
compliance standards regulations to be adhered to
• Management and Control - Information must be
managed from creation to deletion with as easily and
automatically as possible
• Protection and Recovery - While being managed the
information must be protected and recoverable

November 26, 2009 5

General Approach to IDRM

• An effective approach to IDRM supported by processes and

systems:
− Creates a culture of compliance to business information management
− Ensures quality, enforces standards and guidelines
− Eliminates risk due to lost or unsaved documents and information
• Designs IDRM systems and associated processes that allow you
to actively managing information during its entire lifecycle,
according to its value:
− From creation to deletion
− Consistent with business importance
− With automated management
− Aligned with business needs

November 26, 2009 6

General Information Management Lifecycle

Create, Acquire, • Define specific information

Update, Capture
lifecycle for different
information types being
Store, Manage,
Replicate and analyses
Distribute

Protect and Recover

• Define solution to implement

lifecycle Archive and Recall

Delete/Remove

November 26, 2009 7

IDRM Structured Analysis and Design Approach

• Analyse your information, document management and records

management requirements
• Design and specify appropriate a solution and associated
processes
• Depending on your requirements, this can encompass hardware,
software, processes, all of which are aligned with the needs of
the business
• Use a structured approach to enable the selection and
implementation of IDRM solutions and processes that are based
on a sound understanding of an organisation’s requirements
• Methodology is designed to ensure that any IDRM solution is
strictly based on the business needs of the organisation
• Ensure solutions meet requirements

November 26, 2009 8

General IDRM Analysis and Design Methodology

November 26, 2009 9

General IDRM Analysis and Design Methodology

• Steps 1 to 4 make certain that the IDRM analysis and design is

focused on the key business requirements
− Preliminary investigation
− Analysis of business activity
− Identification of recordkeeping requirements
− Assessment of existing systems
• Steps 5 to 6 focus on selecting the optimum approach
− Identification of strategies for recordkeeping
− Design of IDRM system
• Steps 7 and 8 are concerned with the implementation of this
optimum approach
− Implementation of IDRM system
− Post-implementation review
• The process can be used in its entirety or a subset of it can be
followed to produce interim results
November 26, 2009 10
General IDRM Analysis and Design Methodology

• Practical
− Best practice implementation
• Comprehensive
− Includes all information in all formats
• User-based
− Identifies specific business needs and legal requirements
• Flexible
− Eight-step process can be applied at different levels

November 26, 2009 11

IDRM Analysis Benefits

• Understand the business, regulatory and social context

in which they operate, and establish a business case for
reviewing their IDRM practices
• Analyse business activities and environmental factors to
identify their IDRM requirements
• Assess the extent to which existing organisational
strategies (for example, policies, standards, technology)
satisfy these requirements
• Redesignexisting strategies or design new strategies to
address unmet or poorly satisfied requirements
• Implement, maintain and review these strategies
November 26, 2009 12
IDRM Analysis Outcomes

• The IDRM analysis approach enable the development of IDRM systems and
processes that are based on a sound understanding of an organisation’s IDRM
requirements
• These systems and processes enable organisations to:
− Conduct business in an orderly, efficient and accountable manner
− Deliver products and services in a consistent manner
− Support and document policy formation and managerial decision making
− Provide consistency, continuity and productivity in management and administration
− Facilitate the effective performance of activities through an organisation
− Provide continuity in the event of a disaster
− Meet legislative and regulatory requirements including archival, audit and oversight
activities
− Provide protection and support in litigation, including the management of risks
associated with the existence of or lack of evidence of organisational activity
− Protect the interests of the organisation and the rights of employees, clients, and
present and future stakeholders
− Support and document current and future research and development activities,
developments and achievements, as well as research, provide evidence of business,
personal activity
− Establish business, personal and cultural identity
− Maintain corporate, personal or collective memory
November 26, 2009 13
IDRM System and Process Objectives

• In order to be full and accurate, information (or all types) must be authentic,
reliable, complete, unaltered and useable and the systems that support them
must be able to protect their integrity over time
− Authentic - it must be possible to prove that a record is what it purports to be and
that it has been created or sent by the alleged person and at the time purported.
Information need to be protected against unauthorised addition, deletion, alteration,
use or concealment and the creation, receipt, transmission of records needs to be
controlled to ensure that records creators are authorised and identified
− Reliable - it must be possible to trust the information content as an accurate
representation of the transaction to which it attests. It should be created and
captured in a timely manner by an individual who has direct knowledge of the
event or generated automatically by processes routinely used by the organisation to
conduct the transaction
− Complete and Unaltered - it must be possible to protect information against
unauthorised alteration and to monitor and track any authorised annotation,
addition or deletion
− Usable - it must be possible to locate, retrieve, render and interpret information and
understand the sequence of activities in which it was created and used for as long
as such evidence is required
− System Integrity - it must be possible to implement control measures, such as access
monitoring, user verification, authorised destruction, security and disaster recovery
to prevent unauthorised access, destruction, alteration or removal of information
and to protect them it accidental damage or loss

November 26, 2009 14

IDRM Processes

• There are fundamental processes that are common to IDRM systems

− Capture/Acquire/Create
Capture/Acquire/Creat — formally determine that information should be made and
kept
− Registration — formalise the capture of information into a designated system by
assigning a unique identifier
− Classification and Indexing — identify the business activities to which a record
relates and then link it to other records to facilitate description, control, retrieval,
disposal and access
− Access and Security — assign rights or restrictions to use or manage particular
information
− Appraisal — identify and link the retention period of information to a functions-
based disposal authority at the point of capture and registration
− Storage — maintain, handle and store information in accordance with their form, use
and value for as long as they are legally required
− Use and Tracking — ensure that only those employees with appropriate permissions
are able to use or manage information and that such access can be tracked as a
security measure
− Disposal — identify information with similar disposal dates and triggering actions,
review any history of use to confirm or amend the disposal status, and maintain a
record of disposal action that can be audited

November 26, 2009 15

Step 1 - Project Initiation and Initial Analysis and
Investigation
• Activities
− Determine the scope of the analysis
− Collect information
− Document research
− Prepare a report
• Issues
− Defining the boundaries of the analysis
• Outputs
− List of the sources used
− Report containing the major findings of preliminary
investigation and making recommendations on the scope,
conduct and feasibility of the proposed IDRM project
− Project plan
November 26, 2009 16
Step 2 - Analyse Information-Related Business
Processes
• Activities
− Collect information from documentary sources and interviews
− Identify and document each business function, activity and transaction
• Assigning terms to functions and activities
• Defining the scope of functions and activities
• Assigning dates to functions and activities
− Develop a business classification scheme
− Identify organisational stakeholders
− Assess risk
− Record your findings
− Validate the analysis
• Issues
− Defining the scope of the analysis
− Defining the scale of functions and activities
− Maintaining the currency of the analysis
• Outputs
− Document the sources used
− Document organisation’s functions, activities and transactions
− Highlight business-critical functions using risk assessment
− Prepared a business classification scheme showing the organisation’s functions, activities and
transactions in a hierarchical relationship
− Validate findings with stakeholders

November 26, 2009 17

Step 3 - Define Information and Records
Management Requirements
• Activities
− Locate information sources
− Identify regulatory, business and external requirements for IDRM
− Document identified requirements for IDRM
− Assess the risk of not meeting requirements
− Document results
• Issues
− Drawing on other IDRM projects and experiences
− Maintaining a history of IDRM requirements
− Using IDRM requirements
− IDRM requirements for housekeeping functions
• Outputs
− Identified and documented all sources of organisation’s IDRN requirements
− Documented organisation’s identified requirements in a structured and traceable
form;
− Investigation of risk and feasibility factors associated with requirements where
necessary
− Documented assessment of these factors

November 26, 2009 18

Step 4 - Analyse Existing Information and Records
Management Systems
• Activities
− Identify existing information systems
− Analyse existing systems
− Document results
• Issues
− Assessing housekeeping functions
− Duplicate systems
• Outputs
− Benchmark to assess organisation’s existing systems and practices
− Identified, surveyed and documented relevant systems
− Assessment whether the systems have the capacity to function as IDRM
systems
− Determined whether the systems currently create, capture and manage
evidence consistent with your prioritised IDRM requirements
− Prepared a report describing the strengths and weaknesses of the
− existing practices

November 26, 2009 19

Step 5 - Define Information and Records
Management Strategy
• Activities
− Investigate the range of strategies available
• Policy tactics
• Design tactics
• Implementation tactics
• Standards tactics
− Identify appropriate tactics
• Policy tactics
• Design tactics
• Implementation tactics
• Standards tactics
− Assess factors that support or inhibit tactics
• Types of activities and transactions
• Corporate culture
• Systems and technological environment
• Assessing risks
− Check tactics against identified weaknesses
− Adopt an overall strategy
• Issues
− Agree where IDRM strategies ends and designing systems to incorporate those strategies begins
− Get high-level commitment to the remaining design and implementation process
• Outputs
− Investigation of the range of tactics potentially available to organisation
− Assessment and documentation of the organisational constraints that may affect the adoption of these tactics
− Selection of the most appropriate combination of tactics
− Establishment of the links between the selected tactics and the requirements they are intended to address
− Development of an overall design strategy to bring the tactics to fruition (including a framework for change management)
− Support for recommended strategy or decision not to proceed, and the rationale behind it

November 26, 2009 20

Step 6 - Design Information and Records
Management System and Processes
• Activities
− Establish and maintain recordkeeping policies
− Assign recordkeeping responsibilities
− (Re)design work processes
− Produce design documentation
− Design electronic or hybrid systems for records creation, capture and control
− Develop guidelines and operating procedures
− Conduct regular design reviews
− Develop initial training plan
− Prepare initial system implementation plan
• Issues
− Determining the limits of user participation in the design process
− Determining where design stops and implementation begins
• Outputs
− Feedback from staff and other stakeholders on relevant system components (such as policies, processes,
roles and responsibilities, guidelines and procedures)
− Documentation of any changes to requirements and design components arising from consultation
− Prepared detailed design descriptions, logical and physical models, and technical design specifications for
electronic system components
− Preparation of a system implementation plan
− Preparation of a an initial training plan
− Management endorsement of the design process

November 26, 2009 21

Step 7 - Select/Build and Implement Information
and Records Management System
• Activities
− Select implementation strategies and techniques
• Documentation of policies, procedures and practices covering all aspects of IDRM systems
• Communication about new or improved systems to staff both before and during the implementation phase
• Training
• Conversion
• Regulation and review
• Quality systems
• Change management
− Plan the implementation process
− Manage the implementation
− Develop a maintenance
• Issues
− Decide to begin the implementation process and stop refining the design
− Issues affecting implementation such as time lags, cost overruns and user acceptance, can be minimised by
conducting risk and feasibility assessments before the design and implementation (Step G) phases are
begun
• Outputs
− Representative of senior management to act as sponsor
− Establishment of a project team and/or steering committee that includes relevant stakeholders and experts
− Selection of an appropriate mix of implementation strategies and techniques based on risk, cost-benefit and
feasibility assessments
− Identification of all the activities associated with each of the strategies
− Development of a project plan to manage the implementation process
− Implemented and tested systems, processes and practices according to the project plan
− Reports on the implementation process to the project sponsor, steering committee and staff

November 26, 2009 22

Step 8 - Validate System and Process Operation
After Implementation
• Activities
− Plan the evaluation
• Appropriateness
• Effectiveness
• Efficiency
− Collect and analyse performance data
• Information creation and retrieval
• Management
• Disposal
• Training
• Learning from the process
− Document and report on your findings
− Take corrective action
− Make arrangements for ongoing review
• Outputs
− Identification and documentation of performance indicators for the system and process
− Identification of methods to collect performance data for the initial and subsequent reviews
− Collection of performance data
− Assessment of whether the system is satisfying IDRM requirements and working within organisational constraints
− Production of substantiating documentation
− Assessment of design and implementation process and documented costs and benefits
− Review the conversion strategy, process and audit trail
− Verification of the existence, currency and comprehensiveness of technical, user and training documentation (including
policies, procedures, information disposal authorities)
− Preparation a report for management on the status of the system and recommendations for improvement (including staffing
issues)
− Initiation of remedial action endorsed by management
− Establishment an ongoing cycle of reviews of recordkeeping

November 26, 2009 23

Benefits of Structured Approach

• You establish a business case for reviewing IDRM

• You understand the business processes and activities that give
rise to IDRM requirements
• You define the IDRM requirements of the organisation
• You assess the extent to which existing organisational IDRM
procedures meet these requirements
• You get redesigned existing processes or new processes designed
to address partially of completely unfulfilled requirements
• You will get a detailed design before embarking on (an
expensive) implementation
• You get a solution implemented to meet the agreed business
requirements
• The operation of the system is reviewed to ensure it meets the
requirements

November 26, 2009 24

Open Archival Information System (OAIS)
Reference Model
• Establishes a common framework of terms and concepts
• Identifies the basic functions of an OAIS
• Defines an information model
• Adopted as ISO 14721:2003
• Provides an idealised architecture and framework for IDRM
design and implementation
− OAIS is a reference model and conceptual framework) and not a detailed
blueprint for system design
− Informs the design of system architectures, the development of systems and
components
− Provides common definitions of terms and a common language, means of
making comparisons
− Basis for defining solution for acquisition/development and implementation
• OAIS is focussed on information storage and management rather
than processes that use the information such as workflow
• A useful tool in IDRM design and implementation
November 26, 2009 25
Reference Model

• A framework that provides

− For understanding significant relationships among the entities of some
environment, and
− For the development of consistent standards or specifications supporting
that environment.
• A reference model
− Is based on a small number of unifying concepts
− Is an abstraction of the key concepts, their relationships, and their
interfaces both to each other and to the external environment
− Can be used as a basis for education and explaining standards to users and
other stakeholders
• Does not specify an implementation
• OAIS reference model divide IDRM into a number of functional
areas such as ingest, storage, access, and preservation planning
November 26, 2009 26
Open Archival Information System (OAIS)

• Open
− Reference Model standard(s) are developed using a public
process and are freely available
• Information
− Any type of knowledge that can be exchanged
− Independent of the forms (i.e., physical or digital) used to
represent the information
− Data are the representation forms of information
• Archival Information System
− Hardware, software, and people who are responsible for the
acquisition, preservation and dissemination of the information
− Additional OAIS responsibilities are identified later and are
more fully defined in the Reference Model detail

November 26, 2009 27

OAIS Reference Model

• Providesdefinitions of terms that need to have well-

defined meanings:
− Archival Storage, Content Data Object, Designated
Community (key term), Ingest, Metadata, Representation
Information, etc.
• High level concepts, e.g.
− The environment of an OAIS (Producers, Consumers,
Management)
− Definitions of information, Information Objects and their
relationship with Data Objects
− Definitions of Information Packages, conceptual containers of
Content Information and Preservation Description Information

November 26, 2009 28

OAIS Purpose, Scope, and Applicability

• Framework for understanding and applying concepts

needed for long-term IDRM
− Long-term is long enough to be concerned about changing
technologies
− Starting point for model addressing non-digital information
• Framework for comparing architectures and operations
of existing and future data stores
• Basis for development of additional related standards
• Addresses a full range of archival functions
• Applicableto all data stores and those organisations
dealing with information that may need IDRM
November 26, 2009 29
Functional Model

• Six entities
− Ingest:
Ingest services and functions that accept SIPs from Producers; prepares
AIPs for storage, and ensures that AIPs and their supporting Descriptive
Information become established within the OAIS
− Archival Storage:
Storage services and functions used for the storage and retrieval
of AIPs
− Data Management:
Management services and functions for populating, maintaining, and
accessing a wide variety of information
− Administration:
Administration services and functions needed to control the operation of
the other OAIS functional entities on a day-to-day basis
− Preservation Planning:
Planning services and functions for monitoring the OAIS
environment and ensuring that content remains accessible to the
Designated Community
− Access:
Access services and functions which make the archival information
holdings and related services visible to Consumers

November 26, 2009 30

OAIS Reference Model — High Level

• Producer provides the information to be preserved

• Management sets overall OAIS policy
• Consumer retrieves and acquires information of interest

OAIS
Producer Consumer
(IDRM)

Management

November 26, 2009 31

OAIS Reference Model — Medium Level
P C
Preservation Planning
R O
O Descriptive
DIP N
Information
D Descriptive
Queries S
Information
U Data
Result Sets
U
SIP
C Management Access M
E Ingest Orders E
R SIP Archival R
AIP Storage AIP

SIP DIP

Administration

MANAGEMENT

• SIP = Submission Information Package

• AIP = Archival Information Package
• DIP = Dissemination Information Package

November 26, 2009 32

OAIS Reference Model — Detail

November 26, 2009 33

OAIS Reference Model

• Information Model
− Information Object (basic concept):
− Data Object (bit-stream)
− Representation Information (permits “the full interpretation of Data Object
into meaningful information”)
• Information Object Classes
− Content Information
− Preservation Description Information (PDI)
− Packaging Information
− Descriptive Information
• Information Package
− Container that encapsulates Content Information and PDI
− Packages for submission (SIP), archival storage (AIP) and dissemination
(DIP)
− AIP = “... a concise way of referring to a set of information that has, in
principle, all of the qualities needed for permanent, or indefinite, Long
Term Preservation of a designated Information Object”

November 26, 2009 34

OAIS Responsibilities

• Negotiates and accepts Information Packages from information

producers
• Obtains sufficient control to ensure long-term preservation
• Determines which communities (designated) need to be able to
understand the preserved information
• Ensures the information to be preserved is independently
understandable to the Designated Communities
• Follows documented policies and procedures which ensure the
information is preserved against all reasonable contingencies
• Makes the preserved information available to the Designated
Communities in forms understandable to those communities

November 26, 2009 35

OAIS Information Definition

• Information is defined as any type of knowledge that

can be exchanged, and this information is always
expressed (i.e., represented) by some type of data
• In
general, it can be said that “Data interpreted using its
Representation Information yields Information”
• In
order for this Information Object to be successfully
preserved, it is critical for an archive to clearly identify
and understand the Data Object and its associated
Representation Information

November 26, 2009 36

OAIS Archival Information Package

• Archival Information Package (AIP)

− Content Information
• Original target of preservation
• Information Object (Data Object & Representation Information)
− Preservation Description Information (PDI)
• Other information (metadata) “which will allow the understanding of
the Content Information over an indefinite period of time”
• A set of Information Objects

November 26, 2009 37

OAIS Archival Information Package (AIP)

Archival Packaging
Package Derived from Information Delimited by
Descriptor Information
Package (AIP)

Information How to find Content

supporting user information and PDI on
searches for AIP some medium

Preservation
Content Further described by Description
Information Information
(PDI)

• Content Information
− Document as an electronic file together with its format description
• Preservation Description Information (PDI)
− How the Content Information came into being, who has held it, how it
relates to other information, and how its integrity is assured
November 26, 2009 38
Information Package

• Content
− Content Data Object - Physical Object or Digital Object
− Representation Information
• Preservation
− Provenance
− Context
− Reference
− Fixity

November 26, 2009 39

OAIS Preservation Description Information (PDI)

Preservation
Description
Information

Reference Provenance Context Fixity

Information Information Information Information

November 26, 2009 40

OAIS Reference Model in Wider Context
Business Process Workflow

Framework
Behavior Models
Operations

Reference Model
Data Models

Design
}
Application Data
Data OAIS
Interface Encoding

Services Messages

Network Infrastructure Transport

• Provides wider framework for IDRM design and implementation

November 26, 2009 41
Summary

• Structured IDRM methodology yields benefits in ensuring appropriate

analysis, design and specification is performed ensuring requirements are
captured and any solution complies with them
− Consistency
− Speed
− Drives Delivery
− Ensures Acceptance
− Increases Productivity
− Increases User Confidence
− Speed
− Accuracy
− Provides Audit Trail
− Maximises Cost Savings
− Risk Management and Reduction
− Provides for Change Management
− Provides for Formal Project Closure
• Standards and reference models provide a mechanism for designing solutions
and comparing products from vendors
November 26, 2009 42
More Information

Alan McSweeney
alan@alanmcsweeney.com

November 26, 2009 43