Menu



HOME > Continuum > Publications > S8

Electronic Recordkeeping Metadata Standard

6. Appendix: Checklist of Minimum Requirements

Submitted by Anonymous on Thu, 18/09/2008 - 12:06.

This checklist is a tool for managing risks associated with recordkeeping metadata.
It can be used to assess compliance with the standard. Where a requirement is not
met, an organisation must assess the risks involved and plan to address them.

 

PRINCIPLE/REQUIREMENT YES NO IF NO, WHAT RISKS EXIST? ACTIONS REQUIRED TO TREAT RISKS

Principle 1: Recordkeeping
Metadata Management
Framework

The management of
recordkeeping metadata must be defined, documented, assigned,
and integrated into policies
and procedures for records and information management.

        
Requirement 1: Records and information management policies
and procedures must specify the role of recordkeeping metadata
in ensuring authenticity, reliability, and integrity.		        

Requirement 2: Responsibility for:

  • creating, maintaining and altering an organisation’s
    recordkeeping metadata
    schemas and encoding
    schemes
  • attribution and verification of point of capture recordkeeping metadata
must be assigned, documented, communicated and regularly reviewed.		        
Requirement 3: Rules relating to changing metadata must
be defined.		        
Back to top

 

 PRINCIPLE/REQUIREMENT  YES  NO IF NO, WHAT RISKS EXIST?  ACTIONS REQUIRED TO TREAT RISKS 
Requirement 4: Metadata schema and encoding schemes must be
maintained, documented and communicated.		        
Requirement 5: Metadata in all business critical systems/applications which create records must be mapped to the
recordkeeping metadata schema in the accompanying Technical
Specifications.		        

 Principle 2: Recordkeeping
Metadata Creation

Recordkeeping metadata must be created and managed.

        
Requirement 6: Recordkeeping
metadata must be assigned to all record objects and aggregations.		        
Requirement 7: Organisations must document their decisions about the attribution of recordkeeping metadata.        
 Back to top

 

PRINCIPLE/REQUIREMENT YES NO IF NO, WHAT RISKS EXIST? ACTIONS REQUIRED TO TREAT RISKS

Requirement 8: At point of
capture of a record object, the following minimum recordkeeping metadata must be attributed:

  • a unique identifier
  • a name
  • date of creation
  • who created the record
  • what business is being conducted
  • creating application and version.
        

Requirement 9: For each action undertaken on a record, the following minimum recordkeeping
process metadata must be
maintained:

  • the date of the action
  • identification of the person or system undertaking the action
  • what action was undertaken.
        
Requirement 10: Organisations
must identify where requirements to extend the recordkeeping metadata exist.		        

Principle 3: Recordkeeping
Metadata Maintenance

Recordkeeping metadata must be maintained to reflect business and
recordkeeping actions, to sustain the record object throughout its existence and to enable the transfer of records between systems and organisations.

        
Back to top

 

PRINCIPLE/REQUIREMENT YES NO IF NO, WHAT RISKS EXIST? ACTIONS REQUIRED TO TREAT RISKS
Requirement 11: Recordkeeping metadata must be persistently
linked with a record object for its entire period of retention.		        
Requirement 12: Recordkeeping metadata must accompany record
objects being transferred from their original creating environment or system.		        

Principle 4: Recordkeeping
Metadata Disposal

Recordkeeping metadata must be subject to the same controls on disposal as apply to all records.

        
Requirement 13: Recordkeeping
metadata must be subject to appraisal decisions prior to its disposal.		        
Requirement 14: Recordkeeping metadata must be protected from
unauthorised disposal.		        
Back to top

 

PRINCIPLE/REQUIREMENT YES NO IF NO, WHAT RISKS EXIST? ACTIONS REQUIRED TO TREAT RISKS

Requirement 15: After authorised disposal actions on a record are implemented (including transfer or destruction), the following minimum recordkeeping metadata
must be retained for as long as is required by the business:

  • point of capture metadata including a unique Identifier, a name, date of creation, who created the record, what business is being conducted, and the creating application and version
  • the date the disposal action took place
  • the authority governing the record’s destruction
  • the person undertaking the disposal action.
        
Back to top
« Previous page Table of contents 

Footer