PDF icon. Download G20 PDF (2.9MB)  Get Acrobat Reader.

 A GUIDE TO DEVELOPING RECORDKEEPING STRATEGIES FOR WEBSITES

8. > RECORDKEEPING STRATEGIES FOR E-COMMERCE WEBSITES AND E-BUSINESS SOLUTIONS

Organisations with e-commerce websites should implement the following event-based strategy:

8.1. > ACTIVITY LOGS WITH E-COMMERCE DATA ELEMENTS

Definition

The activity log strategy for interactive websites (See 7.1) is used, but with additional recordkeeping metadata elements for authentication of identity and data security.

Technique

  1. > Determine the recordkeeping metadata elements that should be captured in a log of individual website transactions (activity log).
    For example:
    • Date and time of transaction
    • User profile, including IP address or domain name of user and type of web browser used
    • Authentication metadata
    • Security metadata
    • Web page visited by user
    • Actions performed by users, including searches, queries, and purchases
    • All objects, including client-side scripts, returned as a result of searches, queries, and purchases
  2. > Establish procedures and processes to ensure the activity log is created and updated. It may be possible to create an activity log from the log file of site visitors used by website administrators.
  3. > Routinely capture activity logs within a corporate recordkeeping system.
  4. > Develop and implement a strategy to migrate file formats, regularly refresh or migrate media formats, and manage recordkeeping metadata.

Benefits

A full and accurate record of financial transactions is captured and maintained.

Risks

Although web servers generate log files of server activity, they are often confusing and difficult to decipher. Consequently, it may be difficult to extract sufficient data to satisfy recordkeeping requirements. Where activity logs are created from log files it is important that the activity logs are structured in such a way as to ensure that recordkeeping metadata remains meaningful for as long as the log is required to be accessible.

Most logs of website transactions will contain personal information about the user. You must be aware of, and comply with, the Privacy Act 1993.

Back to top

Organisations with e-business solutions should implement the following event-based strategy:

8.2. > E-BUSINESS ACTIVITY LOGS

Definition

Essentially the same strategy as for e-commerce websites (8.1).

The difference is that e-business solutions, despite the emergence of open standards for data exchange, are unique combinations of website front-ends and back-end (often legacy) applications. While it is possible to capture the data elements for each transaction as they are transmitted through the website front-end, these elements may be distributed amongst the individual applications comprising the back and front-ends of the e-business solution.

Technique

  1. > Determine the recordkeeping metadata elements that should be captured in a log of individual website transactions (activity log).
    For example:
    • Date and time of transaction
    • User profile, including IP address or domain name of user and type of web browser used
    • Authentication metadata
    • Security metadata
    • Web page visited by user
    • Actions performed by users, including searches, queries, and purchases
    • All objects, including client-side scripts, returned as a result of searches, queries, and purchases.
  2. > For each recordkeeping metadata element that is to be captured in the activity log, identify the application in the e-business solution where it is stored.
  3. > Determine the most appropriate tactic for managing the recordkeeping metadata elements that relate to a single transaction as a single record, by either:
    • Aggregating the individual recordkeeping metadata elements that relate to a single transaction into a single record. Capture and maintain each record within a corporate recordkeeping system;

      Or
    • Allowing the individual recordkeeping metadata elements that relate to a single transaction to remain within the applications that make up the e-business solution and link them so that recordkeeping actions (such as assigning identifiers, classifying, and disposing) can be applied to all of the individual recordkeeping metadata elements that relate to each record. This tactic incorporates recordkeeping functionality into the e-business solution. Archives New Zealand's standard S5: Standard for Electronic Recordkeeping Systems contains functional specifications for electronic recordkeeping systems.
  4. > Develop and implement a strategy to migrate file formats, regularly refresh or migrate media formats, and manage recordkeeping metadata.

Benefits

A full and accurate record of financial transactions is captured and maintained.

Risks

Integrating recordkeeping systems (or recordkeeping systems functionality) with e-business solutions may be difficult and expensive.

Most logs of website transactions will contain personal information about the user. You must be aware of, and comply with, the Privacy Act 1993.