PDF icon. Download S5 PDF (994KB)  Get Acrobat Reader.

 ELECTRONIC RECORDKEEPING SYSTEMS STANDARD

PART B > FUNCTIONAL SPECIFICATIONS

8 > ADMINISTRATION

General Administration | Reporting | Altering and Deleting Records | Redacting Records

General Administration

This section includes requirements for managing system parameters, backup and restoration, system management and user administration.

The electronic recordkeeping system must:

8.1 allow Administrators to retrieve, display and re-configure system parameters and to reallocate users and functions between user roles.
8.2 provide backup facilities so that records and their recordkeeping metadata can be recreated using a combination of restored backups and audit trails.
8.3 provide recovery and rollback facilities in the case of system failure or update error, and must notify Administrators of the results.

In other words, the electronic recordkeeping system must allow Administrators to 'undo' a series of transactions until a status of assured database integrity is reached. This is only required when error conditions arise.
8.4 monitor available storage space, and notify Administrators when action is needed because available space is at a low level or because it needs other administrative attention.
8.5 allow Administrators to make bulk changes to the classification scheme, ensuring all recordkeeping metadata and audit trail data are handled correctly and completely at all times, in order to make the following kinds of organisational change:
  • division of an organisational unit into two;
  • combination of two organisational units into one;
  • movement or re-naming of an organisational unit;
  • division of a whole organisation into two organisations.
When such a change is made, closed files must remain closed, retaining their references to the classification scheme before the change, and open files must either: be closed, retaining their references to the classification scheme before the change, and cross-referenced to a new file in the changed scheme; or: be referenced to the changed scheme, but clearly retaining all prior references to the classification scheme before the change.

Changes to organisational units described above may imply corresponding changes to the classification schemes of the units and their user populations. The term "bulk changes" implies that all aggregations and records affected can be processed with a small number of transactions, rather than needing to be processed individually.

[Note that this element will apply especially where classification schemes are based on an organisation plan.]
8.6 support the movement of users between organisational units.
8.7 allow the definition of user roles, and must allow several users to be associated with each role.
8.8 communicate any errors encountered in saving data to storage media.

Back to top

Reporting

This section articulates basic reporting requirements. It does not articulate the requirements for a comprehensive reporting sub-system.

The electronic recordkeeping system must:

8.9 provide flexible reporting facilities for the Administrator. They must include, at a minimum, the ability to report the following:
  • numbers of aggregations, volumes and records;
  • transaction statistics for aggregations, volumes and records;
  • activity reports for individual users.
8.10 allow Administrators to report on audit trails based on selected:
  • aggregations;
  • volumes;
  • records;
  • users;
  • time periods.
8.11 be able to produce a report listing aggregations, structured to reflect the classification scheme, for all or part of the classification scheme.
8.12 allow Administrators to request regular periodic reports and one-off reports.

The electronic recordkeeping system should:

8.13 allow Administrators to report on audit trails based on selected:
  • security categories;
  • user groups;
  • other recordkeeping metadata.
8.14 include features for sorting and selecting report information.
8.15 include features for totalling and summarising report information.
8.16 allow Administrators to restrict users' access to selected reports.

Back to top

Altering and Deleting Records

The electronic recordkeeping system must:

8.17 include a configurable option to prevent any record, once captured, from being deleted or moved by any Administrator or user. This option should be exercised at the time of configuration.

This requirement does not affect transfer or destruction of records in accordance with a disposal authority.
8.18 allow the Administrator to delete aggregations, volumes and records (subject to the option selected in specification 8.17). In the event of any such deletion the electronic recordkeeping system must:
  • record the deletion comprehensively in the audit trail;
  • produce an exception report for the Administrator;
  • delete the entire contents of an aggregation or volume when it is deleted;
  • ensure that no items are deleted if their deletion would result in a change to another record (for example, if a document forms a part of two records - see specification 1.24 - one of which is being deleted);
  • inform the Administrator, of any links from another aggregation, or record to an aggregation or volume which is about to be deleted, and request confirmation before completing the deletion;
  • maintain complete integrity of the recordkeeping metadata at all times.
This functionality is intended for exceptional circumstances only.
8.19 allow the Administrator to alter the security category of individual records.

This is routinely required to reduce the level of protection given to records as their sensitivity decreases over time.
8.20 allow the Administrator, subject to support for specification 4.39, to alter the security category of all records within an aggregation in one operation. The electronic recordkeeping system must provide a warning if any records are having their security category lowered, and await confirmation before completing the operation.

This is routinely required to reduce the level of protection given to records as their sensitivity decreases over time.
8.21 allow the Administrator, subject to support for specification 4.39, to change the security category of aggregations.
8.22 record full details of any change to security category in the recordkeeping metadata of the record, volume or aggregation affected.
8.23 allow the Administrator to change any user-entered recordkeeping metadata element. Information about any such change must be stored in the audit trail.

This functionality is intended to allow Administrators to correct user errors such as data input errors, and to maintain user and group access.

Back to top

Redacting Records

The electronic recordkeeping system must:

8.24 allow the Administrator to take a copy of a record, for the purposes of redaction.

This copy is referred to as an 'extract' of the record in this specification (see Part A, Section 5, Glossary).
8.25 record the creation of extracts in the record's recordkeeping metadata, including at least date, time, reason for creation and creator.
8.26 store in the audit trail any change made in response to the requirements in this section.

The electronic recordkeeping system should:

8.27 provide functionality for redacting (see Part A, Section 5, Glossary) sensitive information from the extract. If the electronic recordkeeping system does not directly provide these facilities, it must allow for other software packages to do so.

It is essential that when these or any other redaction features are used, none of the removed or masked information can ever be seen in the extract, whether on screen or when printed or played back, regardless of the use of any features such as rotation, zooming or any other manipulation.
8.28 prompt the creator of an extract to assign it to an aggregation.
8.29 store a cross-reference to an extract in the same aggregation and volume as the original record, even if that volume is closed.