Copyright 1997 CAUSE. From CAUSE/EFFECT Volume 20, Number 3, Fall 1997, p. 19-21, 49-50. Permission to copy or disseminate all or part of this material is granted provided that the copies are not made or distributed for commercial advantage, the CAUSE copyright and its date appear, and notice is given that copying is by permission of CAUSE, the association for managing and using information resources in higher education. To disseminate otherwise, or to republish, requires written permission. For further information, contact Jim Roche at CAUSE, 4840 Pearl East Circle, Suite 302E, Boulder, CO 80301 USA; 303-939-0308; e-mail: [email protected]
by Timothy J. McGovern and Helen W. Samuels
Without reliable electronic records, colleges and universities will be unable to manage and defend themselves -- they will lose their memories and be at significant risk. The authors explain the problems associated with the continuing reliability of electronic systems, and define the difference between an "information system" and a "record-keeping system." Collaborative partnerships among information technology staff, archivists, records managers, auditors, lawyers, and others at each campus, and also among professional organizations, are proposed to address these needs.
A former employee has sued your institution claiming that she did not receive the benefits that were promised her. Although the employee's traditional personnel folder has been located, the e-mail messages that provide the background information to this agreement are not included in the case file, nor have they been retained in electronic form.
In January 1997, your chief financial officer sent an important budget planning e-mail message to all senior officers outlining required reductions in expenditures. Attached to each customized message were that morning's real-time budget projections generated from your financial database, projections that change daily. When one of the deans is reprimanded in November 1998 for failing to carry out these reductions, he questions the validity of the financial projections originally provided. Your financial system is unable to reconstruct the data as originally transmitted.
In 2025, Sylvia Smith, class of 1999, requests a copy of her transcript for a graduate school application. The registrar's database was migrated to a new system in 2005 and again in 2222. Sylvia Smith's transcript is incomplete.
Has your institution already encountered such problems? If not, how long will it be before you do, and how will you respond to these situations? How can colleges and universities ensure that the electronic information needed for legal, administrative, and historical purposes will exist and be usable in 10, 20, or 100 years?
Content represents the text or image of the message. Context is the information supplied in the letterhead, signatory lines, "cc" lines about who sent the message and who received copies, and especially any information that would relate the document to other documents and the business process or functions that caused the document to be created. Structure is the format of the document, such as a purchase order, registration form, or memorandum.
For paper records, all of the characteristics are embedded in each physical artifact, or document. In electronic form, while the content of the message may be somewhat familiar, the context and structure are embedded in hardware and software. Without knowledge of the operating system and application software that interprets the record, the content itself is often useless, and the broader structure and context is entirely lost. Without a proper migration plan, as hardware and software are upgraded, the context and structure of records that are migrated forward can be lost, as well as the relationship among documents. The records that are not migrated, but left behind in a system that is no longer supported are, of course, at even greater risk. Without reliable electronic records, colleges and universities will be unable to manage and defend themselves -- they will lose their memories and be at significant risk. 1
To date, discussions of risk assessment for information systems have focused primarily on three issues: 1) Disaster recovery (business continuity planning), 2) unauthorized access and use, and 3) physical preservation of the media.
In addition to these important issues, we now face an additional risk: the logical preservation of the meaning and functionality of the data. Data become records when the content, context, and structure are tied together to provide both meaning and functionality. Although huge volumes of data are created and -- at least in the short term -- being saved, without proper planning, these data will not provide adequate evidence in the long term, and will not support the legal or administrative needs of our institutions.
For several years, members of the archival, records management, and information technology communities have been conducting research and attempting to design solutions for these long-term problems. A promising approach, proposed by a team of researchers at the University of Pittsburgh, offers a set of record-keeping requirements to guide the design, capture, and maintenance of any automated system. The key goal has been to define what is required to transform an information system into a record-keeping system. Terry Cook distinguishes the two by explaining that, "information systems (which is what we have) contain data that are timely; efficient from a technical perspective ... manipulable; and non-redundant -- old data are bad data, and are therefore replaced by new, updated, correct data. Record-keeping systems (which is what we need, and largely do not have) are just the opposite: they contain records that are time-bound and context stamped; inefficient technically ... inviolable and unchangeable once created; and redundant -- old data are not condemned as outdated and therefore deleted, but are viewed as being just as valuable as new data."2
A record-keeping system must be:
Archivists and information technology staff at Indiana University have turned these functional requirements into a methodology that they hope will support the evaluation of automated systems and lead to the design of improved record-keeping systems.3
All institutions that rely on electronic records share these problems. For academic institutions, however, these are critical issues as our institutions are information centered and information dependent. The library has traditionally been defined as the physical and intellectual center of any academic institution. Today the electronic network (and the information it carries) has become the central focus, providing access not only to the library, but to an even broader spectrum of information. The core functions of colleges and universities depend upon this information.
Teaching and research require access to published and unpublished sources so that faculty can prepare classes, students can support their learning, and researchers can disseminate their results. Administrators require access to records about policies, as well as detailed and summary financial reports. They also need data on employees and students in order to support legal, administrative, fiscal, and planning needs.4 Although we acknowledge the critical importance of information in higher education, we recognize that adequate attention has not been devoted to long-term issues, such as the design and management of automated systems. For instance, consider these questions:
The first partnership that must be formed at each academic institution is between the archivists and the information technology staff. Archivists have the responsibility to identify, care for, and provide access to the records of an institution. Official archival records are generated as part of the business of any institution and include a wide spectrum of materials, including the minutes of the governing board; the correspondence of the president and senior staff; documentation of gifts, bequests, and grants; personnel and student records; and theses and research reports. Archivists bring to the partnership their knowledge of the value of the content and context of records, their skills in the identification and selection of records, and their experiences with legal issues.
The information technology organization has the responsibility to build and manage the networked environment, and support the development and use of specific applications. Information technology staff also have responsibility for the backup, security, and long-term access to these data. Staff members contribute their knowledge of the structure of records -- the technical issues involved in designing, capturing, documenting, managing, migrating, storing, and providing access to electronic records.5
The archivist/information technology collaboration has another partner -- the clients, custodians, and users of the electronic systems. The users have to understand and be willing to support the additional requirements needed to design and manage a record-keeping system. Other professionals (e.g., legal counsel, auditor, registrar, and financial officers) must join this collaboration and participate in the key activities required to manage electronic records.
David Bearman (Pittsburgh project) has identified four tactics that can be used to achieve this goal:6
Policy
Draw on CAUSE's past efforts to publicize best practices and policies. A collaborative group of archivists, information technology staff, and other professionals could develop a model policy for electronic records. Such a policy would help individual institutions address this complex problem by articulating the issues and suggesting the norms that will ensure the adequate creation and retention of, and access to, electronic records.
Design
There are several approaches that could be taken to address design issues:
Develop a design methodology to examine the process by which automated systems are designed and procured, and suggest how and when to address issues of long-term maintenance, access, and legal acceptability of these processes.
Encourage cooperative projects for specific types of records. CAUSE could play an important role by bringing coalitions of like professionals together to work on aspects of this problem. For instance, the American Association of Collegiate Registrars and Admissions Officers (AACRAO) and the National Association of College and University Business Officers (NACUBO) could each work with CAUSE to address the particular problems posed by their specific record-keeping systems. Registrars face very similar issues surrounding the proper creation, maintenance, and long-term access to student information. Archivists and information technology professionals could join members of AACRAO and CAUSE to carry out this project. AACRAO's involvement in a cooperative project would not only bring the issue more visibility but also provide a common set of recommendations that would carry greater weight within this community and save each institution much effort.
The recent report of the CAUSE Task Force, "Privacy and the Handling of Student Information in the Electronic Networked Environments of Colleges and Universities," serves as an excellent example of a project carried out with AACRAO that provides guidance to all institutions about a similarly complex problem.7
Develop acceptable language for RFPs. Many academic institutions are buying rather than designing and building their own systems. Therefore, a solution now being used by several government agencies (in the United States and abroad) is to include language about required record-keeping abilities in all RFPs for new software. A CAUSE task force could develop appropriate language for an RFP and make this available to the members with an explanation of the rationale behind this approach.8
Implementation
The most important component of any implementation plan is education. CAUSE and other professional organizations can play a critical role in informing their members about these issues. Efforts have already started on a small scale. Following a briefing session which focused on this topic at the 1996 CAUSE annual conference, a constituent group on managing electronic records was established, and additional sessions have been proposed for future CAUSE meetings.
Standards
CAUSE can play a role in supporting the use of existing standards and the design of new standards that will facilitate record-keeping requirements. In addition, CAUSE could exert pressure on software vendors to incorporate appropriate standards and record-keeping requirements into the products they market to the academic community.
Conclusion
Colleges and universities can no longer put off confronting these issues without incurring significant risks. We believe that in order to survive and continue to succeed, academic institutions must create, manage, retain, and destroy information in a manner that supports sound management and best business practices. Our institutions must develop and exercise appropriate risk management strategies that can respond adroitly to all communities and constituencies served. Automated business systems must be designed and managed to support the sound administration of our institutions and to minimize potential risk.9
As individual professionals at academic institutions, we each have knowledge and skills that will contribute to the solution of these large problems. As professional societies -- CAUSE, the Society of American Archivists (SAA), the Coalition for Networked Information, and others -- we can bring visibility to this issue and work together toward solutions. If we fail to act as individuals, institutions, and organizations, our future is at risk.
1 The examples above and the general description of the problems associated with electronic records are drawn from Terry Cook's excellent brief article, "It's 10 O'Clock: Do You Know Where Your Data Are?" Technology Review, January 1995, 48-53.
2 Terry Cook, "The Impact of David Bearman on Modern Archival Thinking: An Essay of Personal Reflection and Critique," Archives and Museum Informatics, May 1997, 15-37.
3 There is extensive information available on the Web about the Pittsburgh and Indiana projects as well as the other research currently being conducted on electronic records. Information about the Pittsburgh project, directed by Richard Cox and David Bearman, can be found at http://www.lis.pitt.edu/~nhprc/. Information about the Indiana University project, directed by Phil Bantin and Gerry Bernbom, can be found at http://www.indiana.edu/~libarche/index.html. Both the Indiana and the Pittsburgh projects have been funded by the National Historical Publications and Records Commission (NHPRC), a granting arm of the National Archives. Information on other electronic records grants funded by NHPRC can be found at a site maintained by the National Archives and Records Administration at http://www.nara.gov/nara/nhprc/ergrants.html.
4 A fuller description of the functions of academic institutions and the role that information plays in supporting each of those functions is described in Helen Samuels'Varsity Letters (Metuchen, N.J.: Scarecrow Press, 1992).
5 Two examples of such partnerships are the collaborations formed at MIT and Indiana University. At MIT the authors used their collaboration to articulate the problem of electronic records in their white paper, "Managing Electronic Evidence: A Risk Management Perspective," 1995. At Indiana University Phil Bantin, University Archivist, and Gerry Bernbom, Data Administrator, used their collaboration to carry out a large federally funded project to test and develop archival record-keeping systems. See footnote 3 for additional information.
6 David Bearman, Electronic Evidence: Strategies for Managing Records in Contemporary Organizations (Pittsburgh: Archives and Museum Informatics, 1994).
7 CAUSE Task Force, Privacy and the Handling of Student Information in the Electronic Networked Environments of Colleges and Universities (Boulder, Colo: CAUSE, 1997)
8 Both the City of Philadelphia as well as the government of Canada have taken this approach. The language used in their RFPs can be found as part of a description of the Philadelphia Electronic Records Project (http://www.phila.gov/city/departments/erms/rfp3.html) and is also available as a publication from the National Archives of Canada (http://www.archives.ca/www/english/mgr/order.html "Records/Document/Information Management: Integrated Document Management System -- RFP requirements: file name 4RDIMS").
9 The authors expressed these risk issues in the white paper they prepared for MIT in 1995 entitled, "Managing Electronic Evidence: A Risk Management Perspective."
Timothy J. McGovern ([email protected]) is a Senior Project Manager in Information Systems at MIT.
Helen W. Samuels ([email protected]) was Institute Archivist of MIT from 1977 until January of 1997, when she became Special Assistant to the Associate Provost at MIT.