California is leading the way in defining how local governmental agencies should maintain official records in an electronic format in order to ensure they are reliable and trustworthy. The state adopted regulations specifying that official electronic records must be maintained in a trusted system, as defined by AIIM/ANSI standards, specifically meaning AIIM’s Recommended Practices
The regulations, which went into effect this week, give clarification to the legal requirement that has been the law in California since 2000. Local agencies are not required by either the regulations or the law to maintain their official records electronically, but if they chose to do so they must be sure the system in which the information is stored is considered trusted under ARP1 (2009).
At its core, ARP1 (2009) requires a trusted ECM system to have the following components:
- A combination of hardware, media and software storage to prevent unauthorized alterations
- Verifiable through independent audit processes
- Write at least 1 of the 2 required copies to a safe and separate location
- Policies and procedures for proper records handling.
Both the AIIM and ISO (ISO 15801 adopts similar concepts) recommendations recognize that there are too many variations for how each organization constructs its system to select just one methodology. Therefore, those bodies recognize that the ultimate goal is to prevent unauthorized alterations to the records and use that concept as the central theme to constructing a trustworthy system. Having redundancy and transparency are two additional components, as is the need to clearly state how the records will be handled through the adoption of policies and procedures, so that the staff members are consistently trained and understand the roles and responsibilities.
Unfortunately a greater number of official records are never transformed into any type of physical document, so the regulations do apply to those records created by the government. Public agencies should be mindful of this trend and comply with California Government Code section 12168.7 and California Code of Regulations, Title 2, Div. 7, chapter 15, sections 22620.1 through 22620.8. Failure to store and manage official government records in a trusted system could leave the public agency without a solid answer to the question of how it knows the information on those official records is true, accurate and reliable.
(a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and
non-permanent documents in electronic media.
(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management.
(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, “trusted system” means a combination of techniques, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.**
(d) In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or non-permanent records.
** This can be achieved by implementing the Nexsan Assureon , a logical fit to address any organizational gaps that an organization may have with the AIIM Standards.
For more information call (800) 663-5523