Information Management
Electronic Recordkeeping System (ERKS) Requirements for the Central Intelligence Agency
Revision C, 11 Jul 2005
|
TITLE: ERKS Requirements |
|||||
|
REV/ |
APPROVAL |
REV |
PARAGRAPHS |
REMARKS |
|
|
SCN |
DATE |
BY |
AFFECTED |
RFC |
APPROVAL |
|
New |
25 Jul 2000 |
KC |
Entire document (initial issue as baseline document) (File: ERKS_ Rqmt_ IMS_.doc) |
OIM- A- 0107 |
OIM AGCCB |
|
A |
03 Dec 2001 |
GD |
Sections 1, 2, 3, 4, 5, 6, 7.2, 7.3, 7.4, 7.5, 7.7 |
RCMG- RFC- 01086 |
CIO/IMS CCB |
|
B |
20 May 2004 |
KR |
Complete rewrite |
RCMG- RFC- 02861 |
CIO/IMS CCB |
|
C |
19 May 2005 |
KR |
Replaced logo and updated organizational names, revised Requirement C.6 |
RCMG- RFC- 04113 |
DS/ITG GCCB 07/11/05 |
1. Purpose
The purpose of this document is to position the Central Intelligence Agency (CIA) to manage and exploit its business assets (i.e., information) through the creation, capture, organization, maintenance, use, protection, and disposition of its electronic information in accordance with applicable laws and regulations. The document identifies the functional information management requirements for new and legacy automated information systems (AIS). These requirements support a uniform approach to:
* The protection of information integrity.
* The collection and display of required metadata.
* The preservation of Agency data over time.
* The maintenance of record material electronically.
* The regular and lawful disposal of information that is no longer needed.
The original version of the this document incorporated Department of Defense (DoD) 5015.2 STD, Design Criteria Standard for Electronic Records Management Software Applications (11 April 1997), which was endorsed by the National Archives and Records Administration (NARA) in November 1998. Version 2.0 streamlined the requirements to provide a more flexible standard for system development.
This document is configuration controlled by the Information Services Center, Information Management Services, Information Technology Group (ISC/IMS/ ITG ) Configuration Control Board (CCB). Recommended changes to this document should be forwarded to the ISC/IMS/Records and Classification Management Group (RCMG). Chief, RCMG (C/RCMG) shall be responsible for coordinating changes and forwarding them to the IMS CCB for disposition.
ELECTRONIC RECORD-KEEPING REQUIREMENTS
The Electronic Record-Keeping System (ERKS) requirements apply to all electronic Agency Information Systems (AIS), including but not limited to, databases, repositories, and software applications designed for communication and office productivity (email, web chat, document creation, spreadsheets, etc...).
Table A: The requirements in Table A apply to systems that must meet Agency COMMON standards.
|
REQ # |
TITLE |
DESCRIPTION |
|
A.1 |
Access |
The system will determine access authorization via a set of predetermined user roles, based on appropriate security clearance, unique identifiers, and/or the business role of the user, and will allow only authorized users to access information. |
|
A.2 |
Integrity |
The system will protect the integrity of information, ensuring that the content and context of data objects are preserved for the life of the data object. |
|
A.3 |
Audit |
The system will provide the capability to track user actions in the system, such as access, creation, modification, or deletion of information, and will provide the capability to generate reports on these actions. |
|
A.4 |
Transfer |
The system will provide the capability for only authorized users to copy the pertinent data objects and metadata to a user-specified filename, path, or device, or to transfer information between systems. |
For ease of use, the remaining requirements have been broken down into tables according to system functions. If an individual AIS does not perform the referenced function, the relevant requirements do not apply.
Table B: The requirements in Table B apply to systems that provide the capability to CREATE or FILE data objects.
|
REQ # |
TITLE |
DESCRIPTION |
|
B.1 |
Metadata Assignment |
The system will capture the appropriate metadata, including, but not limited to, Agency Metadata Standard elements, or will provide the user with the capability to assign the appropriate metadata when the data object is created/completed. |
|
B.2 |
CAPCO/Agency Classification Marking |
The system will display classification markings and dissemination controls in the format specified by the Intelligence Community (IC) Classification and Control Markings Register and the CIA National Security Classification Guide, AHB 70-9. |
|
B.3 |
Related Information Linkage |
The system will provide the capability to link the data object to supporting data objects and other related information, including (but not limited to) notes, attachments, electronic mail return receipts, working versions, and metadata. |
|
B.4 |
Versioning |
When appropriate, the system will provide the capability to manage working copies and draft versions of data objects as they are being developed, and will provide the capability to store and link said versions to the finished data object, and distinguish them when displayed. |
|
B.5 |
Formatting |
The system will create the data object in, or convert the data object to, a format that will ensure that the data object can be copied or viewed in the same likeness as the original, for the life of the data object, or migrated to a new format that will preserve the content and context of the data object. |
Table C: The requirements in Table C apply to systems that allow for the STORAGE of data objects
|
REQ # |
TITLE |
DESCRIPTION |
|
C.1 |
Metadata Storage Support |
The system will store and link metadata to the data object, so that it can be displayed when needed, and transported with the data object when a copy is made. |
|
C.2 |
Metadata Assignment and Updating Support |
The system will support the capability for only authorized users to assign or modify the metadata values of data objects. |
|
C.3 |
Record Linkage Support |
The system will support linkage of the data object to other related information, including (but not limited to) notes, attachments, electronic mail return receipts, working versions, and metadata. |
|
C.4 |
Search and Retrieval Support |
The system will support the capability of authorized users to search and retrieve document objects and metadata. |
|
C.5 |
Reporting Support |
The system will support the creation of reports related to queries, such as pending record cutoff dates, disposition eligibility, transfer eligibility, and document format type. |
|
C.6 |
Vital Records Support |
The system will support requirements to ensure that vital records necessary for the continuance of Agency critical activities during and after a disaster or emergency are identified and protected. |
|
C.7 |
Migration Support |
The system will support the migration of data to succeeding generations of the system as necessary, and will allow metadata to remain linked with its related information when migrated to another system, or when the system is upgraded. |
Table D: The requirements in Table D apply to systems that allow authorized users to perform INFORMATION MANAGEMENT services, including organization, maintenance, and disposition activities.
|
REQ # |
TITLE |
DESCRIPTION |
|
|
D.1 |
Metadata Assignment and Updating |
The system will allow for assignment or updating of appropriate metadata by authorized users only. |
|
|
D.1.1 |
Individual Metadata Updates |
The system will allow authorized users to update or modify metadata by individual data object. |
|
|
D.1.2 |
Global Metadata Updates |
The system will allow authorized users to update or modify metadata as a global replacement. |
|
|
D.1.3 |
Metadata Updates by Query |
The system will allow authorized users to run a query and modify or update the metadata of the resultant data object set. |
|
|
D.2 |
Disposition Activities |
The system will provide authorized users with the tools to perform disposition activities, including destruction and transfer activities. |
|
|
D.2.1 |
Time Disposition |
The system will allow authorized users to tag data objects with time-based dispositions (i.e. "keep until X date"). |
|
|
D.2.2 |
Event Disposition |
The system will allow authorized users to tag data objects with event-based dispositions (i.e. "keep until X event occurs"). |
|
|
D.2.3 |
Time-Event Disposition |
The system will allow authorized users to tag data objects with time-event based dispositions (i.e. "keep until X date after X event occurs"). |
|
|
D.3 |
Report Generation |
The system will provide authorized users with the ability to generate reports detailing: |
|
|
D.3.1 |
Pending Cutoff Date |
Data objects pending cut off event |
|
|
D.3.2 |
Eligible for Disposition |
Data objects which have reached their disposition date |
|
|
D.3.3 |
Eligible for Transfer |
Data objects which may be transferred to another AIS or storage media |
|
|
D.3.4 |
Document Format |
The type of data format (Word, WordPerfect, Excel, ASCII, etc...) in which the data object is stored |
|
|
D.4 |
Hold Placement |
The system will provide the capability for only authorized users to extend or suspend the retention period of individual data objects or groups of data objects which are required to be retained beyond their scheduled disposition because of special circumstances that have altered the normal administrative, legal, or fiscal value of the information (court order, investigation, pending confirmation of transfer, etc...). |
|
|
D.5 |
Record and Metadata Destruction |
When an authorized user approves data objects and metadata stored in the AIS for destruction, the system will delete said data objects and metadata in such a manner that the data objects cannot be physically reconstructed. |
|
|
D.6 |
Record and Metadata Migration |
The system will provide the capability for data objects to be migrated to succeeding generations of the system as needed, and for metadata to remain unmodified, as well as linked with its related information when migrated to another system, or when the system is upgraded. |
|
|
D.7 |
File Plan Updating and Maintenance |
The system will provide the capability for only authorized users to enter, update, and maintain a file plan, including associating file tags with disposition instructions. |
|
|
D.8 |
Validate Metadata |
The System shall conduct logic checks and assist with error checking for required metadata elements as defined in the Agency Metadata Standard. |
|