Functional Requirements
for Evidence in Recordkeeping

The following are a statement of requirements needed to ensure the preservation of evidence in electronic form and not the application requirements for archival or records management systems. Although specifically related to electronic recordkeeping systems, they are also applicable to manual or hybrid systems.


CONSCIENTIOUS ORGANIZATION

ACCOUNTABLE RECORDKEEPING SYSTEM


CAPTURED RECORDS


MAINTAINED RECORDS


USABLE RECORDS




Organization: Conscientious
    1. Compliant: Organizations must comply with the legal and administrative requirements for recordkeeping within the jurisdictions in which they operate, and they must demonstrate awareness of best practices for the industry or business sector to which they belong and the business functions in which they are engaged. External recordkeeping requirements are known.

      1a1. Laws of jurisdiction with authority over the record creating organizations are known.

      1a2. Regulatory issuances of entities with administrative authority over the record creating organizations are known.

      1a3. Best practices of recordkeeping established by professional and business organizations within the industry and business functions of the organization are known.

    1b. Records created by organizational business transactions which are governed by external recordkeeping requirements are linked to an internal retention rule referencing the documented law, regulation, or statement of best practice.

    1c. Laws, regulations, and statements of best practice with requirements for recordkeeping are tracked so that changes to them are reflected in updated internal recordkeeping instructions.

Recordkeeping Systems: Accountable

    2. Responsible: Recordkeeping systems must have accurately documented policies, assigned responsibilities, and formal methodologies for their management.

      2a. System policies and procedures are written and changes to them are maintained and current. A person or office is designated in writing as responsible for satisfying recordkeeping requirements in each system.

      2c. System management methods are defined for all routine tasks.

      2d. System management methods are defined for events in which the primary system fails.

    3. Implemented: Recordkeeping systems must be employed at all times in the normal course of business.

      3a. Business transactions are conducted only through the documented recordkeeping system and its documented exception procedures.

      3b. No records can be created in the recordkeeping systems except through execution of a business transaction.

      3c. Recordkeeping systems and/or documented exception procedures can be demonstrated to have been operating at all times.

    4. Consistent: Recordkeeping systems must process information in a fashion that assures that the records they create are credible.


Records: Captured

    5. Comprehensive: Records must be created for all business transactions.

      5a. Communications in the conduct of business between two people, between a person and a store of information available to others, and between a source of information and a person, all generate a record.

      5b. Data interchanged within and between computers under the control of software employed in the conduct of business creates a record when the consequence of the data processing function is to modify records subsequently employed by people in the conduct of business.

    6. Identifiable: Records must be bounded by linkage to a transaction which used all the data in the record and only that data.

      6a. There exists a discrete record, representing the sum of all data associated with a business transaction.

      6b. All data in the record belongs to the same transaction.

      6c. Each record is uniquely identified.

    7. Complete:Records must contain the content, structure, and context generated by the transaction they document.

      7a. Accurate: The content of records must be quality controlled at input to ensure that information in the system correctly reflects what was communicated in the transaction.

        7a1. Data capture practices and system functions ensure that source data is exactly replicated by system or corrected to reflect values established in system authority files.

      7b. Understandable: The relationship between elements of information content must be represented in a way that supports their intended meaning.

        7b1. Meaning conveyed by presentation of data are retained or represented.

        7b2. System defined views or permissions are retained and the effects are reflected in the record represented.

        7b3. Logical relations defined across physical records are retained or represented.

        7b4. Software functionality invoked by data values in the content of the record are supported or represented.

      7c. Meaningful: The contextual linkages of records must carry information necessary to understand correctly the transactions that created and used them.

        7c1. The business rules for transactions, which minimally locate the transaction within a business function, are captured.

        7c2. A representation of the source and time of the transaction which generated a record is captured.

        7c3. Links between transactions which comprised a single logical business activity are captured.

    8. Authorized: An authorized records creator must have originated all records.

      8a. All records have creators which are documented.

      8b. Records creators must have been authorized to engage in the business that generated the record.


Records: Maintained

    9. Preserved: Records must continue to reflect content, structure, and context within any systems by which the records are retained over time.

      9a. Inviolate: Records are protected from accidental or intended damage or destruction and from any modification.

        9a1. No data within a record may be deleted, altered, or lost once the transaction which generated it has occurred.

      9b. Coherent: The information content and structure of records must be retained in reconstructible relations.

        9b1. If records are migrated to new software environments, content, structure, and context information must be linked to software functionality that preserves their executable connections or representations of their relations must enable humans to reconstruct the relations that pertained in the original software environment.

        9b2. Logical record boundaries must be preserved regardless of physical representations.

      9c. Auditable: Record context represents all processes in which records participated.

    10. Removable:Records content and structure supporting the meaning of content must be deletable.

      10a. Authority for deletion of record content and structure exists.

      10b. Deletion transactions are documented as audit trails.

      10c. Deletion transactions remove the content and structural information of records without removing audit trails reflecting context.


Records: Usable

    11. Exportable: It must be possible to transmit records to other systems without loss of information.

      11a. Exporting protocols should be reversible.

      11b. Functionality should be represented in a fashion that produces the same result in the target system as in the originating environment.

    12. Accessible: It must be possible to output record content, structure, and context.

      12a. Available: Records must be available.

      12b. Renderable: Records must display, print, or be abstractly represented as they originally appeared at the time of creation and initial receipt.

        12b1. The structure of data in a record must appear to subsequent users as it appeared to the recipient of the record in the original transaction or a human meaningful representation of that original rendering should accompany the presentation of the original context.

      12c. Evidential: Record's representations must reflect the context of the creation and use of the records.

      13. Redactable: Records must be masked when it is necessary to deliver censored copies and the version as released must be documented in a linked transaction.

        13a. The release of redacted versions of a record is a discrete business transaction.

        13b. The fact of the release of a redacted version of a record is an auditable use of the original record and therefore results in creation of an audit trail with a link to the transaction which released the redaction.