It also gives an insight into the various ways through which organizations can implement good IT practices to complement or parallel existing records management practices. In systems implemented in line with ECM/ERM guidelines, developing the most efficient systems will form the core of organizational success. This will be achieved by making electronically signed records the core of organizational IT systems. The organizational IT professionals will come to terms with the fact that signatures are an integral part of the records they keep.
If the records need to be preserved, whether for a short duration of time or permanently, then the organization is required to promote integrity of its records by electronically signing them in scheduled series. Additionally, this paper discusses the general principles that govern application of electronic signature technology in organizations. Organizations can accomplish electronic signatures through the use of different technologies such as Personal Identification Number (PIN), smart cards and biometrics.
However, some organizations can decide to apply additional technology specific-record management systems. Introduction Records Life Cycle vs. System Development Life Cycle According to Adam (2008), the terms “records life cycle” and “system development life cycle” are significant concepts that are often confused in information technology and records management discussions. Records life cycle: The records life cycle refers to the life p of a record from the time it is created or received to its eventual disposition.
The process is usually carried out in three main stages: creation, maintenance and use, and eventual disposition (Sampson, 2002). Majorly, this paper focuses on information creation stage since the electronic signature record is created at the initial stage of the records life cycle. The second stage, maintenance and use, is the part in the records life cycle in which the record is maintained at the organizational level while in active use, or is maintained when not in frequent use. The final stage of the records life cycle is disposition, which marks the ultimate fate finish to the record.
Most organizational records are categorized as having either a “temporary” or “permanent” disposition status (Addey, 2002). Temporary records are held by organizations for stated periods before they are destroyed or deleted. On the other hand, permanent records are initially held by organizations before they are eventually transferred to state and other involved agencies. The eventual disposition of the electronically-signed records is subject to debate between the involved agency and the statutory bodies, in which some organizations may be authorized to dispose some of the records.
System development life cycle: The “system development life cycle” gives a description of the developmental phases that an electronic information system entails. These phases typically include initiation, definition, design, development, deployment, operation, maintenance, enhancement, and retirement. The most important steps in all this are the definition, development, and refinement of the data model, which mostly involves treatment of the records being created or managed (Stephens, 2007).
Information systems are developed according to system development methodologies, including those that organizations use to implement the electronic signature as required by the statutory bodies; which govern production and augmentation of existing records. The records life cycle usually exceeds the system development life cycle. When it does the organization involved needs to retain the particular record for a period of time longer than the life of the electronic information system that generated the electronic signature. However, this presents special challenges, such as maintaining the integrity of record in case of system migration.
Background Characteristics of Trustworthy Organizational Records Reliability, authenticity, integrity, and usability are the features used to describe trustworthy records from a records management perspective. An organization needs to consider these features when laying implementation plans for ERM programs; such that it can meet its internal business and legal needs, as well as external regulations (Boiko, 2002). The degree of effort that an organization puts into ensuring that these characteristics are attained depends on the organizational business strategies and the structure of the market environment.
Transactions that are of great importance to the organization require greater assurance level than those usable with transactions of less criticality to the organization Reliability: A reliable record is one that carries contents that can be trusted as a whole and actual representation of the transactions, activities, or facts to which it refers and can be relied upon in the subsequent transactions Authenticity: An authentic record is one that is proven to be what it purports to be and to have been created or sent by the person who purports to have created and sent it.
A record should be created at the point in time of the transaction or incident to which it relates, or soon afterwards, by individuals who have direct knowledge of the facts or by instruments routinely used within the business to conduct the transaction (Wiggins, 2007). To demonstrate the authenticity of records, organizations should implement and document policies and procedures which control the creation, transmission, receipt, and maintenance of records to ensure that records designers are authorized and identified and that records are protected against unauthorized addition, deletion, and alteration.
Integrity: The integrity of a record refers to the state of being complete and unchanged. It is essential that a record be protected against changes without signed permission. Records management policies and procedures should specify what, if any, additions or annotations may be made to a record after it is created, under what circumstances additions or annotations may be authorized, and the people authorized to make the changes. Any authorized annotation or addition to a record made after it is complete should be explicitly indicated as annotations or additions.
Another aspect of integrity is the structural integrity of organizational records. The structure of a record refers to its physical and logical format; as well as the relationship between the data elements contained in the record. Failure to maintain the structural integrity of organizational records can easily impair reliability and authenticity of the record Usability: These are records that can be located, retrieved, presented, and interpreted. In any subsequent retrieval and use, the record needs to be directly connected to the business activity or transaction which produced it.
It should be possible to identify a record within the context of broader business activities and functions. The connection between records which document a sequence of activities should be maintained. These contextual linkages of records should carry the information needed for an understanding of the transaction that created and used them. Preserving Trustworthy Records For a record to remain reliable, authentic, with its integrity maintained, and useable for as long as the record is needed, it is necessary that it’s content, context and sometimes structure is maintained.
A trustworthy record preserves the actual content of the record itself and information about the record that draws relation to the context in which it was first designed and used. Specific contextual information will vary depending upon the business, legal, and regulatory requirements of the business activity (e. g. , issuing land use permits on Federal lands). It is also necessary to preserve the structure of the record, as well as the content arrangement. Failure to preserve the content structure of the record will affect its structural integrity.
That, in turn, undermines the record’s reliability and authenticity; which is of great essence. There are special considerations when dealing with the preservation of the content, context, and structure of records that are made possible by Electronic Record Management through electronic signatures: • Content: The electronic signature or signatures in a record are part of the content. They give a clear indication on who signed a record and whether that person gave approval for the record content. In organizations, multiple signatures are an indication of initial approval and subsequent approvals.
It should be understood that in ERM, signatures should accompanied by dates and other identifiers such as organizational titles. All of these peripherals are part of the content of the record and needs to be kept well. Lack of this information seriously impairs the reliability and authenticity of a record • Context: Some electronic signature technologies are centered on individual identifiers which are not embedded in the record content, trust paths, and other means used to create and verify the validity of an electronic signature.
This information is not inclusive of the record content but is nevertheless significant. It provides contextual support to the record since it provides evidence that can be used to support the authenticity and reliability of the record. Lack of these contextual records seriously impairs subsequent attempts to verify validity of the organizational records. • Structure: Preserving the structure of a record means that the physical and logical formats of a record are well drawn.
In doing this, organizations must ensure that the physical and logical formats of the record elements remain intact physically and logically. An organization may find it necessary to maintain the record structural form through the use of an electronic signature. In that case, the organization is required to preserve both the hardware and software that created the electronic signature, which can either be encryption algorithms or chips. This ensures that the electronic record can be revalidated at a later time when required Advantages and disadvantages of using ECM/ERM systems in organizations
The main advantage of organizations using ECM/ERM approaches in organizations is the fact that it offers the platform to verify the validity of records. There are various approaches that organizations can use to achieve trustworthiness of electronically-signed records within their systems over time. This requires that organizations choose an approach that is applicable, fit for their particular line of business; as well as risk assessment The first approach may involve an organization deciding to maintain adequate documentation of its records’ validity.
This involves maintaining of adequate documentation of the records such as, trust verification of records gathered at or near the time of record signing. This record keeping approach enables organizations to retain contextual information through an adequate document processes carried out at the time the record was electronically-signed, along with the electronically-signed record itself. The additional contextual information is then retained for as long as the electronically-signed record is retained.
Thus the agency preserves the signature’s validity and meets the adequacy of documentation requirements by retaining the contextual information that documented the validity of the electronic signature at the time the record was signed. Maintaining adequate documentation of validity gathered at or near the time of record signing may be preferable for records that have permanent or long-term retentions since it is less dependent on technology and much more easily maintained as technology evolves over time (Rockley, 2003).
However, using this approach, the signature name may not remain readable over time because of bit-wise deterioration in the record or as a result of technological obsolescence. Agencies must ensure that for permanent records the printed name of the signer and the date when the signature was executed be included as part of any human readable form (such as electronic display or printout) of the electronic record. Similarly, an organization may opt to maintain the capacity to re-validate digital signatures.
The re-validation approach demands that an organization retains the ability to revalidate the digital signature, together with the electronically-signed record itself. The information necessary for revalidation (i. e. , the public key used to validate the signature, the certificate related to that key, and the certificate revocation list from the certificate authority that corresponds to the time of signing) must be retained for as long as the digitally-signed record is retained. Both contextual and structural information of the record must be retained.
This is of benefit to the organization since it can review it records over time effectively (Jenkins, 2005). However, this approach of record keeping is potentially burdensome, particularly for records that are digitally signed records with long retention requirements. Conclusions Record keeping is consistently becoming a priority for many organizations with advancement in technology. The challenging part is keeping up with the drastic options that are being launched within short periods.
As discussed in this paper, the most efficient method of managing organizational records is through the adoption of Electronic Content Management or Electronic Record Management systems (Halvorson, 2009). This is mostly achieved by electronically signing records depending on their importance and usage in the organization. In doing this, organizations are able protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and legitimacy of their records.
When implementing electronic signature technology, organizations are expected to accord special consideration to the use of electronic signatures in electronic records that preserve organizational legal rights. This is based on the fact that long-term temporary and permanent electronically signed records have greater longevity than typical software obsolescence cycles, it is certain that organizations will be required to migrate those records to updated versions of software to maintain access to the records (Hackos, 2002).
The software migration (as opposed to media migration) process may invalidate the digital signature embedded in the record. This may adversely affect an agency’s ability to recognize or enforce the legal rights documented in those records. References Adam, A. (2008). Implementing electronic document and record management systems. Boca Raton: Auerbach Publications. Addey, D. (2002). Content management systems. Birmingham: Glasshaus, cop. Boiko, B. (2005) Content Management Bible. Hoboken: John Wiley & Sons. Hackos, T. (2002). Content management for dynamic web delivery. New York: John Wiley & Sons. Halvorson, K. (2009).
Content strategy for the web. Indianapolis: New Riders. Jenkins, T. (2005). Enterprise content management: what you need to know; [turning content into competitive advantage]. Waterloo: Open Text Corp. Rockley, A. (2003). Managing enterprise content: a unified content strategy. Indianapolis: New Riders. Sampson, K. (2002). Value-added records management: protecting corporate assets, reducing business risks. West port: Quorum Books. Stephens, D. (2007). Records management: making the transition from paper to electronic. Alexa: ARMA. Wiggins, B. (2000). Effective document management: unlocking corporate knowledge. Aldershot: Gower.