Records Management at Brown University

Introduction

The purpose of these guidelines is to provide departments and offices with guidance on the responsible management of University electronic records that align and support the Institutional Records Policy. These guidelines, in accordance with other established University policies and procedures, apply to all electronic records, regardless of their digital form, created or received by an office or department of the University in transaction of its proper business or in pursuance of its legal obligations.

A number of new technologies create electronic records, and the record creation can be both active (e.g., adding data to a database) or passive (e.g., automated logging of system updates). Individual records may be created in electronic mail systems, as web-based publications, and as documents created and stored in administrative information systems.

* Adapted from Records Policy and Procedures Manual (http://bentley.umich.edu/uarphome/manual/index.php), University of Michigan, Bentley Historical Library, University Archives and Records Program.

Background

There is a rapidly increasing volume of information which exists in digital form. Considerable opportunities are offered by digital technology to provide rapid and efficient access to information, but there is a very real threat that the digital materials will be created in such a way that not even their short-term viability can be assured, much less the prospect that future generations will also have access to them.

Practical experience in this area is still emerging. Much of the dialog on and research in digital preservation has focused, properly, on the difficult technical problems involved in packaging and otherwise managing digital material in ways that it can survive the passage of time and changing computational environments. But, as the digital world has increasingly come to realize over the years, technical solutions are only one aspect of the whole solution. Addressing the many issues surrounding digital preservation is of particular concern as we consider the needs of records management.

The University has developed a well-researched and thoughtful approach to managing institutional records, and has prepared a policy, guidelines, and best practices for a comprehensive records management program. While the University policy provides the highest level of authority on all records management, there are additional protections, safeguards, and preservations associated with digital records. Adherence to the guidelines provides many benefits that include:

• fulfilling legal mandates
• facilitating records retrieval
• identifying strategies for the preservation of records
• reducing the costs of storing obsolete records
• ensuring the creation and management of accurate and reliable records

For the purposes of these guidelines, a digital record is defined as electronic information in any form created or received and maintained by an organization or person in the transaction of University business or the conduct of affairs and kept as evidence of such activity.

Electronic records should be reliably and securely maintained:

• In most cases, electronic records should be maintained in their electronic form, because preserving the context and structure of records and facilitating access to them are best accomplished in the electronic environment.
• Records created and maintained within reliable electronic recordkeeping systems should serve, in most cases, as the official record copy.
• Recordkeeping systems should meet legal and administrative requirements, national and international standards, and best practices for recordkeeping in an electronic environment.
• For the responsible management of electronic records, departments and offices should create and maintain written policies and procedure that fully and accurately document the overall management of their local system and/or needs.
• Electronic recordkeeping systems should include adequate system controls, such as audit trails, the routine testing of system hardware and software, and procedures for measuring the accuracy of data input and output

​Electronic records should be retained or disposed of in accordance with authorized and approved records retention schedules:

• Electronic recordkeeping systems should include an approved disposition plan.
• In accordance with an approved retention schedule, electronic recordkeeping systems should permit the deletion of records.
• Electronic equipment should be disposed of according to Computing and Information Services' Electronic Equipment Disposition Policy.
• Sensitive or confidential information stored on the hard drive of a machine that is to be discarded, sent to surplus or transferred to another individual or department should be disposed of according to Computer and Information Services' Data Removal Recommendations.

Work processes and associated business procedures and tools should support the creation and management of electronic records:

• Recordkeeping should be built into the defined business processes and electronic work environment thereby ensuring that records are captured, understandable and usable for immediate and long-term use.
• Whenever possible, university offices and departments should create models of business processes to determine where and when electronic records are created and used in the course of completing business transactions.

​Electronic records should be inviolate and secure:

• Electronic records should be protected from accidental or intentional alteration and from deletion while the record still has value.
• Only authorized personnel should be permitted to create, capture or purge electronic records.

Electronic records should be preserved without loss of any vital information for as long as required by law and policy:

• The future usability of electronic records should be ensured through the development of migration or conversion strategies designed to update hardware, software and storage media.
• Electronic recordkeeping systems should manage and preserve for the useful life of the record both the content of the record as well as the associated metadata that define or document the record's content, context, and structure.
• Electronic records should include or be linked to the essential metadata describing content and structure of the business record and the context of its creation.
• Accurate and reliable links between the electronic record and the business transaction that created it should be maintained.
• Accurate and reliable links between records of similar or like transactions should be maintained.

​Electronic records should be accessible and retrievable in a timely manner throughout their retention period:

• Recordkeeping systems should be capable of exporting the content, structure and context of a record in an integrated presentation and in an accessible and useable format.
• Electronic records should be easily accessible in the normal course of business.
• Electronic records should be searchable and retrievable for reference and secondary uses including audits, legal proceedings, and historical research.
• Training and user support programs should be available to ensure that users can access and retrieve electronic records.

​Access to electronic records should be controlled according to well-defined criteria (see: Computing Accounts Management Policy). Recordkeeping systems should ensure that electronic records are protected from unauthorized access:

• University offices should take measures to prevent unauthorized access to private and confidential electronic records by identifying records that are subject to legislative, regulatory and institutional policy restrictions.
• Records should be accessed to the minimum amount necessary to perform a business activity or function.

Electronic records should be organized and stored appropriately so that they can be accessed in a timely manner.

In other words, electronic records are to be managed by the same principles and procedures that govern paper records.

File naming conventions and file structures allow for electronic records to be eye legible. Most electronic records created by Brown employees are unstructured information that are typically text heavy like word processing documents, presentations, email messages, web pages, and PDFs. Large quantities of unstructured information becomes hard to locate and search without taking an active role in naming convention and structure.

There is no one size fits all approach for naming a electronic records and it is recommended that a naming convention and file structure be adapted on a division or department level. This allows for multiple users to all have the same knowledge on where to find a file and what a file is, based on the name.

File naming conventions and file structures should be unique, in line with business practices, human eye scannable, naturally ordered, consistent, and let you know what the file contains. Other things to consider:

• For file and folder names, consider using names that are descriptive of the content of the file or folder
• Avoid characters such as / \ & $ : * in names as these can have specific meanings to an operating system
• A good format for date designations is YYYYMMDD or YYMMDD
• Use underscores ( _ ) and not spaces to separate terms. Some search tools can’t read spaces and they can be visually confusing
• Keep names short. Some operating systems/software programs have a difficult time parsing long file or folder names
• Camel case, where the first letter of each section of text is capitalized
• Most importantly, be CONSISTENT

File Naming Conventions

The goal when designing a file naming convention is to make it obvious to the user what the file contains. Information to consider including in a file name:

1. Date, ISO Standard 860, YYYYMMDD
2. Project Name or Identifier
3. Type of Record or Information
4. Creator’s Name or Initials
5. Department
6. Version of file, Final or Draft include version number
7. Three or Four-letter file extension for application specific files

A few examples of file names with a naming convention applied:

• 2018-04-02_DOCU103_Electronic_Final.ppt
• 20180104_AlphaProject_Notes_AM_Draft02-01.docx
• 20180615_FY19Budget_Smith_Archives_Draft03.xlsx

These are suggestions, use whatever identifiers work best for your department or agency’s business processes and be consistent.

File Structures

A file structure is a hierarchy of folders that organize files into groups that support an individual, department or even a division’s business practices. There are two editable metadata fields in a file structure: folders (which are repeatable) and the file name. Without proper organization of a file structure it becomes very difficult to find a file. Like a file naming convention, there is no one right way to develop a file structure. Folders can be organized by many different identifiers:

1. Type of Record or Information (Broad)
2. Date
3. Project Name or Code
4. Location
5. Individual, Department
6. Subset of a Type of Record or Information (Specific)
7. Any identifier that describes a business process

Below is an example of a file structure that uses the following folder hierarchy:

Department/Type of Record/ Year/Subset of a Type of Record/Project/File Name

• Department
  • Correspondence
  • Grants
  • Financial
  • Project Files
    • 2017
      • Completed
      • In Progress
      • Proposals
        • 2017010_AAService
      • Working Groups
    • 2018
  • Procedures and Policies

When developing a file structure, the first step should be to evaluate all of the files and create a structure that the files logically fit in rather than making the files fit the structure. This will allow for faster recall of the files. Create the entire folder hierarchy with empty folders before adding any files to the structure then you can start moving the files from their old location to the new file structure. It will quickly become clear if the file structure is meeting the needs of the files, if not, new folders will need to be created.

Many consider electronic mail a distinct category of records that should be handled differently from other records created in the office. However, electronic mail is essentially a mode of transmission for messages or information and effectively it is the same thing as sending a memo or a letter in "hard copy." It is a widely used communication system and as we become more comfortable with the technology it is being used to facilitate a wide range of business activities. As such, electronic mail can be an official record of the University. One of the most difficult aspects of the current electronic mail systems is that the systems are not designed as recordkeeping systems. This means that management of electronic mail is not part of the system design, rather e-mail needs to be managed by understanding what types of records are created using e-mail communication systems. Just as with "traditional" paper records, a good place to start in the management of electronic mail is to develop guidelines on how electronic mail records should be classified, retained, and stored.

Below is an outline of some of the guidelines that should be considered in the overall management of e-mail:

• The responsibility for the daily management of electronic mail communications should fall on individual employees.
• Determine the types of records created using electronic mail systems (for example, public, regulated, FERPA, student, financial, etc) and determine the retention period required for the records in each category. The retention period is based upon legal, fiscal, historical, and administrative requirements.
• Investigate the levels of filtering options of the e-mail systems that are in use within the office or department. Many systems now include features such as filtering that can aid in managing communications.
• Non-transitory electronic mail communications (i.e., email that is to be saved) should be filed in a way that will ensure that the communications are easily retrievable. A useful practice is to create a directory structure based on the functions and activities of the office. Developing a set of shared directory names within the office will aid in information retrieval over time.
• The record creator and recipient need to make the individual decisions regarding the disposition of electronic mail communications.
• Determine how electronic mail communications will be stored. Records selected for retention can be stored on-line or near-line in a document management system or record-keeping system. Alternately, they can be stored off-line on a physical medium.This decision should be based on the needs of the department and cost associated with the storage options. Each user and department must realize that space is not unlimited.
• If it is determined that email for an individual, office or department is deemed historical, please contact the University Archivist for advice on the proper handling and transfer of these records.