Here's the longer version of my title: Why I Not Only Support the DoD 5015.02-STD Standard, I Encourage all Federal Agencies to Adopt it. A Counterpoint to Don Lueder’s Post.
[Editor's Note:: Read Don Lueders' original post: On Why I No Longer Support the DoD 5015.2 Standard. You can also read another voice in the debate, Ron Layel: To Support or Not Support the DoD 5015.2 Standard (Some pet peeves and views on the debate from a RIM practioner's perspective)]
Don, your analysis is very detailed and on the mark. 5015.02-STD is in need of an update to reflect how RM is done these days. However, I disagree with your assessment that somehow the standard should not be supported as is.
Here are some of the reasons I not only support the standard for the U.S. federal government, I encourage all agencies to adopt it as a baseline for selected products.
First of all, let’s examine what is in the DoD 5015.02-STD specification:
· Base certification (Baseline)
o Chapter 2, Mandatory Requirements
o Chapter 5, Transfers
o Chapter 6, Non-Mandatory Features
· Chapter 3 is Management of Classified Records (Classified)
· Chapter 4 is Managing Records for the Privacy Act and the Freedom of Information Act (FOIA & PA)
The Joint Interoperability Test Command (JITC) provides a list of certified products: http://jitc.fhu.disa.mil/cgi/rma/reg.aspx. DoD organizations may only purchase records management products that are on this list.
The key point in understanding how to take advantage of the standard is that the certification does not reflect how an agency will actually use Records Management. It is based on an outdated paradigm of user based records declaration that does not include inheritance of records classification, role or process based classification, or auto classification. Nevertheless, the standard provides some key guidance that is of significant benefit to federal agencies.
There are a number of key market drivers in the federal market at this time. A key driver is the NARA/OMB Managing Government Records Directive, OMB 12-18 http://www.whitehouse.gov/sites/default/files/omb/memoranda/2012/m-12-18.pdf. This directive mandates that all permanent records be managed in digital format by 2019. The directive additionally calls for management of email in electronic format in a Records Management system by 2016.
Therefore all agencies are making plans to implement enterprise wide solutions to meet these requirements.
At the same time several other market drivers support this new paradigm:
· “Cloud First” – an initiative from Vivek Kundra, the former federal CIO, that requires all agencies to move new IT systems to the cloud if possible, to lower operating costs and to consolidate applications. Many agencies have already moved their email solutions to the cloud and are looking at other applications as well.
· PortfolioStat – an initiative supported by Steven Van Roekel, the current federal CIO, that requires all agencies to reduce duplicative solutions and modernize business processes to improve the way government works. “We must use IT as a strategic asset and drive cost savings to pay for new and emerging technologies that can fundamentally improve the way government does business.”
· Audit Readiness – an effort from the Department of Defense that mandates that all DoD organizations be “audit ready” by 2016, meaning they have to be able to pass financial audits for financial transactions and asset management. The key to this initiative is to retain all elements of a business transaction throughout its lifecycle – in electronic form - so that it can be easily located for audits.
· Cyber Security – the increasing threat of malware and hacking focuses support of solutions that wrap content with layers of security and access controls.
· Increasing visibility of privacy and compliance requirements such as FOIA, Privacy Act, HIPPA and more.
The solution to all of the requirements, in part, is the implementation of an Enterprise Content Management (ECM) (as part of an Enterprise Information Management strategy) solution that is integrated with most key business applications. This solution provides Information Governance throughout the lifecycle of all content, providing standardized metadata, security and access controls, version control, workflow and Business Process Management, federated and advanced search, eDiscovery, email archiving, auto-classification, FOIA and much more, using a unified repository for unstructured records. Records Management is a key component of this infrastructure, providing the basis for records retention, legal holds, disposition, and intelligent storage management. The RM component must provide management of both electronic and physical records.
The Records Management component of this approach is based on a streamlined, simplified “Big Bucket” Records Retention Schedule. Most, if not all, agencies are in the process of reviewing and modernizing their schedules, and NARA is doing this for their General Records Schedule.
Some agencies, such as the U.S. Department of Interior, have already implemented this approach, in the cloud. DOI is currently ingesting 30 million (Google) emails per month into their ECM solution, using auto-classification and Records Management, and are rolling out the full set of ECM features across the enterprise: http://www.prnewswire.com/news-releases/us-department-of-the-interior-deploys-opentext-cloud-based-enterprise-content-management-solution-162897386.html.
So, given this macro set of trends driving the modernization of records management throughout the federal government, how does the 5015.02-STD standard fit in?
As part of the Managing Government Records program, all agencies are in the process of defining the taxonomy for their records, how to transfer records to NARA, and more. Currently the danger is that agencies will each do their own thing, resulting in a chaotic, disparate approach that is inconsistent at best. There are Communities of Interest that are working towards defining metadata and transfer standards for electronic records and email.
The danger here is that these groups may come up with approaches that do not reflect best practices or that compound issues to make it harder rather than easier to meet the objectives of the directive consistently across the government.
Therefore I recommend to all agencies that they adopt the 5015.02-STD standard and make it a requirement in their enterprise architecture.
It sets mandatory metadata standards for all records, including for different kinds of files such as email, photos, and office documents
It defines the best methodology for destruction of electronic records at the end of their lifecycle
It provides a standard approach for transfer of records from one agency to another, and for transfer from an agency to NARA
It defines metadata requirements for classified records
It defines requirements for FOIA and Privacy Act solutions
If all agencies purchase solutions that are 5015.02-STD certified, it promotes a level of consistency across the government. Working groups and Communities of Interest should work with JITC to improve and modernize the standard rather than to adopt new, and perhaps contradictory, standards. All new approaches should look at 5015.02-STD as the baseline and build on it.
For example, Baseline certification includes mandatory metadata standards for all records. As Don points out, many of these metadata fields can be onerous in the real world if a user has to enter the data. However, in actual practice most, if not all, of these fields can be automatically populated by the system if it is properly implemented. Records classification inheritance, role and process based classification and auto classification are the tools today that make meeting these requirements largely transparent to the end user. While these approaches are not included in the specification,it is the consistency of what is collected, based on mandatory metadata requirements, that is most important.
NARA has implemented an ambitious electronic content management and accessioning application called ERA – Electronic Records Archive. All agencies must ultimately transfer their permanent records in digital form to NARA by 2019. The JITC specification includes Chapter 5, Transfers, that provides a standardized metadata schema to support this requirement. Again, it is not complete or perfect, but it provides a starting point for all agencies that supports consistency – rather than reinventing the wheel, so to speak, agencies should start with the standard and build upon it.
So, in summary, I heartily agree with Don that the standard is in dire need of modernization. It is my understanding that changes are being made to the certification process as we speak, moving to “Perpetual” certification for products and to allow certification of “Component” products that are targeted at a subset of RM or ECM requirements, as long as they partner with a broader solution provider. It is a start.
The key takeaway is that while the standard is not perfect, agency adoption provides a baseline of consistency that is very valuable to the government as a whole, especially in these times of rapid solution consolidation and modernization. Agencies and vendors should work collaboratively with JITC to promote modernization and evolution of the standard to meet the new market realities. Modernization of the standard must consider that many agencies have been using it for a number of years and that the best approach is to add requirements or augment existing ones, to minimize impact on existing record collections.
The reality is that virtually all ECM vendors provide Records Management as a key component of their solution, and they are all certified to at least the Baseline 5015.02-STD standard. These products range from open source to very inexpensive to large enterprise class ECM suites, so agencies can pick from a large range of solutions that are readily available, in all price ranges. All of these vendors have invested years of work in compliance and many of the issues Don points out are really moot for most organizations, given that meeting the standard does not imply - in any way - how you actually implement your ECM solution and RM processes.
While I encourage all federal agencies to adopt the standard, especially given the Managing Government Records directive, commercial organizations should consider it as well – consistency being the key.