Compiling warrant in support of the functional requirements for recordkeeping

Bulletin of the American Society for Information Science, Jun/Jul 1997 by Duff, Wendy M

The functional requirements for recordkeeping are dictated and delineated in laws, regulations, standards and professional best practices. We place faith in certain recordkeeping practices and, consequently, trust records created and kept according to these practices. Other methods are viewed as less credible and therefore are more likely to produce records that are not considered to be reliable. For example, in law, records are considered hearsay because they cannot be cross-examined in court. Business records, however, are admissible if the records are made at or near the time by or from information transmitted by a person with knowledge if kept in the course of a regularly conducted business activity and if it was the regular practice of that business activity to make the memorandum, report, record or data compilation, all as shown by the testimony of the custodian or other qualified witness, unless the source of information or the method or circumstances of preparation indicate lack of trustworthiness. (United States Federal Rules of Evidence, Rule 803) Records managers and archivists have traditionally focused on the legal requirements for records and regularly consult laws and regulations to establish records retention requirements.

Laws and regulations are an extremely important source for recordkeeping specifications, and organizations must be fully cognizant of the regulatory environment governing the information system. Auditing standards, information technology standards, professional best practices and a host of other sources also control the creation, maintenance and disposition of records. Furthermore, industries have standards that regulate their recordkeeping practices. For example, industries wishing to be certified as ISO 9000 companies must comply with a set of standards that specify how an organization should operate and include many references to creating and maintaining records.

Warrant

The University of Pittsburgh Electronic Recordkeeping Project posited that the laws, regulations, case law, information technology standards, auditing standards and best practices promulgated by professionals could be used to strengthen the case for the functional requirements and to make them more comprehensible. The project team believed that it was important to build support for the requirements because it recognized that the requirements for recordkeeping may not be fully appreciated by many organizations. The team suggested that other stakeholders would be more inclined to comply with the functional requirements if they were linked to laws, regulations, standards and professional best practices.

The team suggested that archivists and records managers could use the statements from laws, regulations, standards, etc., as warrant, that is, as proof or justification that organizations must comply with the requirements because the requirements are based on practices established by their own profession or industry.

The team decided to compile a compendium of statements drawn from authoritative sources that explained and supported the functional requirements. The project wanted to provide a tool that archivists and other information professionals could use when presenting the requirements to other professionals concerned with recordkeeping. This compendium is available on the World Wide Web (http://www.lis.pitt.edu/-nhprc/). The author, who was responsible for compiling the warrant, decided to concentrate, firstly, on legal, auditing and information technology sources. These sources were chosen because lawyers, auditors and information specialists have power in organizations and can influence the design of information systems. Information specialists are concerned with development of systems, while auditors and lawyers are concerned with an organization's evidence.

The Sources for Warrant

To ensure that only highly respected sources were used, nine experts in the field of auditing, law and information technology (three individuals in each field) were asked to rate the authority of the sources. The degree of consensus ranged widely. The three legal experts assessed a total of 29 legal sources and their evaluations of the sources' trustworthiness were in agreement for 17 of them. The three reviewers who evaluated the auditing sources judged the trustworthiness of only 18 sources and they agreed on their evaluations for only five. The three reviewers of the information technology sources evaluated 29 sources, but they agreed on their evaluations for only three.

It is interesting to note that lawyers did not seem to evaluate each individual law or regulation on its own merit, but rather evaluated all laws and regulations as having maximum authority because, as one lawyer remarked, the laws, regulations and case law "were the law," while other sources were merely interpretations of the law. Information technology experts, on the other hand, seemed to evaluate the merits of each individual standard, rather than its source. This resulted in some standards that emanated from the American National Standards Institute (ANSI) receiving much higher scores than other ANSI standards. Moreover, the information technology reviewers only evaluated the standards they personally knew and trusted.