of Archives and History
Public Records - Standards
Management of Electronic Records
The purpose of these
rules is to provide the standards necessary to ensure that electronic
public records created and/or possessed by state agencies and other
governmental entities, and retained only in digital format, will remain
accessible to the public, state agency, or governmental entity for the
full period that the record must be retained, as detailed in a properly
approved records control schedule. These rules are supplemented by a
companion set of guidelines compiled by the Mississippi Department of
Archives and History to explain more thoroughly its policies pertaining
to electronic records and to assist agencies and entities with compliance.
These rules must
be followed by state agencies or other entities of the State of Mississippi
when planning for the management and retention scheduling of electronic
records. The rules apply to records scheduled as permanent through the
Mississippi Department of Archives and History's (MDAH) records control
scheduling process. The rules also outline best practices for records
retained administratively for short and medium terms. If an approved
records control schedule is not in place, however, the agency or entity
must treat all unscheduled records as though they are permanent and
comply with these rules. If an agency or entity does not comply with
the rules as specified here, MDAH may not be able to accept its permanent
There are two statutory
authorities for the establishment of these rules.
of 1972, Annotated, §25-59-1 through §25-59-31 comprise the
"Mississippi Archives and Records Management Law of 1981,"
as amended. The law designates the Mississippi Department of Archives
and History as the archival and records management agency of the state
of Mississippi, establishes the State Records Committee to review and
approve records control schedules, and sets forth records management
duties of state agencies and officials. §25-59-9 provides that
"The department shall adopt such rules and regulations deemed necessary
to carry out its duties and responsibilities under this chapter, which
rules shall be binding on all agencies and the persons affected thereby.
The department shall publish said rules and regulations in accordance
with the provisions of the Administrative Procedures Act, Sections 25-43-1
et seq., Mississippi Code of 1972."
of 1972, Annotated, §25-61-1 through §25-61-17 comprise the
"Mississippi Public Records Act of 1983," as amended. The
law codifies state policy regarding access to public records, stating
that public records as defined by the law (see definitions list) are
open for inspection unless otherwise provided by law. §25-61-2
stipulates that "providing access to public records is a duty of
each public body and automation of public records must not erode the
right of access to those records. As each public body increases its
use of, and dependence on, electronic record keeping, each public body
must ensure reasonable access to records electronically maintained,
subject to records retention."
- These rules are
applicable to all custodians of public records, including state agencies
and other entities of the State of Mississippi.
- These rules establish
the minimum requirements for the management and retention scheduling
of four genres of electronic public records: records generated by
networked desktop systems, email, webpages, and enterprise databases.
- These rules apply
to records series which have been scheduled as permanent by the State
Records Committee and to any records which have not been scheduled
at all, pending execution of an approved records control schedule.
are subject to the same legal recordkeeping requirements as are paper
records. Inventory and appraisal of electronic records, however, should
be carried out as early as possible, preferably when computer systems
are first being put into place, to reduce the risk that information
may be lost or become inaccessible through changes in information technology.
Because computers have been used in Mississippi state government for
more than thirty years, and this is the first specific rule for their
management to appear, there are many legacy systems in place that may
be based upon technical standards that are not in compliance with the
standards outlined in these rules. It is not the intention of the Department
of Archives and History to impose standards upon an agency or state
government entity that will reduce the benefit of an existing or planned
electronic application, provided that the Department can be confident
that steps are being taken to insure the safe retention of existing
records until such time as they can be scheduled. Existing electronic
records and electronic records systems that have not yet been scheduled
can and should be inventoried, appraised, and scheduled as soon as feasible,
and the Department of Archives and History stands ready to assist any
agency or governmental entity in this task. New systems should meet
the standards detailed herein from their inception and should be scheduled
as part of the design and/or acquisition process. The mutability of
electronic records requires that system designers incorporate both records
retention requirements and descriptive metadata within the system at
the time of design.
When an agency is required by law or policy to retain custodianship
of electronic records that are determined to be of permanent value,
special arrangements must be written into the records control schedule
to guarantee that the records are retained securely in readable form
as long as they are in agency custody, in spite of software and equipment
improvements, obsolescence, and replacement. Agencies have a legal requirement
to "ensure reasonable access to records electronically maintained,
subject to records retention" (Mississippi Code of 1972, Annotated,
§25-61-2). As agency systems administrators and records managers
upgrade, convert, or otherwise move electronic records, quality control
procedures must be in place to ensure that the records are readable,
accessible, and unaltered once they reside in the new software and/or
equipment. "Conditional" records control schedules should
clarify and formalize the terms of agency custodianship, detailing what
will be retained, why it will be retained, how it will be preserved,
and when it will be preserved. Such schedules must specify retention
periods but also spell out a long-term agreement with the agency on
handling migration and ensuring accessibility to the records over time.
Continuing contact with the agency must be provided for in the schedule,
so that MDAH is notified of software changes or other occurrences affecting
migration. "Conditional" schedules can be renegotiated should
agencies decide that conditions have changed and they wish to make altered
arrangements with MDAH.
In records management parlance, analysis of the value of records prior
to the preparation of a schedule. The content analysis must assess administrative,
evidential, informational, and legal values in order to determine whether
the records' permanent value to the public warrants their permanent
This term is meant to refer to networked PCs using a standard suite
of programs, including especially word processor and spreadsheet programs,
as well as personal databases and other more specialized application
International metadata standard, designed for Internet implementation,
consisting of a 15-element set of metadata tags for recording a wide
range of contextual information pertaining to an electronic record;
Management System/Records Management (EDMS/RM): For the purposes
of this rule, any one of a number of systems tested and approved under
U.S. Department of Defense standard 5015.2 or its successor, designed
to implement business and records management rules on networked personal
computers. This standard has been mandated by the U.S. National Archives
for implementation in all Federal agencies by 2007. For the standard,
see http://web7.whs.osd.mil/text/p50152s.txt, and for the website for
DoD testing and approval see http://jitc-emh.army.mil/recmgt/.
Records that require a computer or comparable electronic device in order
to be created, perceived, modified, or deleted.
mail created using a standard desktop client program and sent via the
Internet using standard protocols.
A database is a collection of data that is organized so that its contents
can easily be accessed, managed, and updated record by record or in
various aggregates. The present rule is aimed at so-called "enterprise"
databases, which contain centralized data shared by many users throughout
one or several government entities. Enterprise databases may be dynamic/transactional
(constantly changing, with periodic additions, deletions, and alterations),
or static/cumulative (information is added but not altered or deleted).
Retention periods for electronic records are easily determined when
it comes to clearly understood short-term administrative needs or long-term
permanent or quasi-permanent retention, either determined by historical
or informational values or by legal requirements. Where electronic records
create a problem is in the case of those that are designated for permanent
retention, during the period after they have been created but before
they have become administratively unnecessary. Under normal circumstances,
agencies would be obliged to keep such records readable, secure, and
unchanged in spite of system upgrades and even software changes. "Escrow"
archiving is a workable solution to this problem. If records will often
have a lengthy administrative retention period, for whatever reason,
they can be scheduled to be "escrowed" into the custody of
MDAH (i.e., provided to MDAH in a certifiable copy under terms formally
established by records control schedule). MDAH will then bear responsibility
for maintaining and migrating such records, while the record creator
is free to alter or dispose of his copy as and when convenient. The
record creator must provide public access to it if requested unless
he chooses to make prior arrangement for MDAH to do so by means of an
approved records control schedule. Ownership is transferred from the
agency to MDAH at the end of the scheduled administrative retention
Metadata is data about other data. It describes a record by adding contextualizing
information that cannot be derived from the content of the resource
alone. The primary purposes of assigning metadata are to help users
find an information resource and to assist the owner in the management
of the resource. A metadata set consists of a set of attributes, or
elements, necessary to describe a resource. Metadata can be created
at the time of the resource's creation by the agency or governmental
entity or created later as part of a transfer or cataloging process
by MDAH, and it can function at several scales, as it describes the
individual record or the entire system. It can be stored in a number
of ways, including but not limited to Hypertext Markup Language (HTML)
metatags stored within the resource itself; Resource Description Framework
(RDF) metatags stored either within the resource itself or separately
from it; a database stored separately from the resource; or a records
management system, stored separately from the resource. The Dublin Core
metadata standard, which forms the basis of the metadata element set
described in these rules, does not prescribe either type of linkage,
leaving the decision to each implementation. Under these rules this
flexibility is retained.
Transfer of records from one computer system, hardware or software,
to another, while preserving functionality and documentation.
Public documents, as defined in legislation that directs the Library
Commission to disseminate them, are "the public records issued
by any government agency for public distribution" (Mississippi
Code of 1972, Annotated, §25-51-1). Although the "publication"
addressed in the statute does not envision the existence of website
posting as a substitute for paper publication, agencies and other entities
are already using website posting to supplement paper publication in
order to lessen costs, and it is likely that this practice will continue.
"All books, records, papers, accounts, letters, maps, photographs,
films, cards, tapes, recordings or reproductions thereof, and any other
documentary materials, regardless of physical form or characteristics,
having been used, being in use, or prepared, possessed or retained for
use in the conduct, transaction or performance of any business, transaction,
work, duty or function of any public body, or required to be maintained
by any public body" (as defined in Mississippi Code of 1972, Annotated,
Schedule: "Records Control Schedule shall mean a set of instructions
prescribing how long, where or in what form records shall be kept. .
. .Such records control schedules, once approved, shall be authoritative
and directive, and shall have the force and effect of law" (Mississippi
Code of 1972, Annotated, §25-59-3 and §25-59-7).
encryption: Mississippi law includes the requirement that "Before
a public body acquires or makes a major modification to any information
technology system, equipment, or software used to store, retrieve, or
manipulate a public record, the public body shall adequately plan for
the provision of public access and redaction of exempt or confidential
information by the proposed system, equipment or software" (Mississippi
Code of 1972, Annotated, §25-61-10). This must be done as part
of a broader review of the records with respect to the potential need
for restrictions on access, beginning with Mississippi's Public Records
Law (Mississippi Code of 1972, Annotated, §25-61-1 through §25-61-17),
which requires that all state records are open for public inspection
with the exception of those specifically exempted by law. Once records
and title to them have been transferred to MDAH, they are open for public
use "with the exception of those records specifically prohibited
from being opened to inspection by state law, federal law, court order,
by contractual agreement with a private third party or by agency request
consistent with law" (Mississippi Code of 1972, Annotated, §25-59-27).
Therefore the approved records control schedule must leave no doubt
regarding the public use status of the records, on the whole and in
part, and must specify requirements for the agency or MDAH to redact
or encrypt any portion of the records.
Webpages are the individual collections of text, graphics, and other
contents, designated by unique Uniform Resource Locator addresses and
transmitted to users connected to the Internet in response to their
request to the computer server on which the pages reside.
F. SPECIFIC REQUIREMENTS:
the use of automated systems for the collection of metadata for desktop-generated
records is preferred so that the process may be standardized and easily
documented. A number of networked electronic document management systems
(EDMS) having built-in records management (RM) capabilities are available
that meet MDAH's requirements for the management of desktop records
and their related metadata. Acceptable EDMS/RM software must include
the ability to attach required metadata elements and to implement recordkeeping
policies and records control schedules. They must also be capable of
exporting both records and metadata to other systems. Such EDMS/RM systems,
when properly configured and maintained, can guarantee the legal integrity
of an agency's recordkeeping. As a result of the development by the
Department of Defense (DoD) of a set of requirements and qualifying
test procedures for such systems, a set of systems meeting MDAH's requirements
have already been tested and approved through the DoD approval process
(see the approved EDMS/RM list developed by the Department of Defense
Another option for
the collection of metadata and the implementation of records control
schedules for networked desktop systems is the use of existing software
along with some programming and user activity that attaches metadata
and archives records according to an approved records control schedule
on a routine basis. To do this requires network capabilities, applications
capable of collecting and exporting metadata, and the establishment
of a central storage repository to collect archival records with their
attached metadata and to maintain schedules. Whether an EDMS/RM system
is purchased or built, it must itself be documented to establish that
the records were reliably created in the "normal course of business"
and are legally defensible.
Whether an agency
attaches metadata within EDMS/RM system or agency-designed system,
the application of these rules will preserve relationships among
desktop records, archival series to which they belong, and records
control schedule. MDAH requires that following items be attached
scheduled for permanent retention:
For some desktop records, such as reports, the title is self-evident,
but others require the addition of a descriptive title.
In the case of most desktop records, the author/creator is the person
who actually generates the record on the individual desktop in question.
If this person is generating this record on someone else's behalf
and with that person's authority, that person should be listed as
Although the standard places no limits on the number of keywords,
in practice the agency should develop keyword-assignment conventions
and should document them.
The agency or other governmental entity of which the desktop system
is a part. Although this item is mandatory, it can be added upon
receipt by MDAH if so agreed in the schedule.
Should include both the date created and the date made available.
The originating format (e.g., Microsoft Word .doc file plus version)
of the record.
Specifies the records series to which the record belongs and the
records control schedule that applies to it.
Name. In the case of correspondence or memoranda or other applicable
records, this item is mandatory.
Transmission. Draft or final version. Mandatory for desktop
records to establish versioning.
G. SPECIFIC REQUIREMENTS:
The state of Mississippi
has at present no privacy laws affecting state employees except for
a very few exempted types of personnel records. These exempted types
do not include electronic mail generated by state employees in their
normal work, which for retention purposes must be treated like any other
correspondence. Because email is generated electronically and does its
work electronically, however, and because transfer to another medium
lessens its accessibility, MDAH believes that the law that provides
for public accessibility to electronic records also requires that agencies
archive email electronically.
of email records in an EDMS/RM with subsequent schedule-driven archiving
to MDAH would be ideal, since it would manage and retain email according
to specific business rules incorporating approved records control schedules.
But most agencies have no such systems in place. When such systems are
planned, however, an email component must be specified as part of the
In the absence of
EDMS/RM software in the agency to regulate email according to a set
of pre-established policies and records control schedules, it is still
the responsibility of the agency to retain all email that is scheduled
for retention or, because unscheduled records may not be destroyed,
all email that is not covered by an approved records control schedule.
To deal with this common problem MDAH has developed a general schedule
that can be applied universally to all state government email systems.
This schedule will permit agencies to dispose of certain well-identified
email and to "escrow archive" the remainder with MDAH for
further processing at such time as appropriate schedules are in place
for other related records. The general schedule provides rules of email
capture and specifies schedules for transfer to MDAH. MDAH will recommend
appropriate filtering software to carry out general screening of email
to eliminate general classes of email known in principle to be excluded
from retention requirements, such as advertisement spam and listserv
and newsgroup emails. Anything not excluded should be collected at the
server level and transferred to MDAH to be retained in escrow according
to an agreement executed with the agency. MDAH intends to process such
emails in bulk using automated methods to carry out its normal appraisal
All email, regardless
of the software used to generate and transmit it, has the following
familiar fields: Subject, Date, From, To. Some email may have additional
information, such as gateway timestamps, blind carbon copies, and more.
Because any email presently being created can be relied upon to have
at least these four fields, they form the basis of the minimal metadata
set required, necessitating no additional effort to collect, as they
are part of the message itself:
This is the account in which the electronic message was composed,
as represented in the "from" line.
This should be the "subject" line of the email, as given
by the sender.
This is the "date" when the email was sent, which is supplied
by the originating server.
Name. This is the account to which the email is directed, as
represented in the "to" line.
MDAH will append
additional metadata at the time of transfer from the agency:
This will be the agency from which the the email was collected.
Type. This will of course be email in every case, but attachments
can be accommodated here as well.
Information about the mail client/server system at the agency from
which the electronic mail was transferred, as recorded during application
of the general schedule.
Identifier. Record number as assigned by MDAH's management database.
automatically contained within the email may be placed in additional
elements or may be discarded, but the agency is not required to remove
it or examine it.
H. SPECIFIC REQUIREMENTS:
The definition of
"public records" in Mississippi's Public Records Law encompasses
"any other documentary materials, regardless of physical form or
characteristics" (Mississippi Code of 1972, Annotated, §25-61-3).
Websites and their component pages fall under this umbrella. The broadly
public nature of webpages, which are actively and intentionally made
available to the entire planet, is incontrovertible. Further, at least
a subset of webpages consists of records that are also published and
disseminated in paper form as "public documents" (see Mississippi
Code of 1972, Annotated, §25-51-1).
The Department of
Archives and History has determined that webpage scheduling can be vastly
simplified through the application of a general schedule to an agency
or entity's entire website, requiring that the publishing agency or
entity simply send a copy of the entire website to MDAH at stated arbitrary
intervals and on the occasion of a major revision, as regulated by official
adoption of the general schedule or a modification of it negotiated
As the schedule
can be simplified considerably, so can the metadata requirement. Because
webpages are creatures of the electronic environment and really have
no paper counterpart, they have the potential for inclusion of self-documenting
elements integral to their structure and function. For this reason metadata
has a very specific meaning when it refers to webpages. It refers to
the keywords used to describe that webpage, defined within a particular
part of the HTML source code for the page called the "metadata
tag." The Dublin Core metadata tag set, which forms the basis of
MDAH's metadata standard for all electronic records, was originally
conceived for author-generated description of Web resources, which makes
it particularly well-adapted to the description of webpages. Six, or
in the case of "public documents" seven, Dublin Core metadata
tags are required on each webpage for compliance with this rule. Several
of these metatags will be identical for all pages belonging to a given
agency, while others can be generated automatically by a style sheet.
MDAH has prepared an appropriate template for agencies to use in generating
This can be taken directly from the <title> tag on the page
in most cases. The title metatag requires distinct wording only
if the <title> tag is frivolous or non-descriptive of page
Carefully-applied keywords here can improve the visibility of webpages
in cyberspace as well as assist in their cataloging.
Generating author(s). This can be either the webmaster creating
the document and/or the office within the agency that assumes creative
responsibility for webpage content and display.
The generation date of the page, when it was first posted to the
The name of the agency or entity that produces the webpage.
The absolute URL for the page.
This metatag is only required if the agency is posting a "public
document," to define it as such. "Source" then specifies
the title of the published paper document.
I. SPECIFIC REQUIREMENTS:
The law speaks specifically
to the case of enterprise databases in state government. It provides
that "A public body may not enter into a contract for the creation
or maintenance of a public records data base if that contract impairs
the ability of the public to inspect or copy the public records of that
agency, including public records that are on-line or stored in an information
technology system used by the public body" (Mississippi Code of
1972, Annotated, §25-61-10). Because the statute sets no time limit
to this requirement, only the records control schedule can define database
retention requirements and permit the destruction of database records.
As with all records,
the appraisal of databases includes content and technical analyses.
The results of these analyses determine whether and how the records
should be preserved. If records of permanent value have been identified
as part or all of the database, the records should be preserved in electronic
format, because part of the long-term value of a database lies in its
structure. Technical analysis of the system must identify those points
in the system life cycle at which records can be extracted for preservation;
establish requirements for technical documentation necessary to permit
reading and interpreting of the records; and analyze system and software
dependencies to determine how they affect transfer, preservation, or
retrieval of the records.
For database records
to be meaningful, the systemic environment of which they are a part
must be documented and the documentation retained. Best practices in
database management require the maintenance of thorough documentation
of the logical structure and content of the database. Such documentation
should reside in a permanently-maintained data dictionary. It is especially
important that the data dictionary clearly define any data items explicitly
exempted from public records law.
The complexity of
databases and the need to provide for the preservation of whole databases
with legally protected fields encrypted requires the introduction of
flexibility to the scheduling process. This makes them ideal candidates
for "conditional" scheduling, whereby the agency agrees explicitly
to maintenance and migration standards as long as the database is in
active use and to specific conditions under which records of permanent
value will be transferred to MDAH for permanent retention.
In addition to documentation
covering the content of the database, agencies should compile and maintain
documentation of its creation and use as long as it is in current use.
Properly implemented audit trails are required to provide documentation
of how records were created, modified, stored, and reported. They can
detect who had access to the system, who used it and how, whether staff
followed established procedures, or whether unauthorized acts may have
occurred. Such security software programs are necessary to establish
that the record was reliably created in the "normal course of business"
and is legally defensible. In conjunction with the keeping of database
statistics, this information must be kept not only for audit purposes
but also as historical data.
Department of Archives and History requires that the following series-level
documentation be maintained for enterprise databases, whether such databases
are specified through properly-executed records control schedules to
contain records of permanent value or whether they are not yet scheduled
and therefore bound by Mississippi Code of 1972, Annotated, §25-61-10.
Complete and/or short title, distinguishing the database from all
others owned by the agency.
Name of the agency, organization, section, branch, etc. that controls
access to the database.
Keywords identifying the subject(s) covered by the database.
Narrative description of the database, including the reason(s) for
the existence of the database, specifying the agency requirement,
function, or goal that prompted the creation of the database or
was responsible for its continued maintenance and the major agency
program or mission supported by the database, citing any legislative
actions or authorities requiring operation of the database.
The agency, bureau, or other entity responsible for making the database
or any part of it available to the public when requested.
Start date and end date (if not current) for data included in the
For databases these include flat file (non-relational), relational,
hierarchical, spreadsheet, document management, image management,
geographic information system, and whether the representation includes
objects in any specific formats.
List of data elements closed to the public, citing pertinent state
or federal regulations. Description of any special physical conditions,
impediments, or enhancements associated with accessing the database.
Description of any additional constraints or enhancements (security,
copyright, etc.) affecting public access to the database and requirements
for encryption or redaction of specific fields.
In addition to the
above Dublin Core data elements, the following elements referring to
the database as a whole must also be collected as part of the initial
records control schedule and updated whenever major version or usage
changes, defined in the schedule, take place:
Data Modules. List of pertinent database tables, files, spreadsheet
worksheets, or similar modular units of data. A database may consist
of a single data module or a collection of related data modules.
Annotated listing of data fields for each pertinent database data
module. For coded data, it must include code translation tables
(codebooks). Specific redacted or encrypted fields must be so annotated.
Update Frequency. Daily, weekly, bi-weekly, monthly, quarterly,semi-annually,
yearly, as needed, continuously, or other.
Statistics. Size of the database, number of primary records,
and estimated number of records to be added in the next twelve months.
Agency should update quarterly and retain history, to be added to
the records control schedule whenever a major version revision takes
Printed Reports. Listing with brief descriptions of standard
reports output in printed form from the database. Include query-language
statements to specify what is retrieved.
Electronic Reports. Listing and brief descriptions of standard
reports output digitally from the database to digital storage media.
Include query-language statements to specify what is retrieved.
Custom or ad hoc Reports from Database. Description of any options
available for the design and creation of custom reports by agency
staff or other users.
of Electronic Copies of Database. Listing of digital formats
in which the database can be copied or reproduced using the agency's
Computer System. Description of the computer system supporting
the database, including name of hardware manufacturer, name of hardware
model, name of operating system and version, name of database development
software, name of database engine, name of query language or other
middleware (if applicable), and name(s) of any pertinent database
level add-ins or modifications. As modifications are made, the schedule
must be updated and amended. This documentation need not be duplicated
in the enterprise database schedule if it is captured under the
records control schedule governing an agency's Information Systems
(IS) production records, but the relevant schedule should be cross-referenced.
In addition to the
database itself, records control schedules for databases must include
the retention and disposition of its digital and paper input and output,
including the following:
and/or forms. Specific retention periods and disposition instructions
must be part of the database schedule.
Reports. Retention and disposition of paper and digital database
reports must be specified by the schedule, as must the system's
ongoing capacity for generating reports and the capability of MDAH
to recreate them once the data has been transferred.
Retention of system documentation specific to the enterprise database
(requirements, design, modification, maintenance) must be incorporated
into the records control schedule.
In addition to the
"conditional" schedule's need to specify migration requirements
to ensure long-term accessibility to records, it must detail specifically
what data must be migrated for preservation purposes. A migration plan
must be in place from the beginning to prevent the loss of accessibility
to public records. Any database migration activity must be documented.
All methods and
tools used by vendors or agency staff must be documented, for migration
planning, backup and recovery review, installation of products and temporary
fixes, migrating database structures, transferring data, and migration
validation. This documentation need not be duplicated in the enterprise
database schedule if it is captured under the records control schedule
of an agency's IS production records, but the relevant schedule should