Presentación sobre los principales cambios en el Modelo de requerimientos para Sistemas de Gestión electrónica de Documentos, incluyendo Record Management.
3. Moreq 2010 (2011)
• The DLM Forum announced the MoReq2010 work programme at its
Gen. Meeting in Madrid in May 2010.
• May 2011: new specification launched at DLM Forum GM in
Budapest (delayed)
• The objectives of MoReq2010 are to broaden the appeal of
MoReq, introduce interoperatiblity, significantly increase its
adoption, and make compliance accessible to non-traditional
software suppliers.
• While MoReq2 introduced a model of software
compliance, MoReq2010 incorporates the flexibility and modularity
to extend that compliance to a wider range of software
(interoperability).
• MoReq2010 is more loosely coupled, allowing it to be extended to
meet the needs of different industries and markets, as required.
3
4. 2011: Differences to the consultation version of 2010
• Adoption of a service oriented architecture model:
• All the requirement in the MoReq 2010 core requirements have been bundled into ten services. A MoReq 2010
compliant system (MCRS) will be capable of offering up its functionality as services, that could be consumed by one
or more other information systems within the organisation.
• For example several records systems within an organisation could all consume the classification service of one
MCRS, enabling the organisation to hold its fileplan in one place whilst having it used by several systems.
• A MCRS must possess the capability to provide ten services:
• a records service (the capability to hold aggregations of records)
• a metadata service (the capability to maintain metadata about objects within the system)
• a classification service (the capability to hold a classification, to apply it to aggregations of records, and to link
headings within the classification to retention rules)
• a disposal service (the capability to hold retention rules, and to dispose of records in accordance with retention
rules)
• a disposal hold service (the capability to prevent the application of a retention rule to a record, for example because
the record is required in a legal case)
• a search and report service (the capability to retrieve and present records and metadata in response to queries)
• a user and groups service (the ability to maintain information about people and groups that have permissions to
use the system)
• a role service (the ability to assign roles to people and groups to determine what those people and groups can and
can‟t do within the system)
• system services (the capability to maintain event histories in relation to objects held within the system)
• an export service (the capability to export records together with their metadata and event histories in a form that
another MCRS could understand)
4
5. 2011: Differences to the consultation version of 2010 (2)
• Abandonment of the notion of a „primary classification‟
• The notion of a „primary classification‟ for records had been dropped. Instead a record will be
assigned a classification, from which it would by default inherit a retention rule. It would be
possible though for a person with appropriate permissions to override that inherited retention
rule, and instead assign to the record a different retention rule, or to get the record to receive
a retention rule from a different part of the classification scheme to the one it has been
assigned to.
• Reduction in the number of requirements
• The number of requirements had been significantly reduced. The consultation draft had
contained 436 requirements, these have now been consolidated into 170 requirements. But
the final core requirements document would be longer than the consultation draft, because
the introductory explanations had been increased to 90 pages.
Comment J. Lappin / J. Garde (link to blog)
5
6. Critical aspects
• Moreq was never officially endorsed or recommended in any directive by the
European Commission
• Moreq is currently in a triangle of disorientation (Kampffmeyer):
• (1) not fully accepted by traditional records managers & archivists in
leading organizations and institutions; in addition IT does often not
understand the functional integration of RM requirements (incl. NFR)
• (2) Moreq is considered as not relevant from users outside of the RM and
archivists community / world (mainly IT)
• (3) not (yet) really supported by leading vendors and even considered as
an additional barrier, cost driver (certification) and technology break
• Therefore it exists a certain danger that the development of the new standard
is rather reamed (clash) between a traditional RM environment/community
which has the tendency to become „incestuous“ and an open information &
office environment which welcomes basic record keeping principles in an
uncontrolled data growth (not giving away opportunities in practice for the
sake of ideology)
http://jhagmann.twoday.net/stories/19464155/ (comments Kampffmeyer)
6
7. Moreq Future: planned (1)
• MoReq diversifies against a common core set of best practice
requirements to infiltrate not only different software and technologies
but also different industry sectors.
• By 2012 and beyond we see the start of a trend to package MoReq for
"Health", for "Defence", for "Oil & Gas“ etc.
• The DLM forum are planning to have a first wave of additional modules for MoReq 2010 available
by the time of their triennial conference (Brussels Dec. 2011). Unlike the core requirements, the
additional modules will be optional rather than mandatory.
• Included in the first wave will be:
• an import service – providing the ability to import records and associated metadata from
another MCRS. Note that the ability to export records is a core requirement, but the ability to
import records is an additional module. This is because an organisation implementing its
first MoReq 2010 compliant system does not need that system to be able to import from
another MoReq 2010 compliant system.
7
8. Moreq Future: planned (2)
• Modules that provide backwards compatibility with MoReq 2
• a scanning module
• a file module (MoReq 2010 replaced the concept of the „file‟ with the broader concept of an „aggregation‟. The additional
module would ensure that a system could enforce MoReq 2 style „files‟ (which can only be split into volumes and parts).
In MoReq 2010 terms a MoReq 2 file is simply one possible means of aggregating records
• a vital records module
• an e-mail module (the core requirements of MoReq 2010 itself talks generically about „records‟ and do not focus
specifically on any one particular format)
• It is hoped that more additional modules would follow. Jon Garde would like to see MoReq 2010 additional modules
that cover records keeping requirements in respect of cloud computing, mobile devices and social software. He
urged anyone who feels that there are needs that MoReq 2010 could usefully address to come forward and develop
a module to address those needs. For example modules that provide functionality specific to a single sector (health
sector, defence sector etc.)
• Development of test centers:
• The MoReq Governance Board plans to accredit an international network of testing centres, to whom vendors
can submit products for testing against MoReq 2010. Six organisations have already expressed an interest in
becoming testing centres. There is no limit to the number of test centres that may be established. The test
centres will use test scripts and templates created by the MoReq Governance Board. Vendors will pay a fee to
the test centres to have their products tested, and (assuming they are successful) a fee to the DLM Forum to
validate the recommendation of the test centre and to award the certificate.
Source: Comment J. Lappin / J. Garde (link to blog)
8
9. Moreq Future: What is needed
• "Lex MoReq„ is needed! Still a leaner MoReq2011 should be anchored in a European Directive
and as a consequence to be followed and implemented in all national legislations of the EU as a
mandatory standard beyond the classic notion of a "Record“.
• "Embedded Records Management - everytime everywhere and for everybody"!
• „Interoperability“ is the new buzzword for the DLM-Forum in Dec. 2011 (Brussels)
• What we need is a seamless and automated Records Management in the background; It„s
not about Web 2.0 or Social Media but it„s about integrating new technology concepts (in
place or in app RM and SOA)
• James Lappin: RMJ
• Alan Pelz-Sharpe (comment: Is Moreq 2010 a DoD 5015 slayer?)
• “Slayer because it does what it's supposed to do and no more. It's a standard that tells you
what you must do, but not how to do it, or for that matter where to do it. In fact with this new
standard, you may potentially even have your own internal RM program certified, rather than
the standard simply being restricted to a particular vendor's software solution. This is a huge
change in direction, and one that I certainly welcome.”
9
10. DLM Forum Dec. 2011 Brussels
• Call for papers: contributions to support a Health / Pharma specific
committee are welcome (http://www.dlmforum.eu/)
• The DLM Forum has launched in July 2011 the MoReq2010 Technical
Committee to manage and extend MoReq2010, and has published the first
XML Schema that enables interoperability between records systems.
• Leading vendors such as Automated Intelligence, EMC, Fabasoft, Gimmal Group, HP, Open Text, and
Oracle, together with Records Management consultants and industry analysts have already joined the new
Committee …
• The creation of this committee has triggered overwhelming interest from all parts of the industry. Numerous
specialists and professionals want to be involved in implementing and extending information compliance
solutions. In addition to the technical committee the DLM Forum will also be establishing working groups for
practitioners, translators and accredited MoReq2010 Test Centres.”
• “MoReq2010 is the first records and information management specification that enables interoperability
between different MoReq2010 compliant records systems even when built by different suppliers through the
use of a defined shared data model. It enables commercial and government organisations to secure and
develop critical information independent of email, document content management, cloud and mobile
systems, so that when systems are changed, updated, migrated or integrated, the security, value and
probity of the records is maintained. We expect that all future information compliance products and systems
across Europe will exploit this platform to meet regulatory requirements”.
• Details link
10
12. ISO15489 RM processes Model Requirements for the ERMS
•Capture Moreq2
•Which objects (company guidelines)
•Created and received incl. Metadata
•Physical and electronic objects
•Registration
•Formalizing capture incl. metadata
•Unique identifier, date-time, title, author
•Classification
•According to classification-scheme (taxonomy)
•Sequence of business activities (links)
•Indexing
•Access and security classification
•According to classification-scheme
RECORDS
•Identification of disposition status
•Identify retention-period of the record
•Storage
•Physical and electronic (backup)
•Use and location tracking
•Records management transactions
•Implementation of disposition
•Continuing retention incl. Disposition-hold)
•Transfer, migration
•destruction
ISO 15489 and MoReq2 both cover the entirety of the processes affecting records.
13. Functional Integration of RM Process Requirements: Aligning ISO 15489
with Moreq2
ISO 15489 : RM Process Controls Section 9
Non-IT
Process
9.1 9.2 9.3-9.8 9.9 9.10-11
Use
Process Retention Legal Hold MonitoringA
Capture Manage
Life Cycle Policy Disposition udit Training
Tracking
FSpecs 6. 3./5. 7.-9. 4.
5.3 Controls
Moreq2: Chapter #
14. Best practices for RM
Non-IT specific
• Preserve the right information for the correct length of time
• Meet legal requirements faster and more cost effectively
• Control and manage records management storage and destruction fees
• Demonstrate proven practices of good faith through consistent implementation
• Archive vital information for business continuity and disaster recovery
• Provide information in a timely and efficient manner regardless of urgency of
request
• Use appropriate technology to manage and improve program
• Integrate policies and procedures throughout organization
• Establish ownership and accountability of records management program
• Arrange for continuous training and communication throughout the organization
• Project an image of good faith, responsiveness and consistency
• Review, audit and improve program continuously