Revising DoD 5015.2, the de facto RM software standard: the latest revision of DoD 5015.2-STD now includes requirements for records management application (RMA)-to-RMA interoperability.
The standard established mandatory baseline functional requirements for RMAs and requirements for classified marking, access control, and other processes. It also identified non-mandatory features the DoD deemed desirable for RMA software. Since then, the standard has undergone a few revisions and has become the de facto seal of approval not only for federal agencies, but also for public and private organizations worldwide considering software to manage electronic records.
DoD 5015.2-STD is a standard and certification program for records management software products whose requirements really apply only to software vendors wanting to sell their products to the National Archives and Records Administration (NARA) and federal agencies. In the past, the use of the standard--and its testing and certification program--was limited for those outside of the U.S. government because it didn't test for key functionalities--including scalability and interoperability--that weren't federal or NARA requirements. However, with the introduction of recent revisions of the standard, this situation is changing, and DoD 5015.2-STD has become more relevant for records managers everywhere while moving the federal government into the future.
A Focus on FOIA, Interoperability
Major additions in Version 3 of DoD 5015.2-STD, which was signed April 25, 2007, include requirements supporting the Freedom of Information Act (FOIA), the Privacy Act, e-mail, and interoperability. The Joint Interoperability Test Command (JITC), a U.S. government organization that tests technology for multiple branches of the armed services and government and runs the 5015.2-STD testing and certification program for software vendors, began testing under the new version of the standard in January 2008.
Specifically, Version 3 provides for greater data security and integrity. It builds on the automatic linking, user-defined fields, and logic in Version 2. New with Version 3 is a requirement to be able to create alerts and notifications regarding changes in metadata fields and to restrict metadata access based on the contents of fields.
It also requires data integrity checking, comparing the expected and actual content in a repository through on-demand or scheduled integrity checks. Perhaps more important, it includes requirements for managing FOIA and Privacy Act records, as well as for data and e-mail discovery standards, NARA record archival export standards, and import/export requirements for moving records among compliant electronic recordkeeping systems. The update also supports service-oriented architecture solutions.
While those who rely on the standard for selecting records management software will certainly appreciate the updates, there is more work to do. Ronald Kelly, deputy director for information policy and integration for the DoD, who also sets DoD records management policy, said he is aware that the updates do not cover all the bases that records managers both in and outside the federal government--would like it to.
"It's not there yet, and it's certainly not the series of steps that we would've liked to have done, but because we know that we're going to have to go with modest change as things evolve, we weren't able to take the great leaps that we really wanted to," he explained. "The changes--privacy, interoperability, and e-mail-were mainly so that the vendors see a next-version of where we should be going."
Currently, NARA is reviewing Version 3 to determine whether to approve it for all federal agencies, according to Kelly. This is standard procedure for all DoD 5015.2-STD updates. Kelly said he expects NARA to finish its assessment by the end of the year or sooner. Of course, the standard is voluntary, so federal agencies are not required to use it, even if NARA suggests that they should. In the meantime, he said, he has received several calls from city and county governments asking about Version 3 and how it should be used.
Version 3 and Records Management
According to Kelly, the purpose of Version 3 is to bring the DoD's records management into compliance with where DoD Chief Information Officer John Grimes is trying to take the department. His aim is to incorporate its data and services strategies and move toward a service-oriented environment so "you do have this interchangeability and you can adapt and not have to worry about the proprietary types of software," he said.
This is the next stage in the evolutionary process to get where the DoD wants to go, Kelly explained. "It is not where we want to be because it is still part of the journey. DoD wants to move into enterprise services with a focus on services," he added.
The Version 3 changes are not dramatic for non-government records management programs, either, but they are helpful for those choosing RMAs. RMAs have increased in importance as businesses and government move their records--and most of their communications--from traditional forms, such as paper, to electronic media. Kelly said part of this is that government and most organizations have moved away from having one file clerk or secretary who knows where every paper file and record goes.
"Now, we're at a point where everybody has a workstation, and the problem I see is that everybody then has to be his or her own records manager," he explained. "Whether this is an industry or government, that person who essentially owns his or her own workstation needs to know what is a record and what isn't a record."
At the same time, Kelly said, the government and businesses are obligated to ensure that employees are well-trained so they understand what records must be preserved. Also integral, he said, is looking at the visibility, accessibility, and understandability of data and also making sure that it can be trusted. To manage all this information, Kelly said, an RMA is essential. And that's where DoD 5015.2-STD Version 3 comes in.
"What Version 3 attempted to do was to take another step in that direction. The problem for me is we just can't move all at once to that final 'paradise' with [records management]; it's still a long way away. But there are a lot of vendors out there who see the light; they know this is the way that the government has to go. We're on the cusp of being able to make changes."
Coming Soon: Version 4
Next up for Kelly is a revision of the DoD Directive 3015.2 (not to he confused with the DoD 3015.2 standard). The directive establishes responsibility for the DoD records management program, updates policy and responsibilities for fife-cycle information management, and authorizes the publication of implementing and procedural guidance on DoD records management. Kelly said this update is almost five years overdue.
However, he said Version 4 of the DoD 5015.2 standard is already in the works. If things go according to plan, he said, work could begin on the revision in 2009. According to Kelly, early considerations for the update include:
* Metadata tagging for discovery
* A larger move toward interoperability at both the component and enterprise levels, expanding Version 3's RMA-to-RMA interoperability focus
* Archiving disposition at the creation of a record
Archiving disposition at a record's birth goes to Kelly's point that today everyone with a computer is a records manager, whether they want to be or not.
"Awareness is half the battle," Kelly said, "and if you can get your senior leaders to be aware of how important this really is, they will understand that you do have to spend some money to put an RMA in place."
What's New in DoD 5015.3-STD Version 3?
1. FOIA/Privacy Act Requirements:
* Additional metadata, including e-mail
* Workflow, alerts, and response-timing requirements
* Builds on automatic linking, user defined fields, and logic from Version 2
2. Requires Tools to Support RMA-to-RMA Interoperability:
* Data discovery standards, including e-mail
* NARA record archival export standards
* Import/export standards for moving records among compliant electronic recordkeeping systems
3. Encourages Service-Oriented Architecture Solutions
DoD 5015.3-5TD Timeline
1997--Established set of baseline functional requirements
2001--Added classified records metadata
2002--Version 2 revision published in June to incorporate, among others, a requirement to manage classified records
2003--NARA endorses the federal-wide adoption of the DoD 5015.2-STD, Version 2
2007--Version 3 introduced in April
2009 and Beyond--Version 4
DoD 5015.3-5TD Version 3 Online
The DoD 5015.2-STD Version 3 update is available via the Defense Technical Information Center or the Joint Inter-operability Test Command Records Management website at www.dtic.mil/whs/ directives/corres/html/501502std.htm or http:///jitc.fhu.disa.mil/recmgt/standards.html.
Gallatin, Jana and Ron Kelly. "DoD 5015.2 Standard--Design Criteria Standard for Electronic Records Management Software Applications" Presentation, 8 May 2007.
U.S. Department of Defense. Electronic Records Management Software Applications Design Criteria Standard (DoD 5015.2-STD). U.S. Department of Defense. 25 April 2007. Available at www.dtic.mil/whs/directives/corres/pdf/501502std.pdf.
Nikki Swartz is a freelance writer based in Kansas City, Missouri. She may be contacted at email@example.com.