The following types of records management controls are needed to ensure that Federal records in electronic information systems can provide adequate and proper documentation of agency business for as long as the information is needed. Agencies must incorporate controls into the electronic information system or integrate them into a recordkeeping system that is external to the information system itself (see § 1236.20 of this part).

(a) Reliability: Controls to ensure a full and accurate representation of the transactions, activities or facts to which they attest and can be depended upon in the course of subsequent transactions or activities.

(b) Authenticity: Controls to protect against unauthorized addition, deletion, alteration, use, and concealment.

(c) Integrity: Controls, such as audit trails, to ensure records are complete and unaltered.

(d) Usability: Mechanisms to ensure records can be located, retrieved, presented, and interpreted.

(e) Content: Mechanisms to preserve the information contained within the record itself that was produced by the creator of the record;

(f) Context: Mechanisms to implement cross-references to related records that show the organizational, functional, and operational circumstances about the record, which will vary depending upon the business, legal, and regulatory requirements of the business activity; and

(g) Structure: controls to ensure the maintenance of the physical and logical format of the records and the relationships between the data elements.

As part of the capital planning and systems development life cycle processes, agencies must ensure:

(a) That records management controls (see § 1236.10) are planned and implemented in the system;

(b) That all records in the system will be retrievable and usable for as long as needed to conduct agency business (i.e., for their NARA-approved retention period). Where the records will need to be retained beyond the planned life of the system, agencies must plan and budget for the migration of records and their associated metadata to new storage media or formats in order to avoid loss due to media decay or technology obsolescence. (See § 1236.14.)

(c) The transfer of permanent records to NARA in accordance with part 1235 of this subchapter.

(d) Provision of a standard interchange format (e.g., ASCII or XML) when needed to permit the exchange of electronic documents between offices using different software or operating systems.

Agencies must design and implement migration strategies to counteract hardware and software dependencies of electronic records whenever the records must be maintained and used beyond the life of the information system in which the records are originally created or captured. To successfully protect records against technological obsolescence, agencies must:

(a) Determine if the NARA-approved retention period for the records will be longer than the life of the system where they are currently stored. If so, plan for the migration of the records to a new system before the current system is retired.

(b) Carry out upgrades of hardware and software in such a way as to retain the functionality and integrity of the electronic records created in them. Retention of record functionality and integrity requires:

(1) Retaining the records in a usable format until their authorized disposition date. Where migration includes conversion of records, ensure that the authorized disposition of the records can be implemented after conversion;

(2) Any necessary conversion of storage media to provide compatibility with current hardware and software; and

(3) Maintaining a link between records and their metadata through conversion or migration, including capture of all relevant associated metadata at the point of migration (for both the records and the migration process).

(c) Ensure that migration strategies address non-active electronic records that are stored off-line.