Sep 20, 2011J. Hagmann

Moreq 2010 Update

Overview Roadmap

3

Moreq 2010 (2011)

• The DLM Forum announced the MoReq2010 work programme at its Gen. Meeting in Madrid in May 2010. 

• May 2011: new specification launched at DLM Forum GM in Budapest (delayed)

• The objectives of MoReq2010 are to broaden the appeal of MoReq, introduce interoperatiblity, significantly increase its adoption, and make compliance accessible to non-traditional software suppliers. 

• While MoReq2 introduced a model of software compliance, MoReq2010 incorporates the flexibility and modularity to extend that compliance to a wider range of software (interoperability). 

• MoReq2010 is more loosely coupled, allowing it to be extended to meet the needs of different industries and markets, as required.

4

2011: Differences to the consultation version of 2010

• Adoption of a service oriented architecture model:

• All the requirement in the MoReq 2010 core requirements have been bundled into ten services. A MoReq 2010 compliant system (MCRS) will be capable of offering up its functionality as services, that could be consumed by one or more other information systems within the organisation.

• For example several records systems within an organisation could all consume the classification service of one MCRS, enabling the organisation to hold its fileplan in one place whilst having it used by several systems.

• A MCRS must possess the capability to provide ten services:

• a records service (the capability to hold aggregations of records)• a metadata service (the capability to maintain metadata about objects within the system)• a classification service (the capability to hold a classification, to apply it to aggregations of records, and to link

headings within the classification to retention rules)• a disposal service (the capability to hold retention rules, and to dispose of records in accordance with retention

rules)• a disposal hold service (the capability to prevent the application of a retention rule to a record, for example

because the record is required in a legal case)• a search and report service (the capability to retrieve and present records and metadata in response to queries)• a user and groups service (the ability to maintain information about people and groups that have permissions to

use the system)• a role service (the ability to assign roles to people and groups to determine what those people and groups can and

can’t do within the system)• system services (the capability to maintain event histories in relation to objects held within the system)• an export service (the capability to export records together with their metadata and event histories in a form that

another MCRS could understand)

5

• Abandonment of the notion of a ‘primary classification’

• The notion of a ‘primary classification’ for records had been dropped. Instead a record will be assigned a classification, from which it would by default inherit a retention rule. It would be possible though for a person with appropriate permissions to override that inherited retention rule, and instead assign to the record a different retention rule, or to get the record to receive a retention rule from a different part of the classification scheme to the one it has been assigned to.

• Reduction in the number of requirements

• The number of requirements had been significantly reduced. The consultation draft had contained 436 requirements, these have now been consolidated into 170 requirements. But the final core requirements document would be longer than the consultation draft, because the introductory explanations had been increased to 90 pages.

Comment J. Lappin / J. Garde (link to blog)

2011: Differences to the consultation version of 2010 (2)

6

Critical aspects

• Moreq was never officially endorsed or recommended in any directive by the European Commission

• Moreq is currently in a triangle of disorientation (Kampffmeyer):• (1) not fully accepted by traditional records managers & archivists in

leading organizations and institutions; in addition IT does often not understand the functional integration of RM requirements (incl. NFR)

• (2) Moreq is considered as not relevant from users outside of the RM and archivists community / world (mainly IT)

• (3) not (yet) really supported by leading vendors and even considered as an additional barrier, cost driver (certification) and technology break

• Therefore it exists a certain danger that the development of the new standard is rather reamed (clash) between a traditional RM environment/community which has the tendency to become „incestuous“ and an open information & office environment which welcomes basic record keeping principles in an uncontrolled data growth (not giving away opportunities in practice for the sake of ideology)

http://jhagmann.twoday.net/stories/19464155/ (comments Kampffmeyer)

7

Moreq Future: planned (1)

• MoReq diversifies against a common core set of best practice requirements to infiltrate not only different software and technologies but also different industry sectors.

• By 2012 and beyond we see the start of a trend to package MoReq for "Health", for "Defence", for "Oil & Gas“ etc.

• The DLM forum are planning to have a first wave of additional modules for MoReq 2010 available by the time of their triennial conference (Brussels Dec. 2011). Unlike the core requirements, the additional modules will be optional rather than mandatory.

• Included in the first wave will be:

• an import service – providing the ability to import records and associated metadata from another MCRS. Note that the ability to export records is a core requirement, but the ability to import records is an additional module. This is because an organisation implementing its first MoReq 2010 compliant system does not need that system to be able to import from another MoReq 2010 compliant system.

8

Moreq Future: planned (2)• Modules that provide backwards compatibility with MoReq 2

• a scanning module

• a file module (MoReq 2010 replaced the concept of the ‘file’ with the broader concept of an ‘aggregation’. The additional module would ensure that a system could enforce MoReq 2 style ‘files’ (which can only be split into volumes and parts). In MoReq 2010 terms a MoReq 2 file is simply one possible means of aggregating records

• a vital records module

• an e-mail module (the core requirements of MoReq 2010 itself talks generically about ‘records’ and do not focus specifically on any one particular format)

• It is hoped that more additional modules would follow. Jon Garde would like to see MoReq 2010 additional modules that cover records keeping requirements in respect of cloud computing, mobile devices and social software. He urged anyone who feels that there are needs that MoReq 2010 could usefully address to come forward and develop a module to address those needs. For example modules that provide functionality specific to a single sector (health sector, defence sector etc.)

• Development of test centers:

• The MoReq Governance Board plans to accredit an international network of testing centres, to whom vendors can submit products for testing against MoReq 2010. Six organisations have already expressed an interest in becoming testing centres. There is no limit to the number of test centres that may be established. The test centres will use test scripts and templates created by the MoReq Governance Board. Vendors will pay a fee to the test centres to have their products tested, and (assuming they are successful) a fee to the DLM Forum to validate the recommendation of the test centre and to award the certificate.

Source: Comment J. Lappin / J. Garde (link to blog)

9

Moreq Future: What is needed

• "Lex MoReq„ is needed! Still a leaner MoReq2011 should be anchored in a European Directive and as a consequence to be followed and implemented in all national legislations of the EU as a mandatory standard beyond the classic notion of a "Record“.

• "Embedded Records Management - everytime everywhere and for everybody"!

• „Interoperability“ is the new buzzword for the DLM-Forum in Dec. 2011 (Brussels)

• What we need is a seamless and automated Records Management in the background; It‘s not about Web 2.0 or Social Media but it‘s about integrating new technology concepts (in place or in app RM and SOA)

• James Lappin: RMJ

• Alan Pelz-Sharpe (comment: Is Moreq 2010 a DoD 5015 slayer?)

• “Slayer because it does what it's supposed to do and no more. It's a standard that tells you what you must do, but not how to do it, or for that matter where to do it. In fact with this new standard, you may potentially even have your own internal RM program certified, rather than the standard simply being restricted to a particular vendor's software solution. This is a huge change in direction, and one that I certainly welcome.”

10

DLM Forum Dec. 2011 Brussels

• Call for papers: contributions to support a Health / Pharma specific committee are welcome (http://www.dlmforum.eu/)

• The DLM Forum has launched in July 2011 the MoReq2010 Technical Committee to manage and extend MoReq2010, and has published the first XML Schema that enables interoperability between records systems.

• Leading vendors such as Automated Intelligence, EMC, Fabasoft, Gimmal Group, HP, Open Text, and Oracle, together with Records Management consultants and industry analysts have already joined the new Committee …

• The creation of this committee has triggered overwhelming interest from all parts of the industry. Numerous specialists and professionals want to be involved in implementing and extending information compliance solutions. In addition to the technical committee the DLM Forum will also be establishing working groups for practitioners, translators and accredited MoReq2010 Test Centres.”

• “MoReq2010 is the first records and information management specification that enables interoperability between different MoReq2010 compliant records systems even when built by different suppliers through the use of a defined shared data model. It enables commercial and government organisations to secure and develop critical information independent of email, document content management, cloud and mobile systems, so that when systems are changed, updated, migrated or integrated, the security, value and probity of the records is maintained. We expect that all future information compliance products and systems across Europe will exploit this platform to meet regulatory requirements”.

• Details link

11

Aligning ISO 15489 with Moreq2

IT vs. non-IT related processes

ISO15489 RM processes Model Requirements for the ERMSMoreq2•Capture

•Which objects (company guidelines)•Created and received incl. Metadata•Physical and electronic objects

•Registration•Formalizing capture incl. metadata•Unique identifier, date-time, title, author

•Classification•According to classification-scheme (taxonomy)•Sequence of business activities (links)•Indexing

•Access and security classification•According to classification-scheme

•Identification of disposition status•Identify retention-period of the record

•Storage•Physical and electronic (backup)

•Use and location tracking•Records management transactions

•Implementation of disposition•Continuing retention incl. Disposition-hold)•Transfer, migration •destruction

ISO 15489 and MoReq2 both cover the entirety of the processes affecting records.

RECORDSRECORDS

Functional Integration of RM Process Requirements: Aligning ISO 15489 with Moreq2

ISO 15489 : RM Process Controls Section 9

Non-IT Process 9.1 9.2 9.3-9.8

FSpecs

Moreq2: Chapter #

ProcessLife Cycle

9.9 9.10-11

Capture

5.3 4. Controls

6.

MonitoringAudit Training

UseManageTracking

Legal HoldDisposition

RetentionPolicy

3./5. 7.-9.

Best practices for RMNon-IT specific

• Preserve the right information for the correct length of time• Meet legal requirements faster and more cost effectively• Control and manage records management storage and destruction fees• Demonstrate proven practices of good faith through consistent implementation• Archive vital information for business continuity and disaster recovery• Provide information in a timely and efficient manner regardless of urgency of

request• Use appropriate technology to manage and improve program• Integrate policies and procedures throughout organization• Establish ownership and accountability of records management program• Arrange for continuous training and communication throughout the organization• Project an image of good faith, responsiveness and consistency• Review, audit and improve program continuously

RM Ruling Framework: Core Func Specs

Configuration

Capturing, Metadata Mgmt, Classification

Retention Mgmt, Life Cycle Mgmt

Disposition / Destruction

Tracking (hybrid environment)

Search & Retrieval

Legal Hold Mgmt

15