This document provides an update on MoReq2010 and discusses its future. Some key points: - MoReq2010 was launched in 2011 to broaden adoption and introduce interoperability between records systems. - It incorporates a service-oriented architecture and modular approach to extend compliance to more software. - Planned additions through 2012 include import/export services and industry-specific modules like healthcare. - The DLM Forum will accredit testing centers and develop an international network to certify MoReq2010 compliance. - Upcoming conferences will discuss further development and extending MoReq2010's use through standards and regulations.

1. Moreq2010 Update Sep 20, 2011 J. Hagmann

2. Overview Roadmap

4. May 2011: new specification launched at DLM Forum GM in Budapest (delayed)

5. The objectives of MoReq2010 are to broaden the appeal of MoReq, introduce interoperatiblity, significantly increase its adoption, and make compliance accessible to non-traditional software suppliers.

6. While MoReq2 introduced a model of software compliance, MoReq2010 incorporates the flexibility and modularity to extend that compliance to a wider range of software (interoperability).

7. MoReq2010 is more loosely coupled, allowing it to be extended to meet the needs of different industries and markets, as required.3

9. All the requirement in the MoReq 2010 core requirements have been bundled into ten services. A MoReq 2010 compliant system (MCRS) will be capable of offering up its functionality as services, that could be consumed by one or more other information systems within the organisation.

10. For example several records systems within an organisation could all consume the classification service of one MCRS, enabling the organisation to hold its fileplan in one place whilst having it used by several systems.

11. A MCRS must possess the capability to provide ten services:

12. a records service (the capability to hold aggregations of records)

13. a metadata service (the capability to maintain metadata about objects within the system)

14. a classification service (the capability to hold a classification, to apply it to aggregations of records, and to link headings within the classification to retention rules)

15. a disposal service (the capability to hold retention rules, and to dispose of records in accordance with retention rules)

16. a disposal hold service (the capability to prevent the application of a retention rule to a record, for example because the record is required in a legal case)

17. a search and report service (the capability to retrieve and present records and metadata in response to queries)

18. a user and groups service (the ability to maintain information about people and groups that have permissions to use the system)

19. a role service (the ability to assign roles to people and groups to determine what those people and groups can and can’t do within the system)

20. system services (the capability to maintain event histories in relation to objects held within the system)

21. an export service (the capability to export records together with their metadata and event histories in a form that another MCRS could understand)4

23. The notion of a ‘primary classification’ for records had been dropped. Instead a record will be assigned a classification, from which it would by default inherit a retention rule. It would be possible though for a person with appropriate permissions to override that inherited retention rule, and instead assign to the record a different retention rule, or to get the record to receive a retention rule from a different part of the classification scheme to the one it has been assigned to.

24. Reduction in the number of requirements

25. The number of requirements had been significantly reduced. The consultation draft had contained 436 requirements, these have now been consolidated into 170 requirements. But the final core requirements document would be longer than the consultation draft, because the introductory explanations had been increased to 90 pages. Comment J. Lappin / J. Garde (link to blog) 5

27. Moreq is currently in a triangle of disorientation (Kampffmeyer):

28. (1) not fullyacceptedby traditional recordsmanagers & archivists in leadingorganizationsandinstitutions; in addition IT doesoften not understand thefunctionalintegrationof RM requirements (incl. NFR)

29. (2) Moreqisconsideredas not relevant fromusers outside ofthe RM andarchivistscommunity / world (mainly IT)

30. (3) not (yet) reallysupportedbyleadingvendorsandevenconsideredas an additional barrier, costdriver (certification) andtechnology break

31. Thereforeitexists a certaindangerthatthedevelopmentofthenewstandardisratherreamed (clash) between a traditional RM environment/communitywhichhasthetendencytobecome „incestuous“ and an open information & officeenvironmentwhichwelcomesbasicrecordkeepingprinciples in an uncontrolleddatagrowth (not givingawayopportunities in practiceforthesakeofideology)http://jhagmann.twoday.net/stories/19464155/ (comments Kampffmeyer) 6

33. By 2012 and beyond we see the start of a trend to package MoReq for "Health", for "Defence", for "Oil & Gas“ etc.

34. The DLM forum are planning to have a first wave of additional modules for MoReq 2010 available by the time of their triennial conference (Brussels Dec. 2011). Unlike the core requirements, the additional modules will be optional rather than mandatory.

35. Included in the first wave will be:

36. an import service – providing the ability to import records and associated metadata from another MCRS. Note that the ability to export records is a core requirement, but the ability to import records is an additional module. This is because an organisation implementing its first MoReq 2010 compliant system does not need that system to be able to import from another MoReq 2010 compliant system.7

38. a scanning module

39. a file module (MoReq 2010 replaced the concept of the ‘file’ with the broader concept of an ‘aggregation’. The additional module would ensure that a system could enforce MoReq 2 style ‘files’ (which can only be split into volumes and parts). In MoReq 2010 terms a MoReq 2 file is simply one possible means of aggregating records

40. a vital records module

41. an e-mail module (the core requirements of MoReq 2010 itself talks generically about ‘records’ and do not focus specifically on any one particular format)

42. It is hoped that more additional modules would follow. Jon Garde would like to see MoReq 2010 additional modules that cover records keeping requirements in respect of cloud computing, mobile devices and social software. He urged anyone who feels that there are needs that MoReq 2010 could usefully address to come forward and develop a module to address those needs. For example modules that provide functionality specific to a single sector (health sector, defence sector etc.)

43. Development of test centers:

44. The MoReq Governance Board plans to accredit an international network of testing centres, to whom vendors can submit products for testing against MoReq 2010. Six organisations have already expressed an interest in becoming testing centres. There is no limit to the number of test centres that may be established. The test centres will use test scripts and templates created by the MoReq Governance Board. Vendors will pay a fee to the test centres to have their products tested, and (assuming they are successful) a fee to the DLM Forum to validate the recommendation of the test centre and to award the certificate.Source: Comment J. Lappin / J. Garde (link to blog) 8

46. "Embedded Records Management - everytimeeverywhereandforeverybody"!

47. „Interoperability“ isthenewbuzzwordforthe DLM-Forum in Dec. 2011 (Brussels)

48. Whatweneedis a seamlessandautomated Records Management in thebackground; It‘s not about Web 2.0 orSocial Media but it‘saboutintegratingnewtechnologyconcepts (in placeor in app RM and SOA)

49. James Lappin: RMJ

50. Alan Pelz-Sharpe (comment: Is Moreq 2010 a DoD 5015 slayer?)

51. “Slayer because it does what it's supposed to do and no more. It's a standard that tells you what you must do, but not how to do it, or for that matter where to do it. In fact with this new standard, you may potentially even have your own internal RM program certified, rather than the standard simply being restricted to a particular vendor's software solution. This is a huge change in direction, and one that I certainly welcome.” 9

53. The DLM Forum has launched in July 2011 the MoReq2010 Technical Committee to manage and extend MoReq2010, and has published the first XML Schema that enables interoperability between records systems.

54. Leading vendors such as Automated Intelligence, EMC, Fabasoft, Gimmal Group, HP, Open Text, and Oracle, together with Records Management consultants and industry analysts have already joined the new Committee …

55. The creation of this committee has triggered overwhelming interest from all parts of the industry. Numerous specialists and professionals want to be involved in implementing and extending information compliance solutions. In addition to the technical committee the DLM Forum will also be establishing working groups for practitioners, translators and accredited MoReq2010 Test Centres.”

56. “MoReq2010 is the first records and information management specification that enables interoperability between different MoReq2010 compliant records systems even when built by different suppliers through the use of a defined shared data model. It enables commercial and government organisations to secure and develop critical information independent of email, document content management, cloud and mobile systems, so that when systems are changed, updated, migrated or integrated, the security, value and probity of the records is maintained. We expect that all future information compliance products and systems across Europe will exploit this platform to meet regulatory requirements”.

57. Details link10

58. Aligning ISO 15489 with Moreq2 IT vs. non-IT related processes 11

60. Which objects (company guidelines)

61. Created and received incl. Metadata

62. Physical and electronic objects

63. Registration

64. Formalizing capture incl. metadata

65. Unique identifier, date-time, title, author

66. Classification

67. According to classification-scheme (taxonomy)

68. Sequence of business activities (links)

69. Indexing

70. Access and security classification

71. According to classification-scheme

72. Identification of disposition status

73. Identify retention-period of the record

74. Storage

75. Physical and electronic (backup)

76. Use and location tracking

77. Records management transactions

78. Implementation of disposition

79. Continuing retention incl. Disposition-hold)

80. Transfer, migration

81. destruction ISO 15489 and MoReq2 both cover the entirety of the processes affecting records.

82. ISO 15489 : RM Process Controls Section 9 Non-IT Process Functional Integration of RM Process Requirements: Aligning ISO 15489 with Moreq2 9.1 9.2 9.3-9.8 9.9 9.10-11 5.3 4. Controls FSpecs Process Life Cycle Capture Use Manage Tracking Legal Hold Disposition Retention Policy MonitoringAudit Training Moreq2: Chapter # 6. 3./5. 7.-9.

83. Best practices for RMNon-IT specific Preserve the right information for the correct length of time Meet legal requirements faster and more cost effectively Control and manage records management storage and destruction fees Demonstrate proven practices of good faith through consistent implementation Archive vital information for business continuity and disaster recovery Provide information in a timely and efficient manner regardless of urgency of request Use appropriate technology to manage and improve program Integrate policies and procedures throughout organization Establish ownership and accountability of records management program Arrange for continuous training and communication throughout the organization Project an image of good faith, responsiveness and consistency Review, audit and improve program continuously

85. Capturing, Metadata Mgmt, Classification

86. Retention Mgmt, Life Cycle Mgmt

87. Disposition / Destruction

88. Tracking (hybrid environment)

89. Search & Retrieval

90. Legal Hold Mgmt15