• a classification service manages classes (see 5. Classification service);
• a record service manages records and aggregations of records (see 6. Record service);
• a metadata service manages metadata and metadata templates (see 7. Model metadata service);
• a disposal scheduling service manages disposal schedules (see 8. Disposal scheduling service); and
• a disposal holding service manages disposal holds (see 9. Disposal holding service).
Other services are purely process‑based and do not manage entities, including:
• a searching and reporting service (see 10. Searching and reporting service), and
• an export service (see 11. Export service).
1
Modular Requirements for Records Systems
Volume 1
Core Services
& Plug-in Modules
Version 1.1
Fundamentals
P A R T I – C o R E S E R V I C E S
While it uses the language and promotes the adoption of a service‑based architecture, MoReq2010® acknowledges that, historically, records systems have not necessarily delivered functionality using a discrete service model.
For this reason, MoReq2010® does no more than merely bundle its functional requirements into logical services and test against each ‘service’ (bundle) of functional requirements individually. An MCRS that does not provide discrete services in its implementation will still be certified as compliant to the MoReq2010® specification.
Nonetheless, the approach taken by MoReq2010® is deliberate and antici‑
pates a future where interoperability is not confined to the transfer of records from one MCRS to another, but where different records systems can share the same services in common. Within an organisation of the future, it might be possible for all records systems to make use of a single user and group service, a single role service, a single classification service, a single meta‑
data service, a single disposal scheduling service, a single disposal holding service and/or a single searching and reporting service.
Such an approach would allow, for example, a business classification scheme to be defined once across the whole organisation and managed centrally using a shared classification service (Figure 1h). The same applies equally to other services.
Figure 1h — In the future, multiple records systems may be able to share a single centra‑
lised classification service
Shared service utilisation will not necessarily be confined to the boundaries of a single organisation. For example, a regulator could issue and maintain a standardised set of disposal schedules to be used by all organisations in a particular sector by hosting them as a widely accessible disposal sched‑
uling service, or a disposal holding service shared between litigants might manage the disposal holds issued by a particular legal court.
1.4.5 Classification and aggregation
There are several other new concepts in MoReq2010®, such as the distinc‑
tion made between classification and aggregation. ISO 15489 defines clas‑
sification as the ‘systematic identification and arrangement of business activities and/or records into categories according to logically structured conventions, methods and procedural rules represented in a classification system’ (ISO 15489‑1:2001, 3.5).
Modular Requirements for Records Systems
Volume 1
Core Services
& Plug-in Modules
Version 1.1 26
1
Fundamentals
P A R T I – C o R E S E R V I C E S
While classification is concerned with providing the business context for a record and establishing the relationship between a record and the trans‑
actional activity by which it was created, aggregation describes the activity of assembling related records together. Unlike classification, aggregation may be based on any organisational requirement or criteria, not business context alone. Aggregation is layered, with higher level aggregations made up of an assembly of lower level aggregations. A whole record service might arguably be considered to represent one high level aggregation.
Historically, some records management specifications conjoin a hier‑
archical classification scheme above a layer of aggregation so that each record always inherits its class via its aggregation. This approach, shown in Figure 1i, uses classes in place of higher level aggregations. Such an arrangement, while desirable for its simplicity if it can be achieved, is also inflexible and does not always lend itself to real‑world usage. The restric‑
tions this approach imposes have led, in many cases, to organisational and subject‑based elements being mixed into a functional business classifica‑
tion scheme to create a localised hybrid.
Figure 1i — A traditional hierarchical model of classification and aggregation where both classes and aggregations are joined together into a single structure (this approach can be implemented by an MCRS, but MoReq2010® also allows for greater flexibility)
Many organisations undertake collaborative teamwork, casework or project‑based work. Where these activities occur, the natural tendency within organisations is to aggregate records based on the main topic, such as the particular project, and not based purely on the business activity or process that creates the record.
For example, a small association may keep records about each of its members in a single aggregation per member. Within each member aggre‑
gation there might be found:
• the member’s original registration form, assessment and approval;
• identification, banking and contact details including various change notifications;
• annual subscription and membership renewals;
1
• applications, appointments and offices held within the association;
• correspondence and other information on various association activi‑
ties undertaken by the member;
• expenses and reimbursement claims;
• contracts, certificates, legal documents and waivers;
• etc.
In this example, the records in the member aggregation relate to different functions, activities and transactions and should, therefore, attract different business classifications. There may be legal, regulatory or good practice reasons based on these classifications why some records in each member aggregation must be retained for a relatively long statutory period, while other records in the aggregation should only be kept for a short time and then destroyed.
An arrangement like this, even though it is commonly found across organi‑
sations, is difficult to squeeze into a traditional hierarchical classifica‑
tion‑based structure as shown in Figure 1i. This is because in the traditional arrangement, the whole member aggregation must fit under a single class in the classification scheme.
As a result, there is inevitably a tension created between practical and oper‑
ational efficiency and records management needs. Either the classification scheme is hybridised, for example by introducing omnibus classifications such as ‘casework’, ‘clients’, ‘projects’, ‘staff’ and ‘events’ or naturally occur‑
ring aggregations are split up so that, for example, the registration records for all members are to be found together under a single classification/
aggregation such as ‘membership applications’, while annual subscription records for all members are collected in an entirely separate classification/
aggregation, such as ‘membership renewals 2011’. Neither compromise is likely to be viewed as entirely satisfactory.
By providing a clear distinction between the related concepts of classifica‑
tion and aggregation, MoReq2010® allows for greater flexibility in making planning decisions about what records to keep together, combined with what classification scheme to use and how to apply it. This, in turn, makes MoReq2010® more adaptable to real‑world situations. The specification allows aggregation to be based on operational criteria while classification can be applied at any layer of aggregation, including even associating classes with records individually if required (this is shown in Figure 5d and discussed further in 5. Classification service). At the same time, backwards compat‑
ibility with the traditional approach shown in Figure 1i is maintained.
1.4.6 Retention and disposal
MoReq2010® closely associates business classification with retention and disposal so that each class has an associated disposal schedule and each record inherits its disposal schedule, by default, from its class (adopting the principle that ‘classification determines destiny’). This is different to some approaches where disposal schedules are inherited from a record’s aggre‑
gation and only indirectly from its classification.
A significant feature of disposal scheduling is that MoReq2010® does not allow a record to be subject to more than one disposal schedule simulta‑
neously. The specification permits the default disposal schedule, inherited from the record’s class, to be overridden but, at any point in time, only one disposal schedule can apply to a particular record. There is, therefore, no opportunity for a disposal conflict to occur that requires direct user inter‑
vention to resolve.
Modular Requirements
As each record in an aggregation may have a different classification to the other records and each record also has its own disposal schedule inherited from its class, it is possible that individual records within an aggregation will be due for disposal at different times. This is determined by the disposal sched‑
ules that the organisation uses and what disposal triggers are specified.
MoReq2010® uses the principle of bottom‑up destruction to dispose of an aggregation only when all of its contents have been destroyed and the aggre‑
gation is closed. Bottom‑up destruction is described in greater detail in 8.2.9 Bottom-up destruction. One of the advantages of bottom‑up destruc‑
tion is that it does not require that aggregations have disposal schedules.
There is only one type of disposal schedule in MoReq2010®, which is related to the record.
Even though MoReq2010® applies disposal individually to each record, it is possible to apply the same disposal action to many records simultaneously.
For example, MoReq2010® enables a user to authorise the same disposal action once for an aggregation as a whole. This allows for ease of use while maintaining a simple, yet flexible, approach to retention and disposal.
1.4.7 Event histories and audit
ISO 15489 requires the use of either metadata or, alternatively, audit trails should be kept as ‘complete and accurate representations of all transac‑
tions that occur in relation to a particular record’ (ISO 15489‑1:2001, 8.3.2).
MoReq2010® adopts this approach but extends it by adopting the concept of an event history for each record from ISO 23081 (ISO 23081‑1:2006:
Information and documentation — Records management processes — Metadata for records — Part 1: Principles).
ISO 23081, an international standard on metadata for records, describes an event history as follows: ‘The event history metadata group documents past records events and other management events on both the entity and its metadata. For each event, it specifies the type of event, what happened, when it took place, why it occurred, and who carried it out. The metadata in this element are a sequence documenting a specific event.’
In MoReq2010®, every entity has an event history associated with it. This is particularly important in supporting interoperability, where entities are transferred from one records system to another. Each entity is transferred as a whole, including its metadata, event history, access controls, etc. The event history is an integral part of the entity and this approach allows all MCRSs to import and fully understand events that occurred to an entity while it was part of a previous records system.
Even though event histories are tied to entities, MoReq2010® still allows a
‘system audit trail’ view across an MCRS by allowing users to search across all events for all entities and sort them by when they occurred. In this way, the cumulative events from all event histories make up the audit trail for an MCRS.
Under MoReq2010®, event histories and metadata for entities are pruned when entities are destroyed in line with ISO 15489 which states that ‘audit trails should be kept at least as long as the document (i.e. record content) to which they relate is retained’ (ISO 15489‑1:2001, 8.3.2).
1.4.8 Modular architecture
Figure 1j shows the modular architecture of MoReq2010®. Each box in the diagram represents a bundle of requirements representing either a service or a module. The core services are defined in Volume 1 of the speci‑
fication and provide the minimum set of functionality for compliance with MoReq2010®: in other words, they define the simplest possible MCRS.
1
Modular Requirements for Records Systems
Volume 1
Core Services
& Plug-in Modules
Version 1.1
Fundamentals
P A R T I – C o R E S E R V I C E S
Figure 1j — The structure of the MoReq2010® specification
Some of the functionality described by the core services can be implemented in alternative but equally valid ways. Where this occurs, MoReq2010® makes use of plug‑in modules. Each plug‑in module represents exactly the equiva‑
lent functionality as any of the other plug‑in modules in the same series.
An MCRS must implement the functionality described by at least one of the plug‑in modules in a series and may choose to implement more than one plug‑in module.
Plug‑in modules are used by the core services to allow flexibility around the following areas of functionality.
• type of interface: including whether the MCRS is managed directly by users through a human/computer interface or as a business support system through a machine interface.
• type of classification: allowing an MCRS to adopt different approaches to classification, for example a hierarchical classification scheme.
• type of record components: allowing an MCRS to support different types of records, such as electronic components rather than physical components.
The core services and plug‑in modules described in Volume 1 of the MoReq2010® specification form the essential platform on which different extension modules can be hosted. The range and variety of extension modules to MoReq2010® will be extensive and will cover:
• additional services such as import;
• further concepts such as vital records;
• specific technologies such as e‑mail; and
• requirements for records systems for particular industries and jurisdictions.
As shown in Figure 1j, extension modules can build on to each other as well as extending the core services. The preface to each module contains a list of its prerequisites and co‑requisites.
Prerequisites define a dependency where the MCRS must implement the prerequisite module as well as the extension module. Co‑requisites are modules which attract additional functional requirements, if they are imple‑
mented simultaneously with the extension module.
Modular Requirements state of the records management industry today and the vision of the future promoted by the specification and the MoReq Governance Board. This compro‑
mise is particularly apparent across two services: roles and metadata.
In the interest of interoperability, MoReq2010® seeks to codify both an entity’s access controls and its metadata elements so that they can be transferred to a new records system where they will be successfully imported, understood and used. Metadata can describe valuable contextual information about the original entity, while access controls, even when they are superseded in the receiving system, provide important knowledge about who had access to which records in the original records system.
Because no preceding specification has sought to address these issues through standardisation, suppliers have, by necessity, implemented their own individual and proprietary methods of applying metadata and access controls within their records system software. As a consequence, an unrea‑
sonably large amount of refactoring would be required within these existing records systems to adopt a metadata model or an access control model that was common to all MCRSs.
For this reason, MoReq2010® specifies these two services as model serv‑
ices. A model service is an exemplar service: it is intended to be adopted as the appropriate way to develop new records management software in the future, without impeding existing products from seeking compliance with, and certification against, MoReq2010®.
MoReq2010® accepts either of two different methods for proving compliance with a model service. Method A is to implement the functional requirements for the model service and be tested against them. Method B, intended mainly for pre‑existing software, is to demonstrate a proprietary solution that is as rich in functionality as the model service and where the constructs and data are able to be converted and exported as if they had originated in a records system that implements the model service. This requirement is essential for compliance with any model service: the entities, their metadata and their access controls must be able to be meaningfully exported to the standard MoReq2010® XML export format. If this can be achieved, then another MCRS can import the entities and use them in conjunction with a model service.
1.4.10 testing and certification
The DLM Forum Foundation has initiated a testing and certification programme for MoReq2010®. The programme allows suppliers of common‑off‑the‑shelf (COTS) records systems, as well as in house records systems, to be tested by a DLM Forum Foundation accredited MoReq2010® test centre.
Suppliers must have their products tested against the core services and may optionally have any of the additional extension modules tested as well.
Following the successful completion of testing using the MoReq2010® test framework, a product or installation may become certified by the DLM Forum Foundation as MoReq2010® compliant.
Suppliers will be able to show that their products are fully certified as MoReq2010® compliant while members of the DLM Forum Foundation will benefit by having access to the test reports, allowing them to undertake a preliminary analysis of different MoReq2010®compliant records systems.
The DLM Forum Foundation will publish lists of accredited MoReq2010® test centres and certified MoReq2010® compliant records systems on its website (http://www.dlmforum.eu).
Modular Requirements for Records Systems
Volume 1
Core Services
& Plug-in Modules
Version 1.1
2
System services
2.1 SERVICE INFoRMAtIoN
Each of the core services of MoReq2010® is defined by its service name (e.g.
user and group service), its service version (e.g. 1.0) and its Implements Service Identifier (e.g. cd532472‑85b0‑4c1c‑82b4‑5c8370b7d0e6), or Implements Module Identifier for plug‑in and extension modules.
These details can be found in the service information block (see 3.1 Service information). The Implements Service Identifier is a universally unique iden‑
tifier used internally by an MCRS to show which services it implements.
This section, 2. System Services, contains functionality common to all MoReq2010® core services and, as such, does not have separate service information. Refer instead to the service information block for each service individually.
2.2 kEy CoNCEPtS
2.2.1 Service-based architecture
The functional requirements of the MoReq2010® core are bundled into nine service definitions, shown in Figure 2a. Taken together these services describe the functionality required by an MCRS. This initial module, entitled 2. System services, describes the common functionality required by every MoReq2010® core service.
The service‑based architecture of MoReq2010® is not intended to constrain software suppliers from developing fully compliant solutions that combine the functionality of many or even all core services together and deliver them from within a single application. However, by dividing the architec‑
ture of MoReq2010® into separate services, future consideration may also be given by suppliers to developing records systems where each of the services is decoupled from the others and can then be shared between more than one MCRS.
For example, in the future, each records system within an organisation might be capable of sharing the same classification service or the same disposal holding service. It may also be possible, in the future, to build an MCRS by sourcing different services from different suppliers and inte‑
grating them together.
Whether provided as a single application, a tightly integrated or a loosely integrated collection of services, all MCRS solutions must be tested against the same compliance criteria.
At the heart of the service‑based architecture of an MCRS is its record service. The record service is the only core service that cannot be shared with another MCRS. Indeed, it is literally only the record service that distin‑
guishes one MCRS from another. All other services that support the record service may simultaneously support other record services and may, there‑
fore, be a part of several MCRS solutions simultaneously.
Modular Requirements for Records Systems
Volume 1
Core Services
& Plug-in Modules
Version 1.1 32
P A R T I – C o R E S E R V I C E S
System services
2
Figure 2a — A MoReq2010® compliant records system (MCRS) seen as a grouping of interrelated services with a service‑based architecture (each core service has its own numbered section of the specification)
2.2.2 Model services and plug-in modules
Two of the core services of MoReq2010® are model services (these are 4. Model role service and 7. Model metadata service). This means that
Two of the core services of MoReq2010® are model services (these are 4. Model role service and 7. Model metadata service). This means that