Moreq 2010 update-s-share


Published on

Short summary of Moreq2010 update with links to sources; incl. an alignment of Moreq2 reqs with ISO-15489 controls (section 9).

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Moreq 2010 update-s-share

  1. 1. Moreq2010 Update<br />Sep 20, 2011<br />J. Hagmann<br />
  2. 2. Overview Roadmap<br />
  3. 3. Moreq 2010 (2011)<br /><ul><li>The DLM Forum announced the MoReq2010 work programme at its Gen. Meeting in Madrid in May 2010. 
  4. 4. May 2011: new specification launched at DLM Forum GM in Budapest (delayed)
  5. 5. The objectives of MoReq2010 are to broaden the appeal of MoReq, introduce interoperatiblity, significantly increase its adoption, and make compliance accessible to non-traditional software suppliers. 
  6. 6. While MoReq2 introduced a model of software compliance, MoReq2010 incorporates the flexibility and modularity to extend that compliance to a wider range of software (interoperability). 
  7. 7. MoReq2010 is more loosely coupled, allowing it to be extended to meet the needs of different industries and markets, as required.</li></ul>3<br />
  8. 8. 2011: Differences to the consultation version of 2010<br /><ul><li>Adoption of a service oriented architecture model:
  9. 9. All the requirement in the MoReq 2010 core requirements have been bundled into ten services. A MoReq 2010 compliant system (MCRS) will be capable of offering up its functionality as services, that could be consumed by one or more other information systems within the organisation.
  10. 10. For example several records systems within an organisation could all consume the classification service of one MCRS, enabling the organisation to hold its fileplan in one place whilst having it used by several systems.
  11. 11. A MCRS must possess the capability to provide ten services:
  12. 12. a records service (the capability to hold aggregations of records)
  13. 13. a metadata service (the capability to maintain metadata about objects within the system)
  14. 14. a classification service (the capability to hold a classification, to apply it to aggregations of records, and to link headings within the classification to retention rules)
  15. 15. a disposal service (the capability to hold retention rules, and to dispose of records in accordance with retention rules)
  16. 16. a disposal hold service (the capability to prevent the application of a retention rule to a record, for example because the record is required in a legal case)
  17. 17. a search and report service (the capability to retrieve and present records and metadata in response to queries)
  18. 18. a user and groups service (the ability to maintain information about people and groups that have permissions to use the system)
  19. 19. a role service (the ability to assign roles to people and groups to determine what those people and groups can and can’t do within the system)
  20. 20. system services (the capability to maintain event histories in relation to objects held within the system)
  21. 21. an export service (the capability to export records together with their metadata and event histories in a form that another MCRS could understand)</li></ul>4<br />
  22. 22. 2011: Differences to the consultation version of 2010 (2)<br /><ul><li>Abandonment of the notion of a ‘primary classification’
  23. 23. The notion of a ‘primary classification’ for records had been dropped. Instead a record will be assigned a classification, from which it would by default inherit a retention rule. It would be possible though for a person with appropriate permissions to override that inherited retention rule, and instead assign to the record a different retention rule, or to get the record to receive a retention rule from a different part of the classification scheme to the one it has been assigned to.
  24. 24. Reduction in the number of requirements
  25. 25. The number of requirements had been significantly reduced. The consultation draft had contained 436 requirements, these have now been consolidated into 170 requirements. But the final core requirements document would be longer than the consultation draft, because the introductory explanations had been increased to 90 pages. </li></ul>Comment J. Lappin / J. Garde (link to blog)<br />5<br />
  26. 26. Critical aspects<br /><ul><li>Moreq was never officially endorsed or recommended in any directive by the European Commission
  27. 27. Moreq is currently in a triangle of disorientation (Kampffmeyer):
  28. 28. (1) not fullyacceptedby traditional recordsmanagers & archivists in leadingorganizationsandinstitutions; in addition IT doesoften not understand thefunctionalintegrationof RM requirements (incl. NFR)
  29. 29. (2) Moreqisconsideredas not relevant fromusers outside ofthe RM andarchivistscommunity / world (mainly IT)
  30. 30. (3) not (yet) reallysupportedbyleadingvendorsandevenconsideredas an additional barrier, costdriver (certification) andtechnology break
  31. 31. Thereforeitexists a certaindangerthatthedevelopmentofthenewstandardisratherreamed (clash) between a traditional RM environment/communitywhichhasthetendencytobecome „incestuous“ and an open information & officeenvironmentwhichwelcomesbasicrecordkeepingprinciples in an uncontrolleddatagrowth (not givingawayopportunities in practiceforthesakeofideology)</li></ul> (comments Kampffmeyer)<br />6<br />
  32. 32. Moreq Future: planned (1)<br /><ul><li>MoReq diversifies against a common core set of best practice requirements to infiltrate not only different software and technologies but also different industry sectors.
  33. 33. By 2012 and beyond we see the start of a trend to package MoReq for "Health", for "Defence", for "Oil & Gas“ etc.
  34. 34. The DLM forum are planning to have a first wave of additional modules for MoReq 2010 available by the time of their triennial conference (Brussels Dec. 2011). Unlike the core requirements, the additional modules will be optional rather than mandatory.
  35. 35. Included in the first wave will be:
  36. 36. an import service – providing the ability to import records and associated metadata from another MCRS. Note that the ability to export records is a core requirement, but the ability to import records is an additional module. This is because an organisation implementing its first MoReq 2010 compliant system does not need that system to be able to import from another MoReq 2010 compliant system.</li></ul>7<br />
  37. 37. Moreq Future: planned (2)<br /><ul><li>Modules that provide backwards compatibility with MoReq 2
  38. 38. a scanning module
  39. 39. a file module (MoReq 2010 replaced the concept of the ‘file’ with the broader concept of an ‘aggregation’. The additional module would ensure that a system could enforce MoReq 2 style ‘files’ (which can only be split into volumes and parts). In MoReq 2010 terms a MoReq 2 file is simply one possible means of aggregating records
  40. 40. a vital records module
  41. 41. an e-mail module (the core requirements of MoReq 2010 itself talks generically about ‘records’ and do not focus specifically on any one particular format)
  42. 42. It is hoped that more additional modules would follow. Jon Garde would like to see MoReq 2010 additional modules that cover records keeping requirements in respect of cloud computing, mobile devices and social software. He urged anyone who feels that there are needs that MoReq 2010 could usefully address to come forward and develop a module to address those needs. For example modules that provide functionality specific to a single sector (health sector, defence sector etc.)
  43. 43. Development of test centers:
  44. 44. The MoReq Governance Board plans to accredit an international network of testing centres, to whom vendors can submit products for testing against MoReq 2010. Six organisations have already expressed an interest in becoming testing centres. There is no limit to the number of test centres that may be established. The test centres will use test scripts and templates created by the MoReq Governance Board. Vendors will pay a fee to the test centres to have their products tested, and (assuming they are successful) a fee to the DLM Forum to validate the recommendation of the test centre and to award the certificate.</li></ul>Source: Comment J. Lappin / J. Garde (link to blog)<br />8<br />
  45. 45. Moreq Future: What is needed<br /><ul><li>"Lex MoReq„ isneeded! Still a leaner MoReq2011 shouldbeanchored in a European Directiveandas a consequencetobefollowedandimplemented in all national legislationsofthe EU as a mandatorystandardbeyondthe classic notionof a "Record“.
  46. 46. "Embedded Records Management - everytimeeverywhereandforeverybody"!
  47. 47. „Interoperability“ isthenewbuzzwordforthe DLM-Forum in Dec. 2011 (Brussels)
  48. 48. Whatweneedis a seamlessandautomated Records Management in thebackground; It‘s not about Web 2.0 orSocial Media but it‘saboutintegratingnewtechnologyconcepts (in placeor in app RM and SOA)
  49. 49. James Lappin: RMJ
  50. 50. Alan Pelz-Sharpe (comment: Is Moreq 2010 a DoD 5015 slayer?)
  51. 51. “Slayer because it does what it's supposed to do and no more. It's a standard that tells you what you must do, but not how to do it, or for that matter where to do it. In fact with this new standard, you may potentially even have your own internal RM program certified, rather than the standard simply being restricted to a particular vendor's software solution. This is a huge change in direction, and one that I certainly welcome.” </li></ul>9<br />
  52. 52. DLM Forum Dec. 2011 Brussels<br /><ul><li>Call for papers: contributions to support a Health / Pharma specific committee are welcome (
  53. 53. The DLM Forum has launched in July 2011 the MoReq2010 Technical Committee to manage and extend MoReq2010, and has published the first XML Schema that enables interoperability between records systems.
  54. 54. Leading vendors such as Automated Intelligence, EMC, Fabasoft, Gimmal Group, HP, Open Text, and Oracle, together with Records Management consultants and industry analysts have already joined the new Committee …
  55. 55. The creation of this committee has triggered overwhelming interest from all parts of the industry. Numerous specialists and professionals want to be involved in implementing and extending information compliance solutions. In addition to the technical committee the DLM Forum will also be establishing working groups for practitioners, translators and accredited MoReq2010 Test Centres.”
  56. 56. “MoReq2010 is the first records and information management specification that enables interoperability between different MoReq2010 compliant records systems even when built by different suppliers through the use of a defined shared data model. It enables commercial and government organisations to secure and develop critical information independent of email, document content management, cloud and mobile systems, so that when systems are changed, updated, migrated or integrated, the security, value and probity of the records is maintained. We expect that all future information compliance products and systems across Europe will exploit this platform to meet regulatory requirements”.
  57. 57. Details link</li></ul>10<br />
  58. 58. Aligning ISO 15489 with Moreq2<br />IT vs. non-IT related processes<br />11<br />
  59. 59. ISO15489 RM processes<br />Model Requirements for the ERMS<br />Moreq2<br /><ul><li>Capture
  60. 60. Which objects (company guidelines)
  61. 61. Created and received incl. Metadata
  62. 62. Physical and electronic objects
  63. 63. Registration
  64. 64. Formalizing capture incl. metadata
  65. 65. Unique identifier, date-time, title, author
  66. 66. Classification
  67. 67. According to classification-scheme (taxonomy)
  68. 68. Sequence of business activities (links)
  69. 69. Indexing
  70. 70. Access and security classification
  71. 71. According to classification-scheme
  72. 72. Identification of disposition status
  73. 73. Identify retention-period of the record
  74. 74. Storage
  75. 75. Physical and electronic (backup)
  76. 76. Use and location tracking
  77. 77. Records management transactions
  78. 78. Implementation of disposition
  79. 79. Continuing retention incl. Disposition-hold)
  80. 80. Transfer, migration
  81. 81. destruction </li></ul>ISO 15489 and MoReq2 both cover the entirety of the processes affecting records.<br />
  82. 82. ISO 15489 : RM Process Controls Section 9<br />Non-IT Process<br />Functional Integration of RM Process Requirements: Aligning ISO 15489 with Moreq2<br />9.1<br />9.2<br />9.3-9.8<br />9.9<br />9.10-11<br />5.3<br />4. Controls<br />FSpecs<br />Process<br />Life Cycle<br />Capture<br />Use<br />Manage<br />Tracking<br />Legal Hold<br />Disposition<br />Retention<br />Policy<br />MonitoringAudit Training<br />Moreq2: Chapter #<br />6.<br />3./5.<br />7.-9.<br />
  83. 83. Best practices for RMNon-IT specific<br />Preserve the right information for the correct length of time<br />Meet legal requirements faster and more cost effectively<br />Control and manage records management storage and destruction fees<br />Demonstrate proven practices of good faith through consistent implementation<br />Archive vital information for business continuity and disaster recovery<br />Provide information in a timely and efficient manner regardless of urgency of request<br />Use appropriate technology to manage and improve program<br />Integrate policies and procedures throughout organization<br />Establish ownership and accountability of records management program<br />Arrange for continuous training and communication throughout the organization<br />Project an image of good faith, responsiveness and consistency<br />Review, audit and improve program continuously<br />
  84. 84. RM Ruling Framework: Core Func Specs<br /><ul><li>Configuration
  85. 85. Capturing, Metadata Mgmt, Classification
  86. 86. Retention Mgmt, Life Cycle Mgmt
  87. 87. Disposition / Destruction
  88. 88. Tracking (hybrid environment)
  89. 89. Search & Retrieval
  90. 90. Legal Hold Mgmt</li></ul>15<br />