Managing Trustworthy Digital Public Records

To provide guidance to state, county, and municipal government agencies for establishing methods and procedures for creating and maintaining authentic records in digital formats according to the type of records produced and the length of time the records should be retained. These guidelines are designed to ensure the admissibility of an agency’s electronic records into evidence in a court of law.

A critical need by government agencies for more efficient methods of creation, storage, and retrieval of public records has led to the adoption of varied software and information technology systems for creating, managing, and storing records in a digital format. While the advantages of such systems are many, the complexity of safeguarding the integrity of records has increased, requiring greater attention to issues relating to security, accuracy, reliability, and accountability.

These guidelines provide all levels of government within North Carolina direction in establishing methods and procedures for creating or maintaining trustworthy records produced by information technology systems. This guide addresses paper records that are scanned, or imaged, into a digital format, as well as records created in electronic format. Implementation of these guidelines should increase the reliability and accuracy of records regardless of the type of storage media employed, thereby enhancing their admissibility and acceptance by the courts as being trustworthy.

These guidelines do not address all electronic records management issues and should not be considered authoritative regarding issues such as digital alteration; digital rights management; privacy, security, and encryption; or intellectual property considerations. These guidelines are designed to be applicable to public records produced by any information technology system regardless of the physical characteristics of the record media or technology employed. This guidance is not intended to replace or exempt government entities from their responsibilities surrounding access to or confidentiality of records under G.S. § 132, nor do they supersede current records retention and disposition schedules. Failure to comply with public records law and retention schedules may result in fines or other penalties.

Definitions

Tab/Accordion Items

The quality of being genuine, not a counterfeit, and free from tampering. Authenticity is typically inferred from internal and external evidence, including its physical characteristics, structure, content, and context. Authenticity is closely associated with the creator (or creators) of a record. First and foremost, an authentic record must have been created by the individual represented as the creator. Federal rules of evidence stipulate that to be presumed authentic, records and documents must be created in the 'regular practice' of business and there must be no overt reason to suspect the trustworthiness of the record. An authentic copy is one that has been officially certified, especially so that it may be admitted into evidence.

Certified copies have the force of original records. Any public official who causes a record to be copied must attest to it and certify on oath that it is an accurate copy of the original.

A record that is produced by the same impression as the original, or from the same matrix, or by any other technique that accurately reproduces the original. Duplicate records accurately reproduce original records, except that duplicates may contain production, control, indexing, certification, or other data not related to informational content of the records and that do not affect the content of the records. When duplication processes change informational content of the records, the resulting records are considered to be new originals. According to the North Carolina Evidence Code, “a duplicate is admissible to the same extent as an original unless (1) a genuine question is raised as to the authenticity of the original or (2) in the circumstances it would be unfair to admit the duplicate in lieu of the original."

A record created or reproduced in any medium by means of any system requiring the aid of electronic technology to make the record intelligible by a person, and which is dependent upon a combination of hardware, software, and computer files. “Electronic record” refers to both records created electronically and digitization of records created in other formats. Electronic records must meet the same legal requirements as paper records. Under G.S. § 66‐317, ("Enacted Statutes G.S. § 66‐317" 2000), a record may not be “denied legal effect or enforceability solely because it is in electronic form.” Additionally, “if a law requires a record to be in writing, an electronic record satisfies the law provided it complies with the provisions of this Article.” This definition does not include microform records, which can be read with the aid of a magnifying glass.

The process of copying documents by reproducing their appearance through photography, micrographics, or scanning. Imaging, by itself, makes no attempt to make any text in the document machine‐ readable, although a system may use optical character recognition to convert imaged text to such form. Imaging, especially scanning, is often used to copy paper documents into a document management system that provides the ability to access the images.

Any process or system that employs a photo‐optical, magnetic, electronic, or other digital device for producing, reproducing, sending, receiving, storing, displaying, or processing records.

A record prepared in the first instance or any counterpart intended to have the same effect by a person executing or issuing it. If data is stored in a computer or similar device, any printout or other output readable by sight shown to reflect the data accurately is an ‘original.’ Original records may present information in a form different from the original information without affecting its quality. For example, information preserved in digital format may be printed on paper using different fonts at different times. When a file is copied to the same or to a different device, it is still considered an original record presuming the copy was successful. Accurate reproductions of the record for the purpose of greater durability, without any added information, are considered preservation duplicates as described below.

Material created or received in the conduct of affairs and intended to be preserved indefinitely because of the enduring value of the information contained in the record or as evidence of the functions and responsibilities of the record’s creator. The ongoing usefulness or significance of records is based on the administrative, legal, fiscal, evidential, or historical information they contain.

A copy of the original that is durable, accurate, complete, and clear, copied in media with greater durability than the original, such as microfilm. Copies have the same force and effect for all purposes as the original record whether the original record is in existence or not. A transcript, exemplification, or certified copy of a preservation duplicate is deemed for all purposes to be a transcript, exemplification, or certified copy of the original record.

"All documents, papers, letters, maps, books, photographs, films, sound recordings, magnetic or other tapes, electronic data‐processing records, artifacts, or other documentary material, regardless of physical form or characteristics, made or received pursuant to law or ordinance in connection with the transaction of public business by any agency of North Carolina government or its subdivisions. Agency of North Carolina government or its subdivisions shall mean and include every public office, public officer or official (state or local, elected or appointed), institution, board, commission, bureau, council, department, authority or other unit of government of the state or of any county, unit, special district or other political subdivision of government.”

Information or data in any medium that may be used as evidence or proof, and which is created by, received by, sanctioned by, or proceeding from an individual acting within his or her designated capacity. An official record, as distinguished from drafts, convenience files, or personal papers, is the complete, final and authorized copy of a record, and may warrant further actions to ensure its preservation over time.

Use of Records Prepared by Information Technology Systems in Legal Proceedings

Tab/Accordion Items

Modern rules of evidence are based on statutes and special rules determined by the courts. The federal government follows the Federal Rules of Evidence, which specifically include documents set down by handwriting, typewriting, printing, photostating, photographing, magnetic impulse, mechanical or electronic recording, or other form of data compilation, or duplicates of such when allowed by law. The federal government is also governed by the Federal Rules of Civil Procedure, which permits parties to request electronically stored information stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form. The North Carolina Rules of Evidence, (G.S. § 8C‑1, Article 10, Rule 1001), the North Carolina Rules of Civil Procedure (G.S. § 1A), and the Uniform Electronic Transactions Act (G.S. § 66‐311) establish the admissibility of records in evidence in North Carolina courts. The language used in these state statutes follows that of the Federal Rules of Evidence. Documents set down by mechanical or electronic recording are admissible as evidence, as are duplicates of such when allowed by law.

Laying a foundation is "the practice or requirement of introducing evidence of things necessary to make further evidence relevant, material or competent.” Courts have determined what is required in laying a proper foundation for electronic records. A witness must show:

  1. The input procedures used,
  2. The tests for accuracy and reliability, and
  3. That an established business relies on the computerized records in the ordinary course of carrying on its activities.

Rules of evidence permit original and duplicate records to be admitted into evidence provided that a proper foundation is laid by a showing that the records are authentic. According to the Federal Rules of Evidence and corresponding rules in the North Carolina General Statutes, a duplicate is admissible to the same extent as an original unless: 

  1. A genuine question is raised as to the authenticity of the original or,
  2. In the circumstances it would be unfair to admit the duplicate in lieu of the original. 

As an example, computer printouts are considered original records if an appropriate witness convinces the court that the printouts accurately reflect the information in the electronic files. To guard against questions of authenticity, duplicate records can be authenticated as identical to the original by hash validation.

Federal Rules of Civil Procedure state that a party should produce documents as they are kept in the usual course of business or must organize and label them to correspond to the categories in the request. Unless a requesting party specifies the format in which electronic documents should be produced, electronically stored information should be produced in the format in which it is maintained, or in a format that is reasonably useable. New information system technologies are subject to greater scrutiny in court when determining admissibility. The complex nature of computer storage calls for a more comprehensive foundation.

Common assaults on the integrity of information systems include challenges to:

  • The source of the input data and the process for transcribing it to machine‐readable form.
  • The process that creates, edits, and updates the files.
  • The process that produces the output or retrieves the records.
  • The reliability of the equipment and vendor‐supplied software.
  • The modifications and/or copying of the original files used in preparing data for discovery or evidence production, and the production of copied files, not the originals.

When laying a proper foundation for electronic records submitted as evidence, up‐to‐date documentation that describes the procedural controls employed in creating records must be produced. The original source of the computer program must be delineated, and procedures for input control including tests used to assure accuracy and reliability must be presented. Care must be taken when selecting a witness competent to testify, although the preparer of a record is not required to establish an electronic record’s authenticity. Furthermore, special care must be exercised by investigators or prosecutors in preserving the chain of custody of the evidence. The existence of an electronic records policy and regular system and administrative audits of the process may contribute to the proper foundation needed for admissible electronic records.

The structural integrity of records stored in information technology systems is determined independently from the authenticity or factual validity of the record’s content based on the accuracy of the process that produced it. When determining the admissibility of records into evidence, the court will consider the reliability and accuracy of the process or system used to produce or reproduce the records. The particular form or format of the records shall have no bearing on their legal status regarding admissibility. Likewise, the destruction of original records after imaging shall not affect the legal status of duplicate records regarding their admissibility.

All that is required for electronic records to be deemed admissible is a prima facie showing that the process or system is trustworthy in terms of producing an accurate result. Once the records are admitted, the trustworthiness of their content will remain subject to challenge. For example, a computer printout of a record is admissible if it is shown to be an accurate reflection of the source data used to create the record, but this does not mean the source data is necessarily correct.

The life expectancy of the storage media has no bearing on the admissibility of the records maintained on the media. The transfer or conversion of records from one medium or technology to another should not affect the records’ admissibility as evidence provided that quality and accuracy do not functionally change. Electronically stored records need to be actively managed and audited in order to ensure that the information does not change, become corrupted, or become less accessible. As electronic storage media deteriorates, it is necessary to periodically migrate, convert, regenerate, copy, or transfer the records from one medium or format to another in order to preserve the records and make them accessible. An agency should inspect its media and plan to migrate documents to a new medium as necessary, generally every three to five years.

Metadata is important ancillary information that must be generated and maintained in order to prove that the records remain the same following conversion or migration. Such ancillary information may include:

  • Hashing records to create a unique identifier or digital fingerprint. Those results become part of the record and should be maintained alongside the original record.
  • Periodically confirming the original hash by re‐running the algorithm tool to ensure that the hash/fingerprint has not changed.
  • Maintaining a log of activities on the record, including audit information and access records.

Digital File Transfer Guidance

Guidance to assist with the transfer of electronic records identified for permanent retention to the custody of the State Archives, as prescribed on the approved retention schedule.

Metadata as a Public Record

Guidance to help public employees understand their responsibilities and liabilities related to metadata.

Availability for Outside Inspection for Purpose of E‐discovery

The information system and records produced by it must be made available for pretrial discovery in order to facilitate effective cross‐examination.

Tab/Accordion Items

The process or system used to produce or reproduce records introduced into evidence is subject to outside inspection by opposing parties, the court, and government representatives. Outside inspection may involve:

  • Review of procedures documentation.
  • Review of system operation.
  • Independent inspection and quality control tests.
  • Independent audit.
  • Testing of process or system operation.
  • Review of equipment design and software documentation.
  • Review of training programs.
  • Any other matter related to the operation of the process or system. Review of documents related to outsourcing including the contract and service level agreements, as well as any quality control procedures followed when documents are returned.

If the records were produced on the current system or a substantially similar system, access to the system may be required to be provided to outside parties upon request so that they may process their own test data.

Records must be available for inspection and audit by a government representative for the full period required by law and approved records retention schedules, regardless of the life expectancy of the media.

Records must continue to exist when litigation, government investigation, or audit is pending, imminent, or, in some cases, foreseeable. In some instances, a court order may prohibit specified records from being destroyed or otherwise rendered unavailable. Records classified as “permanent” on a records retention schedule must be accessible indefinitely because of their enduring value.

System failures, errors in conversion, technical obsolescence, accidental erasure, and inability to read records do not relieve an organization of its obligation to retain and preserve records. Unexpected problems resulting from natural causes may mitigate the level of penalties, but do not relieve an agency of its responsibility to maintain records.

Retrieval of permanent records after a natural disaster will be required regardless of cost. See Section 10 of this document, Other Considerations, for more information about disaster backup and restoration.

Records custodians should create and save records in a method that will allow the records to be accessible in the future. Proper file naming and file formats are critical components of enabling access to the files in the future. Notably, the date should be included in the file name, as “date modified” and “date created” metadata tags can sometimes change if electronic information is moved from one storage medium to another. The following Department of Natural and Cultural Resources (DNCR) guidelines can assist with these aspects of electronic records management.

File-Naming

Guidance on how to create clear and accurate file names for efficient management of electronic records.

File Formats for Long-Term Preservation of Electronic Records

Guidance on digital formats the State Archives recommends for in-house preservation and long-term records retention.

Characteristics of Trustworthy Electronic Records

The following are criteria for assessing admissibility of records into evidence. The records must:

  • Provide the substance and detail required by law or regulation.
  • Be legible, accurate, and complete in that all features essential to an accurate reading or comprehension of the record are present.
  • Be sufficiently complete to fulfill the intent of the applicable law or regulation and the need for that information as stated in the law or regulation.
  • Attain a sufficient level of accuracy to ensure the utility of the information for the intended legal purpose.
  • Be accessible and be provided in a standard form of communication within the statutorily required time, if provided, or within a reasonable time, following any request for records and information.
  • Be retained for the period of time required by municipal, county, or state agency records retention schedules or the General Schedule for State Agency Records.

The presence of the following characteristics of electronic records demonstrates that the process or system is reliable and accurate, and will be more readily admissible as evidence. Records should be:

Tab/Accordion Items

Records produced or reproduced in the regular course of business are admissible if it can be established that the process or system used to produce them is reliable and accurate. A regularly conducted activity may include a regular pattern of activity to produce the records on a daily, weekly, monthly, yearly, or other cyclical schedule. A regularly conducted activity may also include records created as part of a regular program of the organization, but at irregular times. For example, when a planned program results in the one‐time reproduction of records created, this is considered a program proceeding in the regular course of business, even though the reproduction only occurred once. This occurs when an agency does a “backfile” conversion of its records, as when paper records are scanned into an electronic or digital imaging system. The record then exists in paper and digital form and both serve as records. Typically, an office would only do a backfile conversion one time. Once the records are in the system, they would not be scanned again.

The process or system used to generate records may include systematic quality control and audit procedures, as well as operational oversight by someone with detailed knowledge of the process or system. If an agency uses an information technology system to create, manage, and store its records, the agency must have established written policies and procedures that describe how a record is created, named, saved, accessed, audited, and transferred from one storage medium to another. All documentation about the system, and any audit testing or log, needs to be maintained by the agency in order to ensure its accuracy.

Records produced within a short period after an event or activity occurs tend to be more readily acceptable as accurate than records produced long after the event or activity. However, a challenge to the admissibility of a record produced long after the event can be overcome by a showing that the time lapse had no effect on the record's contents. For example, a statistical report produced annually in the regular course of business can be shown to accurately consolidate data compiled over the course of a year.

The information technology system should be able to separate confidential from non‐confidential information. A system's inability to carry out this function cannot be used to deny inspection or examination of public records. Because the agency must bear the costs associated with separating such information, it is recommended that the system have this function built in to save time and expense when requests for inspection or copies are filled.

Where records are managed and accessed through a file browser rather than another information technology system, data creators can organize their directories to reflect whether if files within a folder contain confidential information. Simple solutions may be adequate; creating a folder with “confidential” as part of the title gives notice that the folder contains files with confidential information. Internally, sensitive information can also be maintained by administering appropriate read/write access controls to files or folders and by storing such information in specific locations on off‐ network storage systems.

Electronic records may contain metadata, or additional data about the content of an electronic record that may not be immediately visible. Metadata can show:

  • Means of creation of the data.
  • Purpose of the data.
  • Time and date of creation.
  • Creator or author of data.
  • Placement of data on a computer network.
  • File type.
  • Standards used.
  • Hashing records.
  • Other hidden data.

According to the North Carolina Rules of Civil Procedure, “electronically stored information” includes all “reasonably accessible metadata that will enable the discovering party to have the ability to access such information as the date sent, date received, author, and recipients. The phrase does not include other metadata unless parties agree otherwise or the court orders upon motion of a party and a showing of good cause for the production of certain metadata.”

For more guidance about metadata, visit Metadata as a Public Record

Components of the Process or System Used to Prepare Records

A review of the components of a process or system may determine how well the preparation of records is controlled. The admissibility of records can be successfully defended from challenge to the trustworthiness of the process if the process or system includes the following components:

Tab/Accordion Items

The trustworthiness of an agency’s records offered in evidence may be judged by its established procedures and how closely those procedures are followed. Procedures should provide for consistent quality control and demonstrate what the organization plans to do in managing and controlling the process or system. Deviations from established procedures will be closely scrutinized, especially if the deviations are from legally required procedures.

Examples of system procedures that the agency should maintain include:

  • An electronic records and imaging policy. This should document how electronic records are managed in‐office. This policy should be applied consistently when records are created, copied, modified, or duplicated.
  • Procedures for security backup files, which should be a part of a larger continuity of operations plan. These procedures should comply with the Department of Natural and Cultural Resources’ publication, Security Backup Files as Public Records in North Carolina: Guidelines for the Recycling, Destruction, Erasure, and Re‐use of Security Backup Files.
  • Procedural manuals describing in detail the proper use of information technology systems used by the agency, such as imaging software and hardware or content management systems.

Formal training programs about system procedures create basic presumption in court that the procedures were correctly followed. If an organization can show the court that staff knew what procedures they were supposed to follow, it can also show that there is a high likelihood that the procedures were in fact followed. All employees, including information technology staff responsible for system maintenance, should be made aware of these policies, be trained on them, and should confirm by initialization or signature that they are aware of the policies and have received training on them.

Training documentation should include documentation of distribution of the written procedures, course materials, attendance of individuals at training sessions, remedial or refresher training programs, certifications of training completion, dates, and other relevant information.

Audit trails document what activities took place as part of the process or system. Audit trails document the identity of the individual(s) who creates, duplicates, modifies, or otherwise prepares the records, what actions are taken by the individual during the course of the process, and when these actions are taken, and describe the results. Properly implemented, audit trails can demonstrate who accessed the system, whether staff followed standard procedures or whether fraud or other unauthorized acts occurred or might be suspected. They can also provide independent confirmation that proper procedures were followed.

Audits performed periodically on the information technology system confirm that the process or system produces accurate results and confirm that the processes actually used follow the procedures set forth in the documentation. Audits should be designed to evaluate the process or system's accuracy, timeliness, adequacy of procedures, training provided, and the existence of audit trails. No particular method of auditing is required for a record, whether original or duplicate, to be admitted as evidence. Audits can take a number of forms:

  • Quality control performed by individuals creating the records to verify the accuracy of records at the time of creation. Quality control is used to ensure the accuracy of the system for operational purposes.
  • System audits to confirm that systems are appropriate and efficient.
  • Administrative audits to detect compliance with regulations and assess risk of fraud.

Audits confirm the accuracy of the process or system for purposes of admissibility of records in evidence. When ruling on the admissibility of the records, courts may require that audits be performed by an independent source (i.e., persons other than those who created the records or persons without an interest in the content of the records, such as a trained auditor who has organization‐wide audit responsibilities). State agencies should adhere to the General Schedule for State Agency Records regarding audits of, and audit trails for, electronic information. The audit trail file containing data generated during the creation of a master file or database should be maintained in office until its administrative value ends.

Documentation of the Process or System

Documentation provides enduring verification of the process or system used to create or recreate records. Recorded documentation preserves the information about the process or system independently from the individuals involved and can be used to prepare exhibits to guide witness testimony. Generally speaking, this documentation can be introduced into evidence for the jury to scrutinize during their deliberations. The following elements should be considered when producing system documentation:

Documentation Considerations

Tab/Accordion Items

In some proceedings, a general, non‐technical description of the process or system will be sufficient. In others, more detailed documentation may be required by the courts, including audit history that verifies that any equipment or software involved was operating properly at the time the records were produced. Documentation should be reviewed and updated on a regular basis.

For purposes of laying a foundation for admissibility of records into evidence, actual system procedures followed during the period that the records in question were produced should be maintained in sufficient detail to enable a qualified witness (e.g., the records custodian) to rely on the documentation in describing the process or system to the court. The documentation should explain what should have been done and what was actually done, and explain any deviations from standard procedures. The training, audit trail, and audit documentation should also be presented to confirm the accuracy of the process or system.

At least one set of documentation should be maintained during the period for which the records produced by the process or system could likely be subject to court review. When the documentation changes, old versions should continue to be maintained for the same period of time the records themselves need to be kept per the records retention and disposition schedules. The court will determine the admissibility of the records into evidence based on the accuracy of the process or system in effect at the time the records were produced.

Special Considerations for Digital Imaging

Imaging, or scanning, is the process of converting human readable media, such as paper or microfilm, into information that can be stored and retrieved electronically. Implementing a digital imaging system may allow for easier capture, storage, retrieval, and sharing of data, provided proper metadata and indexing exists for imaged records. The following components must be considered when implementing an imaging system:

Imaging Records

Overview of digitizing records for state and local agencies and adopting imaging systems.

Digital Imaging and Trustworthy Digital Public Records

Tab/Accordion Items

Documentation should describe the process or system used to produce and manage the agency’s imaged records. Documentation should be complete and up‐to‐date. Documentation, in conjunction with training, increases the likelihood that staff is aware of and follows the most current procedures. It also ensures that reliable system documentation is immediately available if needed for court proceedings.

Documentation about the imaging system and process should establish the steps required to get from the beginning to the end of the process. It should describe the system hardware and software, the system environment in terms of the organizational structure, functions and responsibilities, and the system processes. Documentation should also include a description of the records produced and the processes of records disposition, as well as:

  • The resolution of scanned images
  • The file formats of scanned images
  • The file naming conventions used for scanned images
  • Whether batch conversion or file re‐naming will be necessary, and what tools are used for such conversions

To assure that the imaged documents remain accessible, an indexing database that facilitates efficient retrieval, ease of use, and up‐to‐date information about the digitized records stored in the system should be developed. This index should capture the content, structure, and context of the imaged records. Additionally, whatever media is used to store imaged data should be clearly labeled with enough information that the contents of the storage medium can be determined.

The following features of a digitized record should be legible with sufficient clarity after imaging so that each can be recognized:

  • Individual letters, numbers, and symbols
  • Combinations of letters, numbers, and symbols forming words or sentences
  • Graphics such as signatures, logos, and pictures
  • Other features of records such as color, shape, texture, etc., that relate to the content of the information

Imaging and image enhancement techniques (i.e., techniques for processing the image so that the result is visually clearer than the original image) may be used provided that they do not change the content of the records. If image enhancement techniques are used, the information that is readable or recognizable on duplicates should also be readable or recognizable on originals. It may be advisable to document how such enhancements are made in the imaging process documentation. If image enhancement is performed, an original un‐altered copy of the image should be stored in addition to the altered image.

Audits should be performed routinely on imaged records to ensure no information has been lost during the imaging process, and audits should be adequately documented. For duplicates, audits also should confirm that the duplicates accurately reproduce the originals. This normally involves comparing statistically valid samplings of originals to their corresponding reproductions prior to any destruction of the originals. The actual audit reports indicate whether the statistically valid sampling of records produced accurate results and what remedial procedures were followed if the expected level of accuracy was not achieved.

Creating digital copies of records does not remove the original records from the records retention schedule. If a state agency is considering imaging its files, contact the agency’s records analyst to amend its records retention schedule to allow for the destruction of the original paper copy. If a local agency is considering imaging its files, it must request and record approval for the destruction of the original paper records for each new records series to be scanned through the “Request for Disposal of Original Records Duplicated by Electronic Means” form. This form is located within the Electronic Records Policy and must be approved by the agency’s records analyst before any originals may be destroyed.

A state agency may use either the scanning service provided by the North Carolina Office of Information Technology Services, or scan in‐house. A local agency may scan in‐house or outsource its imaging services. It may choose from those vendors available to state agencies, but is not bound to those vendors. If the agency scans in‐house, it should have a training component and employees are required to sign off that they received the training. If an agency outsources its scanning, it should maintain a copy of the purchase order and a detailed service‐level agreement.

Shared Storage and Cloud Computing

Overview of how to structure a shared drive, techniques for efficient management, and other considerations around cloud computing.

Other Considerations

Tab/Accordion Items

A thorough examination of an agency's entire record keeping system should precede the purchase of any system. System documentation, system access records, digitization and scanning records, metadata, and information maintained by that system must be listed in an approved records retention and disposition schedule prior to their destruction or other disposition. The Government Records Section is able to assist agencies with this process, and with the review of planning documentation previously mentioned.

When planning system use, records retention should be considered before implementation. Records or information with relatively short retention requirements may be best suited for storage in traditional paper media or electronic systems. Microfilm may be used as an alternative to computer readable media if long‐term or permanent retention is necessary. Its stability, ease of duplication, and immunity from obsolescence make it more suitable as a preservation duplicate medium. If an agency is interested in microfilming, it should consult the agency’s records analyst, as the agency’s retention schedule may need to be amended. The Collections Services Section of the State Archives of North Carolina provides microfilming services for certain records series produced by agencies.

Following the identification of retention requirements, if the agency determines that the proposed information technology system is the best storage methodology, the agency should make provisions for routine upgrades. Upgrades or migrations to new hardware and software, particularly on an enterprise‐wide scale, can be expensive, so future budgetary implications should be considered prior to purchasing an information technology system. Because it is difficult at best to predict those costs, a certain percentage of the startup cost should be built into initial budgets for the purpose of future conversions. Before entering into a purchase contract, agencies should determine from the vendor the cost of extracting data from the system should they need to do so. This cost may be built into the contract, or it may be an additional fee or service.

A change request must be filed by state agencies with the Office of Information Technology Services when total cost of ownership for IT projects exceeds $500,000.

Other records management factors that are commonly thought to apply only to paper‐based systems should be addressed. These include security, access to and examination of data, duplication procedures to meet public records requests, and rendition and revision control of inactive or archived records. Other considerations, such as identifying and cataloging metadata, are unique to information technology systems.

Electronic records are subject to records retention schedules according to their content, not their format. Schedules also provide information explaining which files should be kept in case of audit, computer usage, security incidents, and the proper storage and deletion of electronic information.

Unless otherwise specified, in case of court order or public records request, records should be produced in the order in which they were created or maintained in the order of business.

G.S. §132‐6.1 requires that electronic databases that meet certain criteria be indexed. These indexes can be relatively simple or complex depending on the type of data indexed and how the database is used. The Government Records Section provides guidance on indexing databases.

Security backups are critical to the survival of electronic data. Human or natural disasters, accidents involving the handling of media, and human error make electronic media vulnerable to damage. According to state policy, security backup files are public records [according to G.S. § 121‐2(8) and § 132‐1] and may not be disposed of, erased, or destroyed (according to G.S. § 132‐3) without specific guidance from the Department of Cultural Resources. Backup policies should be a component of a continuity of operations plan, and should comply with the following policies:

If a government entity contracts with a third party to image records or for other records management services, the terms of the service level agreement should detail how the contractor provides security, confidentiality, storage, and back‐ups for electronic records. It should describe the storage environment, including any geographically disparate storage locations, and how the contractor complies with records retention laws, including what the contractor is able to reproduce should legal proceedings or public records requests be issued. The contract should also describe how the contractor avoids spoliation of evidence once e‐discovery has commenced.

Off