Statutes, codes, and regulations
Rhode Island Administrative Code
Title 100 - Department of StateChapter 50 - Public Records AdministrationSubchapter 00 - N/A
Part 2 - Electronic Records Management
Section 100-RICR-50-00-2.7 - Electronic Records Storage Management Systems

100 R.I. Code R. 100-RICR-50-00-2.7

Download
PDF
Current through December 3, 2024
Section 100-RICR-50-00-2.7 - Electronic Records Storage Management Systems
2.7.1Agency Requirements
A. Agencies shall retain responsibility for managing their electronic records, regardless of whether they reside in a public, private, or community cloud, a contracted environment, or under the agency's physical control.
1. Agencies shall be responsible for monitoring changes to third-party terms of service that may affect the management of records.
2. Agencies shall be responsible for identifying what kind of social media output constitutes a public record and capturing those records appropriately.
2.7.2System Requirements
A. All systems and networks responsible for the creation, management, and/or preservation of public records are required to:
1. Capture, manage, and preserve electronic records with appropriate metadata and must be able to access and retrieve electronic records, including electronic messages, for the full retention period listed in the associated records retention schedule (as defined in § 1.4(A) of this Subchapter) for that record;
2. Have controls for file integrity monitoring to prevent unauthorized use, alteration, concealment, or deletion of records. Examples of controls include checksums, audit trails, access lists, monitoring, and agent validation. Monitoring documentation include audit reports and the results of integrity checks;
3. Have all events and actions related to the record by person, entities, and non-person entities documented on an on-going basis once a record has been captured into a records system;
4. Document and track into an audit log any actions changing the level of access, altering the record, or changing the location of the record;
5. Ensure usability of records by:
a. Determining if the retention period for any records is longer than the life of the system where they are currently stored;
b. Converting records to usable formats and maintaining the link between the records and their metadata through the conversion process;
c. Planning for the migration of records to a new system before the current system is retired;
d. Ensuring that migration of records addresses non-active electronic records stored off-line; and
e. Carrying out system upgrades of hardware and software while maintaining the functionality and integrity of the electronic records created in them.
B. If a third-party provider discontinues services, agencies shall continue to meet their records management responsibilities by migrating the records to another system or repository.
1. The system receiving the migrated records shall have appropriate security and records management controls in place to manage the records throughout the entire lifecycle, including preventing the unauthorized access or disposal of records.
2. During records migration, all records and associated metadata in the originating system shall be retained until the migration is complete and the destination system has been deemed reliable and secure.
2.7.3Metadata Requirements
A. Agencies shall capture, manage, and preserve metadata associated with electronic records to ensure content, context, and structure is preserved.
1. Record metadata shall consist of information recording:
a. The description of the content of the record;
b. The structure of the record (form, format, and relationships between record components);
c. The business context in which the record was created;
d. Relationships with other records and metadata;
e. Identifiers and other information needed to retrieve the record; and
f. The business actions and events involving the record throughout its existence.
B. Records systems shall define metadata to:
1. Enable the identification and retrieval of records;
2. Track processes carried out on records; and
3. Associate records with:
a. Changing business rules, policies, and mandates;
b. Agents, and their authorizations and rights with regards to the records; and
c. Their business activities.
C. Metadata shall be in one of six categories:
1. Identity - information identifying the record;
2. Description - information determining the nature of the record;
3. Use - information facilitating immediate and longer-term record use;
4. Event plan - information used to manage the record, such as disposition information;
5. Event history - information recording past events on the record and its metadata; or
6. Relation - information describing the relationship between the record and other records.
D. Metadata for a record shall be protected from unauthorized deletion and shall be retained or destroyed in accordance with the record's retention schedule.
E. Once the record has been captured, the associated metadata, including a unique identifier, author, date of creation, and relationships with other records, shall be fixed and kept as transactional evidence.
F. When migrating records between systems or converting to new file formats, agencies shall ensure informational content remains unaltered and that sufficient metadata describing the context and structure of the records is retained to be used for all of the same business purposes as the source records.

100 R.I. Code R. 100-RICR-50-00-2.7

Adopted effective 5/14/2024