UTEP Electronic Records Policy
Reference Documents
Electronic Records Certification and Disposal of Records Policy
University departments are encouraged, when possible and appropriate, to use all available electronic technologies that increase efficiency, reduce expenses or improve the methods to process, handle, retrieve, transmit and retain University records and information.
Electronic records must be retained and disposed of in accordance with the University's certified Record Retention Schedule UTEPRRS (08/24/2018). All official correspondence and business records are subject to the record retention policy whether in electronic or other tangible form. Preliminary drafts of letters, memos, spreadsheets, and transitory e-mails are normally not considered official records and do not need to be retained.
Electronic Imaging is the capture and storage of electronic images of documents that will ensure the preservation and integrity of the information recorded on the documents.
The Electronic record is an acceptable medium only in Perceptive Content after appropriate indexing is completed and tested.
After electronic records are certified by IT to comply with this policy, the associated paper records are no longer the official record; the electronic record becomes the official record. IT is responsible for certifying the conversion using the attached form. After certification, the associated paper records may be destroyed at will.
After the retention period for electronic records is met, IT will notify the record's owner (department) for final clearance. The Records Management Office will process the official disposition log form and deliver to the department head for signature approval to authorize the electronic record to be purged.
Section 1.0 Definitions
The following words and terms, when used in these sections, shall have the following meanings, unless the context clearly indicates otherwise. Terms not defined in these sections shall have the meaanings defined in the Government Code, §441.180.
- Archival state record-A state record of enduring value that will be preserved on a continuing basis by the Texas State Library and Archives Commission or another state agency until the state archivist indicates that based on a reappraisal of the record it no longer merits further retention.
- Electronic mail record-An electronic state record sent or received in the form of a message on an electronic mail system of a state agency, including any attachments transmitted with the message.
- Electronic mail system-A computer application used to create, receive, retain, and transmit messages and other attached records. Excluded from this definition are file transfer utilities.
- Electronic records system-Any information system that produces, manipulates, and stores electronic state records by using a computer.
- Electronic state record-Information that meets the definition of a state record in the Government Code, §441.031 and §441.180, and is maintained in electronic format for computer processing, including the product of computer processing of the information.
- Mailing list service-An electronic mailing list hosting service (e.g., Listserv) used for discussions and announcements within a specified group of individuals. Subscribers to the service participate by sending information to and receiving information from the list using electronic mail messages.
- State record-As defined by the Government Code, §441.180(11), any written, photographic, machine-readable, or other recorded information created or received by or on behalf of a state agency or an elected state official that documents activities in the conduct of state business or use of public resources. The term does not include library or museum material made or acquired and maintained solely for reference or exhibition purposes; an extra copy of recorded information maintained only for reference; or a stock of publications or blank forms. As provided by the Government Code, §441.031, the term also does not include any records, correspondence, notes, memoranda, or documents, other than a final written agreement described by §2009.054(c), associated with a matter conducted under an alternative dispute resolution procedure in which personnel of a state department or institution, local government, special district, or other political subdivision of the state participated as a party, facilitated ELECTRONIC RECORDS STANDARDS FOR STATE AGENCIES 3 as an impartial third party, or facilitated as the administrator of a dispute resolution system or organization.
- Transitory information-Records of temporary usefulness that are not an integral part of a records series of an agency, that are not regularly filed within an agency's recordkeeping system, and that are required only for a limited period of time for the completion of an action by an official or employee of the agency or in the preparation of an on-going records series. Transitory records are not essential to the fulfillment of statutory obligations or to the documentation of agency functions.
Section 2.0 General
- These sections establish the minimum requirements for the management of all electronic state records. (b) The head of each state agency must ensure:
- that a program is established for the management of state records created, received, retained, used, transmitted, or disposed on electronic media;
- that the management of electronic state records is integrated with other records and information resources management programs of an agency;
- that electronic records management objectives, responsibilities, and authorities are incorporated in pertinent agency directives;
- that procedures are established for addressing records management requirements, including retention requirements and disposition;
- that training is provided for users of electronic records systems, including electronic mail systems, in the operation, care, and handling of the information, equipment, software, and media used in the systems;
- that up-to-date documentation is developed and maintained about all electronic state records that is adequate for retaining, reading, or processing the records and ensuring their timely, authorized disposition; and
- that a security program for electronic state records is established that is in compliance with subsection (b) of 1 TAC 201.13 (relating to Information Resource Standards).
Section 3.0 Creation of Electronic State Records
- Any state agency electronic records system, already in use on the effective date of these sections, should meet the minimum requirements in subsection of this section to the extent possible.
- Any electronic records system developed or acquired by a state agency, after the effective date of these sections, must meet the following requirements:
- All electronic student and administrative records are stored in Application Xtender. The images reside on a storage array which is operated and maintained by IT in the Administrative Data Center in a TIF format. The index for retrieving these documents resides on Oracle and SQL databases which are also housed on IT hardware within the Data Center. The document images and the database are backed up nightly with copies sent off site. In the event of a migration, IT would ensure that all existing images/indexes would be carried over to the new system and that all historical records would be available in the new system.
- All documents within Application Xtender contain a document ID that uniquely identifies the document through the database. The path to all documents is also stored in the database in order to allow one to retrieve, or delete the document whether through Application Xtender, or manually.
- Currently we do not have any records in Application Xtender as a record set, but the system does support the functionality.
- The mechanism for storing of all electronic records is not dependant on any operating system platform. Images are saved as Group 4 TIFF images with a database index. TIFF files can be accessed through multiple means and are not dependant on any particular software application or package.
Section 4.0 Retention of Electronic Records
- A state agency must establish policies and procedures to:
- Use of Application Xtender (software and hardware), associated system documentation and the connected databases will be maintained by IT and the Records Management Office for as long as the approved retention period of the records maintained within it. In the case that the system, either software or hardware, has to be replaced a migration path will be identified and tested, with tests to include connectivity to migrated documents and all associated indices.
- Database backups are continually copied to tape in order to ensure availability in the event of a data corruption or data loss. The images stored on the storage array can be copied to a secondary server if need be. Quarterly test restores will be conducted in a test environment to ensure recoverability of those records in the case of a catastrophic event, one a test environment becomes available.
- Records retention schedules are submitted periodically by the Records Management office according to requirements set by the state.
- Records are accessible using Application Xtender via the client application installed locally or through the web client accessible through web browser. Images can also be access through the web browser from an offsite location by using VPN. Tapes are used only for recovery purposes from data errors or disaster recovery.
- While the retention policy for electronic mail has been documented, the solution is still being researched and will be put in place in the next fiscal year (2009-2010). The solution would capture all incoming and outgoing electronic mail and archive for eDiscovery and retention purposes only. Below is a graphical representation of the proposed solution:
- Electronic Records Policy
The rules apply to ALL electronic state records; regardless of the retention period.
Electronic State Record-Information that meets the definition of a state record in the Government Code, S441.180, and is maintained in electronic format for computer processing, including the product of computer processing of the information.
Ensure that an electronic state record and any software, hardware and documentation, including maintenance documentation, required to retrieve and read the electronic state record are retained as long as the approved retention period for the record and disposed of in accordance with the University certified Record Retention Schedule.
State laws required the retention of transmission data also known as metadata-the data describing context, content, and structure of records-to establish the authenticity and integrity of the record. Data to retain must include, but not limited to:
- Name of sender
- Name of recipient/addressee(s)
- Date/time the message was sent
- Attachments
Note: State law regarding electronic records requires that electronic records be individually identifiable and retrievable for the entire retention period.
Backup tapes cannot be considered a method of retaining e-mail records.
-
Any electronic mail system developed or acquired by a state agency, after the effective date of these sections, must meet the following requirements.
Electronic Mail Record-An electronic state record sent or received in the form of a message on an electronic mail system of a state agency, including any attachments transmitted with the message.
All University official correspondence and business records are subject to the record retention policy whether in electronic or other tangible form. Preliminary drafts of letters, memos, spreadsheets, and transitory e-mails are normally not considered official state records therefore do not need to be retained.
UTEP Records Management recommend all University departments, when possible and pertinent, to use all available electronic technologies that increase efficiency, cost effectiveness or improve the methods to process, handle, retrieve, transmit and retain University records and information.
E-Mail Retention Guidelines:
- Correspondence conducting official state business may be delivered by surface mail or e-mail and in both cases constitutes a state record that must be managed accordingly. It is the content and function of a message that determines its retention requirements. Each message must be retained or disposed of according to the certified The University of Texas at El Paso Records Retention Schedule (UTEPRRS).
- E-Mail may be categorized into, but not limited to, one of the following UTEPRRS record series categories:
Guideline for Correspondence Administrative-(Agency Code ALL180)
Incoming/outgoing and internal correspondence pertaining to the formulation, planning, implementation, interpretation, modification, or redefinition of the programs, services, or projects of an agency and the administrative regulations, policies, and procedures that govern them.
The administrative correspondence of the president and vice-presidents of the university is subject to archival review.
Retention Period: Three years.
Guideline for Correspondence General-(Agency Code ALL190)
Non-administrative incoming/outgoing and internal correspondence, in any media, pertaining to or arising from the routine operations of the policies, programs, services, or projects of an agency.
Retention Period: One year.
Guideline for Transitory Information-(Agency Code ALL230)
Correspondence that would not be classified as general or administrative, and odes not pertain to case or project files or other record series listed in the UTEPRRS may be categorized as transitory. This would include announcements and memos nonbusiness-related staff events, personal e-mails, unsolicited advertisements, and information announcements (the department/person sending the information announcement should keep one copy). See UTEPRRS for more information about transitory information.
Retention Period: AC-(after closed) after the purpose has been fulfilled.
No Disposal Request is required to dispose of transitory records.
Note: Routinely delete or remove transitory e-mails as soon as they have served their purpose. Be able to demonstrate timely and consistent management and disposition of transitory e-mails.
Correspondence to be Files with Case or Project Files
Correspondence that pertains to another record series should be filed with and retained for the same retention period as that series. For example, correspondence about a particular building project would be filed with other documentation about the project under CAP03 UTEP Building Project Files and retained for the full 10 years after the completion of the project (AC + 10) retention requirement. Other examples include litigation files, complaint files, and other record series that frequently include collaboration and correspondence.
- Some transmission data (name of sender and addressee(s); date/time the message was sent) must be retained for each electronic mail record, except for mailing list services that do not identify the addressees.
- A state agency must determine if any other transmission data is needed to maintain the integrity of the electronic mail record.
- A state agency that uses an electronic mail system that identifies users by codes or nicknames or identifies addressees only by the name of a distribution list must instruct staff on how to retain names on directories or distribution lists to ensure identification of the sender and addressees of messages.
- A state agency having an electronic mail system that allows users to request confirmation that a message has been received or opened must establish guidelines for the appropriate retention of this information.
- A state agency must provide for the organization of electronic mail records according to the agency's approved records retention schedule.
Section 5.0 Final Disposition of Electronic State Records
- Electronic records will only be destroyed with the appropriate approval forms and processes acceptable under the records retention schedule as mandated by the Records Management office.
- Archival records will be maintained through migrations and upgrades as part of the system maintenance identified in section 4.0 of this document.
- A state agency must ensure that:
- Files set for deletion are disposed according to standards set by the manufacturer to meet government standards.
- Magnetic storage media is degaussed prior to it being physically destroyed.
- A state agency must establish and implement procedures that address the disposition of an electronic mail record by staff in accordance with its approved records retention schedule and, specifically, must establish guidelines to enable staff to determine if an electronic mail record falls under transitory information (records series item number 1.1.057) on the agency's approved records retention schedule in order to encourage its prompt disposal after the purpose of the record has been fulfilled.
CAUTION: An e-mail record may not be destroyed, even it is has met retention requirements, when an action has been initiated or is anticipated against it. Actions may include audits, litigation, public information requests, or administrative reviews. Records must be retained until the resolution of the action and all issues arising from it.
E-mails categorized as ALL230 UTEPRRS-Transitory Records do not require authorization.
All other e-mails records do require authorization to dispose. E-mail correspondences do not need to be listed separately from correspondence delivered or retained in other media formats on the request form.
After obtaining authorization to dispose of e-mail records: Delete them. Deleted e-mail is retrievable after being deleted from the user mailbox and remains as residual information in the university media and hardware for an indefinite period. State law protects the final disposition of any residual Electronically Stored Information (ESI) through regulation of the way media and hardware are destroyed or reformatted prior to release from state custody.
- UTEP utilizes Write-Many-Read-Many therefore this section does not apply.
Section 6.0 Maintenance of Electronic Records Storage Media
- Files and tapes are stored in the University’s Data Center which maintains a temperature of 65 to 70 degrees Fahrenheit at 40% humidity.
- Magnetic tapes are only kept for a total of 60 days (30 days onsite and 30 days offsite) after this they are placed back in the pool of available media for reuse by the backup system. Also, we currently do not have a test environment in which we could restore the data for test purposes; IT in the process of gathering requirements for an Application Xtender test environment.
- At least a 5% sample or a sample size of 50 magnetic tapes, whichever is less, must be tested for read errors;
- Tapes with unrecoverable errors must be replaced and the data must be restored to the extent possible; and
- All other tapes which might have been affected by the same cause (i. e. poor quality tape, high usage, poor environment, improper handling) must be read and corrected.
- In order to ensure that no data is lost, the data is hosted on both a database server (indexes) as well as on a storage array (images), both of which have redundancy built in to ensure system availability and, in the case of the storage array, data protection.
Database – Database backups are kept for a total of 60 days. The databases contain the index fields for documents scanned and can be restored to a point in time to minimize data loss.
All images are backed up and kept for a total of 60 days (30 days onsite, 30 days offsite). This provides us with the ability to restore documents in the event of data corruption or data loss.
- No records are maintained on floppy disk.
- Electronic storage media must have an external label or an index, such as electronic records systems utilizing automated disk/tape library management systems, that includes the following information:
- The tapes are labeled with a bar code. This information along with the backup name is then stored through the backup software, CA Arcserve.
-
Through the software the database backup is labeled with the server name plus the date. The server names for Application Xtender all begin with the prefix “IMG”. This allows us to identify both the servers along with the backups.
To locate images stored through Xtender, the path can be found by accessing the database. Each application has a table called AE_DLxxx. This is where the image info is stored. (xxx = the APPID of the application. This info can be found in the AE_APPS table).The AE_DLxxx table has a field called PATHID, which corresponds to a record in the AE_PATHS table. The PATH record associated with the PATHID is where the image resides. Anohter way to identify the path of the images is by looking in AppGen under Applications - each application - Paths to see where the current storage path is pointed to.
- Both the creation and disposition dates are established through backup policies created by the Systems Support team.
- Only System Administrators have access to this software and as such they are the only ones that have access to modify policies for backups and disposition dates of these backups.
- The software used to control all backups is CA Archserve along with a Dell ML6020 tape library and an EMC DL710 virtual tape library.
- Windows 2003 SP3
- UTEP does not use optical media for storage. All data is stored within a storage array.
Section 7.0 Guidelines for the Management of Electronic Transactions and Signed Records
- The Guidelines for the Management of Electronic Transactions and Signed Records, which are available at http://www.tsl.state.tx.us/slrm/recordspubs/index.html#ueta, are adopted by the Texas State Library and Archives Commission. The guidelines are based on the work and recommendations of the Uniform Electronic Transactions Act Task Force. The task force was jointly created by the commission and the Department of Information Resources to advise the agencies on the rules each might adopt pursuant to the Business and Commerce Code, §43.017.
- The Guidelines for the Management of Electronic Transactions and Signed Records are applicable to state agencies that send and accept electronic records and electronic signatures to and from other persons and by state agencies that otherwise create, generate, communicate, store, process, use, and rely upon electronic records and electronic signatures.
- The Guidelines for the Management of Electronic Transactions and Signed Records describe electronic records, electronic signatures, and trustworthy records; describe common types of risks that pertain to electronic transactions and signed records, describe the need for, and how to conduct risk assessments, as well as how to conduct a cost/benefit analysis to determine if the electronic transaction is practical. The Guidelines also discuss risk mitigation and security relating to electronic records and signatures; and records management issues, including life cycle vs. system development life cycle, preservation of electronically signed records, and the role of records managers and auditors in the implementation of a process to accept electronically signed documents. The Guidelines include appendices that discuss current electronic signature technologies, contain a checklist for evaluating electronic signatures, discuss the technical considerations of various electronic signature alternatives, and briefly comment on the International Organization for Standardization nonrepudiation model.
- For archival state records, state agencies must ensure that the printed name of the electronic signer, as well as the date the signature was executed, be included as part of a human readable form (such as electronic display or printout) of the electronic record.
For assistance please contact:
Edgar Luna
Assistant Vice President
Enterprise Computing
(915) 747-6395