 |
 |
Adam Pope <[log in to unmask]> wrote: It may be useful for an EDRMS to enforce saving criteria on emails based on classification. Folders with a retention period of say two years could be stored in a proprietary format, but those with longer schedules could be saved into an open format. This wasn't thought of in the latest Moreq2, perhaps they could put something along these lines into it: "where messages are saved in a proprietary format, the option should be available to save in multiple, including open, formats depending on the classification." Keeping in mind that the majority of participants on this list are in the UK or elsewhere in the EU, these comments are correct... however, knowing that some of the participants are involved in this list because they work for multi-nationals . or just want to know what's going on "across the pond", I'd encourage a broader perspective here. When storing any "records" in electronic formats that have retention periods in excess of 2 years, or that may be involved in litigation at some time, it's important to consider storing them in non-proprietary formats whenever possible. E-mail is an especially tricky issue (in the US at least) when you work for a Contractor who does work for a Federal Agency, or you are regulated by a Federal Agency, because the requirements of 36CFR (Code of Federal Regulations) for managing e-mail come into play. Section 1234.24 requires that any e-mail being retained for more than 180 days be removed from the native application and placed into an ERMS, unless the native application is able to demonstrate its capabilities of managing records in accordance with stated requirements. And when making this change, ALL information, such as headers, distribution lists, attachments, nicknames, acknowledgments of receipt, and other aspects related to the e-mails authenticity, must be maintained as well. MOREQ2 seems to fail to take many things into consideration... one of them is many organizations have produced guidance documents based on MOREQ and make numerous references to "chapter and verse" of MOREQ that will now be null and void with the issuance of a completely re-written document being issued as MOREQ2 that replaces the original, but makes no cross references to it's predecessor. I know this is a common practice with BSI publications and some other EU guidance documents I've seen, but I can see where it may cause confusion with something as far-reaching as MOREQ. Another area that I haven't been able to clarify is the differences/similarities between the planned revision to MOREQ and DOD 5015. What happens when a multi-national is required to deploy an ERMS/EDMS/ECMS that is compliant with BOTH of these sets of guidance? Has anyone considered producing a crosswalk document that looks at the requirements of the two to determine if there are any major discrepancies that would make it potentially impossible for a system to satisfy the requirements of both? Given neither is a "Standard" - one is a US-based design criteria that is referred to as a (lower case s) 'standard', and one is a EU-based model requirements document- what is a multi-national to do? Larry -- Larry Medina [log in to unmask]