Request for Feedback on the Universal Electronic Records Management Requirements

We released the Universal Electronic Records Management Requirements in August 2017. These requirements marked the first major milestone in the Federal Electronic Records Modernization Initiative (FERMI). These requirements identify high level business needs for managing electronic records and come from existing NARA regulations, policy, and guidance. 

We are now in the process of reviewing the requirements and making updates. A few of the suggestions we’ve heard over the last few years include: 

We want to hear from you! What do you think should be added or updated? We would like to receive feedback from a variety of stakeholders, so please share widely.

3 thoughts on “Request for Feedback on the Universal Electronic Records Management Requirements

  1. Metadata. The power and utilization of metadata across multi-information and content management disciplines and platforms. Metadata is a game-changer for search and retrieval when refined and focused on user-driven purposes when paired with minimum document and records management purposes.

  2. Hi,

    In many cases a single repository for managing all e-records is not practical or feasible. What’s missing in UERM is a minimum set of RM capabilities (such as 36 CFR 1236.20) that a source system might have to better manage records that may not include all of the same “must have” requirements as an ERM system dedicated to managing e-records.

    It would be good to distinguish (if possible) requirements for a dedicated ERM system vs requirements in general for any system that may contain electronic records.

    For example 6.02 “The records system must provide the ability to design and generate customized reports.” An email system storing records may not have reporting capability built-in but an eDiscovery tool could be used to report on emails found within it.

    But having an eDiscovery tool should probably not be a “must have” to managing the email records in the mail server, as long as some minimal set of ERM requirements are being met by the mail server for tracking and integrity.

    This minimal set of requirements will be helpful when interacting with IT on standing up new systems in general in the organization that have to meet some set of ERM requirements as part of an approval process, where the systems are not specifically ERM systems.

    This set of minimal requirements should not be overbearing and should not require a complex and costly integration with a single ERM repository. Cybersecurity might be a good model for this approach to emulate.

    What is also missing is what level of automation is required to meet a “must have” requirement.

    For example, I can manually modify security access and I can track changes to a file on a file share using a manual log of “who did what” with the file and “when”.

    Does this example meet the “must have” requirement of 0.06 stating “The records system must have the ability to prevent unauthorized access, modification, or deletion of records, and must ensure that audit trails are in place to track use of the records.”?

    is there an expectation for some level of automation to meet each requirement?

    I’m assuming because you’ve avoided wording such as “automatically” there is flexibility in how a requirement can be met. Please advise?

    Thank you.

  3. Thanks Tim and Karen. We appreciate the comments and will take them in as we look toward updating the requirements.

Comments are closed.