|
|
|
|
|||||||||
|
VERS STORY | STANDARD | ASSESSMENT | PROJECTS | DIGITAL ARCHIVE | TRAINING | TOOLKIT | PUBLICATIONS | |
|
|||||||||
|
|||||
|
3.7 Reliability (Specification 1, section 2.7) The system must not lose records or folders once they have been registered with the recordkeeping system. This is where it is made clear for the first time that the term 'recordkeeping system' encompasses more than the recordkeeping application. The complete recordkeeping system includes the computer systems on which the recordkeeping application runs (particularly the storage systems), and the policies and practices implemented by the agency (particularly concerning disaster recovery procedures). The consequence of this is that the responsibility for providing this functionality is split between the vendor of the recordkeeping application, vendors of supporting computer systems, and agencies. Records or folders may be lost due to failure of hardware or software. Examples include:
Recovery of media failure and disasters are considered in the next point. This point will cover prevention of loss due to software failure. Note that reliability in this context is only concerned with ensuring reliable storage and handling of electronic records. It is not concerned with the reliable provision of service. While the provision of service is important, it is not an aspect of preservation. Conformance is achieved by a formal statement from the vendor about the processes used to prevent record losses. Typically this statement would cover the software engineering processes used to develop and maintain the application, with a particular emphasis on an analysis of events which could cause a record to be lost and the mechanisms adopted to prevent these events occurring. Among other things, such an analysis should identify:
It is not necessary to ensure an accurate copy operation where the copy is only used for working purposes and the original is retained. An example would be the situation where, when accessing a record, a copy is made in memory of the object on the disc; in this case the copy in memory is a working copy and will be discarded once the access is completed. However, when modifying a record, a copy is made in memory of the object on the disk. The copy is then modified, which then replaces the original on the disk. In this case, both the copy to memory and the subsequent copy to disk must be verified as accurate.
For each point the analysis must describe how a record or folder is protected against loss at that point. Agencies should note that several different products, produced by different vendors, may be part of the complete recordkeeping system. For example, one vendor may be responsible for the recordkeeping application itself, while another is responsible for the storage system on which the recordkeeping application runs. Vendors are normally2 only responsible for the portion of the system they produce; for example the vendor of a recordkeeping application would not normally be responsible for analysing an agency's storage system on which the application runs. Records or folders must not be lost due to catastrophic failure of the system, media failure, or physical disaster (e.g. fire). The main mechanism for handling a catastrophic failure or physical disaster is the production of copies of records and folders as part of a disaster recovery regime. At least one set of these copies must be held off-site to guard against physical disaster such as a fire. On-site copies may be produced to provide faster restoration services, but these are not a replacement for off-site storage. One aspect that must be covered in the disaster recovery plan is periodic checking that the copies can be successfully used to restore the operational system. Conformance to this point is not primarily the responsibility of a vendor. Operation of an effective disaster recovery regime is the responsibility of the agency, although a vendor or consultant may be responsible for the initial development of the regime. Conformance is shown by the implementation of a suitable disaster recovery regime where policies and procedures are set down to ensure that records are backed up off-site. PROV may audit the agency to ensure that the disaster recovery regime is being carried out diligently and correctly. The accuracy of any copy must be verified by ensuring that all records or folders which have not been marked for destruction have been copied, and that the contents of the records or folders have been copied accurately. The purpose of copying records and folders is to provide a substitute for the originals should they be destroyed. Consequently, the production of a backup copy must be treated in all particulars as if the Record was being refreshed to new media. In particular, the accuracy of the copy must be checked. Conformance can be achieved by a formal statement from the vendor responsible for the disaster recovery software that the accuracy of copies is verified. 2 The vendor of a recordkeeping application would only be responsible for the complete system (including underlying computer systems and possibly backup and disaster recovery regimes) if the vendor was supplying a complete turnkey system, including the underlying computer systems. This situation is expected to be uncommon. | |||||
 |
 |
|