125. There is no doubt that the emergence of new technologies has significantly contributed to improving United Nations programmes, services and operations. Most documents are now born digital or scanned. The main challenge for the United Nations, as for many other large institutions, is to capture and manage its digital records beyond regular back up and storage strategies. Records management has not
been given the attention required in the transition to the digital environment. The consequence is
alarming: 20 years of digital records and related archives are at risk and access to them may have
been lost despite the fact that they are stored somewhere on a server of some type.
126. ISO 15489-2 describes the differences between handling paper records and electronic records at the various steps of the RM process. One of the main differences is that RAM-related actions
concerning the capture, classification, access and disposition have to be taken at the point of creation of digital items. This is particularly important in relation to the metadata attached to records.
Such action is not customary in many United Nations entities and, as a result, there is no assurance that an electronic occurrence of a record can be regarded as the master or certified official version.
127. The results of the JIU survey and the comments provided during interviews highlighted the extreme diversity of ways in which digital or electronic records are currently captured and stored by records producers and records users using various information systems. Individual drives, shared drives, laptops, USB keys, local or shared databases, intranets, web-based content repository, among others, are all used but are not configured in accordance with agreed common principles and criteria for
classification and retention guiding principles which are, together with the access rules, the basic features of records management. In most cases, ICT divisions then back up these ICT aggregated
elements.
Table 5: Means of storage for digital documents and records (Percentage) (In the absence of ERMS) Do you use other information management systems in your unit?
Yes
Individual drive 91.7
Shared drive 92.3
Shared database 78.8
Content management systems (CMS) 39.3
Document management system 37.9
Online repository (clouds, etc.,) 15.4
Other information systems 26.3
Source: JIU survey, question 23.
128. Records management officers confirmed that the current situation is not satisfactory since the IT devices used for storage do not enable staff to manage electronic records through their life cycles. They
highlighted the related inherent risks in terms of integrity, security and authenticity as records can easily be deleted and moved around while users’ actions cannot be traced appropriately; replications are commonly performed and there is no control over access to them and the records creation process.
129. The respondents to the JIU survey recognized these difficulties, almost 50 per cent of who stated that the current situation did not enable effective records management. Comments gathered also highlighted that electronic records are rarely deleted when they have reached the end of their prescribed
retention period and they are not transferred to any official corporate repository. This type of electronic storage should be composed exclusively of e-files of permanent value (legacy data) for which it would be subsequently easier to apply long term preservation strategies.
130. The multiple repositories are in the hands of various individuals with a high risk of loss of
relevant information when any of the staff leaves his or her post. Such multiplicity and exclusivity also have a negative impact on knowledge management and knowledge sharing, which is de facto restricted across the entity; such local systems are often exclusive in terms of access although their content could be useful to other parts of the entity. One records management officer explained candidly that she realized how much the substantive themes of each section of the entity she worked for were interrelated and that staff members could benefit significantly from accessing information handled by their counterparts if this was made available in a managed repository.
Box 6: Specific case of e-mail messages and their attachments
E-mail messages and attachments are potential records for any organizational unit and are therefore, in theory, subject to statutory record-keeping requirements as recognized in particular by ST/SGB/2007/5. Annex V to the present report indicates the entities that have promulgated specific policies or guidelines concerning electronic messaging. Some have not yet promulgated a specific policy or refer to a broader ICT administrative circular. At the United Nations Secretariat, it seems that a draft policy has been under preparation for several years but has not been officially published as of yet. Many of these specific policies focus on the usage of electronic messaging as ICT resources and indicate how it may or may not be used within an organization (personal/official use, confidentiality, procedures for attachments and their size, characteristics of mailboxes, anti-spam measures, etc.).
However, a few policies prescribe which messages are considered to be electronic records and how these must be managed in terms of retention, classification schemes, disposal and security) and through which process some should be further kept as archives. The most detailed policy in this regard is applied by UNHCR, which benefits from its Livelink/e-SAFE application and gives a role to the Records and Archives Section (RAS) on that matter. For the United Nations Secretariat, ARMS produced guidelines on managing e-mails as records that are available on its website but the guidelines are not easily accessible and they cannot be enforced. WFP manual includes provisions on electronic messaging.
Indeed, this review confirmed that nowadays managing e-mails in the other United Nations entities mainly means keeping backups of all messages and their attachments indiscriminately with little information about what is saved and why. In fact, the driving consideration behind the deletion of e-mail messages is not their value as a record but the IT capacity of the supporting server or even the choice of individuals. Only rarely is this digital repository exploited as a record environment. One should note that the proportion of this massive amount of information that represents authentic records with medium-term or long-term value to the organization is indeed relatively small (roughly estimated at 5 per cent of the total messages exchanged).
Although easy and quick retrieval should be one of the main benefits of a RAM programme, the following examples demonstrate the practical difficulties and the risks generated by the absence of dynamic management, even though all users do not perceive these difficulties:
When leaving his post, the executive head of an international organization passed on to the archive section in one single folder all the electronic messages he had exchanged during his entire term of office!
Since September 2011, UNDP e-mails are all stored at the United Nations International Computing Centre with a blanket provisional 7-year retention period, but they are neither classified or identified nor categorized. UNDP is therefore dependent on the Centre’s search tools and filters for the retrieval of any stored information.
At DPKO, messages are archived for 10 years on servers at the United Nations Logistics Base at Brandish under the same conditions.
Given the increasing prevalence of electronic messages in support of business transactions and substantive decisions, there is an urgent need to establish policies that address the management of e-mails as records. This is a
precondition to be able to fully integrate them in any electronic records management framework from the time of their creation, already stated as critical. For example, some of the EDRMS already in place (Unite Docs or Livelink/e-SAFE) have a “drag and paste” option that enables easy and early integration.