65.06 - University Electronic Records Management Guidelines

Last updated November 21, 2008

A. General. More and more University records (as defined in 65.02 A-1) are being stored in electronic format (see also FSH 1470). Records, regardless of where and how they are stored, are University assets, and are subject to the same policies. Electronically stored records have some characteristics that require considerations that do not apply to paper, microfilm, or other visually accessible media.

A-1. Metadata defined. Metadata is information about a record. For example, date of record creation, date of email receipt, file format, record series, a ‘record contains sensitive information’ flag, are all potential metadata fields. Some metadata fields (file creation date, file last modified date, etc.) are frequently attached to electronic document types without user intervention. Others may require user interpretation and input.

A-2. Electronic Record Maintenance. Electronically stored records must be able to be recreated or reproduced in a reasonable facsimile to their original appearance as they existed at the time of creation or initial transmission, including metadata and associated information (email attachments, linked documents, etc.), for the life of the record.

B. Process. The administrator of each university area, department or administrative unit (unit), is responsible for management of records generated by, or in the custody of, the organizational unit, regardless of the media or manner in which the records are stored.

B-1. Records Indexing. Departments shall be aware of what electronic records they have generated or are in their custody, and shall be able to provide a complete inventory of those records to General Counsel within 10 working days, upon receipt of an inventory request.

B-2. Records Management principles applied to electronically stored records. All units are responsible for managing their records [see APM 65.02 A-3]. This section sets out best practices for electronically stored records.

a. Data Security. Units should establish and document measures for protecting sensitive or critical University information from disclosure. Inherent in this responsibility is the need to define data that requires protection from unauthorized disclosure.

b. Unit Record Continuity. Units should develop documentation of unit specific systems, such as data bases, spreadsheets or customized applications, and should provide for the future use of those records by keeping media and necessary software current for the retention period of the records in question.

1) Electronic Media Migration. For electronically stored records, the need to be able to recreate the record means that the record must from time to time be moved from one storage media to another to prevent media obsolescence from rendering the records unreadable. Electronic records should be migrated to new media no less frequently than every 3 years. The destination media shall be designated the record copy, and the source media should be destroyed upon verification of the data integrity of the destination media.

2) Software Migration. Electronically stored records are frequently dependent on software for interpretation and display. For example, Microsoft PowerPoint documents are not legible without a compatible version of Microsoft PowerPoint. In order to be able to recreate a facsimile of the record, records should from time to time be migrated to a currently available software package. Electronic records dependent on software to interpret and display them should be migrated to current software packages no less frequently than every 3 years.

B-3. Backup Files and Disaster Recovery. Electronically stored records shall be protected from hardware malfunction, accidental erasure, and disasters which may render the records unavailable.

a. Records stored on central servers. The preferred mechanism for electronic record storage is to store records on central servers provided by Information Technology Services (ITS), which performs backups and disaster recovery services on those servers. Units shall inform ITS of the nature of the records that they wish to store, and work with ITS and Records Management to find a suitable location and mechanism to store those records.

b. Records stored on local machines. University records shall not be stored on local machines without the express written permission of either General Counsel or Records Management.

B-4. Legal Compliance. Units shall work with Records Management to ensure that the unit is in compliance with laws and policies concerning electronic record keeping practices, and as needed or requested shall also work with General Counsel.

C. Information. To receive forms or for consultation, visit or contact Records Management, SUB (Student Union Building) Room 53, Moscow, Idaho 83844-4247. Telephone (208) 885-2580, or (fax) (208) 885-9255. See also the Records Center web site at Records Management Website.