What is the Trusted Systems Initiative?
The Trusted Systems Initiative stems from an amendment that was released in 2007 for California Government Code 12168.7. In effect, the California Secretary of State extended the regulations to ensure governmental organizations in the State of California had the ability to create, maintain and manage official records for as long as required.
The regulations leaned heavily on the recommended practices published by the Association Information and Image Management (AIIM) and American National Standards Institute (ANSI), The regulations and practices site a range of different codes and standards, but in effect, a trusted system can be summarized as providing the following mandatory capabilities:
- The storage and preservation of electronic formats only;
- There must be a copy of the record captured in a geographically separate location;
- Of the two records, at least one must be written to a media format that disables the ability to modify the record. This is commonly referred to as WORM storage, or ‘Write Once, Read Many’;
- The system must have the capability to store records as a PDF/A format, which ensures the record will be preserved in a long-term machine-readable format; and
- Must meet the compression standards for images outlined in AIIM ARP1-2009
Finally, each organization is responsible for producing a records policy – commonly referred to as a ‘Recordkeeping Plan’ that outlines how the requirements for a trusted system will be met and references the retention schedule and standards that will be implemented.
This plan will also govern the audit process for the system, to ensure its ongoing maintenance, integrity and proper use meets the requirements of the regulations.
Trusted Systems… in the Cloud
When this initiative was first launched in 2009, cloud technologies were in their infancy and only the traditional, on-premises ECM platforms could meet the core requirements. State and Local authorities were left with little choice, which resulted in the implementation of platforms that focused on satisfying the compliance and regulatory standards, often at the cost of usability and overall productivity.
With Office 365 and RecordPoint, organizations can take full advantage of the Microsoft modern workplace suite of tools and functions that extend across Microsoft Office, SharePoint Online, OneDrive for Business and Groups and Teams, while delivering automated records compliance features that establish the platform as a trusted system.
Together, both Office 365 and Records365 are delivering a cloud-based trusted system which meets all of the core requirements:
|Trusted System Requirement||Platform Compliance|
|Storage of electronic records||X||X||Both Office365 and Records365 allow for the storage of electronic objects. In addition, Records365 can also manage physical records.|
|Duplicate Copies||X||Records365 can store a unique copy of the binary in its tenant, ensuring a back-up, persevered and managed copy is always available.|
|WORM Compliance||X||Records365 can write to any storage medium, including WORM, Azure Cold Storage, and Amazon Glacier.|
|PDF/A Support||X||Records365 provides a PDF/A conversion tool|
|Compression Support||X||X||Both platforms provide automated file compression, management, and scalability features. For Image compression, standards such as JPEG are supported under the ARP1-2009 Report.|
The importance of Trusted Systems
A core driver for the introduction of this initiative was to provide state and local agencies with the guidelines by which to implement electronic records management solutions and reduce the footprint of their physical records collections.
With a trusted system, organizations could establish an official electronic record and eliminate the need for paper records and the cost overheads associated with physical storage, transfers, staff resources and the lack of efficiency a physical record creates.
With Office 365 and Records365, the ability for organizations to reduce costs has increased again, by eliminating the need for physical infrastructure and the overheads to maintain the hardware, back-ups and disaster recovery processes and manually update and patch the software on a periodic basis.
As an evergreen, SaaS solution, users always have the latest features and can access their information from any device and location, while having the assurance that it is managed, controlled and preserved in accordance with compliance standards and obligations.