Dr Wendy Duff
Faculty of Information Studies
University of Toronto, Canada
Associate Professor Sue McKemmish
School of Information Management and Systems
Monash University, Australia
This paper discusses how metadata standards can help organizations comply with the ISO 9000 standards for quality systems. It provides a brief overview of metadata, ISO 9000 and related records management standards. It then analyses in some depth the ISO 9000 requirements for quality records, and outlines the problems that some organizations have in complying with them. It also describes the metadata specifications developed by the University of Pittsburgh Electronic Recordkeeping project and the SPIRT Recordkeeping Metadata project in Australia and discusses the role of metadata in meeting ISO 9000 requirements for the creation and preservation of reliable, authentic and accessible records.
New technologies, dynamic organizations, globalization, and a host of other forces are challenging records managers to adjust their traditional practices and procedures. Computers coupled to telecommunications networks affect how organizations do business, where they do business, when they do business, and how they capture and maintain evidence of their business actions. Organizations that wish to compete in the modern marketplace often need to conduct business worldwide. Therefore they must be prepared to comply with complex rules, regulations and standards promulgated by international bodies. Advances in technology and globalization have changed organizations, work processes and records and have concomitantly altered the role of records managers.
These challenges, however, also bring new possibilities. For example, international standards such as the ISO 9000 suite of quality standards highlight the essential role that records play in the operation of a quality company, in particular by providing essential evidence of the operation of quality systems. These standards "provide the first concrete evidence in decades that conventional records management is alive, is necessary, and is an integral part of 20th century business operations."1 At the time of writing, the ISO 46/SC11 Committee is in the process of developing a records management standard in response to worldwide agreement to internationalize Australian Standard AS 4390 Records Management2 as a basis for international best practice. Amongst other things, the new records management standard is intended to play a special role in relation to ISO 9000 by providing a benchmark for the management of quality records.
Meeting the ISO 9000 requirements is promoting the role of records managers while simultaneously testing traditional record's methods and techniques. Information technology exacerbates problems of preserving records, but it also facilitates the development of techniques and tools and consequently new responsibilities for records managers. For example, to ensure systems capture adequate metadata persistently linked with records, records managers will have to identify, prior to records creation, the specific types of metadata that reliable and authentic records require.
During the last few years a number of research projects have studied the types of metadata needed to create, manage and make accessible quality records, i.e. reliable, authentic and useable records. This paper will briefly discuss the purposes of recordkeeping metadata, with reference to emerging records management standards, and the models presented by two projects, one in the United States and one in Australia. It will also briefly review the ISO 9000 requirements for records and illustrate how metadata can help an organization meet these requirements.
Metadata has been defined as simply "data about data" or "data concerning data characteristics and relationships" 3. This definition which seems so elementary at first glance disguises a very complex, but fundamentally important concept. Some individuals apply the definition narrowly while others include many different types of data under its rubric. Systems designers have limited their use of the term to refer to the data held in data dictionaries and data directories. 4 On the other hand, the Dublin Core Metadata initiative, which has developed a metadata standard for internet resources, defines metadata far more broadly as "a description of an information resource". According to the Dublin Core Guide, the term "meta" derives from a Greek word which means "denoting a nature of a higher order or more fundamental kind," such as metalanguage, or meta-theory. They posit that "metadata can serve a variety of purposes, from identifying a resource that meets a particular information need, to evaluating its suitability for use, to tracking the characteristics of resources for maintenance or usage over time." 5 This definition embodies any information needed to locate the resource, maintain it over time, or to evaluate it.
Recordkeeping metadata has also been defined. The Australian Metadata Recordkeeping Project defines recordkeeping metadata very broadly to include:
all standardised information that identifies, authenticates, describes, manages and makes accessible through space and time documents created in the context of social and business activity.
This concept of recordkeeping metadata is derived from Australian records continuum thinking6. Records continuum approaches are based on establishing an integrated regime of records and archives management processes for the whole of the records existence. This includes iterative processes that capture and inextricably link authoritative metadata to documents created in the context of social and business activity from the time of their creation and throughout their life spans. The primary aim of these processes is to provide the intellectual and physical controls that enable reliable, authentic, meaningful and accessible records to be carried forward through time within and beyond organisational boundaries for as long as they are needed for the multiple purposes they serve.
The project also identified eight different goals or purposes that metadata serve, namely
Records managers have always captured metadata about their organization's records in their records systems and related tools. For example, a records retention schedule contains information about each record series, such as classification number, title, and retention period.
The purposes of recordkeeping metadata listed above were derived from analysis of a range of recordkeeping standards and specifications of best practice, including the Australian Records Management Standard, AS 4390. This standard functions as a voluntary code of best practice applicable to all records (including electronic records) and all sectors. It incorporates a comprehensive methodology for designing and implementing recordkeeping systems and strategies for ensuring the creation and capture of records. It also specifies the attributes that records need to function effectively as evidence, drawing extensively in this regard on the Functional Requirements for Evidence developed by the University of Pittsburgh's electronic records project described in more detail below. 8 The recordkeeping processes of appraisal and disposition, and records control (registration, classification, indexing and tracking), as well as storage and preservation requirements, are also specified. The proposed international records management standard builds on and extends many of the features of AS 4390, including a statement of recordkeeping principles, provisions for the assignment of recordkeeping responsibilities, recordkeeping strategies, the design of recordkeeping systems, and an overview of the processes involved in creating and managing reliable, authentic and useable records. The role envisaged for the new international standard in relation to the ISO 9000 series of quality standards is already being played by AS 4390 in Australia. According to David Roberts, AS 4390 plays
… a special role for organisations certified, or seeking certification, under the AS/NZS ISO 9000 series of standards for quality systems. Under these standards, quality records must be kept to show conformance to specified requirements and the effective operation of a quality system. Quality records represent a crucial source of evidence for the certification process and the quality systems. Standards impose stringent recordkeeping requirements for this purpose. The Australian Standard serves as the benchmark for the management of quality records. 9
Metadata standards are an important tool in establishing the kind of recordkeeping regimes specified in these kinds of standards.
Traditionally, North American records managers have captured and managed metadata about records during the active or semi-active stage of the life cycle, i.e., after the creation of the record. The Australian continuum approach, which is closely related to registry system approaches in Europe, suggests that records managers should be concerned with managing metadata about records at- or even before – their creation, as well as the iterative processes that add metadata throughout the record's life. This approach requires the identification and presentation of the metadata that supports recordkeeping through time and space in a formal, standardised way. Recently two research projects have focused on doing just that.
The University of Pittsburgh Electronic Records Project proposed a model for a metadata encapsulated object that would ensure business acceptable communication (BAC). The project developed their model by examining the laws, regulations, standards (including ISO 9000) and literature related to recordkeeping. They derived a comprehensive set of functional recordkeeping requirements based upon this literature or warrant as they called it. They expressed each requirement as a set of production rules from which they delineated the metadata elements needed to create, maintain and use reliable and authentic records.
The Project envisioned a record object encapsulated by layers of information that serve different recordkeeping functions
The metadata "guarantees that the record will be usable over time, only accessible under the terms and conditions established by the creator, and has the properties required to be fully trustworthy for purposes of executing business." 11 Furthermore, the metadata enables records to be legible, retrievable and preserved across time. 12They also provide record retention and disposition information.
Recently Australian researchers working on the SPIRT project have focused their attention on recordkeeping metadata. The project developed a Recordkeeping Metadata Schema (RKMS) by "analyzing business, organisational and social contexts of recordkeeping, national and international standards which specify recordkeeping requirements, and existing generic resource discovery and recordkeeping sector specific metadata schemes." 13 The standards and specifications analyzed included the Australian Records Management Standard, AS 4390, the University of Pittsburgh's functional requirements for recordkeeping and the related BAC model, and the electronic records templates developed by a University of British Columbia project which also provided the basis for the US Department of Defense DOD 5015.2-STD Standard for Electronic Records Management Software Applications14.
A conceptual model that places records in their business contexts was developed to provide a framework for the definition and standardization of a set of recordkeeping metadata (see Figure 1(1)
The conceptual framework depicted in this figure can be described thus:
People do business with each other. In the course of doing business, they create and manage records. Optimally their recordkeeping actions form an integral part of the business activity. The records created in the course of doing business capture the business done in documentary form. Business is here defined in the very broadest sense to encompass social and organisational activity of all kinds … People do business in social and organisational contexts that are governed by external mandates (e.g. social mores, laws, regulations, standards and best practice codes) and internal mandates (e.g. policies, administrative instructions, delegations, authorities). Mandates establish who is responsible for what, and govern social and organisational activity, including the creation of full and accurate records. Authentic records of social and organisational activity provide evidence of that activity and function as corporate and collective memory. They also provide authoritative sources of value added information. And they account for the execution of the mandate – internally and externally, currently and over time. 15
With reference to this high level conceptual model, the RKMS is presented diagrammatically (see Figure 2) as essentially concerned with three classes of entities – Business entities, People/Agent entities and Records entities, "as well as with the complex relationships between them," and the external and internal mandates which are associated with Business, People/Agent and Records entities and govern the relationships between them. Furthermore, Business-Recordkeeping entities form a sub-class of the Business entity class.
The RKMS envisions description and management of records, agents and business at different layers of aggregation. A taxonomy of layers has been defined as represented in Figure 2.
A highly structured set of metadata elements and qualifiers has been defined. It is broken down into 4 subsets, one for each of the entities and a recordkeeping business subclass. Each of the subsets delineate the elements needed to identify and describe the entity to which it relates. All of the subsets include the following elements: Category type, Identifier, Title, Date, Mandate, Place, Functional classification, Relation, Abstract, Language. In addition the Business and Recordkeeping Business subsets include a Business rules element and qualifiers; and the Records subset, Subject, Documentary form, Appraisal, Control, Preservation, Retrieval, Access, Use, and Event history elements. The elements and qualifiers defined in the Recordkeeping Metadata Schema identify and describe significant features of the business contexts in which records are created, managed and used. They identify and describe the people or agents involved, and the records themselves. They also link business contexts to the people or agents doing the business and the records that document it, and they reference the mandates that authorise and control business activity. The elements and qualifiers enable description and management of recordkeeping business functions, activities and transactions that are concerned with recording, managing and enabling the use of records. And they provide for the tracking and documenting of the recordkeeping business itself (through the Event History element).
Many of the elements are consistent with other metadata sets such as the Australian Government Locator Service (AGLS) 16 or the Pittsburgh Business Acceptable Communication (BAC). Furthermore the sets are extensible, e.g. BAC structural layer elements could be used to extend the Storage and Retrieval elements in the RKMS.
A significant component of the research activity undertaken during the project was an in-depth analysis and iterative conceptual mapping of existing 'best practice' generic and records and archives metadata sets and standards. The mapping processes which informed the development of the RKMS metadata set itself, point to one of the major uses of the Schema – as a framework in which other sets, targeted for application in specific sectors, can be developed and mapped. For example, the National Archives of Australia's Recordkeeping Metadata Standard for Commonwealth Agencies, released in June 1999, 17 was developed within this framework and can be mapped against the more comprehensive RKMS. Equivalences and correspondence can thus be made between it and other metadata sets, each one being read against the standardised metadata framework provided by the SPIRT Schema
The preservation of reliable, authentic and meaningful records depends in part upon the maintenance of essential metadata. Therefore metadata is a vital tool in helping an organization fulfill the recordkeeping specifications required by external bodies, including compliance with ISO 9000 requirements.
ISO 9000 is an international standard for organizing and documenting processes and procedures used to establish a quality system. The purpose of the guidelines, first published in 1987 and revised in 1994, is to improve the quality of products and services while increasing productivity and reducing costs. They provide a mechanism and structure for building and maintaining a system of excellence that internal staff and external clients and users can depend upon and trust. ISO 9000 serve as an effective blueprint for management since they specify the types of procedures and documentation that a company must develop, the records or evidence it must create, as well as the training and measurement that it must conduct on an ongoing basis. In the decade since its publication the standard has received world-wide acceptance with many governments and industries adopting it outright. More than 80 countries, including the United States, Canada, France, Japan, Germany, Australia and the U.K., have adopted the ISO-9000 series. 18
This standard has increased the importance and profile of many records management programs. Organizations have always kept records, but prior to ISO 9000 many managers considered them to be a necessary evil instead of an essential component of a quality system. Schuler, Dunlap and Schuler's partially tongue in cheek summary of ISO 9000 philosophy demonstrates the importance of records. They say,
This short credo identifies the three pillars of any quality system: training, measurement, and documentation.
A quality system requires three different types of documentation: records of business processes; documentation of the business rules that control the business processes; and systems documentation. Records emanate from business processes; they therefore serve as objective evidence of the activities and transactions that support the creation of products or the provision of services. Records provide impartial testimony of the characteristics of those products and services. A quality record "furnishes evidence of the quality of items and/or activities affecting quality." 20 Documents, on the other hand, tell employees what to do and chronicle how the organization plans to proceed. They contain the business rules that an organization establishes for conducting the business process. Documents include written "procedures, policies, instructions, or other written or graphically depicted methods or ways of conducting oneself or the operations in a given organization." 21 Rather than emanating from products and services, documents control the processes that produce the products and services. 22 Finally, organizations require systems documentation that describe how the systems work.
References to records and documents appear throughout the guidelines and in some cases the two terms are used interchangeably. Unfortunately ISO 9000 is not always consistent and sometimes uses the term document to mean record. For example, 4.6.3 states "purchasing documents shall contain data clearly describing the product order." 23 Purchasing documents, in this section, refer to business records that emanate from the process of purchasing.
ISO 9000 guidelines provide specifications that relate to the creation and maintenance of quality records. Although records and documents are mentioned throughout the guidelines, two sections provide very detailed requirements for creating and keeping records: Clause 4.16 discusses quality records; and, section 4.5. relates to document and data control.
Clause 4.16 states that " the supplier shall establish and maintain documented procedures for identification, collection, indexing, access, filing, storage, maintenance and disposition of quality records." It goes on to say that "all quality records shall be legible, and identifiable to the product involved. Quality records shall be stored in such a way that they are readily retrievable in facilities that provide a suitable environment to minimize deterioration or damage and to prevent loss." 24
Clause 4.16 requires the supplier to:
Section 4.5, Document and Data Control delineate the requirements for creating and maintaining documents, such as procedure manuals.
Clause 4.5.2 Document and Data Approval and Issue requires that "document and data shall be reviewed and approved by authorized personnel prior to issue. A master list or equivalent document control procedure identifying the current revision status of the documents...This control shall ensure that: a) the pertinent issues of appropriate documents are available at all locations where operations essential to the effective functioning of the quality system are performed; b) invalid and/or obsolete documents are promptly removed from all points of issue or use; c) all obsolete documents retained for legal and/or knowledge-preservation purposes are suitably identified...." 25 Clause 4.5.3 Document and Data Changes specifies that "document and data shall be reviewed and approved by the same function/organization that performed the original review." 26
Clause 4.5.2 requires that a master list of all documents that identifies the current revision status of all documents be established and readily available, that all documents are available when required, and that obsolete documents are removed or protected from inadvertent use. Clause 4.5.3 provides guidance on document changes to ensure that any modifications go through the same approval process as document creation. Changes can only be approved by authorized individuals. These individuals are usually the same people who provided the original approval.
Many organizations find the requirements related to managing quality records difficult to meet. Numerous surveys have found that the primary reason that companies fail to gain certification is due to records related problems. Hoyle points out that, "the requirements for the storage of quality records are more onerous than for the storage of products...products can be replaced, whereas records can not. Records are results of an event that has taken place. Unless one can repeat the event, lost records are lost for good." 27 Controlling and managing documents also present challenges. James Lamprecht suggests that of all the ISO 9000 specifications "the most difficult paragraphs to comply with (at least for many companies), deal with document approval, issue, changes, and modifications." 28
Electronic recordkeeping and metadata can help alleviate many of these problems. Brumm states that "with optical disk, the speed of access to records is vastly improved, with access times varying from one second to several minutes. Also, multiple users in different locations have access to the same record simultaneously." 29
However as previously noted, electronic recordkeeping provides both opportunities and challenges for records managers who work for ISO 9000 companies. Systems need to capture the appropriate metadata to meet ISO 9000 requirements and to gain the advantages envisioned by Brumm. An examination of the link between one of the metadata models introduced above, the BAC, and the recordkeeping requirements outlined in ISO 9000 illustrates the valuable role metadata plays in fulfilling these requirements.
The first layer of the BAC, the handle layer, consists of two types of information: the record identification metadata; and the information content discovery metadata. This layer provides information that ensures that the record meets two of the ISO 9000 requirements - that is that records are identifiable and accessible. The Transaction-Domain-Identifier characterizes the type of product or service that the record emanated from, and the organizational unit that created it. The Transaction-Instance-Identifier captures the date and time, and provides a number that uniquely identifies the record.
The Information Discovery Content metadata include descriptors or indexing terms needed to make the record retrievable. It also identifies the indexing standard that was used, and the language of the record. This element ensures that the record is indexed and accessible.
The terms and conditions layer includes 4 sections: Restrictions Status; Access Conditions; Use Conditions; and Disposition Requirements metadata. The Disposition Requirements metadata contain retention and disposition information and provide a citation to the retention policy. This section ensures that the system establishes and records the retention times for all records
ISO 9000 dictates that records must be legible. Legibility means that records are capable of being read or deciphered. For paper records, legibility requires that the print or handwriting is readable. Electronic records exist only as a series of electronic impulses or signals so an organization must have access to the appropriate hardware and software to translate the digital code into human-readable symbols.
The legibility of the record relies upon information about hardware, software or operating systems dependencies. Furthermore, the system needs to know about any encoding, e.g ASCII or UNICODE, any methods of encryption or compression if applicable, and any standards that the record complies with, e.g. SGML. Therefore, the system requires both the record and metadata about its hardware and software environment to meet the ISO 9000 requirement of legibility.
Morever, all records have a structure, that is, the form or format that organizes or structures the content of the record and makes it understandable. In a paper world this information is presented implicitly though the layout of the record or the physical format. For example, a letter normally contains the addressee at the top of the letter and the sender's name at the bottom. We understand who sent and received the letter because of its physical layout. This information may also be provided explicitly through the use of terms such as To: or From: in a memo. The structure of an electronic record display is often a view controlled by software functionality. 30 Electronic records may carry structural information in pointers that link physically or logically distinct chunks of information. The elements may be kept in separate files but metadata makes it possible to bring the files together and render them on a screen. The systems needs metadata that describe the record structure so it can render the record as required. The structural layer of the BAC identifies the types of information that might be needed to make an electronic record readable or legible over time. Moreover, this metadata would help guard against loss of information when the records are migrated between software environments.
The contextual layer provides information about the transaction that created the record including the product or service that the record documents. This layer helps fulfill the requirement that the records are identifiable to the product involved. It also identifies the specific policies and/or procedures controlling the product or service and therefore fulfills the requirements to document procedures.
The final two layers of metadata, content and use history, refer to the content of the record and specify an audit trail that captures information about the use of the record. The use history layer demonstrates that the records have been kept in a way that diminishes any risk of damage or unauthorized alteration. This layer could also help meet the requirements for document control.
Quality records provide many advantages for organizations and can help companies meet the ISO 9000 certification. However, systems must be designed to create the appropriate metadata to ensure they comply with recordkeeping requirements, particularly those identified by records management standards like AS 4390 and the proposed international standard, which provide benchmarks for recordkeeping best practice. The Pittsburgh metadata model and the SPIRT framework provide organizations with standardized sets of metadata that would ensure the creation, preservation and accessibility of reliable, authentic and meaningful records for as long as they are of use. In deciding what metadata to capture, organisations should consider the cost of meeting the requirements of the ISO 9000 guidelines and any related records management best practice standards, and the possible risk of not meeting these requirements.
1 The models in Figures 1 and 2 were rendered by Geoff Acland-Bell. 1.Eugenia K. Brumm, "The Marriage of Quality Standards and Records Management," Records Management Quarterly 30 (April 1996): 11.
2 Standards Australia, AS4390-1996, Australian Standard: Records Management. For details of availability see http://www.standards.org.au/
3 Peter Rob and Carlos Coronel, Database Systems: Design, Implementation and Management, 2nd ed. (Davners, Mass.: Boyd & Fraser, 1995), 692.
4 This type of data is quite basic. For example, data dictionaries generally contain information about the tables, databases, indexes and data elements. They usually includes names, validation rules, display formats, all access authorizations and relationships among the data elements
5 User Guide for Simple Dublin Core, available at http://www.purl.org/DC/documents/working_drafts/wd-guide-current.htm
6 For more information on records continuum thinking see See also, Frank Upward, 'Structuring the Records Continuum Part One: Post-custodial principles and properties' Archives and Manuscripts, Vol. 24, No. 2, Nov 1996, pp. 268-285, and 'Structuring the Records Continuum Part Two: Structuration Theory and Recordkeeping' Archives and Manuscripts, Vol. 25, No. 1, May 1997, pp. 10-35.
7. The SPIRT (Strategic Partnership with Industry – Research & Training) Support Grant was funded by the Australian Research Council and the Industry partners, the National Archives of Australia, the New South Wales State Records Authority, the Queensland State Archives, the Australian Council of Archives and the Records Management Association of Australia. The Project Chief Investigators were Sue McKemmish, Monash University, and Ann Pederson, University of New South Wales, with Industry Partner Chief Investigator Steve Stuckey of the National Archives of Australia. See the project web site at http://www.sims.monash.edu.au/rcrg/spirt/index.html for more details relating to the project.
8 'The Functional Requirements for Evidence in Recordkeeping' can be found at: http://www.sis.pitt.edu/~nhprc/prog1.html
9 David Roberts, "The New Australian Records Management Standard", paper presented to 1997 Annual Meeting of NAGARA, Sacramento CA, 19 July 1997. For a discussion of the significance of the Standard, see David O. Stephens and David Roberts, "From Australia: the World's First National Standard for Records Management", Records Management Quarterly, Vol 30, No 4, Oct 1996, 3-7, 62
11.David Bearman, "Towards a Reference Model for Business Acceptable Communications," available at
12 Some have questioned whether the BAC specification contains sufficient contextual metadata to guarantee that the record will be usable over time because the context layer really only deals with the immediate business context of the record.
13.Sue McKemmish and Glenda Acland, "Accessing Essential Evidence on the Web: Towards an Australian Recordkeeping Metadata Standard" http://ausweb.scu.edu.au/aw99/papers/mckemmish/paper.html
14 The University of British Columbia project and its outcomes are described at /; and the US Department of Defense Standard can be accessed via
15.Sue McKemmish and Glenda Acland, "Accessing Essential Evidence on the Web: Towards an Australian Recordkeeping Metadata Standard" http://ausweb.scu.edu.au/aw99/papers/mckemmish/paper.html
18. ISO 9000, http://www.inforamp.net/~qmi/iso-9000.htm
19. Charles Schuler, Jesse Dunlap, and Katharine Schuler, ISO 9000: Manufacturing, Software and Service (Albany, N.Y.: Delmar, 1996), 20
20ASME NQA 1-1994. Quality Assurance Requirements for Nuclear Facilities Applications quoted in Eugenia Brumm, "Beyond Compliance Managing Records for Increased Protection" in The ISO 9000 Handbook, ed. Robert W. Peach (Chicago: Irwin , 1997), 386
21 Eugenia Brumm, "Beyond Compliance Managing Records for Increased Protection" in The ISO 9000 Handbook, ed. Robert W. Peach (Chicago: Irwin , 1997), 386
22 Of course, insofar as managing these documents is itself a business process of the organization, there is a recordkeeping component to the activity which involves preserving master copies of these documents and evidence of their modification, up-dating, and authorization.
23ANSI/ISO/ASQC Q9001-1994. Quality Systems - Model for Quality Assurance in Design, Development, Production, Installation and Servicing. (ISO, 1994)
24. ANSI/ISO/ASQC Q9001-1994.
25.ANSI/ISO/ASQC Q9001-1994., 4.5.2
26.ANSI/ISO/ASQC Q9001-1994., 4.5.3
27.David Hoyle, ISO 9000 Quality Assessment Handbook (Oxford: Butterworth-Heinemann, 1996), 242.
28.James Lamprecht, Implementing ISO9000 (New York: Marcel Dekker, 1992), 49
29. Eugenia Brumm, Managing records for ISO 9000 Compliance (Milwaukee, Wis. : ASQC Quality Press, c1995), 221.
30. Charles M. Dollar, Archival Theory and Information Technologies: The Impact of Information on Archival Principles and Methods (Macerta:University of Macerta, 1992).
© 2000. All Rights Reserved. Licence: Limited to on-line viewing and the making of one (1) printout for off-line reading purposes only.