Why You Need to Care About DoD 5015.2
It’s said that the wonderful thing about standards is that there’s so many of them. But when it comes to records management, one in particular stands out: Department of Defense 5015.2 (DoD 5015.2).
Formally known as Design Criteria Standard for Electronic Records Management Software Applications (you can see why most people call it 5015.2), the standard is recognized not only in government, but also in the private sector, writes David Roe in CMSwire. “By being certified, records management solutions can assist corporations to achieve compliance and reduce risk by enabling them to control how and for how long enterprise content is retained. It also ensures destruction of that content when this time has elapsed.”
DoD 5015.2 Background
DoD 5015.2 came about in the early 1990s following Congress’s investigation into the Gulf War Syndrome, a debilitating illness affecting many soldiers who fought in the war, according to the Joint Interoperability Test Command (JITC) Records Management Application (RMA) website. This mean DoD officials had to produce millions of records from Operation Desert Storm. “Congress concluded that the Defense Department did not do a good job of managing the records and as a result, many of the needed records had been destroyed or lost,” JITC notes.
Congress ordered the Defense Department to improve its records management capabilities, so the DoD created a task force in 1993, including representatives from several military branches and the National Archives and Records Administration (NARA). The task force published its report, specifying functional requirements and data elements for an electronic RMA, in 1995, and later developed into a testable and measurable design criteria standard by the Defense Information Systems Agency (DISA).
In 1998, NARA endorsed DoD 5015.2, which meant that federal agencies other than the DoD could adopt it as a baseline standard for records management. NARA noted, though, that this was not an exclusive endorsement—meaning it could endorse other protocols as well—and that more was required than just the standard itself. “DoD 5015.2-STD defines only a baseline set of requirements for automated records keeping,” cautioned John W. Carlin, then Archivist of the United States. “There are a number of additional questions that must be resolved in order to satisfy all the established requirements for managing federal records. Each agency must address some of these questions to fit their own environment.”
What is the purpose of DoD 5015.2?
The purpose of having DoD 5015.2 is so users have some assurance that products support records management in a standardized way as they work toward compliance with the 2012 NARA/OMB Managing Government Records Directive, OMB 12-18. That mandates that all permanent records be managed in digital format by 2019, as well as calling for management of email in electronic format by 2016.
Electronic records management software enforces organization-wide records policies and reduces the cost of regulatory compliance. Records management systems let organizations centrally, securely and electronically manage their records. This kind of software lets records managers track and store records in a variety of formats, including:
· Imaged documents
· Electronic documents generated by programs (e.g., Microsoft Office)
· Scanned and digital photographs
· Audio and video files
· Output from legacy systems
· Physical records stored offsite
Other incentives for improving electronic records management include a 2010 requirement that U.S. agencies move to the cloud when possible, other initiatives to streamline business processes and prepare for audits, and concerns about security. Having all federal agencies supporting DoD 5015.2 makes it easier to perform such overarching tasks as populating metadata in records.
“DoD 5015.02-STD marked the beginning of the transition from paper-based systems to electronic-based systems to manage records,” writes JITC. “DoD 5015.02-STD made it possible to transfer records management responsibility from the file room to the front office, from the hands of a few, to the hands of virtually all employees.”
Now on Version 3, DoD 5015.2 includes features such as establishing requirements for managing classified records, as well as requirements to support the Freedom of Information Act, Privacy Act, and interoperability. In particular, Version 3 was endorsed by NARA as meeting the agency’s criteria for transferring permanent electronic records to it.
Vendors certify their products against DoD 5015.2 through JITC’s software testing program for the standard. After they pass, their products are put onto a list. DoD organizations can purchase only the records management products that are on this list.
Other opportunities for record management
All that said, DoD 5015.2 isn’t a panacea. It has been criticized by some as being overly complex and unwieldy (well, it is a government standard) and outdated.
“Why is it assumed that what may be required and workable for Defense will also be viable for the civilian federal government?” writes Ron Layel, a records management contractor for NASA, noting there are several examples where the 170+ functional requirements in 5015.2 are either irrelevant or over-engineered, particularly for civilian agencies.
But as we also know, the wheels of government standard development tend to grind pretty slowly, so chances are we’ll have DoD 5015.2 Version 3 with us for some time to come. And knowing a DoD-certified system has been tested against the DoD’s rigorous standards provides reassurance to records managers at thousands of organizations across a wide variety of industries.
Unless you work for the State Government of Victoria, Australia, or the United States Department of Defense or one of its components, you are not required to select a records management system that meets the specifications of either standard. However, the downside of not complying with recordkeeping requirements on organizational reputation and value highlights the importance of investing in a records management system that helps ensure an organization’s information assets are safe and well-managed.