Built To Preserve. A Romanian Approach to Archiving By Design

About

The fundamentals

The methodology

A three-phase approach for addressing and implementing Archiving by Design in public administration:

Rules of the game

The first phase will examine the trigger and conditions for performing an assessment. Since the AbD methodology it is not a legal requirement, but rather a voluntary tool to be used, the resources spent should return some specific benefits. This phase should clarify the scope, the resources involved and the desired outcome.

Assessing a business in order to identify its evidence requirements to be included in a business system is a process that requires clear goals, a clear set of activities, and a timeline supported by the necessary resources.

Why: the expectations

The initiation of an assessment process may come either from the beneficiary organisation or from the provider of the assessment. Nevertheless, the first meeting should clarify both parties’ exact expectations for the assessment process.
This ensures transparency, realistic goals, and efficient use of time and resources.

Key points to agree on:

  • Next steps: If results reveal major gaps, plan for corrective actions or additional investment.
  • Purpose and scope: Clarify what the assessment covers, its benefits, and its limits.
  • Outcome: Understand that results are tailored to the organisation’s business processes, not generic templates.
  • Benefits: Emphasise the value of sustainable access to reliable information.
  • Resources: Confirm the availability of staff, time, and documentation for workshops.
  • Confidentiality: Establish an NDA to protect sensitive information.

When: Pertinency of the Assessment

An Archiving by Design (AbD) assessment is carried out during moments of change — not as an ongoing process.
It’s most relevant when an organisation is upgrading, purchasing, or redesigning an information system, or preparing requirements for a new IT tender.

The results can support funding proposals, system procurement, or updates to quality and records management frameworks.

However, if no major changes are planned or requirements are already defined, a new assessment is unnecessary.
In some cases, the effort may outweigh the benefits — especially if recordkeeping isn’t a current priority.

An AbD assessment is meaningful when the organisation seeks better governance, transparency, and control over its information assets.

What: Scope of the Assessment

The scope of an Archiving by Design (AbD) assessment depends on what is changing and how the results will be used.

An assessment is relevant:

  • When upgrading or redesigning an existing system — to identify recordkeeping vulnerabilities.
  • Before developing or implementing a new system — to define records management requirements early.

Each assessment should clearly define:

  • The business process being automated or improved.
  • The systems and departments involved.
  • The users and how they will interact with the system.
  • The infrastructure, funding, and skills required for success.

The outcome should be a clear, agreed description of the project’s scope — outlining the supported process, system, records involved, and user roles.

How: Planning

Once the agreement and scope are set, the next step is to plan the assessment activities.

Key recommendations:

  • Start with an overall plan to identify which systems and archives are worth assessing.
  • Work in small, realistic steps — focus on achievable improvements rather than trying to fix everything at once.
  • Set clear, realistic goals and manage expectations about time and resources.
  • Allow flexibility in the timeline for feedback and adjustments.
  • Keep staff, management, and stakeholders informed and engaged throughout the process.

💡 Better to make steady progress than to aim for perfection and stall.

Who: The Participants

An Archiving by Design (AbD) assessment involves several roles depending on the project’s scale — from one person in small projects to larger multidisciplinary teams in complex ones.

Essential knowledge areas:

  • Understanding of the AbD approach and process analysis
  • Strong grasp of records management and digital systems
  • Communication and facilitation skills
  • Ability to identify and present relevant requirements

Key roles:

  • Management: Sets direction, allocates resources, and approves outcomes.
  • Project Manager: Coordinates tasks and timeline.
  • Records/Information Expert: Defines requirements and ensures compliance.
  • System Designer / Developer: Configures systems for sustainable recordkeeping.
  • Business Representatives: Describe workflows and user needs.
  • Legal & Audit Advisors: Ensure legal and regulatory compliance.
  • Facilitator: Guides workshops and communication.

Users are central — their input defines which information is relevant, how long it should be kept, and how it should be accessed. Both primary and secondary users (e.g., FOIA officers, data protection officers) should be considered.

Success factors:

  • Document user profiles to guide system and process design.
  • Secure management sponsorship early.
  • Collaborate with specialised departments to understand their needs.

This phase focuses on identifying a business process’s need for evidence and translating it into records requirements.
The process is viewed within its organisational context and in relation to other workflows.
If a system already exists, its capacity to capture and manage records is also assessed.

Main objectives:

  • Evaluate the organisation’s readiness for electronic records management
  • Identify evidence needs within the business process
  • Assess existing systems and their recordkeeping capabilities

The assessment gathers and organises information from multiple sources to form a clear picture of needs and improvements.
Its scope depends on prior work and the goals defined in Phase One.

2.1. Information Gathering

Understanding a business process and its recordkeeping needs requires a structured approach — combining documentation, interviews, and workshops to form a complete picture.

2.1.1 Documentation

Collect and review existing materials to understand the process, system, and evidence needs.

Key sources:

  • Legal: Relevant laws, regulations, policies (e.g. GDPR, data protection).
  • Business: Process maps, classification schemes, retention rules.
  • Technical: System design, metadata, file formats, and architecture.
  • User-related: Manuals, demos, or notes showing how information is accessed and used.

Documentation is ongoing — gaps can be filled later through interviews and workshops.

2.1.2 Interviews

Interviews clarify missing or unclear details.
Speak with system owners, process experts, and users who know the workflow best.

Tips for success:

  • Choose participants with detailed knowledge, not just management.
  • Focus on understanding needs, not finding faults.
  • Pair recordkeeping expertise with good communication and listening skills.

The goal is collaboration — turning insights into practical improvements.

2.1.3 Workshops

Workshops unite users, designers, and recordkeeping professionals to identify priorities and discuss improvements.

Purpose:

  • Map real information flows and pain points
  • Prioritise user needs and expectations
  • Reflect on long-term access and preservation goals

Workshops can be one focused session or a series, depending on project scale and time.

Output

The outcome is a clear list of user needs and requirements — captured as user stories or recommendations.
These insights feed directly into designing or improving systems using the Archiving by Design (AbD) approach.

2.2 Assessing Organisational Readiness to Implement Electronic Records Systems

Before adopting or upgrading an electronic records system, organisations must assess how ready they are for change.
Culture, technology, staff skills, and process maturity all affect success — and determine whether new systems become strategic assets or wasted investments.

2.2.1 Records Management Maturity

A maturity assessment shows how well the organisation manages records today and where improvements are needed.
Use frameworks like the ICA Digital Readiness Tool or ISO 30301 to:

  • Identify gaps in governance and documentation
  • Evaluate process consistency and compliance
  • Highlight opportunities for automation and efficiency

The goal is to build a solid foundation before implementing new technology.

2.2.2 Records Management Instruments

Strong recordkeeping depends on key tools such as:

  • Retention and disposition schedules
  • Access rules and metadata schemas
  • File format and security policies

If these instruments don’t exist, they must be created — ideally at the organisation level, but they can also be developed per business process if needed.

2.2.3 Technological Environment

Assess how records are currently created and stored:

  • Analogue or hybrid systems may lack consistency
  • Fully digital or cloud-based systems raise issues of authenticity, ownership, and data sovereignty

Evaluate:

  • Existing technologies and documentation
  • Use of outsourced or legacy systems
  • Technical standards, formats, and migration options

Understanding the tech environment ensures long-term preservation and accessibility.

2.2.4 Risk Assessment

Every factor introduces potential risks — from weak cybersecurity to missing retention rules.
Assess both likelihood and impact, then define mitigation actions.
If no formal risk analysis exists, note the findings in the final report and suggest concrete measures.

Outcome

The readiness assessment provides a clear picture of:

  • Organisational maturity
  • Gaps and risks
  • Realistic next steps

It helps decide whether to move forward, pause, or strengthen the foundation before implementing new systems.

2.3 Determining the needs for evidence

Before designing, upgrading, or procuring a system, it’s essential to understand what information serves as evidence of business activities.
Not all data in an information system qualify as records — only the information needed to prove, explain, or support business decisions should be captured and preserved.

This phase identifies those needs and translates them into recordkeeping requirements.

2.3.1 The Business Process Analysis

Business processes generate evidence through their activities, decisions, and transactions.
Analysing them helps define what must be documented and why.

Key outcomes:

  • Identify which steps create records.
  • Understand legal and operational context.
  • Link records to specific functions and responsibilities.
  • Reveal gaps, risks, and improvement opportunities.

Business analysis ensures records are tied to real organisational needs — not abstract IT requirements.

2.3.2 The Records Requirements

Records requirements define what evidence must exist and how it should be maintained.
They may arise from:

  • Legal obligations – laws, regulations, or standards.
  • Business needs – internal rules, accountability, transparency.
  • Risk factors – protection from loss, legal action, or reputation damage.
  • Societal expectations – transparency, research, or cultural preservation.

Each requirement should state what to capture, why it matters, and how long to keep it.

2.3.3 Linking Requirements to Business Functions and Processes

Records requirements must be directly connected to the functions and workflows they support.
They should reflect:

  • Activities performed by both internal and external actors.
  • Dependencies between processes and systems.
  • Contractual obligations for third parties handling records.

This ensures accountability and preserves the full business context of the record.

2.3.4 Identify Information that Records the Evidence

Once the requirements are known, determine where and how the evidence is captured:

  • Locate the data elements that form the record.
  • Define required metadata for authenticity, integrity, and retrieval.
  • Note any technical dependencies — linked systems, file formats, or shared databases.

Not all evidence resides in one place. Context, workflow data, and system information may also form part of the record.

Outcome

The result is a structured list of:

  • Legal, business, and societal requirements for keeping records.
  • Identified records and metadata specifications.
  • Risks of non-compliance and measures to mitigate them.

This becomes a core deliverable of the Archiving by Design (AbD) assessment — guiding how systems should capture, manage, and preserve evidence effectively.

2.4 Analysing of existing systems

Many organisations already use automated business systems that handle information and records. Assessing these systems helps determine how well they support recordkeeping and whether upgrades or external archiving solutions are needed.

Purpose

The assessment aims to:

  • Evaluate compliance with records management requirements.
  • Identify gaps, risks, and opportunities for improvement.
  • Decide if data should be preserved or migrated.

Recommended Steps

  1. Map all relevant systems and their key information.
  2. Identify risks — e.g. systems being phased out or lacking documentation.
  3. Consult system owners or managers for content insights.
  4. Gather available technical and process documentation.
  5. Review if specialised departments have additional preservation needs.
  6. Prioritise critical systems for detailed assessment.

Focus Areas

Determine whether each system:

  • Contains or manages records.
  • Protects record authenticity and integrity.
  • Meets the organisation’s records requirements.

Outcome

Deliverables include:

  • An inventory of business systems and dependencies.
  • A report on how well systems fulfil recordkeeping requirements.

Findings may show that a system:

  • Does not manage records.
  • Manages records but needs improvement or external preservation.
  • Fully supports reliable, compliant recordkeeping.

The final phase delivers a recommendations report that summarises findings, identifies weaknesses, and proposes measures to improve recordkeeping and system design. The report supports future procurement, development, or budgeting decisions.

Report Content

The report typically includes:

  1. Organisational readiness – maturity level, technology environment, and risks, with advice on improvements.
  2. Evidence needs – description of processes, record requirements, and simplification opportunities.
  3. System recommendations – technical and procedural measures to ensure authenticity, reliability, and long-term access.
  4. Existing system analysis – comparison of current capabilities against required functionalities.

Recommendations

  • Use clear, actionable language and prioritise (“must have” vs. “nice to have”).
  • Align each measure with legal, strategic, or operational goals.
  • Provide realistic options based on available resources.
  • Separate short-term fixes from long-term strategic improvements.

Review and Implementation

Drafts should be reviewed by system owners and practitioners to ensure alignment.
Final approval lies with management, though follow-up audits or adjustments may be needed as conditions change.

The goal: provide practical, prioritised actions that strengthen digital recordkeeping and ensure sustainable information access.