MoReq2010 And The New RM Debate

Recently a new version of the MoReq specification (MoReq2010) has been published [1] by the DLM forum. 
MoReq2010 is different in many aspects from other standards in the records management area including previous versions of MoReq itself. This has led to an interesting debate about a new era in records management [2], [3] [4] [5].
Let's  take a look at the specification: What it is about and how it is different to other records management standards?

Records Management is about managing the lifecycle of corporate records from the creation at the beginning, the flow through business processes, the preservation and archiving phase and finally the disposal. Records Management standards for document management systems have the purpose to guarantee a certain behavior of the system that allows enforcing rules how to manage your content. Those rules can have their origin in legal requirements, company or department policies. There are many aspects of such a system behavior, just to name a few:

• prevent deletion before an assigned retention period has passed
• guarantee access only to authorized users
• keep track of changes and an audit trail for each record
• reporting and query capabilities
• classification of records making them manageable on large scale
• following workflows and processes for disposition of records

RM standards are often similar on a high level but they differ when it comes to details or they focus on a certain application area like US DoD 5015.2 for the military government.
Previous attempts to standardize and certify repository behavior are often specified in text form. An example from the DoD spec 5015.2 version 3:
"RMAs shall provide the capability to define different groups of users with different access privileges.  RMAs shall control access to file plan components, record folders, and records based on group membership as well as user account information."
Test cases then are concrete scenarios and look like this: Jan Rangel and Dan Martinez have access to all record categories and record folders.  Users assigned the Local Records Administrator Role have permission to create folders in those categories to which they have filing access.

Over time you can imagine that demands and requirements have increased. The rule set gets more and more complex. The test cases focus on one specific use case which often is very different from those of customers in their daily business. More complexity leads to more complex implementations to more specializations, to longer specs taking more time to get finalized.  And of course more complexity always means more risk for inconsistencies or implementation issues. Sometimes this has weird implications like features only implemented to pass certification or configuration switches always turned off except for certification.
Customers still often insist on certification according to specific standards. Not because it reflects their business needs but they want to get an approval from a neutral instance that the system follows records management rules. Not perfect for them but provides peace of mind and assurances for compliances.

Most often howeverorganizations exist in a world different than what the standards anticipate. RM standards traditionally define a system living in a closed world. There is one system managing all records and a records manager overseeing everything and having all under his/her control. Reality is much more dynamic. Organizations change and with that their structure and responsibilities. There are mergers and acquisitions bringing new RM  and non-RMrepositories to manage. Any larger organization will have more than one document management system in place. There may be some specialized for the needs of a specific department. Others may be replaced or updated with newer incompatible versions. Vendors may change due to shifted priorities in their product lines. Some systems may be discontinued and disappear from the market. Very large organization must decentralize somehow to keep their systems manageable. All this heavily influences the organization of your records, but RM standards do not address these areas. Sometimes not even a full-blown RM system is required; put perhaps there is just a need to get a little bit of structure in your 100TB file shares without moving them entirely.

MoReq2010 is the first attempt to go away from such a centralistic and monolithic behavior. MoReq2010 tries to reduce the functionality to the required minimum. Instead of global behavior it defines a set of services, functions and data types plus their behavior. Some of them are mandatory others are optional. Later more specific modules with additional services or data types may be added (for example a module specialized for healthcare requirements). MoReq2010 does not insist to have everything in a single system. Classifications can be handled in a different system than where the content is stored. MoReq2010 defines how to export and optionally import data to get them from one system into another and to guarantee completeness and consistency. It does not assume necessarily that you have a single file plan for the entire company but it addresses how to share one between multiple systems. Services can be tested in an automated way. There will be no debate how to model a certification test case in your system and whether the UI is appropriate for that task. Instead you can run a piece of code performing method calls and checking conditions and finally indicating success or failure. You can distribute responsibilities between system calling methods and agreeing on data structures and formats.

So as a second example here is another excerpt from MoReq2010. In addition to a behavioral description MoReq2010 defines a service dealing with user management and a function to create a user. Compare this with the example from above:

3. User and Group Service
F14.5.179 User – Create
System Identifier:  2cde7448-6c71-4cff-988a-973e0701a824
Title:  User – Create
Description:  Create a user
Entity Type: User (E14.2.16)
Entity metadata modified:
•  System Identifier (M14.4.100)
•  Created Timestamp (M14.4.9)
…
Purpose: Access control , Event generation 
The idea is: Keep it simple where possible. Focus on key areas and do not try to address every aspect in one system. Make data shareable and exchangeable but ensure consistency and well defined behavior.

Now the big question is:  Is MoReq2010 the revolution in RM? Is this a new era or just another nice try of a theoretical attempt? And how does it work? Let's have a closer look at the spec. Well I guess this is another article…
Will they be successful? This is difficult to answer and the specification is just yet released. Customers will decide if they have addressed the important areas. Vendors will decide if their ideas are implementable with a reasonable effort. All this will take time and like with every other standard it is the chicken-and-egg problem at the beginning… There are many factors making a standard successful or not and not only technical ones. But the debate that has started is promising.

We would love to hear some comments from you: What are your expectations from the next generation records management system? How could a standard help you? What are your main pain points today?

And you don't want to read through the 520 pages of the spec?  Then wait for the next part:

Part II: MoReq2010: A Look Into The Specification

Part III: CMIS and Moreq2010: Good Match Or Just Overlap? http://blogs.opentext.com/vca/blog/1.11.623/article/1.26.954/2011/7/26

[1] http://moreq2010.eu/
[2] http://thinkingrecords.co.uk/2011/05/06/how-moreq-2010-differs-from-previous-electronic-records-management-erm-system-specifications/
[3] http://www.realstorygroup.com/Blog/2162-Moreq2010-a-DOD5015-slayer
[4] MoReq2010 : Met with Enthusiasm and some Criticism
http://blogs.opentext.com/vca/blog/1.11.623/article/1.26.855/2011/6/7
[5] http://ecmtalk.libsyn.com/ecm-talk-007-the-launch-of-mo-req-2010