This involves understanding how any records in the line of business system are created and structured, including any metadata.
Context and control
- Does the system contain records?
- How are the records structured?
- Are the records unique or are they held elsewhere?
- Who creates the records and why?
- When were the records first created in the system?
- Are the records still being created and/or modified or are they ‘read-only’?
- Who can access the records and make changes? Who can delete records and how is this information recorded?
- Do any records contain personal or sensitive information?
Relationships
- What relationships are there between the records in the system? How are they structured?
- Do the records have relationships with records in other systems (e.g. Electronic and Document Records Management Systems) or unstructured records (e.g. stored on networked drives)?
- If the system is shared with another organisation, who is the owner of the records?
Metadata and system documentation
- What are the file formats of the records or data? What other technical metadata such as file names, file paths, sizes, and/or last modified date exists? There are open-source tools that may be able to help you with this.
- What descriptive metadata exists for the records in the system or other systems?
- Can retention periods be identified on the records?
- What audit/log information is recorded in the system?
- What documentation exists about processes or how records are created and managed?