Migrating information from one form of data structure and technology application to another can increase the risk that you will lose:
- content and context of information
- ability to access information
For more information about mitigating these risks please read our digital continuity guidance.
Plan and manage migration carefully to ensure:
- the receiving organisation understand how information is used
- the completeness, availability and usability of information is maintained throughout the migration process
- risks involved in migrating information are recognised and mitigated
- no digital information is destroyed until it is loaded successfully into the new operating environment and has been quality checked
Options for transferring digital information:
Transferring the whole system to the receiving organisation
If the whole system contains information relating to the business function being transferred then it may be appropriate to transfer the whole system to the receiving organisation.
In this case, the licence and ownership of the business system will need to be transferred and there will need to be discussions with the system developer as well as the IT teams in both the transferring and receiving organisations.
Leaving the information where it is
The transferring organisation may be able to continue holding the information as a service to the receiving organisation. Although no physical migration would occur, ownership of and responsibility for the information would transfer to the receiving organisation. The precise rights and responsibilities of each organisation would need to be established in an agreement or memorandum of understanding. Any agreement would need to consider intellectual property rights, Crown copyright and database rights, use and re-use of information as well as FOI and DPA legislation.
Transferring the information to The National Archives
Consider transferring information to The National Archives if the information is no longer in active business use and has been selected as being worthy of permanent preservation. Contact your Information Management Consultant to discuss the potential of transferring this information to The National Archives.
Disposing of the information
If the information is no longer required for ongoing business use by the receiving organisation and the information is not worthy of permanent preservation, disposing of it is a preferable alternative to transferring the information. This should be done in line with our disposal guidance and in consultation with your Information Management Consultant.
Before systems are migrated:
- know what version of what system is in use in both the receiving and transferring organisations
- know the information architecture used in both systems and in both organisations
- know the file formats used in the system (if migrating data from shared drives, use DROID to identify the file formats and duplicates)
- know the volumes of information to be transferred and received so that resources can be allocated accordingly taking into account government data handling and data security
- ensure that software and hardware licenses are transferred along with the records
- provide an administrative history or brief regarding the evolution of the function to accompany the transfer
While preparing to migrate systems:
- ensure a backup of the information and records to be transferred has been created before the migration process takes place
- transferring organisations should not transfer redundant or duplicated information to the receiving organisation. Any redundant or duplicated information should be destroyed, in line with guidance on keeping and disposing of records, Operational selection policies or other guiding retention and disposal documents
- ensure that the format used for migrating the data is known and make sure that the receiving organisation is able to receive and support this format
- both organisations should agree what the minimum mandatory metadata requirements are and map these metadata fields against each other before migration
- know the minimum metadata elements that the transferring organisation can export and the receiving organisation can receive
Transferring digital information securely
- export the data securely, for example via a Secure File Transfer Protocol (SFTP) or an encrypted High Density Drive (HDD). Both organisations will need to determine the appropriate transfer mechanisms. If using encrypted HDDs, the transferring organisation will need to send these via secure courier and provide a decryption password separate from the HDD. Never transmit the HDD and password together. If using SFTP, the transferring and receiving organisations will need to agree a transmission time for the secure transmission of information
- If an HDD is used, the transferred information will need to be held in a non-networked computer until the appropriate virus scans have been provided and quality checks on metadata carried out
- If SFTP is used, it will need to be transferred to a computer that is not attached to the wider IT network to safeguard against viruses.
Please note that iron keys, USB keys or thumb drives are not secure methods for transferring digital information between government organisations.
Acknowledgement of receipt of records:
- ensure that the completeness, availability and usability of the information (and its metadata) throughout the migration process
- no records can be destroyed by the transferring organisation until confirmation of receipt and accessibility has been confirmed by the receiving organisation