The concept of provenance is a key aspect of records and archival management theory. It describes proof of the origin or source of something (in this case a record) and the chain of custody regarding whose hands it has passed through since.
Why is this important?
Capturing a record’s provenance provides proof as to who the actors were in any given transaction or process and demonstrates that they had the appropriate authority to undertake it. It should also provide guarantees regarding the reliability of the content due to the known position and authority of the creator.
Controlling and recording the ‘chain of custody’ then perpetuates these assurances throughout the remainder of its life. This issue is explored in more detail during the active use section of this guide.
How to create authentic records
Given the importance of provenance to creating authentic records, it is vital that the institution has clearly defined processes surrounding the transactions it undertakes. This not only means knowing precisely how the transaction should be conducted, but also who should be involved within it and what their specific roles are.
Our guide on process improvement should help institutions in this regard. As part of this exercise, it is important to identify what records will be created at which points in the process, closely associating each record to the process they are documenting.
It is often the case that systems which create structured data, such as relational databases, student record systems etc are better equipped to automatically control and capture record provenance. Access is usually via a password controlled login which validates the identity of the creator. Any records created or edited during that session will then be automatically associated to that particular user. The user’s profile can also be used to determine what system rights they have access to and therefore what transactions they can undertake.
It can be more difficult to achieve this level of control with unstructured records such as text-based documents, spreadsheets etc. Measures to address this may include:
- Limiting access to particular areas of the record storage facility (ie, particular folders or areas of the file plan) to specific identified users
- Creating official templates for use when creating specific record types (meeting minutes, project plans, annual review forms etc) and limiting access to them to certain identified users
- Ensuring the document properties are picking up the correct authors name from their log in and/or making manual completion of the author field mandatory on document creation
- Considering the use of biometric authentication systems to confirm the identity of the creator
- Ensuring the ‘header’ metadata documenting the transfer information is retained with any emails saved outside of the email client.
It should be noted that when we refer to ‘transactions’ this does not necessarily mean financial transaction. The term transaction can be used to describe the completion of any process and could equally apply to a holding a meeting, agreeing a project plan, appraising a member of staff or disciplining a student.