Migrate digital public records
Migration is a commonly used approach for preserving digital public records and refreshing storage media.
You may need to migrate digital public records if you are replacing or decommissioning a recordkeeping or business system.
The main types of migration are system migration, version migration, and format migration.
Repeated migrations can compromise the integrity, reliability, usability and authenticity of digital public records, particularly those that are required to be retained for long periods of time. Minimise the need for record migrations by:
- having a good understanding of ICT infrastructure
- knowing the value of your public records
- understanding how applications are used or will be used before procurement and implementation
- choosing appropriate record format(s) that take into account the retention periods and the record types.
Regardless of the type of migration, digital public records must continue to be complete and reliable public records during and after the migration, and the source records must be lawfully destroyed. You will need to work with your public authority's IT team to ensure the migration is successful.
During the migration process, there is an increased risk of digital records (or parts of) being lost or corrupted, and their integrity and authenticity being compromised.
Careful planning and rigorous testing will help reduce risks and ensure that digital public records are authentic and accessible in the new system.
Assess the risks based on the:
- value of the digital public records (e.g. vital public records, retention period)
- new system's ability to capture all required information (e.g. control records, metadata, connections)
- ability to ensure integrity and authenticity of digital public records
- file formats and the impact on usability and longevity of the digital public records
- potential risks to usability, reliability and authenticity of digital public records.
Make sure decisions around the acceptable levels of risks and risk mitigation are clearly documented.
You may need to decide on an acceptable level of loss and/or change of record characteristics (e.g. content, context, structure, appearance, connections) between the source and target systems.
Use the risk assessment to inform your migration plan, including how long source records should be kept post-migration to allow time to ensure the migration was successful.
Consider and include recordkeeping obligations, risks, standards and activities when planning for a migration.
The migration should not be irreversible. Establish and test a roll-back strategy in case problems arise. This allows digital public records to remain protected and business processes can be resumed with the old system until another migration is attempted.
You will need to ensure that the new system is capable of managing the digital public records appropriately. Find out what technology requirements and functionality you need to help choose and plan for a new system.
You also need to plan for the potential impact on staff and the business (e.g. recordkeeping activities such as capturing or access to digital public records).
Determine what is to be migrated
Determine what you need to migrate based on your public authority's requirements and the functionality of the new system.
Digital public records
Identify which digital public records are active and inactive, how long they must be kept and which are due for destruction.
You will need to migrate all active digital public records and any control records used to track and manage both physical and digital public records.
If necessary, inactive digital public records can be:
- migrated to the new system
- managed in the existing system until they can be lawfully destroyed
- exported to another form of digital storage media (find out the options for preserving digital public records).
Note: How digital public records are managed will depend on your public authority's requirements.
Consider destroying any digital public records due for destruction beforehand to reduce the number of digital records that need to be migrated–make sure digital records metadata and information about the disposal of digital public records is kept and migrated to the new system.
Any digital records that are encrypted should be decrypted before migration.
If performing a system migration, you will need to do an analysis of the system to determine what digital public records it contains. Look at the business processes the system supports and the types of data captured. Process mapping may help identify relationships between digital public records, business processes and stakeholders.
Metadata
You must migrate:
- all recordkeeping metadata for digital public records being migrated
- any metadata and control records for physical public records
- metadata and information about digital public records that are not being migrated (e.g. inactive or legacy records, disposal information of public records already destroyed or transferred)
- any other associated metadata
- contextual or structural information that enables the digital public record to be accessible and meaningful
- connections between this information and the digital public records
- any other information crucial to the meaning of the digital public records.
Ensure connections remain to any metadata and contextual information outside the system.
Make sure that information remains accurate and unchanged post-migration, including:
- any dates used for recordkeeping actions (e.g. disposal trigger, date created)
- disposal of the digital public records.
Test the migration
Pre-migration testing should be done in a test-environment/system and post-migration in the live-environment/system.
You will need to check:
- for potential issues
- that digital public records will remain complete and reliable post-migration
- that all required information and metadata can and will be migrated successfully.
Testing should be based on your risk assessment to ensure risks are minimised.
The migration should be performed by the IT team wherever possible.
Minimise the amount of time and intervention required during a migration. This will help maintain an unbroken chain of custody for any digital public records and ensure their authenticity and reliability.
Test the migration
You will need to carry out the same checks post-migration (in the live system) as you did pre-migration in the test environment.
Check public records and ensure quality
You must be able to demonstrate that:
- the new system is working as expected and is controlling and managing all the digital public records correctly
- the migration resulted in the complete and reliable reproduction of the source records
- digital public records have not been altered in an accidental or unauthorised way as a result of migration.
Source records disposal
Source records should not be disposed of until the migrated digital public records and the new system have been checked.
Metadata about the migration, including the date, must be captured to provide evidence of the migration.
You need to document and get sign-off for the migration process, including final sign-off at the end to confirm the process was successful, reliable, and produced accurate and authentic digital public records. Sign-off will depend on your public authority's requirements – this may need to be done by your CEO, authorised delegate or other relevant senior management personnel.
You may need to document:
- descriptions of the identified digital public records, their characteristics, and the metadata being migrated
- decisions made about the management of digital public records
- any data cleansing performed, including records of decisions and the processes undertaken
- the formal migration plans and processes
- the dates/times of the migration activities
- the people involved, including their roles and positions
- system configurations, including metadata definitions and mappings
- risk assessments and mitigation planning and activities
- any reports that compare the functionality of both systems
- all approvals and all decisions, including any decisions not to migrate certain data
- any variations to plans around the recordkeeping considerations
- any necessary variation in records structure, metadata, format or content that will, or has, resulted from the migration
- the destruction of the source records, including approved assurances that the minimum conditions were met and the appropriate further retention period had elapsed
- the actions taken to validate the particular equipment and systems used in the migration are in good operating order.
You also need to keep documentation around any tests performed to indicate:
- the migrated digital public records were inspected
- metadata and characteristics were compared to the original records and were intact in their entirety
- all necessary control procedures were applied during the process.
This documentation provides essential context to digital public records that have undergone migration and is essential if ever the digital public records are required for legal proceedings where their integrity and authenticity need to be assured.
All documentation on the migration should be kept for the life of the digital public records involved. This will depend on the retention periods applied to the digital public records.