Migrate digital records

During the migration process, there is an increased risk of records (or parts of) being lost or corrupted, and their integrity and authenticity being compromised.

Careful planning and rigorous testing will help reduce risks and ensure that records are authentic and accessible in the new system.

Assess the risks based on the:

• value of the records (e.g. vital records, retention period)
• new system's ability to capture all required information (e.g. control records, metadata, connections)
• ability to ensure integrity and authenticity of records
• file formats and the impact on usability and longevity of the records
• potential risks to usability, reliability and authenticity of records.

Make sure decisions around the acceptable levels of risks and risk mitigation are clearly documented.

You may need to decide on an acceptable level of loss and/or change of record characteristics (e.g. content, context, structure, appearance, connections) between the source and target systems.

Use the risk assessment to inform your migration plan, including how long source records should be kept post-migration to allow time to ensure the migration was successful.

Consider and include recordkeeping obligations, risks, standards and activities when planning for a migration.

The migration should not be irreversible. Establish and test a roll-back strategy in case problems arise. This allows records to remain protected and business processes can be resumed with the old system until another migration is attempted.

You will need to ensure that the new system is capable of managing the records appropriately. Find out what technology requirements and functionality you need to help choose and plan for a new system.

You also need to plan for the potential impact on staff and the business (e.g. recordkeeping activities such as capturing or access to records).

Determine what is to be migrated

Determine what you need to migrate based on your agency's requirements and the functionality of the new system.

Records

Identify which records are active and inactive, how long they must be kept and which are due for destruction.

You will need to migrate all active records and any control records used to track and manage both physical and digital records.

If necessary, inactive records can be:

• migrated to the new system
• managed in the existing system until they can be lawfully destroyed
• exported to another form of digital storage media (find out the options for preserving digital records).

Note: How records are managed will depend on your agency's requirements.

Consider destroying any digital records due for destruction beforehand to reduce the number of records that need to be migrated–make sure records metadata and information about the disposal of records is kept and migrated to the new system.

Any records that are encrypted should be decrypted before migration.

If performing a system migration, you will need to do an analysis of the system to determine what records it contains. Look at the business processes the system supports and the types of data captured. Process mapping may help identify relationships between records, business processes and stakeholders.

Metadata

You must migrate:

• all recordkeeping metadata for records being migrated
• any metadata and control records for physical records
• metadata and information about records that are not being migrated (e.g. inactive or legacy records, disposal information of records already destroyed or transferred)
• any other associated metadata
• contextual or structural information that enables the record to be accessible and meaningful
• connections between this information and the records
• any other information crucial to the meaning of the records.

Use the Queensland recordkeeping metadata standard and guideline (PDF, 1.4 MB) (QRKMS) to identify the required metadata, and the links that must be maintained.

Ensure connections remain to any metadata and contextual information outside the system.

Make sure that information remains accurate and unchanged post-migration, including:

• any dates used for recordkeeping actions (e.g. disposal trigger, date created)
• disposal of the records.

Test the migration

Pre-migration testing should be done in a test-environment/system and post-migration in the live-environment/system.

You will need to check:

• for potential issues
• that records will remain complete and reliable post-migration
• that all required information and metadata can and will be migrated successfully.

Testing should be based on your risk assessment to ensure risks are minimised.

The migration should be performed by the IT team wherever possible.

Minimise the amount of time and intervention required during a migration. This will help maintain an unbroken chain of custody for any records and ensure their authenticity and reliability.

Test the migration

You will need to carry out the same checks post-migration (in the live system) as you did pre-migration in the test environment.

Check records and ensure quality

You must be able to demonstrate that:

• the new system is working as expected and is controlling and managing all the records correctly
• the migration resulted in the complete and reliable reproduction of the source records
• records have not been altered in an accidental or unauthorised way as a result of migration.

Source records disposal

Source records should not be disposed of until the migrated records and the new system have been checked.

Metadata about the migration, including the date, must be captured to provide evidence of the migration.

You need to document and get sign-off for the migration process, including final sign-off at the end to confirm the process was successful, reliable, and produced accurate and authentic records. Sign-off will depend on your agency's requirements – this may need to be done by your CEO, authorised delegate or other relevant senior management personnel.

You may need to document:

• descriptions of the identified records, their characteristics, and the metadata being migrated
• decisions made about the management of records
• any data cleansing performed, including records of decisions and the processes undertaken
• the formal migration plans and processes
• the dates/times of the migration activities
• the people involved, including their roles and positions
• system configurations, including metadata definitions and mappings
• risk assessments and mitigation planning and activities
• any reports that compare the functionality of both systems
• all approvals and all decisions, including any decisions not to migrate certain data
• any variations to plans around the recordkeeping considerations
• any necessary variation in records structure, metadata, format or content that will, or has, resulted from the migration
• the destruction of the source records, including approved assurances that the minimum conditions were met and the appropriate further retention period had elapsed
• the actions taken to validate the particular equipment and systems used in the migration are in good operating order.

You also need to keep documentation around any tests performed to indicate:

• the migrated records were inspected
• metadata and characteristics were compared to the original records and were intact in their entirety
• all necessary control procedures were applied during the process.

This documentation provides essential context to records that have undergone migration and is essential if ever the records are required for legal proceedings where their integrity and authenticity need to be assured.

All documentation on the migration should be kept for the life of the records involved. This will depend on the retention periods applied to the records.