Guest contribution by Martin Waldron,
In-Form Consult Ltd; Managing Director
MGB MoReq Governance Board, Chair
Die ersten drei Teile des Artikels erschienen in den Newsletterausgaben 20090325, 20090528 und 20090730. Dies ist nun der vierte und letzte Teil des Gastbeitrages. Der Beitrag wurde ursprünglich als Whitepaper für die Fa. EMC verfasst.
Value and Limitations of MoReq2
Can an organization or an EDRMS be MoReq2 compliant? Simplistically it might seem good to ask suppliers to confirm that their product is “MoReq2 compliant”, but unfortunately this is not a meaningful question because:
Firstly, MoReq2 consists of a large number of mandatory and optional requirements, some with more than one acceptable outcome, so a simple ‘Yes/No’ rating is inadequate. Even a percentage score out of 100% for each product, were it available, would not tell you how the generic system addresses your organisation’s needs. Suppliers or products may not address all mandatory requirements areas (e.g. scanning) yet meet the subset that you require.
Secondly, as brought out in the paper, some functionality defined in MoReq2 is too complex and specialist for most organisations to understand and use, that is, it may not meet your needs.
Finally, no compliance testing of products has yet been undertaken. There are several reasons for this: MoReq2 is relatively new, the testing regime isn’t in place, and suppliers may be concerned at the effort and cost for development and testing.
So if you feel it is essential from a contractual point of view to have suppliers respond formally to each of your detailed EDRM requirements, you have little choice other than to include them in a statement of requirements.
Your aim however in developing your statement of requirements should be to produce a set of requirements that are business driven and this should be reflected in your selection and inclusion of MoReq2 requirements. Where you include a MoReq2 requirement, you still need to decide whether it is mandatory or desirable, but as a default you can follow MoReq2 as a guideline.
Finally, as a result of your assessment of Moreq2 based in part on this paper, and your business needs, you may decide on a different course for EDRM specification and selection. There are other ways to establish or validate how well a product meets your requirements: reference sites, industry reviews, demonstrations, model office projects – and you could consider using these to help shortlist your bidders.
EDRM Market Considerations
Electronic records management technology has become well established since the publication of MoReq in 2001. This is illustrated by MoReq authors being able to obtain feedback from only one supplier whereas there are twenty three vendors on the Moreq2 panel. Electronic records management capability can now also be found in corporate business applications such as ERP systems and engineering design applications.
| || || |
The ERM/EDRM marketplace is relatively mature and a number of well-established high-function systems are available, so obtaining the core records management functionality you require may not be a real issue.
There are variations in the end-user interface, so you should evaluate this area in detail against your environment and requirements.
Integration capabilities and the capability of the workflow, document management, and web content management components should also be assessed at the same time if they are relevant to your business applications.
What MoReq2 provides
The MoReq2 specification has set a new bar for ERM functionality with a much expanded set of requirements.
It has stumbled by addressing in detail areas of marginal interest to the wider private sector or lighter regulated public bodies and omitting areas now widely used such as collaborative tools and with no consideration for Web 2.0 applications.
The user developing a corporate EDRM technical specification will find MoReq2 a useful reference document but to use it will require investing a lot of time and effort distilling the relevant parts from those that may be considered too extensive and ultimately not required.
This White paper provides a guide to assist you in streamlining the process of assessing your EDRM requirements and “Making MoReq2 work for you”.
Addendum - Access Control Model
MoReq2 provides a useful matrix that provides examples of typical ERM system assigned administra-tor and user roles and their allowed functions
There are four example roles defined in the MoReq2 example matrix:
| || || |
Central Administrator – this role has control over the configuration of the entire ERMS and the management of the aggregations and records themselves.
Local Administrator – this is a role with administrative rights over a sub-set of the ERMS or its classification scheme. These roles usually are useful in geographically dispersed organisations.
Reviewer – this is a specialist role which is primarily concerned with the application of disposition actions defined by Retention and Disposition Schedules.
End User – the end user role is the standard level of access to the EDRMS and comprises those who need to save records into, and access records from, the EDRMS for their routine work.
Fig. 1: MoReq2 role matrix.