One of the functional subsystems of the enterprise's corporate information system is the electronic document management system (EDMS), the development of which is to increase the efficiency of economic systems management based on the automation of document management and business processes, all types of work with documents that ensure and coordinate the joint activities of all participants in the management process.

Currently being created electronic document management systems must meet the basic requirements of the CIS.

Scalability. It is desirable that the system electronic document management could support both several units and several thousand users, and the ability of the system to increase its capacity was determined only by the capacity of the corresponding hardware. Fulfillment of such a requirement can be ensured by supporting industrial database servers produced by companies such as Sybase, Oracle, Informix, etc., which exist on almost all possible software and hardware platforms, thereby providing the widest range of productivity.

Distribution. The main problems when working with documents arise in geographically distributed organizations, therefore, the architecture of electronic document management systems must support the interaction of distributed sites. Moreover, distributed sites can be combined with a variety of communication channels in terms of speed and quality. Also, the system architecture must support interaction with remote users. J

Modularity, It is quite possible that the customer may not need to immediately implement all the components of the workflow system, and sometimes the range of tasks solved by the customer is less than the entire range of workflow tasks. Then it is obvious that the electronic document management system should consist of separate modules integrated with each other.

Openness. An electronic document management system cannot and should not exist in isolation from other systems, for example, when it is necessary to integrate the system with other applied systems, in particular, an accounting program. For this, the workflow system must support general standards for data processing and transmission and have open interfaces for possible refinement and integration with other systems.

4. Protection of electronic documents

The general scheme of the SP at the enterprise, shown in Fig. 8, reflects the system of organizational and technical measures for health protection.

Organizational measures determine:

job functions of personnel involved in data processing;

for critical operations, control and execution of the operation should be carried out by two employees with different keys;

conditions for reliable storage must be provided for the database;

it is forbidden to transfer data to other places (firms, organizations) if conditions of reliable protection are not provided there;

an evacuation plan must be developed to save data in the event of force majeure.

The ZD control is of great importance, which is subdivided into two types:

External review or audit (performed by a third party);

internal verification (in-house) The technology includes the following verification activities:

system documentation;

design documentation (buildings, premises, computing centers);

design documentation for software;

guiding user documents on software and operating systems;

employment (access) and management;

revisions of source codes;

names of data files and folders (directories);

all data carriers;

terminal access;

lists of users and their rights;

console protocols;

system logs;

hardware and software failure logs;

Protocols electronic processing data and changes to personal data, etc.

As a result of the actions performed, a checklist is created, which can be carried out using special or publicly available software in two types of media: hard (paper) copy and electronic form.

As technical protection measures electronic signatures and electronic envelopes are used.

Electronic signature is a special sequence of characters added to the text to certify its authenticity. It is obtained through complex mathematical transformations from the text itself and a special number K, called your secret key. Obviously, any unauthorized person, changing the text, must make the appropriate changes in the signature. However, knowing one of its components - the text, it does not know the other - the key, and, therefore, cannot make such changes. When verifying a signature, actions are performed on it, the opposite of those with which it was obtained, but instead of the secret key, another number is involved in them - the public key. Naturally, it depends on the secret, but in such a way that it is impossible to obtain the secret key from the public one. Thus, you can send your public key to all subscribers without worrying about protecting it. Even if it falls into the hands of someone else, your information will not be tampered with. This method of generating and distributing keys is called the principle of public key distribution.

The same principle is used when sealing a letter in electronic envelope ... Two keys are used for sealing: your private key and the public key of the subscriber to whom the letter is intended. From these two keys, one - a common - key is generated. It is also used for printing, but in this case it turns out the other way around - from your public key and your subscriber's secret key (these two pairs are arranged in such a way that the public keys are the same).

It is convenient, firstly, because you do not need to personally meet with all subscribers to change the keys - you just need to send them the keys via e-mail and secondly, because you create and distribute the same key to everyone.

Precautions to be taken to securely transfer documents over the Internet

Integration into the central node of a hardware and software complex that performs the functions of a firewall.

Packet filtering and user authentication.

Providing internal communication between sites through a corporate intranet that has local IP addresses that are not registered on the Internet and therefore inaccessible from the outside world.

Fencing access to the external network with a proxy server that converts internal IP addresses to global ones, restricts incoming and outgoing traffic, and performs registration of external Web sites visited by users.

The use of different protocols on local servers containing critical databases and on Web servers, making it difficult for unauthorized access to the databases. This can somewhat diminish the benefits of Web technology.

Implementation of access control mechanisms into the document management system itself (access control list, access levels, roles, user groups, encryption, etc.).

The use of electronic document management systems (EDMS) began in the mid-1990s. However, the introduction of the EDMS on a national scale has become widespread only in the last five years. The main stimulus here was the order of the Government of the Russian Federation of 12.02.2011 No. 176-r, which approved the Action Plan for the transition of federal executive bodies to paperless document flow and the Decree of the Government of the Russian Federation of 06.09.2012 No. 890 "On measures to improve electronic document flow in government bodies" ...

In accordance with the aforementioned Action Plan of the Ministry of Telecom and Mass Communications of the Russian Federation, “Requirements for information systems electronic document flow of federal executive bodies, taking into account, among other things, the need for processing through these systems of official information of limited distribution. " 2

While the EDMS was used exclusively as intra-institutional systems, their diversity and incompatibility with each other were not a significant problem. But with the beginning of the transition to a single information space, the organization of interdepartmental electronic document management, the need to unify the EDMS, ensure their compatibility with national systems for document exchange, electronic interaction and archival storage come to the fore. In part, GOST R 53898-2010 is aimed at solving the issues of interaction of EDMS systems. “Electronic document management systems. Interaction of document management systems. Email Requirements ".

"Requirements for information systems of electronic document management ..." are intended for federal executive authorities, but in accordance with Art. 11 of the Federal Law No. 149-ФЗ dated July 27, 2006 also apply to other state bodies and bodies local government... Commercial organizations have the right to organize EDMS at their own discretion, but, given the role of the state in our country, usually all large and medium commercial organizations are guided by the rules established by the state for the convenience of interaction with state bodies.

These Requirements are of a framework nature, and therefore, in 2013, by order of the Federal Archival Agency, the All-Russian Scientific Research Institute of Records Management and Archival Affairs (VNIIDAD) developed “Archival and Records Management Functional Requirements for Information Systems Providing Electronic Document Circulation in the Process of Internal Activities of Federal Executive Bodies authorities". 3

Let's consider the most interesting provisions of the Requirements ... of the Ministry of Telecom and Mass Communications of Russia.

"Requirements for information systems of electronic document management ..." determine the minimum set of functions that must be present in the EDMS, as well as the requirements for organizing the use of EDMS in the institution.

One of the main requirements for the EDMS is its scalability both in terms of the number of connected workplaces and the number of documents contained in the EDMS. It should be borne in mind that modern systems document management is used by almost all employees of the organization working with documents, and the general trend is the use of both stationary workstations and access to documents from mobile devices, remote access to the system. By the number of documents stored in the EDMS, it should be borne in mind that since the system stores not only the final executed and signed documents, but also intermediate working versions, the number of files, draft documents and documents received in the EDMS is several times higher per year. the total number of documents registered by the preschool educational institution (incoming, outgoing and internal). The requirements stipulate that the EDMS must ensure the storage of all documents for a period of at least 5 years, but in practice it is necessary to focus on a period of at least 10-15 years, since this is the period during which documents in electronic form continue to be actively used, especially since paragraph 20 of paragraphs. f) the same Requirements provide for the possibility of storing documents for up to one hundred years.

An important parameter of the EDMS is its performance. If the hardware and software complex (EDMS server) is not efficient enough for a given number of users simultaneously working in the system and (or) for a given volume of database (number of documents in the system), then employees will have to wait for the opening of the document card or the document itself, therefore, the productivity of employees falls. Therefore, the Requirements contain time parameters that must correspond to the performance of the EDMS:

1. time of obtaining access to the EDMS - no more than three seconds;
2. the time of obtaining access to the card created during the registration of the document and containing data describing the context, content, structure of the document, actions performed with the document during preparation, consideration, execution and storage, as well as identification data (metadata) - no more than five seconds.

Any system can experience a failure, both software and hardware. But the failure of the EDMS leads to the impossibility of working with the documents of all employees of the organization, therefore the Requirements establish a strict framework for downtime in case of failures and reboots of the EDMS - no more than 30 minutes. Also, the EDMS should provide automatic notification of users about a system failure. First of all, they usually set up automatic notification via SMS and e-mail for the administrator and the EDMS technologist.

Another common situation is that for some reason the document is damaged or accidentally erased by the user. The requirements stipulate that in this case the electronic document must be restored from the backup copy within 30 minutes. The organization, in accordance with the Requirements, must have at least one backup copy of electronic documents stored in the EDMS. However, in practice, to ensure safety, at least two backups are created, preferably on different media. This minimizes the risks of losing electronic documents.

The reliability factor of the EDMS must be at least 0.98.

Another indicator is the level of protection of the EDMS from unauthorized access. For government agencies working with restricted documents, this must be at least class 1G certification. However, in view of the high cost of creating and operating secure EDMS, they usually try to work with documents of limited access in the traditional mode, on paper, since they, as a rule, constitute a small part of the organization's documents. Otherwise, usually dedicated computers or even a separate secure network that does not have a connection to an open computer network and the Internet are installed to work with such documents. However, in this case, it is also envisaged to work with documents of the EAE level, but in no way with documents containing state secrets.

The main part of the "Requirements for information systems of electronic document management ..." is a description of how in the EDMS the processes of documentary management should be built.

It is emphasized that the EDMS should provide work with all types and categories of documents and draft documents of the organization.

The EDMS used by government agencies must ensure interaction with the systems of interdepartmental electronic document management (MEDO), interdepartmental electronic interaction (SMEV), and other information systems.

The work of the EDMS must comply with the provisions of GOST R ISO 15489-1-2007 “System of standards for information, librarianship and publishing. Document management. General requirements", Including in the field of ensuring the authenticity, integrity and reliability of an electronic document, as well as the Rules of Office Work in Federal Executive Bodies, approved by Decree of the Government of the Russian Federation of 15.06.2009 No. 477 (clauses 9 and 11 of the Requirements).

The EDMS should provide all the main office work processes:

Saving a document or information about a document (draft document) in the EDMS (registering it or, in terms of Requirements, entering a document into the system):

• bringing the document to the performer (user of the EDMS)
• document approval
• document signing
• transfer (sending) of the document;
• "Storage and accounting of documents in accordance with the instructions for office work in the federal executive authority, as well as control of executive discipline, preparation of reference materials and writing off documents to the archive", that is, control of execution, information and reference work, current storage and accounting, including the preparation of documents for transfer to the state archive or depository.

A feature of the automated office work system is the presence of a function for logging all user actions and system events. In other words, everything that happens in the EDMS - a document is created or registered, a file is simply viewed, an edit is made - all this information is stored in special service files, which allows you to always say who and when viewed or rules the document (document card). Separately, in the Requirements, the obligatory fixation of the date and time of entering the document into the system is prescribed. This information is recorded both in the registration card (metadata for the document) and in control information(protocol of actions in the EDMS).

In accordance with clause 17 of the Requirements, information on all actions performed with documents or sets of documents, draft documents, registration card (metadata) is subject to logging. This information:

• about the user of the EDMS FOIV who performed the action;
• the date and time of the action;
• on entering documents, draft documents into the EDMS;
• on the movement of a section (subsection) in the classification scheme;
• about changes in instructions for storage periods and subsequent actions with documents;
• on the actions performed by the administrator of the EDMS FOIV during the examination of the value of the document, carried out in accordance with the Federal Law of October 22, 2004 No. 125-FZ "On archiving in Russian Federation";
• on the imposition and lifting of a ban on the destruction of a section (subsection) of the classification scheme;
• any change or destruction of metadata by the user of the EDMS;
• about changes in access rights to documents;
• on the transfer of documents;
• on the destruction of documents;
• about printing a document or metadata.

In other words, the EDMS should allow at any time to obtain information about who and when opened, viewed, edited a document or a registration card for it, as well as what documents a particular employee worked with.

The requirements of the Ministry of Telecom and Mass Communications of the Russian Federation divide the office processes supported by the EDMS into the following groups:

a) processing of incoming and outgoing paper documents created or received by the organization and included in the EDMS of the FOV by registering, scanning and creating an electronic image of documents (including documents received through postal communications, telecommunications and courier communications);

b) processing of electronic documents received or transmitted through the interdepartmental electronic document management system;

c) processing of electronic documents received or transmitted using the interdepartmental electronic interaction system;

d) processing of electronic documents received or transmitted by e-mail;

e) processing internal documents in the EDMS.

In organizations that are not government agencies, items b) and c) are absent, documents are received only either through traditional communication channels, or by e-mail.

In case of receipt of a document on paper, entering the document into the EDMS includes its registration, scanning and creation of an electronic image of the document.

In the case of receipt of a document in electronic form, entering the document into the EDMS is its loading into the EDMS, registration with the prohibition of making changes to the received document.

The organization can approve and include in the paperwork instructions a list of documents for which the creation of their electronic images is prohibited, for example, documents with a chipboard stamp, marked "personal", confidential documents, etc. If such a document is received, it is registered in SED, but its electronic image is not created.

For projects of electronic documents, at each stage of their creation, approval and signing, the content of the document is fixed by creating versions of documents and attaching them to the document card.

The ERMS must support the attachment of any file format to the registration card. This is important, since the EDMS is usually used for many years, and during this time new versions of programs and, accordingly, file formats may appear, which must also be supported by the EDMS. The EDMS should allow entering into the system and registering document files even if the application in which the document was created is not present at this workplace (not installed). At the same time, some of the most common formats, the EDMS must be able to display necessarily. These are pdf, rtf, doc, tiff.

The EDMS should allow placing documents in a hierarchical scheme consisting of sections and subsections, in accordance with which the systematization and organization of storage of documents in the EDMS is organized (classification scheme). It should be borne in mind that physically documents are placed on the server (storage system) in the order determined by the internal configuration and principles of storing files in this EDMS, and the classification scheme is just a field in the registration card that allows you to quickly find documents by classification criteria.

The classification scheme is usually based on the nomenclature of the organization's affairs.

In the registration form of the EDMS, those fields that are required to be filled in must be determined. When entering a document, the EDMS must ask the user to fill in the required fields (metadata) (clause 13 of the Requirements).

In the course of working with a document, not only resolutions can be entered into the EDMS, but also comments and instructions on the document. To sign (and, if necessary, and approve) a document, the EDMS provides for the possibility of connecting electronic signatures in accordance with the Federal Law "On Electronic Signatures". 4

When sending documents by traditional methods (on paper), the EDMS provides overprinting of envelopes and printing of mailing lists.

The storage periods for documents included in the relevant sections (subsections) are established in accordance with the List of standard administrative archival documents generated in the course of the activities of state bodies, local authorities and organizations, indicating the storage periods, approved by Order of the Ministry of Culture of the Russian Federation of August 25, 2010 No. 558. 5

In accordance with deadlines storage of the EDMS should provide the following actions:

• keep the document permanently;
• conduct an examination of the value of documents;
• at the end of the calendar year, create documents in the prescribed form: an act on the allocation for destruction of documents (sections) with expired storage periods and an inventory of documents of permanent and long-term (over 10 years) storage period;
• allocate documents for destruction (delete from the system) while storing information on the allocation of documents for destruction in the EDMS;
• transfer documents for storage to another repository (automated system), including exporting annual sections of documents of permanent storage for transferring them to state archives and exporting annual sections of personnel documents for transferring personnel documents to archives.

In practice, transfer to state storage requires ensuring the compatibility of the EDMS according to the export format of the annual section with software package"Archival fund" used in state and municipal archives.

The Requirements contain a provision on ensuring storage periods with a duration of at least one hundred years. However, at present, such technologies are at the stage of development, and the author is not aware of any EDMS that could by itself provide such long storage periods for legally significant documents in electronic form.

The considered Requirements of the Ministry of Telecom and Mass Communications of the Russian Federation supplement the developed by VNIIDAD "Archival and document management functional requirements for information systems providing electronic document flow in the process of internal activities of federal executive bodies". They are important both for office workers and for employees of IT departments who ensure the implementation or configuration of electronic office management and document management (EDMS) systems.

In general, the considered "Requirements for information systems of electronic document management of federal executive bodies, taking into account, among other things, the need for processing through these systems of official information of limited distribution" can and should be used not only at the stage of selection, implementation and initial setup of the EDMS, but also for analysis already functioning EDMS to determine the compliance of the EDMS used in a particular organization with modern requirements.

1. The author can be contacted at: kouznets @yandex .ru
2. Order of the Ministry of Communications and Mass Media of the Russian Federation dated 02.09.2011 N 221, registered with the Ministry of Justice of the Russian Federation on 15.11.2011 # 22304.
3. Published on the Archives of Russia portal at: http://archives.ru/sites/default/files/rekomendation-vniidad-foiv-2013.pdf
4. Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signatures" (as amended on 28.06.2014).
5. Registered with the Ministry of Justice of the Russian Federation on 09/08/2010, registration number 18380.

January 20, 2012 12:12

Sergey Bushmelev, IT analystDIRECTUM

Requirements for electronic document management systems of federal authorities (EDMS FOIV) were approved by Order of the Ministry of Communications and Mass Media of the Russian Federation No. 221 dated 09/02/2011 "Requirements for information systems of electronic document management of federal executive authorities, taking into account, among other things, the need for processing through these systems of service information limited distribution ". It is worth noting that the EDMS public reacted very ambiguously to these requirements. There was also a misunderstanding, but there was also a rather deep and impartial analysis. of this document... Now, when emotions have subsided, it is worthwhile to take another close look at the document and try to understand what meaning the authors put into the dry lines of the official document.

Before we get into the requirements themselves, it is very important to understand what is the subject of these requirements. The answer will be straightforward and simple - an electronic document management system. Most of the authors who unsubscribed about these requirements, apparently, meant a boxed product or a production solution offered by the EDMS vendor by the EDMS FOIV, we will call this in the future EDMS product. But this, in my opinion, was their main mistake, which prevented them from looking at the requirements from the right angle.

The authors of the document themselves are partly to blame for such an insufficiently correct perception of the requirements, who neglected the established practice to place at the beginning of the document or include a glossary of terms used as an appendix to it. And for some reason, they put the answer to the question, what is the EDMS, at the beginning of the second section, in paragraph 4: “EDMS of the federal executive authority is an information system designed to manage all documents of the federal executive authority, including draft documents (except for documents containing information constituting state secret) ". The definition of an information system can be found in Federal Law N 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection", in Clause 3 of Article 2: "Information system is a set of information contained in databases and ensuring its processing information technologies and technical means ". That is, it is just not a distribution kit of an electronic document management system, but a set of hardware (server part, network infrastructure, personal computing devices) and software (system, infrastructure, application software + software settings), as well as information contained in the system. In my opinion, even more complete definition information system can be found in the security guidance documents. For example, the RD "Security of information technologies. Criteria for assessing the security of information technologies", approved by the State Technical Commission of Russia on 19.06.2002, gives the following definition: "The system is a specific embodiment of IT with a specific purpose and operating conditions." This definition emphasizes that information technologies are embodied in this system in a specific, individual way, to achieve a specific goal. The operating conditions are also unique: premises, organization of access to the territory of the organization, organization of the system (standards, regulations). diligence will ultimately depend on the performance of any information system.

So when we determined that information system = room + all hardware + all software + all software settings + personnel + regulations, you can move on to the requirements with peace of mind. For each selected group of requirements, we will try to determine which components of the information system can be “held accountable” for meeting these requirements.

Again, I would like to blame the authors of the document for the lack of a detailed structure of requirements. Despite the fact that, according to experts, some ideas were gleaned from MoReq2, the requirements in the document are actually lumped together. The presence of three large sections does not help, since, for example, the second section contains a wide variety of requirements, and the security requirements are scattered across all three sections.

As stated in clause 2, the requirements approved by the order of the Ministry of Telecom and Mass Communications apply to the implemented EDMS and to the systems already implemented, when evaluating them. The document does not contain information about the assessment procedure itself, which is quite logical. I expect that the specialized body will issue a separate document containing the procedure for conducting the assessment, the composition of inspectors, responsible in the field, what to do in case of non-compliance, the procedure and sources of funds for bringing information systems in line with the requirements, as well as the time frame in which this assessment should be produced.

I will not analyze each item of the requirements in detail, but try instead to group them using my own logic. What came out of this, you will judge for yourself.

Non-functional requirements

A novelty, in my opinion, can also be considered the fact that the document begins with non-functional requirements. In MoReq2, they are classified as optional, they were placed almost at the end of the document, but domestic lawmakers adhere to a different logic.

The very first are the requirements for the scalability and performance of the EDMS. So, access to the EDMS of the federal executive authority should be carried out within 3 seconds, access to the document card - within 5 seconds. After going through the available options, I came to the conclusion that 3 seconds is the response time of the system to user actions, and 5 seconds is the time during which the document card should open. I believe that, given the limited budget of government agencies and staff shortages, the responsible officials of the government body involved in the selection of the EDMS will have a desire to throw the ball over to the side of the EDMS manufacturer, while, in my opinion, it will be more correct to assess the capabilities of the hardware (both server and client parts), the architecture of the EDMS, the capabilities of the applied software, the qualifications of implementers and system administrators.

Half an hour is allotted to eliminate system downtime. Again the requirement for the infrastructure, regulations and technical staff of the authority. If we take into account the volume of documents stored in the system (this will be discussed later), then it is difficult to expect that the database backup will be able to be raised in such a time. One thing remains: the organization of a fault-tolerant system with hot redundancy of equipment, with duplication of databases. I doubt that a separate body of state power will have the funds for this. What remains is the use of a cloud system located, say, in a Rostelecom data center. I wonder if the requirements were tested for anti-corruption components?

The same amount, that is, thirty minutes, is allotted for restoring a document from a backup copy. There can be a lot of reasons for document recovery: from user error to failure of the physical medium on which the base is located. Each of the threats will have its own solution, so it is fair to say that this is a requirement both for the EDMS architecture and for the organization of the system in the organization, including backing up and restoring information in case of failures and other troubles.

Deserving attention, I see the requirement for the volume of the system's database - it must "ensure the storage of all electronic documents processed in the federal executive authority for a period of at least 5 years." With a light heart, we will attribute this requirement to “a specific embodiment of information technologies, that is, the architecture of the EDMS, its ability to process such a number of documents and such a volume of data, and the dependence of the EDMS on infrastructure software should be taken into account. For example, if a specific DBMS is used to build an EDMS, it is worth assessing whether the DBMS is capable of scaling to such a size. And, finally, the authority itself or the operator authorized by it must provide the required amount of disk space.

Functional requirements

Practically the entire second section of the document is devoted to functional requirements. After the definition of the EDMS of the federal executive authority, there is a requirement for the integrability of the EDMS with the system of interdepartmental electronic document management. This is a requirement for a specific copy of the EDMS, because from the point of view of integration, it does not matter whether the EDMS has the necessary functionality or whether a specialized integration solution is used. Of course, the easier it is to integrate the EDMS product into MEDO, the more points a given vendor can score in the competition for the EDMS selection held by a government agency.

The electronic document management system of the federal government body should support the management of documents throughout their entire life cycle... The document itself does not contain such a concept, moreover, the requirements themselves are not localized by stages of the life cycle, which makes their analysis somewhat difficult. Nevertheless, let's try to group them this way.

Capture (create) documents

EDMS federal executive authority must support the following methods of obtaining a document:

● import of an electronic document received via the MEDO channel;

● import of an electronic document received via the SMEV channel;

● import of an electronic document received by e-mail;

● scanning a paper document and saving its image in the system;

● saving information about a paper document in the system without saving its image in the system (for security requirements);

● creation of a document directly in the EDMS federal executive authority.

The authors of the document dwelled on the input of multicomponent documents separately. So, "EDMS federal executive authority should provide the ability to manage this electronic document as a whole, preserving the relationship between the components and maintaining the structural integrity of the electronic document." The ERMS must also support the ability to enter a document into the system even in the absence of the application in which this document was created.

The basic requirements for the collection and processing of metadata of documents stored in the EDMS of the federal executive authority have also been determined. So the EDMS should support:

● Automatic extraction of metadata for documents received from MEDO, SMEV and other information systems. The composition of the imported fields and types of documents are determined by the administrator of the EDMS FOIV.

● Maintaining the relationship of metadata with the document throughout the entire life cycle.

● Display metadata on the screen.

● Prompt the user to enter metadata values ​​that were not automatically filled in.

● Informing the user about empty metadata.

Responsible for the implementation of these requirements is both the EDMS product itself, especially in terms of metadata processing, and the tools, procedures and personnel that ensure the integration of the EDMS with e-mail, MEDO, SMEV and other information systems.

Document approval

The stage of document approval in the requirements is explicitly regulated by only one clause. The workflow component of the EDMS must meet the following requirements:

● Bringing documents to the participants in the approval process

● Control over the execution of orders.

If the document is approved within the boundaries of one copy of the system, these requirements can be attributed only to the EDMS product. In the case of end-to-end coordination, when users of different instances of the system or even several heterogeneous systems participate in the process, an intersystem interaction service will be required.

Another requirement, which cannot be attributed only to the approval stage, is the need to display files of certain formats. The required formats are pdf, rtf, doc, tiff, but the authors of the requirements have nothing against if the system is capable of displaying other formats as well. Judging by the formats chosen, the requirements were drawn up by clearly not implacable supporters of free software. I really don't know how to explain the inclusion in the list of albeit popular, but proprietary formats - acceptance of reality or, nevertheless, a corrupt interest. These requirements are implemented by editor applications that are part of the information EDMS systems Federal Executive Office.

It is worth dwelling separately on the requirements for the support of electronic signatures. The electronic signature infrastructure consists of many components. Even if we take into account only the technical side, these are the means of cryptographic protection of information (CIPF), including hardware, cryptographic providers, protocols. Finally, the EDMS product itself at the application and system level must support cryptographic information protection tools, including those certified by the regulator. You probably already guessed that I again bring you to the same idea - these are the requirements for a specific information system that includes all the necessary documents.

Storage of documents

The requirements assume that the state authority will develop a classification scheme consisting of sections and subsections corresponding to the sections and subsections of the federal executive body's nomenclature of affairs. For each section and subsection of the classification scheme, at least one retention period should be established. It should be possible to remove / prohibit the destruction of a section of the classification scheme.

In general, the retention periods for documents in requirements are separate objects. They can be created, assigned to a specific section of the classification scheme, modified, destroyed. Storage periods of at least one hundred years should be provided. The entire history of manipulations with retention periods should be automatically saved. There are clear parallels with MoReq2.

At the end of the document storage period, a notification should be sent to the system administrator. The ERMS should provide for the following minimum set of actions:

● keep the document permanently;

● conduct an examination of the value of the document;

● destroy the document;

● send the document to another repository;

● select the document for destruction.

This group of requirements should also not be attributed only to the EDMS product. Compliance is even more dependent on the existence of regulations and regulations governing retention periods, the existence of a retention strategy - for documents with long retention periods, it may be necessary to convert from outdated formats to modern formats and migrate to new media. And finally, all efforts will be in vain if the staff does not behave in accordance with the established regulations.

Safety requirements

Despite the fact that these requirements can be classified as functional, I have highlighted them in a special section. As I mentioned, these requirements are scattered across all sections. Requirements include:

● protection from unauthorized access in cases when the EDMS of the federal executive authority provides for the processing of official information of limited distribution - not lower than class 1G;

● the ability to fix a document by prohibiting making changes to it;

● ensuring the authenticity of the document;

● ensuring the integrity of the document;

● fixation of all operations with the document, impossibility to change or delete this information;

● organization of access control to documents;

● centralized control of access rights and user management;

Also, security requirements include requirements for the availability of automated backup and recovery procedures.

Previous experience tells me that a situation may well arise, as is the case with personal data. To correctly implement security requirements, you must:

● availability of a security policy, understanding of security threats and a developed strategy for their minimization;

● selection of security protection tools adequate to the threats;

● organization of protective measures and daily activities to maintain the required level of safety.

Operators of personal data who did not have the competence, means, and the desire to implement the above requirements had an understandable desire to shift it all onto the shoulders of the EDMS vendor. The mystical certificate was supposed to replace the entire system of events.

Of course, some of these requirements must be implemented in the EDMS, but a number of requirements are not always possible and efficient to implement only at the application level.

Instead of a resume

Understanding what is the object of the requirements, the inclusion of all components of the information system, on which the fulfillment of the requirements depends, will allow organizing their competent implementation. And when it is clear what to do, you can already choose options, optimizing the effort and resources expended.

(4.58 - rated by 3 people)

When the order of the Government of the Russian Federation of February 12, 2011 No. 176-r approved the "Action Plan for the transition of federal executive bodies to paperless document circulation when organizing internal activities", it immediately caused bewilderment that the Ministry of Telecom and Mass Communications, according to the plan, in just two months had to create state requirements for electronic document management systems, and all federal departments - by June 2011 (i.e., within two months!) to bring their EDMS in accordance with these requirements. The result turned out to be quite expected - the requirements appeared not by April 1, but by December 1, 2011.

"Requirements for information systems of electronic document management of federal executive bodies, taking into account, inter alia, the need to process information, access to which is limited" approved by Order of the Ministry of Telecom and Mass Communications of Russia No. 221 dated 02.09.2011. The document was officially published only on November 21, so the requirements will come into force on December 1, 2011.

The requirements apply to federal executive authorities "implementing an electronic document management system, or assessing the capabilities of an existing EDMS of federal executive authorities" (clause 2; It would be more correct to say not “evaluating”, but “carrying out significant modernization”. And so it turns out that those who do not "evaluate" their systems can ignore the requirements. In addition, it is curious, what document confirms the fact of "assessment"? - N.Kh.).

Reading this document, I had ambivalent feelings. On the one hand, for several years I myself have campaigned for the creation of such requirements, emphasizing that they will help to solve the most pressing issue today - ensuring interaction between information systems of different manufacturers, which is necessary both to increase the efficiency of the work of state bodies and to transfer documents and information in new system in case of decommissioning the old system. It is also clear that well-thought-out government requirements can significantly raise the level of systems purchased by government agencies, and, mainly, at the expense of developers, which means significant savings for the budget.

At the same time, however, speaking to various audiences, I constantly emphasized that the first version of this document should be lightweight, with the expectation that most of the products on the market would correspond to it from the very beginning - unless, of course, we are going to eliminate competition in the EDMS market and / or disrupt their purchases by government agencies.

Abroad, as a rule, it takes about two years to bring the electronic document management systems used by public authorities in line with the requirements, since during this time software developers will have time to prepare new versions of their products modified in accordance with the requirements. The Ministry of Telecom and Mass Communications did not think about this side of the matter, and did not foresee any transitional period.

It should be noted that the document contains many reasonable provisions based on world experience. So, the document states:

• Requirements for the interaction of the state body's EDMS with MEDO and SMEV,
• A range of functional and non-functional requirements,
• A new approach to the systematization and storage of electronic documents in the EDMS.

The requirements themselves are essentially based on the provisions of GOST R ISO 15489-1-2007 “System of standards for information, librarianship and publishing. Document management. General requirements ”, which is a national adaptation of the most authoritative international standard in this area ISO 15489: 2001; they also feel the influence of the MoReq2 specifications.

However, if we approach compliance issues strictly, today not a single system actually offered on the Russian market fully meets these requirements, and the developers have not been given time for revision. Therefore, I have concerns that this document could potentially create problems for both government agencies and software vendors. In general, time will tell what will come of it all.

(to be continued, see )

Requirements for information systems of electronic document management of federal executive bodies, taking into account, among other things, the need to process official information of limited distribution, were approved by order of the Ministry of Telecom and Mass Communications of Russia dated 02.09.2011 No. 221, registered by the Ministry of Justice of Russia (No. 22304 dated 15.11.2011) and published in " Russian newspaper"Dated November 21, 2011, federal issue No. 5637. These Requirements were prepared by the Ministry of Telecom and Mass Communications of Russia in pursuance of clause 2 of the Action Plan for the transition of federal executive bodies to paperless document flow when organizing internal activities (approved by the order of the Government of the Russian Federation dated February 12, 2011 No. 176-r ).

Thus, the long-awaited general system requirements for the EDMS have been in effect since December 2, 2011.But, oddly enough, they did not cause a particular surge professional interest neither on the part of the manufacturers of the corresponding software products, nor on the part of the office management services. It is obvious that the factors that determine the real transition to paperless document flow and specific aspects of the impact on the EDMS market remained unaccounted for and not fully regulated in the Requirements.

Let's try to consider the Requirements in various practical aspects: from the point of view of document management (office work), from the point of view of harmonization with the Rules of office work in federal executive bodies, approved by the Government of the Russian Federation of 06/15/2009 No. 499 (as amended on 09/07/2011).

On the fulfillment of the instructions of the Government

Let's see what was the essence of the order of the Government of the Russian Federation, which approved the Action Plan.

Item 2 contains name of the planned event, not the title / title of the document (requirements, technical requirements etc.). Thus, the phrase “taking into account, among other things, the need to process proprietary information of limited distribution” should be attributed to one of the meaningful goals of developing such requirements, and not to the title of the document. This is important, since the approved document could be named more specifically, for example, "Technical requirements for information systems of electronic document management / EDMS", which would clearly reflect the purpose of its creation and avoid contradictions with the Code of Practice.

Further, the planned action according to clause 2 must be carried out without fail, taking into account the relationship with other actions. And the "key" points, which are indicated in the "strong-willed" government management decision are as follows:

According to the Government's Action Plan, the deadline for the development of new Requirements was determined as April 2011, and according to the corresponding departmental action plan of the Ministry of Telecom and Mass Communications of the Russian Federation - as August 2011

The professional community discussed such a significant violation of the deadlines for the execution of a government order on the definition of requirements for information systems of electronic document management. Publicly, it was explained by the lengthy procedure for coordinating the project with the co-executing agencies.

The usual technique for the execution of a collective assignment, in which a responsible executor (indicated first) and co-executors are appointed, provides, first of all, joint work, the creation of working groups from the best specialists industries, holding operational meetings, etc. collective activity. Unfortunately, the joint definition and development of system requirements for the ERMS has been replaced by the usual approval procedure. Moreover, for approval in the period from April to July 2011, for example, three completely different versions / draft Requirements were sent to Rosarchiv, in which there was no continuity of norms, the unity of the concept and methodology and the necessary systemic connection with the actions of all other federal executive bodies was not taken into account. authorities, in particular, on the implementation of uniform requirements established by the Rules of office work in federal executive authorities.

The most important thing is that the results of the efforts of federal bodies to determine the composition of documents, the creation, storage and use of which should be carried out exclusively in electronic form, are not taken into account, the direction of modernization of the existing EDMS in order to support this particular technology of paperless document circulation is not taken into account. Due to the violation of the terms of development of the Requirements, the majority of federal bodies could not determine the directions for improving the existing EDMS, plan and carry out their modernization, i.e. to fulfill the measures established by clause 3 of the Action Plan of the Government on time.

Thus, within the framework of the deadline control of execution, the Government's order can be considered fulfilled (with the postponement and extension of the execution period), and within the framework of the control of execution in essence (i.e., management control), it cannot be unequivocally stated that the Requirements have significantly advanced (and will be able to advance) federal executive authorities on the way to a real transition to paperless document flow in the process of organizing internal activities and effective interdepartmental electronic interaction.

Real problems and prospects for the implementation of EDMS: opinions and expectations of federal executive authorities

Most of the federal executive authorities and their subordinate organizations are ready to implement a full-fledged paperless document flow, actively use the existing EDMS, initiate their modernization, and successfully implement interagency electronic interaction using the MEDO system.

VNIIDAD, by order of Rosarkhiv, annually monitors the document flow of federal bodies. In 2011, very interesting results were obtained, indicating that, in fact, the practice requirements for the ERMS as a paperwork tool have long exceeded the minimum set of ERMS functions, which is discussed in clause 1 of the Requirements and in the subsequent text of this document.

First, in the federal government SED now they are mainly designed, refined and used as distributed information systems, the workstations of which are installed on the computers of almost all employees of the central office, territorial bodies, and not just office workers. In 2011, 44 federal bodies out of 56 monitoring objects provided information about this.

Secondly, when installing workstations of the interdepartmental electronic document management system (MEDO), the office management service centrally performs operations for receiving, sending and transmitting documents and electronic messages within the organization, which is determined by the Office Workflow Rules. According to the data obtained in 2011, MEDO jobs are assigned to heads of federal bodies and office-work services in almost equal proportions, i.e. about 2-3 jobs - management, 2-3 - business management or office.

Almost all office services for all objects of observation in 2011 reported that perform the role of the subject administrator of the EDMS:

• determine the directions of improvements and modernization,
• develop the necessary system reference books and classifiers and keep it up to date by “loading” standard forms / electronic templates into the corresponding views, “folders” and databases,
• make decisions on granting access rights.

This role of the office of the office in Western practice is called functional administration of the information system and provides for the responsibility of the document manager as the “owner” of the resource concerned. In the Requirements (clause 13 and section III) there is no distinction between the rights and roles of persons authorized to perform administrative functions when working with the EDMS, and the functions of system administrators. Access rights should be managed by the appropriate leaders of the organization - the owners information resources and a clerical service in conjunction with the so-called "security officers" (usually this is the security / information security). And system administrators (IT service specialists) only technically open / provide the necessary access to the system in accordance with the the decision... Thus, clauses 13, 28 and 29 of the Requirements need to be revised and clarified the concepts of "management of access rights and user groups", "EDMS administrator", etc.

In the process of monitoring workflow in federal executive authorities in 2011, VNIIDAD obtained generalized data indicating the problems of transition to paperless workflow, prospects development of EDMS, which are formulated by practitioners, representatives of the federal executive authorities themselves:

• there is no tendency to reduce the number of paper documents, there is a significant increase in the volume of workflow due to electronic copies- scanned electronic images of documents that already exist in paper form. There is a parallel movement of documents on paper and in electronic form;
• continuation of the parallel use of paper and electronic documents, i.e. duplication of document flows until the infrastructure is created that fully ensures the implementation of the Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signatures" (since this Federal Law in the Requirements provides only a direct link, regulation of the types and statuses of electronic signatures in the EDMS, including for the office management service, remains an unresolved issue);
• forced change of work functions established by the Rules of Office Work since when introducing an EDMS, the document processing process depends on the limitations of the system or the "parent" platform (this is how IT service specialists and contractor companies present the problem). In this regard, special training is required for employees - managers and ordinary users, the development of new regulatory documents, the introduction of amendments to the instructions for office work that do not correspond to the approved Rules of office work and administrative regulations of the federal executive body;
• lack of a unified understanding of the structure of the EDMS (i.e. the developed organizational and functional architecture) and the provisions on the EDMS. Such a representation is absent both for those who formulate the terms of reference for the development of the EDMS, and for the companies producing software products (note that the Requirements provide only for the development of a "hierarchical / classification scheme", which is not now understood by office services and is not perceived by them as the basis of a functional , and not the system architecture of the EDMS);
• the need to introduce uniform requirements for information systems for all state bodies and organizations, which was provided for by the Government's Action Plan;
• the need for a unified document management system for federal executive authorities with their subordinate organizations, mandatory implementation of distributed EDMS and the use of portal technologies;
• the need to improve the interaction of EDMS and MEDO, i.e. building a common information space for federal executive authorities or, at least, ensuring the convenience of controlled entry into both systems from one workstation for an authorized employee of the office management service. Introduced in the Requirements of clause 5 on the interaction of the EDMS of the federal executive body with the systems SMEV and MEDO contains general references to documents more high level, to the relevant regulatory documents of the Government of the Russian Federation, which do not contain specific requirements for the technical implementation of interaction, but generally mention registration electronic services and a language for describing electronic messages. Whether the ERMS must have an appropriate gateway or adapter that is offered on the market by IT companies to ensure electronic interaction, the Requirements do not establish;
• there is an acute problem of storing electronic documents in the information system in connection with the creation and approval by each department of the List of documents, the creation, storage and use of which is carried out exclusively in electronic form. There are no regulatory documents for the EDMS and standard formats for storing documents in the EDMS (note that the short clause 12 of the Requirements for displaying file formats in the EDMS without dividing into documenting / creation formats and storage formats for electronic documents does not help much to solve the problem);
• Office work rules provide for the use of input forms (annex - a list of mandatory information about documents), including electronic document templates that provide information about a document in the EDMS or direct documentation, i.e. creation of a document in the system according to the approved unified form. Specialists of the office management services of federal executive authorities perfectly understand this area of ​​work and hoped to receive regulated requirements containing at least the structure of an electronic document in the information system or a set of its mandatory details / attributes, components and relevant metadata, taking into account information security and interaction with MEDO. However, the approved Requirements do not yet contain such systemic provisions.
  At the same time, in the process of monitoring the document flow carried out by VNIIDAD in 2011, more than 14% of federal bodies-objects of observation reported on the availability of document forms approved in 2010 and plans for their further development. And the Ministry of Health and social development RF gave information that in connection with the development new version EDMS he created and applies 230 standard unified forms of letters-responses to citizens' appeals, which will be used in in electronic format, i.e. as electronic templates for the preparation and execution of documents. More than 50 standard unified forms for correspondence and for internal communications are used federal Service bailiffs, the Federal Migration Service and other departments.
  The development of the technology for entering documents into the EDMS on the basis of their unified standard forms (electronic templates) confirms the requests of practice, but in the approved Requirements, scanning technology is considered a priority when entering documents into the EDMS, which increases the total volume of workflow due to the received electronic images / copies.

Is this a regulatory document ?!

Registration by the Ministry of Justice of Russia of the order of the Ministry of Telecom and Mass Communications of the Russian Federation dated 02.09.2011 No. 221 "On approval of Requirements ..." gives them the status of a valid regulatory document. But the text of the order does not contain any mandatory state regulations designed for repeated use, instructions on the mandatory fulfillment of the Requirements, securing responsibility for the methodological guidance of their application and responsibility for non-compliance. The Requirements themselves are technology document, moreover, part of the text does not contain norms and rules of direct action, but refers to regulatory legal acts, incl. higher level, and standards. It is stated in such a way that, in fact, the Requirements can be attributed to acts of a recommendatory nature. As you know, similar regulations, as well as technical acts in accordance with the clarifications of the Ministry of Justice of Russia (order dated 04.05.2007 No. 88) should not be subject to state registration. In addition, the Ministry of Telecom and Mass Communications of the Russian Federation can adopt normative legal acts only to regulate information technology: to establish requirements for networks and means of communication, for the format of data in state information systems, for information security of information systems, etc.

Nevertheless, the order of the Ministry of Telecom and Mass Communications No. 221 and Requirements state registration passed, despite the fact that office work and document flow are not in the field of information technology (i.e. in the immediate area of ​​responsibility of the Ministry of Telecom and Mass Communications of Russia). The situation can only be explained by the fact that according to the plan for the transition to paperless document flow, approved by Decree of the Government of the Russian Federation No. 176-r, the final result of the implementation of measures under clause 2 established the issuance of an order, and the Ministry of Telecom and Mass Communications of the Russian Federation was appointed as the responsible executor for this event, as well as those, that the Requirements will be of an interdepartmental nature.

The text of the thematic sections of the Requirements contains 10 direct references, including to regulatory legal acts ("... in accordance with the Decree ...", "... in accordance with the Federal Law ..."), despite the fact that that the acts establish norms and rules of the highest level. These high-level standards just needed to be specified in the Requirements, to transfer them to the level of methodology and technology in the process of introducing and using information systems.

At the same time, when listing the processes of the preschool educational institution, which the EDMS should provide (clause 6), the Rules of office work are not mentioned, the names of the "processes" do not correspond to the technology of office work and the professional names of office operations.

In the text, a link is made to the basic standard GOST R ISO 15489-1-2007 for document management (clause 9), but only 2 out of 4 fixed by them were concretized and clarified in the Requirements general characteristics documents that are created, used and stored in the information system (authenticity and integrity of the document).

The European specification MoReq (Model Requirements for the management of electronic records) is not mentioned anywhere in the text of the Requirements, even in the form of a reference. But one of basic concepts MoReq - "classification schema / hierarchical schema" of the information system is borrowed from this very source.

It is regrettable that not all the current national standards of the Russian Federation on document management were taken into account when developing the Requirements. So, the classification of metadata, on the basis of which the system of identifiers and reference books of the EDMS is built, is established by GOST R ISO 23081-1-2008; the structure of the electronic document (to clause 13 of the Requirements) and support for versioning are disclosed in detail in the official translation of the IEC 82045-1 standard, registered by the Federal State Unitary Enterprise "Standartinform", which establishes the principles and methods of document management from the standpoint information technology, electrical engineering. And the obligation to regulate the processes of creating documents when developing requirements for an information system (which is practically not done in the Requirements) is enshrined in the GOST R ISO 22310-2009 standard.

Highlighting a special section "Normative references" would not only facilitate the perception of the entire subsequent text of the Requirements, but would also show the unified normative and methodological basis on which the actions of clerical specialists and IT services should be combined on the way to real paperless workflow.

This consolidation would be facilitated by the allocation of a special section of the Requirements containing the conceptual apparatus. Necessary:

• harmonize terminology, introduce and define concepts "Props", "fields / field", "metadata", but
• when listing specific requisites / fields of an electronic document, indicate one more of their characteristics - whether the requisite is identification.

Instead, new, partly colloquial names of office work were introduced, which were not provided for by the Rules of Office Work. ("Bringing the document to the user of the EDMS" instead of "sending the document for execution or to the executor", "writing off documents to the archive" instead of "organizing current storage", "storing documents and ensuring their safety", "transferring cases to the archive"), used "parallel", but not synonymous with clerical concepts of "technicalism" ( "Prohibition on creating", "displaying file formats", "extracting values ​​from fields assigned by an official", "requesting the EDMS user to enter mandatory metadata", "imposing and lifting a ban on destroying a section of the classification scheme", "the ability to create, modify or destroy the shelf life "," assignment of the storage period "," the number of storage periods ", etc.).

The structure of the text of the Requirements is drawn up according to the rules provided for the regulatory legal acts of federal executive authorities. There are only three sections in the Requirements:

1. General Provisions.
2. Description of the processes of documentary support of management in the EDMS of the federal executive body.
3. Requirements for information security of the EDMS federal executive authority, including when processing official information of limited distribution.

Sections are designated with Roman numerals, and all items are numbered in gross Arabic numerals, i.e. in numerical order and without taking into account the item's belonging to the section. It corresponds .

Clauses of the Requirements are developed with varying degrees of detail, which can be considered acceptable. But the second section does not fully reflect the requirements established by the Rules of Office Work, and does not correspond to their logic, this reduces the significance of the Requirements as a normative document. For example, the creation of documents in the EDMS is not systematically regulated in the Requirements (there is only a brief clause 11) and the phrase that the EDMS "should allow maintaining storage periods with a duration of at least 100 years" (clause 20, last paragraph, sub . "E") or "to ensure the storage of all electronic documents ... for a period of at least 5 years" (clause 3) will remain only a good wish.

Applications, identifiers and classifiers, which are referred to in general terms in the text, are not formalized to the Requirements.

Subject of regulation

In the absence of a special terminological section of the Requirements, of interest is clause 1, which consolidates the definition of the concept of EDMS and, in part, the purpose of creating this document:

SED FOIV - it is a system of office automation and workflow, which provides the possibility of internal electronic document flow, and the Requirements determine the minimum set of functions that must be performed by the EDMS of the federal executive authority in the implementation of the activities of the federal executive body, as well as the conditions for managing documents within the EDMS of the federal executive authority.

This definition does not comply with the requirements of the Office Work Rules (as amended on 09/07/2011) and departs from the modern (new and not minimal) document management concept established by the national standard GOST R ISO 15489-1-2007. The EDMS, which supports the implementation of the unified rules of office work in all federal executive authorities, should be considered as an information system that ensures the collection of documents (inclusion of documents in the system), their processing, document management and access to them. The definition of the subject essence of the EDMS FOIV, approaching in meaning to what is established by the Rules of Office Work, is recorded only in clause 4 of the Requirements, and the EDMS is considered in this definition as information system designed to manage all documents of federal executive authorities, including draft documents(as you know, a draft, a project is not considered at all in office work in the status of a document, so this clarification is redundant).

Employees of federal executive authorities' office management services and the professional community did not expect the minimum set of functions to be performed by the EDMS FOIV(Clause 1 of the Requirements), but a detailed and modern set of functional and technical requirements that would allow federal authorities:

• to carry out a phased transition to electronic document flow with a gradual departure from mass scanning of sent and internal documents, and then the flow of incoming documents,
• ensure a real paperless workflow of those documents that the federal executive authorities have included in the corresponding lists of electronic documents,
• choose directions for effective modernization of existing EDMS,
• correctly implement the electronic signature mechanism and
• fully implement the measures provided for by the RF Government Decree No. 176-r.

In this regard, clause 2 of the Requirements that they apply to federal executive authorities implementing an electronic document management system or evaluating the capabilities of an existing EDMS is also unconvincing. The analysis shows that only clause 3 of the Requirements makes it possible to evaluate the EDMS (when choosing a system) according to technical, non-functional criteria, and functional selection criteria have long been established on the market and are taken into account by IT companies offering software products and by federal authorities conducting relevant purchases.

It should also be noted that the level of requirements for EDMS in practice is quite high, almost all federal executive authorities in 2011 had one or another, incl. industrial EDMS. Judging by the monitoring questionnaires, even those federal bodies that answered that they did not have their own system actually used the EDMS jobs of a higher ministry (distributed system of the industry) or EDMS, "inherited" from the federal executive authorities-predecessors, which underwent restructuring during the stages of the administrative reform of the latter years old. Perhaps, only in the Federal Archival Agency SED is really absent.

Thus, the goal of developing the Requirements was to be modernization in the field of introducing information systems into office work on the basis of uniform regulatory, methodological and technical standards, parameters and requirements, which was implied by the Action Plan of the Government.

General non-functional requirements for the EDMS

A useful clause of the Requirements, "leveling" the technical requirements and sufficiently influencing the EDMS market, is clause 3, which fixes the requirements for the performance of the EDMS, its reliability and the protection of information in the EDMS, which are of a recommendatory nature.

The requirement is unconditional scalability of EDMS in federal executive authorities, tk. in the federal authorities of the EDMS in recent times designed as distributed systems teamwork employing employees of the central office, territorial bodies, subordinate enterprises, etc.

Performance indicators in this case will largely depend on factors that are not related to the EDMS itself - the degree of network load, its bandwidth, configuration and load of server resources. Access to the EDMS for no more than 3 seconds., of course, will be welcomed by users, but the office-work service needs to know that this standard and the standard for access to the card created when registering a document (“input” form, electronic document card) is no more than 5 seconds. , - can affect the production rates, the calculation of the number of employees at the registration area / input of documents into the system, the assessment of work efficiency, etc. The experience of the "best practices" shows that the specified technical requirements, as well as the requirements for limiting system downtime and limiting the time for restoring a document from a backup copy, are usually set in a specific Service Level Agreement (SLA), which is concluded by the "owner" EDMS, i.e. office work service, with an IT department performing system administration, and the specific values ​​of standards / measures from year to year tend to decrease, are optimized.

Automatic notification of the user of the EDMS FOIV about a failure in the system, in our opinion, should not be formulated as a separate technical requirement, but can be mentioned as an option, one of the possibilities in the general mechanism of notifications and reminders to users of the system, which the EDMS of the federal executive body, of course, should have.

The recommended requirements for minimizing the risks of losing electronic documents (at least one backup copy) and the EDMS reliability factor (at least 0.98) can probably be considered sufficient today, but for document flows federal bodies existing exclusively in electronic form, these values ​​of the coefficients need to be strengthened. Moreover, technical standards can be formulated for other indicators of the functioning of the EDMS, and each indicator can be set its own norms / their boundaries (loss coefficient and error rate with the boundaries "no more", "no less", the response time of the communication center in the center, in territorial body etc.), and on the basis of technical standards, it is possible to calculate the values ​​of the reliability indicators of the EDMS not in general form, but according to real document flows. This is especially important for the modernization of the EDMS of the federal executive authority at the design stage, when measures are developed to meet the requirements for reliability, as well as at the stage of monitoring the system load indicators and analyzing technical faults. It should be borne in mind that the values ​​of the reliability indicators of the communication network are also specially established and monitored. And in general, software companies can provide a much larger number of estimated indicators and characteristics for choosing an EDMS.

Requirement for the volume of the database for storing electronic documents for a period of at least 5 years is, rather, a functional requirement, "archival". It should be clarified here that it is also necessary to store electronic images, i.e. copies of documents obtained as a result of scanning, as well as take into account the fact that documents with a storage period of up to 10 years inclusively are not transferred to the federal executive authority's archive (clause 34 of the Office Work Rules). Indeed, the five-year retention period is mainly for documents of operational importance, which can be created, used and stored in the EDMS itself exclusively in electronic form. By the way, this provision will make it possible to require, within the framework of the organizational and functional architecture of the EDMS, the creation of a repository for the operational / current storage of the actual electronic documents. A separate repository should be provided for those electronic copies of documents, the projects of which were created, agreed upon and finalized in the EDMS, but according to the methodology for choosing the medium (ISO 15489: 2001, GOST R ISO 15489-1-2007), their originals / originals must be signed and registered (identified in the system) in paper form, because are subject to permanent or long-term storage. On the basis of this repository, a use fund can be organized to send documents for execution, broadcast information and documents to employees of the organization, its active use in current activities, and then - as the same already created use fund, it can be used in the archive to which the originals are transferred documents in paper form. Unfortunately, the methodology of standards for document management is not revealed even in the rather lengthy clauses 19 and 20, devoted to the functional requirements for the ERMS.

Non-functional requirements for the information security of the EDMS

Special attention should be paid to the requirement for the security of the EDMS, when it provides for the processing of service information of limited distribution - not lower than class 1 G (clause 3 of section I).

In the absence of an appropriate reference, it can be assumed that this requirement is based on the Guidance Document “Automated Systems. Protection against unauthorized access to information. Classification of Automated Systems and Requirements for Information Protection ", approved by the State Technical Commission under the President of the Russian Federation on March 30, 1992 (hereinafter referred to as the Guidance Document).

The guidance document established the classification of automated systems in which confidential information is processed, i.e. restricted information federal laws... The defining features of the classification are:

• availability in automated system information at various levels confidentiality;
• distribution of powers and levels of access to confidential information;
• individual or collective mode of information processing in the system, which can be supported by all modern EDMS.

Security class 1 G assumes that the EDMS must be clearly highlighted:

• access control subsystem,
• a subsystem for registration and accounting of users, programs, transactions, including accounting for access to protected files, their transfer through communication channels,
• accounting for access to the communication channels themselves,
• accounting of powers / access rights,
• accounting of information carriers in terms of "clearing freed up areas of RAM" and external drives, i. e. accounting for the destruction of documents (according to ISO 15489: 2001).

The EDMS must also have a subsystem for ensuring the integrity of software and information being processed, but the presence of a cryptographic subsystem (encryption and the use of certified / certified cryptographic means) does not provide for the system class 1 G. In this regard, in clearer explanations in the section III Requirements needs a question about the application in the EDMS FOIV enhanced electronic signature.

I would like to note that the Guidance Document prescribes registration and accounting of the issuance of printed (graphic) output documents... This requirement is quite consistent with the current draft of the 2010 Economic Commission for Europe Recommendations No. 37 that a signed digital (i.e. electronic) document is a digital document that can be presented as evidence, and if a digital document is to be printed, it must contain additional data, thanks to which the reader could verify its authenticity and integrity... In addition, it explains the practical needs of clerical services, which, when choosing or developing an EDMS, order form counters, counters for printing documents of a certain type, incl. having a stamp "For official use". Unfortunately, section III Requirements of these issues are not touched upon, despite the fact that well-known provisions are set out in lengthy and voluminous paragraphs 30-32.

Section III of the Requirements, containing requirements for the ERMS in the aspect of information security, can be considered quite relevant, with the exception of attempts to establish in the technical document the organizational and functional objectives of the federal executive branch... For example, item 26 says that EDMS FOIV should provide access to documents in accordance with the security policy, but for FOIV security policy or document management policies are not established as mandatory organizational documents. The powers of the administrator of the EDMS FOIV must be recorded in job regulations official Federal executive authorities (clause 29), but this issue is resolved in the administrative regulations for organizing the internal activities of federal executive authorities and cannot be a subject of regulation in these Requirements of a technical nature.

At defining user roles in the system and defining access rights it is also necessary to take into account the Regulation on the procedure for handling official information of limited distribution in federal executive bodies (approved by the Government of the Russian Federation of 03.11.1994 No. 1233), in connection with which a mark / stamp “For official use” is drawn up on the documents. The type of secrecy (the corresponding restriction of access and the stamp) should be determined by the owners of management processes / functions, i.e. heads of the organization or structural divisions, but not the administrator of the EDMS.

Basic regulatory prescriptions in the field of preschool educational institutions

Description of the processes of documentation support of management(DOE) in the SED FOIV section II of the Requirements is devoted. But for development and implementation of EDMS in this document it would be better to fix the requirements for the EDMS, which would allow the implementation of the technology already described in:

• federal legislation on electronic signature,
• Rules of office work of federal executive authorities,
• instructions for the office work of federal bodies, which are developed (and agreed with Rosarkhiv) on the basis of a single methodological document at the national level - Methodical recommendations on the development of instructions for office work in federal executive bodies.

With such a sufficiency of a unified regulatory and methodological base, it is surprising that clause 6 of the Requirements once again consolidates the processes of documentation support in the EDMS, which include:

• a set of actions to save a document or information about it in the EDMS, defining the place of the document in the EDMS and allowing you to manage it, i.e. in fact, the substantive essence of the definition of "input" of a document is formulated, which does not correspond to the GOST R ISO 15489-1-2007 standard, which establishes a more complete description of methods for including a document in the EDMS (clause 9.3);
• bringing the document to the user of the EDMS FOIV(this should mean a developed mechanism of reminders and notifications, or simply a mechanism for setting routes for sending a document for execution, for consideration by the organization's management or directly in structural units performers);
• document approval(it is necessary to regulate the requirements for organizing the internal approval of documents in the EDMS and external approval, since both of these forms of approval are provided for by the Rules of Office Work);
• document signing(probably, until the completion of the infrastructure creation, which ensures the full implementation of the federal legislation on electronic signature, one should not expect specific requirements for signing documents in the EDMS or in the interacting MEDO);
• fixing the logging of actions(control information), performed in the EDMS and including both the actions of users and the actions of the administrators of the EDMS (this is a system process that is not related to the operations of management documentation);
• transfer of documents (sending)(This is a traditional and important office-work operation, but its regulation without defining the requirements for the operation of receiving documents, including through telecommunication channels and others, including mail and couriers, looks unconvincing. In addition, clause 42. of the Office-work rules establishes that the receipt and sending of documents is carried out by the office work service, i.e. these operations are considered as related, besides, it is the office management service that verifies the authenticity of the electronic signature of the received document (clause 41), and clause 23 also provides for the transfer of documents within the federal executive authorities, i.e. (ie internal routes of movement. But for some reason the Requirements say only about sending documents). By the way, clause 16 of the Requirements mentions the "original" norm, according to which the EDMS should ensure the printing of envelopes and the mailing list of outgoing / sent documents, while the EDMS should ensure, first of all, electronic interaction, and if it does print, then not envelopes , and stickers on them based on the mailing list, and not only the mailing list, but also the inventory of the sent correspondence in the standard form established by the Russian Post);
• storage and accounting of documents in accordance with the instructions for office work in the federal executive authority, as well as control of performance discipline, preparation of reference materials and writing off documents to the archive(several tasks are formulated in one sub-clause as one multidimensional task, in addition, the last name is not a term for office work and archiving).

Thus, it is assumed that the EDMS, in accordance with the Requirements, should not and will not be able to fully support the clerical operations established by the Clerical Rules, which say (clause 41) that documents of federal executive authorities are created, processed and stored in the electronic document management system.

It is the Office Work Rules that lay down the basic functional requirements for the EDMS - the systems should only be a means / tool for documentation, a "transport" that provides routing of document flows, and, finally, a "repository" that provides not only the operational storage of documents and accounting and reference apparatus for them, but and longer storage of electronic documents (up to 10 years inclusive; clause 34 of the Office work rules).

The issues of creating documents, in our opinion, should be considered at the very beginning of the Requirements, taking into account all the norms of the Rules of Office Work and the appendix to them, and not in a brief clause 11, which is not specified, but contains only a direct reference to the Rules of Office Work.

Classification of document flows(Clause 7 of the Requirements) is basically carried out correctly and complies with the Rules of Office Work and the practice of interdepartmental electronic interaction of federal executive authorities using the SMEV and MEDO systems. But, unfortunately, practical application individual gateways and storages EDMS federal executive authority for receiving and processing electronic messages and documents received by e-mail, was not reflected and developed in sub. 7 "d" Requirements.

The regulation of the processes of including documents in the EDMS of the federal executive authority (clauses 6, 8, 10, 13) reflects the requirements for document management established by GOST R ISO 15489-1-2007. However, paragraphs 8 and 10 mention list of documents for which a ban on creating an electronic image is established... The need for its development or approval as part of the instructions for office work of federal executive authorities The rules of office work do not provide. In our opinion, a clearer the ban should be set to scan primarily internal documents, as a result of which electronic images / copies of documents already created in paper form are created.

More clearly should be formulated and the requirement to create documents in the EDMS FOIV exclusively in electronic form in accordance with the list of electronic documents (approved by Rosarkhiv and approved by the federal executive authorities), which is not mentioned in the Requirements, and the federal authorities have spent enough resources on the development of such lists.

GOST R ISO 15489-1-2007 establishes a more complete list of characteristics of the document that is created, used and stored in the information system than those that must be provided by the EDMS of the federal executive authority in accordance with paragraph 9 of the Requirements. First, must be installed requirements for the structure of an electronic document(listing the file formats in clause 12 of the Requirements is not enough), and, secondly, the characteristics authenticity document, credibility, integrity and suitability for use are interrelated and interdependent, so you should not make only two mandatory and omit the rest.

In addition to the functional requirements, Section II establishes and the actual technical requirements for the EDMS(fixing the date and time of all transactions, system logging and ensuring the safety of system protocols during the storage periods of the documents themselves, the requirements for setting up the interactive interface, support for versioning of draft documents, and others), which for the most part correspond international standards on document management.

We will briefly comment on the final paragraphs of Section II of the Requirements (clauses 19 and 20), because, in our opinion, without allocating storage facilities in the organizational and functional architecture of the EDMS and without clear regulation of the rules for creating documents, it makes no sense to establish any requirements for storing documents in the system. And so it turned out that a sufficient number of formulations in these points fixes the actions of the subject (functional) administrator of the system, i.e. office services, not system requirements. The EDMS itself cannot “create” a time limit, “allocate documents for destruction” and “destroy” them, “provide for a minimum set of options for actions in storage terms” with documents, “limit the number of storage periods”, etc. These operations will be carried out by the subject administrator of the system (responsible for the archive), developing appropriate reference books, classifiers and establishing an algorithm for their functioning. The EDMS must support, but cannot automatically conduct an examination of the value of documents, their destruction.

The requirement to create documents that formalize the procedure for transferring documents to the archive (sub. 20 "d") is not fully formulated, since in the form of reports from the EDMS, it is necessary to receive in the prescribed form and internal inventories of cases of permanent, long-term storage and personnel.

Interest is only superfluous, in our opinion, the requirement for compliance with the classification scheme of the EDMS federal executive body(Clause 19 of the Requirements) sections and subsections of the nomenclature of cases, which for federal executive authorities is being developed as a structural type classifier (clause 29 of the Office Work Rules). This requirement determines the dependence of the organizational and functional structure of the EDMS on the organizational structure of the federal body itself, which changes quite often (after all, the administrative reform continues), and this dependence is not functional and optimal, since The EDMS should support, first of all, the processes of working with documents and interaction within the federal executive authority, and not specific structures.

Brief conclusions

Thus, the recommendations of the Requirements of the Ministry of Telecom and Mass Communications are a normative document subject to careful study and verification for compliance with the requirements of the Office Workflow Rules, which are mandatory for federal executive authorities! The Requirements themselves cannot fully support the norms and rules for the performance of office work established by the Rules of office work and departmental instructions for office work in federal executive authorities developed on their basis.

The requirements are an interesting document that has a regulatory status, but in fact cannot be applied in its present form, since requires development, clarification and concretization in the context of full and real compliance with the Action Plan approved by Government Decree No. 176-r.

One more important note: Currently, none of the ready-made solutions EDMS offered in the domestic market.

Footnotes

Collapse Show