Due to scheduled maintenance, parts of MNHS.org will be inaccessible for a period of several hours starting around 5:00 PM (CDT) on Monday, April 21.
Minnesota  State Archives

Minnesota Recordkeeping Metadata Standard: Use History Element

ELEMENT 16: USE HISTORY

Definition: The dates and descriptions of both legal and illegal attempts to access and use a record, from the time of its registration into a recordkeeping system until its disposal.
Purpose:

To act as a cumulative audit trail of all significant (agency-defined) accesses to and uses made of the record over time.

To provide contextual information about the ways in which the record is or was used.

To provide a mechanism by which recordkeeping system security can be monitored.

Rationale: All agencies have a responsibility to ensure that their records are adequately protected from unauthorized or illegal access and use. This element provides, in conjunction with other physical, personnel and system access controls, a means of ensuring ongoing record and recordkeeping system security.
Obligation: Optional
Applicability: Applicable at the record level only.
Use Conditions:

Use each time the record is used or accessed in a way an agency has defined (and documented) as 'significant'.

If used, only recordkeeping, systems administration, and auditing staff should have full access to this element. Other staff should be given limited (viewing and searching) access to this element.

This element should be used in conjunction with element 1. AGENT to document the agent responsible for making use of the record (see Comments under 16.3 Use Description for information on linking to/capturing agent details).

This element may be linked to element 2. RIGHTS MANAGEMENT.

This element shall be linked to elements 12. AGGREGATION LEVEL and 14. RECORD IDENTIFIER.

Repeatable: No

Sub-Elements

(Name,
Obligation,
Schemes):

Name Obligation Schemes
16.1 Use Date/Time Mandatory ISO 8601 standard for date/time encoding
16.2 Use Type Mandatory Minnesota Recordkeeping Metadata Standard, agency-defined schemes
16.3 Date/Time Registered Optional Free text, agency-defined schemes
Comments:

This element is meant to be implemented as a history 'log'. As such, it will need to incorporate linked information about agents and (depending on the implementation) the records themselves. Which particular information about agents and record IDs/titles etc is incorporated into this log is a system design decision that must be made by the agency.

As an 'audit trail', this element forms a record in its own right. The level of auditing and retention periods for the resulting logs are left up to individual agencies.

Agencies shall make decisions regarding these matters according to their business requirements and based on an assessment of the risks, costs, and benefits involved in keeping or not keeping detailed logs for long periods of time.

16.1 USE DATE/TIME

Definition: The date and time at which a defined use of or access to a record occurs.
Purpose:

To indicate when records are accessed and used.

The dates and times at which a record was accessed or used may be essential information in a case of illegal access or record tampering.

Obligation: Mandatory
Use Conditions: The system shall assign the date/time of the event when the corresponding event described under sub-element 16.2 Use Type takes place—i.e., the event itself is the trigger for the date/time to be generated by the system.
Assigned Values: -
Default Value: Current system date/time.
Repeatable: Yes
Assigned By: System-assigned.
Schemes: ISO 8601 standard for date/time encoding.
Comments: -

16.2 USE TYPE

Definition: An event which relates to access to or use made of a record.
Purpose: To provide a finite (but extensible) set of defined access and use events which can be used to describe and audit the use of the record over time.
Obligation: Mandatory
Use Conditions: -

Assigned Values:

(Value Name,
Definition)

Value Name Definition
Accessed: The record is accessed in some way (e.g., viewed, copied, downloaded, printed).
Checked Out: The record is in the possession of an individual.
Unauthorized Access Attempted: An unsuccessful attempt to move, modify or delete a record without assigned system authority or other form of authorization.
Default Value: -
Repeatable: Yes
Assigned By: System-assigned.
Schemes: Minnesota Recordkeeping Metadata Standard, agency-defined schemes.
Comments: The extent to which an agency implements the auditing of these and other events is a risk-based business decision—e.g., an agency may choose to implement limited or no auditing of the action "Accessed" because it is such a frequent event, or because the agency's records are not classified or sensitive in any way.

16.3 USE DESCRIPTION

Definition: Details of the event, such as information about where the record was downloaded to, the name and location of the document record contents were copied to, and the specific nature of any illegal action or security breach.
Purpose:

To enable auditing of accesses to and uses made of agency records.

To ensure accountability for agency recordkeeping.

Obligation: Optional
Use Conditions: -
Assigned Values: -
Default Value: -
Repeatable?: No
Assigned By?: Agent-assigned.
Schemes: Free text, Agency-defined schemes
Comments:

Some events, such as ‘Accessed’, may not require any extra level of description.

Information about the agent making use of the record shall be associated with the use itself. A decision will need to be made by individual agencies as to whether this association is implemented through links to separately held agent information, or whether the agent information is automatically captured into the Use Description.

USE HISTORY Examples

16.1 Use Date/Time 2000-05-20T13:00-6:00 Scheme: ISO 8601
16.2 Use Type Accessed

16.1 Use Date/Time 2001-09-23T16:30-6:00 Scheme: ISO 8601
16.2 Use Type Checked Out
16.3 Use Description To be returned in 2 weeks

 Minnesota Recordkeeping Metadata Standard: Version 1.1, July 2002.


Return to Minnesota Recordkeeping Metadata Standard