Trustworthy Information Systems Handbook: Section 6
Why are metadata and documentation important?
Documentation and metadata serve as the fundamental foundation of any trustworthy information system, enabling proper data creation, storage, retrieval, use, modification, retention, and destruction.
Metadata can be simply defined as "data about data." More specifically, metadata consists of a standardized structured format and controlled vocabulary which allow for the precise description of record content, location, and value. Metadata often includes items like file type, file name, creator name, date of creation, and the data classification from the Data Practices Act. Metadata capture, whether automatic or manual, is a process built into the actual information system.
Documentation has two meanings. On a broad level, it is the process of recording actions and decisions. On a system level, documentation is information about planning, development, specifications, implementation, modification, and maintenance of system components (hardware, software, networks, etc.). System documentation includes such things as policies, procedures, data models, user manuals, and program codes. Documentation capture is not a system process.
As discussed in Section 3 of this handbook (What is a trustworthy information system?), documentation and metadata establish accountability for information systems, and accountability goes hand–in–hand with trustworthiness—the ability to produce reliable and authentic records.
From the very beginning of your examination process, no matter where in the system development life cycle you start, you must make a conscious effort to keep documentation. Documentation gathered after the fact always carries the possibility of incorrectness and/or incompleteness. Begin by gathering such information as:
- System name, owner, life–cycle phase, purpose, etc.
- Rationale for the examination process
- Names and functions of team members
As the examination process moves along, collect other documentation as appropriate. For example:
- Which version of the Handbook was used? (refer to Appendix A)
- Which criteria were selected? Why?
- Which criteria were not selected? Why?
- What were the responses to the various additional considerations?
- Who is responsible for implementation of the chosen criteria and each piece of supporting documentation?
- When were your choices implemented?
At the end of your initial system examination, you should have a complete record of your process and the choices you made along the way. By following up with consistent application of your choices and by maintaining the currency of your documentation as you make changes and revisit the criteria set, you will not only have an effective management tool for your system's proper administration, you will have evidence of its trustworthiness.
Bear in mind: complete documentation of an entire system is a daunting task that may not always be necessary for your particular situation—perhaps only certain functions need the careful attention outlined above. The value of your records must be weighed against cost and risk. The next section in the handbook (Section 7, How important is your information?) discusses this important step.
Section 7, How important is your information?
TIS Handbook last updated July 2002, Version 4.