DoD 5015.02-STD ELECTRONIC RECORDS MANAGEMENT SOFTWARE APPLICATIONS DESIGN CRITERIA
Department of Defense 5015.02-STD, signed 25 April 2007, defines the basic requirements based on operational, legislative, and legal needs that must be met by Records Management Application (RMA) products acquired by the Department of Defense (DoD) and its Components. It defines requirements for RMA's managing classified records and includes requirements to support the Freedom of Information Act (FOIA), Privacy Act, and interoperability.
DoD Instruction 5015.02, Department of Defense Records Management Program, dated 17 August 2017, provides implementing and procedural guidance on the management of records in the Department of Defense. It sets forth mandatory baseline functional requirements for Records Management Application (RMA) software used by the DoD Components in implementing their records management programs; defines required system interfaces and search criteria that RMAs shall support; and describes the minimum records management requirements that must be met based on current National Archives and Records Administration (NARA) regulations.
The National Archives and Records Administration (NARA) first released the Universal Electronic Records Management (ERM) Requirements, Version 1 in August 2017. Version 2 was released in April 2020. Version 3 was released in June 2023 which identifies the high-level business needs for managing electronic records. The baseline ERM program requirements derived from existing statutes, standards, NARA regulations, policy, and guidance. This is the starting point for agencies to use when developing system requirements.
The Department of Defense Chief Information Officer (DoD CIO) published the Directive-type Memorandum (DTM) 22-001 – "DoD Standards for Records Management Capabilities in Programs Including Information Technology", incorporating Change 1. This DTM establishes policy, assigns responsibilities, and provides procedures:
- For DoD-wide mandatory records and information management requirements for the implementation of information technology (IT) systems and services to inform configuration and technical decisions of acquisition and provisioning programs.
- To exploit automation for use, maintenance, and disposition to reduce the recordkeeping burden on IT providers, IT customers, and endpoint users.
- To facilitate interoperability, automation, and shared expectations of information governance through more consistent, widely supported, and scalable records management (RM) capabilities.
- To mitigate risk to DoD records by establishing consistent retention policy to enable compliance, internal controls, and defensible deletion strategy. In the absence of policy, IT system and service providers make technical assumptions that may conflict with policy and lead to interoperability challenges.