secure and sensitive records technology and information management considerations l.
Skip this Video
Loading SlideShow in 5 Seconds..
Secure and Sensitive Records: Technology and Information Management Considerations PowerPoint Presentation
Download Presentation
Secure and Sensitive Records: Technology and Information Management Considerations

Loading in 2 Seconds...

play fullscreen
1 / 36

Secure and Sensitive Records: Technology and Information Management Considerations - PowerPoint PPT Presentation

  • Uploaded on

Secure and Sensitive Records: Technology and Information Management Considerations Cheryl McKinnon Product Manager, Government Solutions Hummingbird December 16, 2004 Agenda Technology and Information Management Challenges facing State Government

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Secure and Sensitive Records: Technology and Information Management Considerations' - Jims

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure and sensitive records technology and information management considerations

Secure and Sensitive Records:Technology and Information Management Considerations

Cheryl McKinnon

Product Manager, Government Solutions


December 16, 2004

  • Technology and Information Management Challenges facing State Government
  • Information Management Best Practices
  • Leveraging Technology to Overcome Challenges
challenges facing state government
Challenges Facing State Government
  • Public Sector Pressures
    • Government “On Line” / E-Gov Initiatives
    • Keep public sector on cutting edge of technologies to deliver services to constituents
    • Need to understand both limits and possibilities of new communication platforms
    • Internal paperwork reduction mandates
challenges facing state government4
Challenges Facing State Government
  • Many Knowledge Workers Not Desk Bound
    • Professionals
      • Attorneys, Consultants, Executives, Political and Campaign Organizers
    • Law Enforcement
      • Field Officers, Supervisors, Inspectors, Detectives, Security Officials
    • Emergency Services
      • Disaster Relief, Project Officers, Military, Health Care Professionals
    • Inspection Agencies
      • Food System, Customs, Case Workers, Transportation, Labor or Health
mobile distributed knowledge workers
Mobile, Distributed Knowledge Workers
  • Requirements:
    • Access to up-to-date policies and procedures, manuals, forms
    • Connectivity to corporate databases
    • Access to departmental intranets or portals
    • Ability to communicate and collaborate real-time
      • With Regional or Head Office
      • With contractors, clients or constituents
      • With other stakeholders
    • Stay informed while in field – act with current information
challenges technology rapidly evolving
Challenges: Technology Rapidly Evolving
  • Slippery Slope of Instant Communication
    • Managers, Executives and Remote Workers become dependent on instant access to messaging capabilities
    • More data and information demanded
      • Access to documents and records
      • Be notified when certain events occur or information is completed
      • Ability to act on documents received
      • Know when colleagues are available
challenges technology rapidly evolving7
Challenges: Technology Rapidly Evolving
  • E-Mail
    • Many organizations still grappling with management of e-mail volume
    • Types of devices which can send and receive e-mail exploding
      • Broader use of Laptops and Wired Homes
      • Cell phones
      • Other PDAs: Blackberries, Palm Pilots
    • Structured Capture, Control and Management of E-mails
      • Still lagging compared to other electronic document forms
      • IT staff often still exerts lifecycle management authority
      • Often loss or inappropriate storage of e-mails which should be considered organizational records
challenges technology rapidly evolving8
Challenges: Technology Rapidly Evolving
  • E-Mail
    • Rate of adoption will continue to grow exponentially
      • IDC Survey, September 2002
        • 16.2 billion messages per day worldwide, growth rate of 19% per year
        • Projecting 60 billion per day by 2006
    • Continued proliferation of e-mail enabled-devices
      • Ubiquitous messaging, connectivity
      • Becoming dominant form of business communication
e mail challenges
E-Mail Challenges
  • AIIM: 25% to 50% daily on e-mail tasks
  • Gartner: Over 75% of organizational know-how is buried in e-mail
  • 34% of business e-mail is unnecessary (occupational spam)
  • Survey by the AMA / U.S. News & World Report / ePolicy Institute finds:

50% of the largest U.S. companies have no e-mail retention and deletion policy in place

challenges technology rapidly evolving10
Challenges: Technology Rapidly Evolving
  • New Channels of Communication
    • Web Sites
    • On Line Collaboration
    • Text Messaging
    • Camera Phones
    • Instant Messaging
    • Wireless Networks
challenges technology rapidly evolving11
Challenges: Technology Rapidly Evolving
  • Next Wave of Information Explosion
    • Next generation of electronic records created through these new channels
    • How will organizations capture these records and ensure they are managed according to records principles?
      • Compliance Risks
      • Preservation Concerns
    • How do we apply same business rules and lifecycle requirements to this next generation of records?
    • What gap in the organizational or archival history will occur if we don’t plan now?
challenges technology rapidly evolving12
Challenges: Technology Rapidly Evolving
  • Organizations Driven by Productivity Gains from Mobility
    • Even most basic devices can immediately garner 10% efficiency gain for individual user (Gartner Research, March 2003)
    • Communication Platform does not release organization from meeting mandated industry regulations or corporate transparency legislation
    • Technologies that lend themselves to strong record keeping practices need to be evaluated
challenges privacy concerns
Challenges: Privacy Concerns
  • Information Practices Act
    • Individuals have a right of privacy in information pertaining to them.
    • The right to privacy is being threatened by the indiscriminate collection, maintenance, and dissemination of personal information and the lack of effective laws and legal remedies
    • The increasing use of computers and other sophisticated information technology has greatly magnified the potential risk to individual privacy that can occur from the maintenance of personal information.
    • In order to protect the privacy of individuals, it is necessary that the maintenance and dissemination of personal information be subject to strict limits.
challenges privacy concerns14
Challenges: Privacy Concerns
  • Agencies required to
    • Protect personal information collected as part of government business
      • Limits on information use and disclosure
      • Must account for disclosures
    • Make collected information available to citizen upon request
      • Individual can lodge request to inspect files
challenges freedom of information
Challenges: Freedom of Information
  • Public Records Act
    • Covers all state and local agencies
    • Includes records in all formats – including electronic
    • Onus on agency to justify non-disclosure of records
    • Defined categories of exempted information (partial list)
      • Personal, medical information
      • Attorney-client privileged information
      • Police data and arrest records
      • Financial data submitted for licenses, certificates, etc.
challenges freedom of information16
Challenges: Freedom of Information
  • Agency required to provide prompt access
    • Must provide assistance in identifying records
    • Access is free
      • Subject to photocopy or production cost recovery
    • Specific timelines to produce off site or large volumes of records
  • Technology and Information Management Challenges facing State Government
  • Information Management Best Practices
  • Leveraging Technology to Overcome Challenges
policy considerations
Policy Considerations
  • Security
    • Risk assessment and needs analysis before implementing electronic records policy
  • Compliance
    • Monitor systems for security and network maintenance purposes
  • Appropriate Use
    • Guide end users, avoid exposing organization to risk
policy considerations19
Policy Considerations
  • Confidentiality
    • Users to understand what information can be disclosed
  • Privacy
    • Understand legislation and level of privacy users should/should not expect when using agency email systems
  • Encryption
    • Identify under what circumstances email encryption is required
    • Policies around key protection important to avoid loss of records
e mail content management
E-mail Content Management
  • Content of e-mail to drive retention
    • Distinguish transitory, personal, spam e-mail from corporate content
    • Policy to address management of attachments, drafts, multiple copies or duplicates
      • Attachments: maintain links to messages, relationships
      • Drafts: can often be purged when final version approved
      • Copies/Duplicates: creator’s copy often viewed as original, forward considered owned by forwarder
      • Threads: final message should prompt filing
    • Limit or control locations to which messages can be saved
    • Appropriate content guidelines
e mail integrity
E-mail Integrity
  • Authentic, trustworthy, and complete e-mail records
  • Must capture who, what, when, and where of original e-mail messages to have legal or business value as records – message metadata
    • Header information
    • Body Content
    • Attachments
    • Signatures
  • “An e-mail printed to paper without its routing information and metadata is simply a piece of paper with words on it.” (Randolph Kahn)
retention disposition considerations
Retention & Disposition Considerations
  • Appraisal and Classification
    • Specify how email is designated a record
    • Procedures give users guidance
  • Preservation
    • Ensure structure, content, attachments, metadata, links, distribution lists, etc are protected and preserved
    • Storage medium and format must protect above aspects
    • Ensure authenticity, reliability and integrity maintained
retention disposition considerations23
Retention & Disposition Considerations
  • User Training
    • Ongoing
      • Ensure intent of records program is communicated
  • Disaster Recovery
    • Backup programs
    • Identification of vital records
    • Business Continuity programs in place
other standards
Other Standards
  • Other standards to consider
    • DoD 5015.2 – Functional Requirements for ERM software
    • ISO 15489 – Best Practices Standard
    • “Performance Guidelines for the Legal Acceptance of Records Produced by Information Technology Systems” (ANSI/AIIM TR31-2003
    • “Vital Records Programs: Identifying, Managing and Recovering Business-Critical Records” (ANSI/ARMA 5-2003)
develop strategy for electronic records management
Develop Strategy for Electronic Records Management
  • IT Concerns:
    • Must work within existing IT environment
      • Retention & Disposition of electronic records, including email based on records retention schedule
      • Outline appropriate use policies
      • Manage security policies
      • Manage hardware and network infrastructure
      • Ensure confidentiality of personal or sensitive data, identify and preserve vital records
      • Disaster recovery programs
      • Capture metadata and audit trails
develop strategy for electronic records management26
Develop Strategy for Electronic Records Management
  • Records Managers
    • Acknowledge e-mail systems and office authoring tools as sources of records
      • Treat email as any other recorded information
        • Not separate category of retention/disposition
        • Look at content and context of message
      • Assist in retention schedules for e-mail and other electronic records
      • Work with Legal Counsel to be aware of new legislation and discovery requirements
develop strategy for electronic records management27
Develop Strategy for Electronic Records Management
  • Archives
    • Mandate is to preserve historically significant records of the state government
    • Focus on preservation issues
      • Maintain relationships between records and context of creation
  • Technology and Information Management Challenges facing State Government
  • Information Management Best Practices
  • Leveraging Technology to Overcome Challenges
leveraging technology
Leveraging Technology
  • Access Controls
    • Enterprise Content Management Systems
      • Ability to secure individual documents/records by groups or users
        • Who can edit, view, copy, change metadata?
        • Restrict information returned as part of search result
        • Ability to default background access controls to ensure compliance
      • Functional Security Controls
        • Configure who has access to particular user functions
        • Declare Records, Set Retention/Disposition Lifecycle, Deletion, Publish
leveraging technology30
Leveraging Technology
  • Metadata
    • Agency can collect specific metadata attributes in order to categorize, sort, search and report on electronic and physical records
    • Use metadata elements to restrict access to sensitive records
      • Caveats, codewords, roles, markings
    • Records exempted from FOI or containing personal data can be marked
      • Accessible only by authorized users/groups within the agency
    • Manage records with according to security clearance levels
      • Secret, Confidential
      • Restrict access even for IT or LAN administration
leveraging technology31
Leveraging Technology
  • Secure Communication Platforms
    • Work in Progress documents often need collaborative input from internal AND external parties
      • Other levels of government, other agencies, external counsel or contractors
      • Protect integrity of internal repositories from external access
    • Collaboration Sites / Extranets
      • Push selected documents into secure collaborative site with full encryption
      • Mirror revisions back into corporate systems
leveraging technology32
Leveraging Technology
  • Secure Communication Platforms
    • Instant Messaging
      • Rate of adoption slower in government than in private sector
        • Typically more “locked down” desktop environment
        • Concerns that “freeware” IM products are not secure, no method by which to capture business related discussions as records
      • Emergence of Corporate Instant Messaging Platforms
        • Encrypted communication
        • Ability to capture chats and discussions as electronic records
        • Controlled user/group lists
        • “Presence” notification across desktop tools
leveraging technology33
Leveraging Technology
  • Electronic Capture
    • E-Mail Management
      • Automated capture of incoming/outgoing e-mail
      • Client side or server side rules
      • Capture e-mail specific metadata
        • Set retention and disposition lifecycle based on content and metadata
    • Integration with mainstream authoring tools
      • Capture wordprocessing, spreadsheet, graphic, image, CAD formats
      • Apply agency metadata, access controls and retention lifecycle
leveraging technology34
Leveraging Technology
  • Digital Signatures
    • Increasing acceptance of electronic and digital signature as part of E-Gov initiatives and other commercial transactions
      • Non repudiation
      • Verify integrity of electronic document

Thank You

Please see us at Booth 8 in the Vendor Showcase

Cheryl McKinnon