1 / 23

ImageNow Meeting Compliance

ImageNow Meeting Compliance. Understanding Standards & Procedures. Why Are We Here?. To learn the steps each office needs to take to meet the compliance requirements for NDSU’s internal document imaging audit. Campus Audit is reported to NDUS each year (June) by NDSU Chief IT Security Officer

isra
Download Presentation

ImageNow Meeting Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ImageNowMeeting Compliance Understanding Standards & Procedures

  2. Why Are We Here? • To learn the steps each office needs to take to meet the compliance requirements for NDSU’s internal document imaging audit. • Campus Audit is reported to NDUS each year (June) by NDSU Chief IT Security Officer • Audit is conducted to meet requirements of NDUS Policy 1901.4

  3. NDUS Policy 1901.4 Purpose: “The purpose of this procedure is to establish an imaging procedure for all NDUS institutions that create, use, and manage digital images on optical imaging systems.”

  4. NDUS Policy 1901.4 Procedure Summary: • “Institutions shall create and follow documentation that outlines and describes system hardware and software specifications and written policies and procedures that document the creation, maintenance, use and preservation of digital images within the system.” • “Training schedules that include initial instruction as well as regular, ongoing retraining must be implemented to ensure that employees understand the policies and procedures and any changes that may occur.”

  5. Initial Access & Training Checklist Item #1 • Procedures for electronic imaging of documents have been formally documented and are provided to individuals who have been given access or duties related to imaging documents. Translation: • Do you have training documents and/or user manuals prepared for first-time ImageNow users?

  6. Initial Access & Training Create Tutorials for the Basics: • Logging In, Logging Off, & Password Changes • Toolbar Icons, Interface & Default Settings • How to Search • How to Scan/QA/Link • How to Upload & Link using ImageNow Printer Resources: • ImageNow User Manual (PDF, hard copy, Client Help) • Internal Customized Tutorials

  7. Confidential Data Training Checklist Item #2 • Individuals with access to data and system have been given appropriate training regarding policies and procedures for security and safety of data stored and manipulated within system. The training is ongoing and is updated according to changes in policy and federal law. Checklist Item #9 • All those assigned access and use the system have undergone basic training on handling and use of confidential data and have signed confidentiality agreements.­

  8. Confidential Data Training Translation: • Have users reviewed data privacy policy & completed confidential data training before using ImageNow? How do we Comply? • Log and file (date of training, who attended, who provided training) • NDUS Data Privacy Training • Signed Confidentiality Agreement • Responsibility Review • Security/Confidentiality Topic during Staff Meeting

  9. Scanning & QA Training Checklist Item #10 • Individuals who perform the scan or validation function have received additional training on document quality assurance. How do we Comply? • Create separate training tutorial for scanning process • Make sure VRS settings are optimized for all documents • Do not allow “Bypass QA” setting for scanning profiles

  10. System Oversight Checklist Item #3 • An individual(s) has been assigned the responsibility to oversee and manage the training of assigned personnel. Translation: • Each participating office needs to have a designated ImageNow “Manager” Why is this Required? • Act as a “point of contact” for each office • Limits number of users who can access & change security • In charge of keeping & collecting audit compliance data

  11. System Oversight Checklist Item #12 • Logs of individual training are maintained by the person(s) managing the oversight of those who use the system. Translation: • ImageNow “Managers” need to keep track of which users have received which types of training and when. How do we Comply? • A spreadsheet will be developed and distributed to help managers track user training.

  12. System Oversight Proposed Spreadsheet: • Record completed training dates for each user • Submit copy of spreadsheet for audit each year

  13. Security Management Checklist Item #4 • Separation of duties is in place for individuals who have been given access to the imaging system. (For example the person who scans in a document does not have the ability to delete a document.) Checklist Item #6 • Formally documented procedures have been established to ensure that only authorized personnel can create, copy, annotate, or access digital images within the system. This access is granted based on specific need for use of the system.

  14. Security Management Translation: • Assign user security settings according to function • Don’t grant more access than absolutely necessary Keep track of: • Who is responsible for scanning? • Who can delete linked documents? • Who can view documents in which drawers? • Who can view certain document types? • Who can edit custom properties, notes, annotations? • Who can print, save, or email imaged documents?

  15. Document Validation Checklist Item #5 • A validation process using a sampling technique has been implemented to verify that the scanned document matches the original document. This process is conducted and documented each quarter. Checklist Item #11 • Logs are collected, monitored and documented to verify reproduction accuracy and reliability according to the original document.

  16. Document Validation Validation Process: • ImageNow Documents • Search for documents created on certain date • Randomly select documents (note Date, ID#, DocType, & # of pages) • Locate selected documents in hard copy archive • Confirm quality of the documents • Hard Copy Documents • Randomly select documents from hard copy archive • Search for documents in ImageNow • Confirm quality of scanned documents

  17. Document Validation VALIDATION PROCESS DEMONSTRATION Nancy KasperRegistration & Records

  18. User Management Checklist Item #7 • Those employees no longer needing access to the system have been removed. Process: • ImageNow “Manager” deactivates user account in ImageNow and removes user from all associated groups • Or contact Viet to have him deactivate the user • Notify your IT Liaison to include removal of “ImageNow service tag” when the Help Desk ticket requesting end of IT services is submitted

  19. Document Management Checklist Item #8 • Digital images that are the records of documented business processes have been linked to the business processes that created them. Translation: • Documents are stored in “Drawers” of the department that created them • Drawer names are changed when documents transfer between departments • “View” access is usually retained by original department

  20. Document Management Checklist Item #13 • All digital images are destroyed according to NDSU Records and Retention policy and procedure 713. Translation: • Documents need to be purged based on the document retention schedule (www.ndsu.edu/recordsmanagement) Process: • Query is run for ID#s of “inactive students” (last 5 years?) • ImageNow is searched for documents “In List” • Index fields & custom properties determine purge items

  21. Document Management Checklist Item #14 • All data that is stored as an image is classified according to NDUS policy and procedure 1901.2. Translation: • “Any electronic data asset of the NDUS or Institution shall be classified as Public, Private or Confidential according to the following standards.” – NDUS 1901.2 How do we comply? • “Confidential” drawers can be created for highly sensitive documents that can only be accessed by designated users

  22. Document Auditing Checklist Item #15 • A system “audit trail” is in place to document who, the date and time, and what was accessed for the previous 12 months. This “audit trail” is maintained and available for review. How do we comply? • “Audit” setting in ImageNow is turned on for: • Add Annotations • Document Copy • Document Create • Document Create via Batch • Document Delete • Document Move • Document Page Delete • Document Restore • Document Send to Recycle Bin • Document View • User Login

  23. QUESTIONS?

More Related