Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society.

Download Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society.

Post on 18-Dec-2015

214 views

Category:

Documents

0 download

TRANSCRIPT

Slide 1 Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society Slide 2 October 2001, Minnesota Historical Society Presentation Overview Background and overview of the Trustworthy Information Systems (TIS) Methodology TIS Development Process TIS Handbook and Criteria Set Testing and Promotion Whos Using the TIS Methodology Current and Future Work Slide 3 October 2001, Minnesota Historical Society TIS Milestones Nov. 1997: Initial funding from the NHPRC May 1999: Additional funding from Minnesota State Legislature Dec. 1999: TIS Handbook online Jan. 2000: TIS final report to the NHPRC Nov. 2000: TIS Legal Risk Analysis Tool Oct. 2001: Version 3 released Slide 4 October 2001, Minnesota Historical Society TIS Methodology is a Toolkit It is an evaluation toolkit, in the form of a handbook, for information systems development projects of all sizes and types. TIS tools were tested in real work settings and endorsed by the partner agencies that used them. The TIS criteria are the foundation for the TIS methodology. Slide 5 October 2001, Minnesota Historical Society Focus on the System If an information system can be shown to be trustworthy, then it follows that the records it contains are trustworthy as well. Its easier to focus on the system than on all of the individual records. Trustworthy Information System = Authentic + Reliable Records. Slide 6 October 2001, Minnesota Historical Society Authenticity and Reliability Authentic and reliable information is a recurring theme throughout the methodology Authenticity: The records reliability over time; function of the records preservation Reliability: The measure of a records authority; determined by the circumstances of the records creation Slide 7 October 2001, Minnesota Historical Society TIS Criteria Basics Technical and non-technical considerations for systems to ensure reliable and authentic information Can be implemented at any time during the information systems life cycle They are practical and flexible; can be adapted to fit unique needs in any enterprise Slide 8 October 2001, Minnesota Historical Society The TIS Criteria Set Tool for establishing trustworthiness Asked: what characteristics are essential for a trustworthy information system? For trustworthy records? Surveyed a variety of sources (records management, archives, legal, audit, government) Slide 9 October 2001, Minnesota Historical Society Special RM / Archival Concerns Records disposition plan Details of creation, modification, storage Relation to other records Managed as a unit; can reconstruct on demand Officially incorporated into recordkeeping system Slide 10 October 2001, Minnesota Historical Society Special Legal Concerns Created and managed during routine course of business: must be able to prove continuous operation of established procedures Produced in a timely manner: must be able to document delays and anomalies Business transactions conducted only through designated recordkeeping system Maintained by appropriate authorized office Slide 11 October 2001, Minnesota Historical Society Special Audit Concerns User access/identification procedures Appropriate user privilege assignments Prevention of modification of record identifier and content; altered records considered new entries and assigned new identifiers Audit trails for creation and access Slide 12 October 2001, Minnesota Historical Society Criteria Set Incorporates records management, archival, legal, and audit requirements with special emphasis on Minnesota laws and policies - best practices Easily updated with new sources Slide 13 October 2001, Minnesota Historical Society Criteria Set Grouped by topic: System documentation Access and security Audit trails and accountability Disaster recovery plans Record metadata Bibliography of sources Slide 14 October 2001, Minnesota Historical Society 1. Documentation System administrators should maintain complete and current documentation of the entire system including policies, operating procedures, and audit trails of documentation revisions. Slide 15 October 2001, Minnesota Historical Society 1B. Policy and Procedure Documentation Programming conventions and procedures Record formats and codes Applications and associated procedures such as methods of entering/accessing data, modification, duplication, deletion, indexing techniques, and outputs Record migration Etc.. Slide 16 October 2001, Minnesota Historical Society 5. Each record should have metadata Might include: Unique identifier Date, time of creation Date, time of modification System or mechanism used for capture Indication of authoritative version Sensitivity classification Slide 17 October 2001, Minnesota Historical Society Criteria Set: Other Items Questions to Ask: general items in sidebar to consider while using the criteria; includes special ones for data warehouses Did You Know: highlights criteria-related items drawn from Minnesota government sources Consider This: items expand upon particular criteria Slide 18 October 2001, Minnesota Historical Society Implementation Taken as a whole, the criteria set represents an ideal-world trustworthy information system. But not all records are of equal value! You determine what your needs are and which criteria are appropriate for your situation. Slide 19 October 2001, Minnesota Historical Society General Considerations What are the laws and regulations that apply to your records? What are the industry standards for system security? Record security and retention? What areas/records might lawyers and auditors target? Which records are of permanent/historical value? Slide 20 October 2001, Minnesota Historical Society For Legal Investigations, Audits,etc. Must be shown that: Informed choices were made that were appropriate for the records Appropriate policies and procedures are in place and are followed during the routine course of business Slide 21 October 2001, Minnesota Historical Society Tool for Risk Assessment For systems in the development phase: Determine the value / sensitivity of the records Weigh the value of the records against the cost (time, money, etc.) of implementing each criterion Choose only those that support chosen level of risk Slide 22 October 2001, Minnesota Historical Society Tool for Risk Assessment For existing information systems: Determine the value / sensitivity of the records Determine which criteria are already in place and decide whether the current configuration meets chosen risk level Choose additional criteria for implementation as appropriate after weighing costs Slide 23 October 2001, Minnesota Historical Society Documentation is Key! Document that each criterion was considered, what the decision was regarding implementation, and the rationale. Note the date, the personnel involved, etc. Follow through with consistent application of choices Slide 24 October 2001, Minnesota Historical Society TIS Test Systems An enterprise-wide information system for administering various home mortgage programs A human resources / benefits / payroll system A mission-critical data warehouse accessed by virtually all Minnesota state agencies A web-based curriculum repository for educators An online bidding system for contracts Slide 25 October 2001, Minnesota Historical Society TIS Handbook Centered around the TIS criteria set Based on field test findings Applicable to any type of information system Directed toward policy makers and technical staff Slide 26 October 2001, Minnesota Historical Society TIS Handbook Components Whats in it for you? How do you use the Handbook? What is a trustworthy information system? What is the process for establishing trustworthiness? Who should participate? Slide 27 October 2001, Minnesota Historical Society TIS Handbook Components Why are metadata and documentation important? How do you use the criteria set? Criteria set Glossary, bibliography Appendices: TIS development, versioning, laws, field tests, tools Slide 28 Slide 29 October 2001, Minnesota Historical Society Legal Risk Analysis Tool Helps determine legal risk related to records: Scenarios for different situations (e.g., records are lost, mishandled, inaccurate) By Minnesota Government Data Practices Act classification By possible legal consequences General questions to consider Suggestions for mitigation keyed to TIS criteria Tips for completing the assessment process Slide 30 October 2001, Minnesota Historical Society TIS Meets A Need TIS fills an important gap in information policy in Minnesota government. TIS addresses information technology AND information policyat the same time. TIS presents a practical way to get this job done. Slide 31 October 2001, Minnesota Historical Society TIS Promotion and Education Policy makers Government advisory bodies Government and industry IT and records management groups Interested staff at a variety of agencies We went anywhere and everywhere! Slide 32 October 2001, Minnesota Historical Society Whos Using TIS? In Minnesota: Approved and supported by the state Information Policy Council Gradual adoption by state and local agencies like the Minnesota Department of Health Other places adapting/adopting/studying: Ohio Electronic Records Committee; Kansas ERC; City of Henderson, NV; Smithsonian Institution Archives; Canadian agencies Slide 33 October 2001, Minnesota Historical Society TIS Handbook Distribution Primary distribution through the World Wide Web Separate online sections, tutorial approach, PDFs for downloads Easy to revise as necessary current version always readily available Slide 34 October 2001, Minnesota Historical Society Current and Future Work Minnesota recordkeeping metadata standard now in development http://www.mnhs.org/preserve/records/ metadev.html Expand data warehouse section Slide 35 October 2001, Minnesota Historical Society Whats the Bottom Line? TIS methodology based on variety of best practices Brings together policy, IT, and records management Designed to be flexible to meet differing needs with respect to system and record types Centered around idea of risk assessment and documentation Slide 36 October 2001, Minnesota Historical Society For More Information TIS Handbook and other tools: http://www.mnhs.org/preserve/records/ index.html State Archives Department Minnesota Historical Society 651.297.2605 shawn.rounds@mnhs.org

Recommended

View more >