Скачать презентацию Recordmaking vs Recordkeeping Systems Making Sure IT Doesn t Скачать презентацию Recordmaking vs Recordkeeping Systems Making Sure IT Doesn t

79e0aedf3bf6fd9ab050c76f791b0d2e.ppt

  • Количество слайдов: 37

Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesn’t Get Blindsided Rick Barry, Principal, Barry Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesn’t Get Blindsided Rick Barry, Principal, Barry Associates Virtual Handouts @ www. mybestdocs. com © 2004, R. E. Barry 1

About “Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesn’t Get Blindsided” Major systems that About “Recordmaking vs. Recordkeeping Systems: Making Sure IT Doesn’t Get Blindsided” Major systems that produce records— recordmaking systems How these relate to systems that properly manage records— recordkeeping systems Options for getting them into line How compliance requirements and standards can help Futures © 2004, R. E. Barry 2

Stats: Indicative trends; Hide standard deviations Information production: World population: 6. 3 billion. ~ Stats: Indicative trends; Hide standard deviations Information production: World population: 6. 3 billion. ~ 800 MB of recorded information produced p. c. , p. a. Equivalent: ~ 30’books Print, film, magnetic, optical storage media produced ~ 5 exabytes of new info in 2002. 92% magnetic media—mostly HDs Ø 1 exabyte = 1024 petabytes, each of which = 1024 terabytes Ø 5 exabytes? If digitized with full formatting, the 17, 000 books in the Library of Congress contain about 136 terabytes; 5 exabytes is equivalent to info contained in 37, 000 new libraries the size of Library of Congress Email: Average users in US spend 25+ hrs per month on Internet at home and 74 hours at work. 19% use to do research for work IM: 31% U. S. business Internet users used IM >/ once in May ‘ 02 WWW: 2000 estimated public (surface) Web volume: 20 to 50 terabytes; 2003 measured volume: 167 terabytes - 3 X Bright. Planet estimates deep web ~ 66, 800 and 91, 850 terabytes. Blogs: 2003: ~ 2. 9 million active weblogs containing about 81 GB Source: “How Much Information? 2003, ” UC Berkeley's School of Information Management and Systems, http: //www. sims. berkeley. edu/research/projects/how-much-info 3 2003/execsum. htm © 2004, R. E. Barry

USS Blue Action Report Re Dec 7, 1941: Excerpt 4 USS Blue Action Report Re Dec 7, 1941: Excerpt 4

Recordmaking systems Create documentation that meet commonly accepted definitions of records Virtually all digital Recordmaking systems Create documentation that meet commonly accepted definitions of records Virtually all digital systems used to create, communicate and record business in support of business processes (BPs) © 2004, R. E. Barry ØHuman to human ØHuman to system ØSystem to human 5

Core Recordmaking Systems Old fashioned office systems, email, EDMS; new fashioned instant messaging (IM) Core Recordmaking Systems Old fashioned office systems, email, EDMS; new fashioned instant messaging (IM) systems Back room – Enterprise Resources Planning (ERP) (SAP/People. Soft/Oracle/JDE)—finance, HR Indiana Univ. project www. indiana. edu/~librarch/phase. html “One. Start/EDEN – A Description of IU's Transaction Processing/Recordkeeping Environment" by Rosemary Pleva Flynn mybestdocscom Guest Authors Front room – CIM, CRM Ø Integrated voice/text/data systems Workflow, forms management Facility Management (CAD/CAFM/CMMS) Business intranets, extranets, websites, blogs © 2004, R. E. Barry 6

Survey of IT Directors Association 23 CIOs, CTOs, IT Directors of South Carolina State Survey of IT Directors Association 23 CIOs, CTOs, IT Directors of South Carolina State Agencies What functions and systems were they responsible for? What kind of systems had their organizations implemented? What did they see as the major issues, including electronic record © 2004, R. E. Barry 7

CIO Organizations With/Without Responsibility For: n = 23 © 2004, R. E. Barry 8 CIO Organizations With/Without Responsibility For: n = 23 © 2004, R. E. Barry 8

Major Systems Implemented n = 23 © 2004, R. E. Barry 9 Major Systems Implemented n = 23 © 2004, R. E. Barry 9

Topics Deemed Major Concerns What main concerns face your IT Departments? 1=not at all/minor Topics Deemed Major Concerns What main concerns face your IT Departments? 1=not at all/minor 2=somewhat 3=Major n = 23 Other: Continuing operations under current Legislative ‘Budget Priorities’ © 2004, R. E. Barry 10

CIO Organizations With/Without Responsibility for Recordkeeping 30% 70% n = 23 Is your organization CIO Organizations With/Without Responsibility for Recordkeeping 30% 70% n = 23 Is your organization responsible for records management? Q: What main concerns face your ITD? Electronic Records? 1=not at all/minor © 2004, R. E. Barry 2=somewhat 3=Major 11

Findings/Conclusions E-recs tied for 2 nd place among concerns About 30% felt that the Findings/Conclusions E-recs tied for 2 nd place among concerns About 30% felt that the balance in their org was too much on IT, too little IM About 90% responsible for IM, 70% RM and ~½ for web content Nearly all operating websites & intranets; few had EDMS, ERP systems or EDMS+ (EDMS + 5015) Directors with RM responsibility for RM saw e-recs as major issue Directors without RM responsibility saw e-recs as a minor or no issue Responsibility for e-recs brings respect for issues © 2004, R. E. Barry 12

Recordkeeping Systems (RKS) ISO 15489 defines “records” as: “information created, received, and maintained as Recordkeeping Systems (RKS) ISO 15489 defines “records” as: “information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business” with following characteristics: authenticity, integrity and usability. It defines “records system”: information system which captures, manages and provides access to records through time. © 2004, R. E. Barry 13

Recordkeeping Systems (RKS) Most, not all, business communications = records What characterizes records? Content, Recordkeeping Systems (RKS) Most, not all, business communications = records What characterizes records? Content, context, structure. Not technology platform. Importance of the BP determines the value of records they produce. Assessment of BPs is how: Ø value is determined Ø disposition management policy is applied Keep or not? If so, how long? Specified # yrs/Indefinite? Ø disposition is carried out All records can constitute legal evidence. They can also be challenged as legal evidence. © 2004, R. E. Barry 14

Trustworthy Recordkeeping Systems with robust archives & records management (ARM) functionality for records capture, Trustworthy Recordkeeping Systems with robust archives & records management (ARM) functionality for records capture, maintenance of integrity, long-term preservation & disposition management: Univ. of Penn. Functional Requirements for Evidence in Recordkeeping: http: //web. archive. org/web/20000818163633/www. si s. pitt. edu/~nhprc Trustworthy Electronic Recordkeeping Systems are generally accepted as maintaining the integrity, accuracy, authenticity and accessibility of electronic records. Ø Information Nation, Seven Keys to Information Management Compliance, by Randolph A. Kahn & Barclay T. Blair, AIIM, 2004 Ø “Best Practices for Document Management in an Emerging Digital Environment” by R. Barry, 1994, www. mybestdocs. com, 15 Other Papers section © 2004, R. E. Barry

Ergo: A trustworthy recordkeeping system: ØMaintains and permits continuing management of records in a Ergo: A trustworthy recordkeeping system: ØMaintains and permits continuing management of records in a manner consistent with rigorous recordkeeping requirements and standards ØMaximizes likely acceptance as evidence A records management application (RMA) is the software component of a broader recordkeeping regime to facilitate management of records Most RMS are not RKS © 2004, R. E. Barry 16

Do. D 5015. 2 Records Management Applications standard ØMeets minimal requirements for trustworthy recordkeeping Do. D 5015. 2 Records Management Applications standard ØMeets minimal requirements for trustworthy recordkeeping ØRecommended by Archivist of US for all federal agencies www. archives. gov/records_management/policy_and_guidance/b ulletin_2003_03. html ØMost portions are applicable to private sector ØAbout 60 products, product partnerships certified under 5015. 2 http: //jitc. fhu. disa. mil/recmgt © 2004, R. E. Barry 17

What 5015. 2 Requires RMAs shall provide capabilities to: Ø Define file plan - What 5015. 2 Requires RMAs shall provide capabilities to: Ø Define file plan - record categories/series and their associated disposition schedules Ø Identify/declare records, provide context Ø Store, preserve, protect electronic records Ø Search for and retrieve electronic records Ø Track records’ disposition schedule status Ø Execute disposition instructions - cutoff, transfer, destroy © 2004, R. E. Barry 18

Beyond 5015. 2 (V 2 June 2002) Possible topics for inclusion in V 3 Beyond 5015. 2 (V 2 June 2002) Possible topics for inclusion in V 3 ØIncorporation of standard data elements ØInteroperability within enterprise environment/among disparate RMAs ØManual transfer of electronic records to NARA ØDirect transfer of electronic records to archives ØMinor changes in security section reflecting recent amendment to Executive Order on national security ØMigration of some non-mandatory features to mandatory, e. g. , extraction/redaction, more DM © 2004, R. E. Barry 19

FUTURES Not necessarily a world of our making Not necessarily one we want to FUTURES Not necessarily a world of our making Not necessarily one we want to see emerge But one that is changing the way we must do business and manage records Few people are asking for our advice And no one is asking our permission © 2004, R. E. Barry 20

Futures ØBusiness: Increased focus on BPs as links between strategic aims & assets: human, Futures ØBusiness: Increased focus on BPs as links between strategic aims & assets: human, financial, facilities, technology, information More multi-national/international business transactions & operations Greater emphasis on post-911 info security needs Further globalization of business transactions under multiple RK/FOI practices and laws Continued concerns over privacy issues ØLegals: Growing court discovery judgments—e-records Efforts to harmonize e-bus laws/regulations internationally De facto changes in business law definitions of records by lawyers with no ARM background © 2004, R. E. Barry 21

Technology: Futures Tighter integration of BP & technology § Greater consolidation of business-process based: Technology: Futures Tighter integration of BP & technology § Greater consolidation of business-process based: records, compliance, information security and risk management More standards: IM, RM, IT; increased use of open source platforms (Linux www. linux. org/, Open. Reader www. openreader. com) Ubiquitous recordkeeping Burgeoning of wireless, natural language and video business applications. More multimedia records Computer-aided records detection, capture, classification More advanced personal electronic records tools Business, government take-up of hip technologies— IM, blogs, integrated mobile phones/PDAs, game 22 technologies for business purposes © 2004, R. E. Barry

For more on blogs and other such things…see WWW. MYBESTDOC. COM © 2004, R. For more on blogs and other such things…see WWW. MYBESTDOC. COM © 2004, R. E. Barry 23

www. mybestdocs. com © 2004, R. E. Barry 24 www. mybestdocs. com © 2004, R. E. Barry 24

Recordmaking Implications Technology doesn’t (yet) change ‘recordness’ of documents/objects Technology dramatically changes the ways Recordmaking Implications Technology doesn’t (yet) change ‘recordness’ of documents/objects Technology dramatically changes the ways we must manage records ‘Hands-off’ recordmaking by computers Location-independent computing – universal workspace ØRecords created in homes, hotels, temporary offices & outsourced organizations ØEmployees need remote access to records; security ØWorkers need records in different renditions/formats 25 © 2004, R. E. Barry

ARM Implications Large-scale system replacement of legacy recordmaking systems 1 ERP supplants many legacy ARM Implications Large-scale system replacement of legacy recordmaking systems 1 ERP supplants many legacy ‘paperful’ systems Systems producing massive volumes of records without own recordkeeping capabilities Web pages very dynamic Public- or customer-facing Web pages often reflect changing enterprise understandings or commitments to public or other clients. Often only place where records exist (See “Web Sites as Recordkeeping and “Recordmaking” Systems, by R. E. Barry, Information Management Journal, Nov/Dec 2004. ) New systems may use email/instant mail interface; no humans involved Records produced but not managed = risk © 2004, R. E. Barry 26

Which way to turn? © 2004, R. E. Barry 27 Which way to turn? © 2004, R. E. Barry 27

CEOs Get up on top of the issues. Number of stakeholders requires CEO to CEOs Get up on top of the issues. Number of stakeholders requires CEO to make it happen. Put recordkeeping on your strategic agenda. Take another look at organization/staffing of ARM Call for risk analyses Ø Revisit Y 2 K risk analyses, audits Ø Do it in-house: See “Best Practices” paper with checklist at www. mybestdocs. com in Other Papers Provide management mandate to make high-risk recordmaking systems into trustworthy recordkeeping systems Build alliances to keep you informed of risks, options Ø Representative program managers, CIO, ARM manager, general counsel, auditor, facility manager Ø Adopt as enterprise standards: Ø ISO 15489 for regime-level records management Ø Do. D 5015. 2 for ECM system-level records management Ø Metadata, document-access standard Ø Others standards and regulations appropriate to business © 2004, R. E. Barry 28

Standards Unlike laws, regulations, standards are voluntarily adopted or mandated by organizations as policy Standards Unlike laws, regulations, standards are voluntarily adopted or mandated by organizations as policy ISO 15489 Records Management Standard—broad recordkeeping regime standard 5015. 2 Records Management Applications (RMA) Standard (US Do. D)—software standard Metadata standards required for information discovery Ø Dublin Core http: //dublincore. org/; W 3 C Recommendation 10 Feb 2004 www. w 3. org/TR/rdf-primer/ Ø Australian National Archives AGLS Metadata www. naa. gov. au/recordkeeping/gov_online/agls/metadata_element_set. html Ø XFML Core - e. Xchangeable Faceted Metadata Language http: //xfml. org/spec/; +RK elements Long-term document access standards Ø TIFF + ASCII; PDF, PDF-A, Open. Reader © 2004, R. E. Barry 29

Chief Counsels Compliance Laws/Regulations CFR 21 Part 11 Title 21 Federal Regulations Code: Electronic Chief Counsels Compliance Laws/Regulations CFR 21 Part 11 Title 21 Federal Regulations Code: Electronic Records; Electronic Signatures www. fda. gov/cder/gmp/index. htm www. fda. gov/ora/compliance_ref/part 11/ Freedom of Information www. usdoj. gov/oip/foia_updates/Vol_XVII_4/page 2. htm HIPAA—Health Insurance Portability & Accountability Act www. hhs. gov/ocr/hipaa ADA Section 508—Americans with Disabilities Act www. section 508. gov/ SOX—Sarbanes-Oxley Act of 2002 www. law. uc. edu/CCL/SOact/soact. pdf www. sec. gov/divisions/corpfin/faqs/soxact 2002. htm SEC Rule 17 a-4 -- Records to Be Preserved by Certain Exchange Members, Brokers and Dealers www. law. uc. edu/CCL/34 Act. Rls/rule 17 a-4. html © 2004, R. E. Barry 30

What’s wrong with this picture? Finance Legal HR Published here with the kind permission What’s wrong with this picture? Finance Legal HR Published here with the kind permission of Kevin Lindeberg. © 2004, R. E. Barry 31

CIOs/ITDs, ARM Managers: Getting recordmaking systems into line 1. ECMS+: also tested, certified/approved RMA CIOs/ITDs, ARM Managers: Getting recordmaking systems into line 1. ECMS+: also tested, certified/approved RMA Ø Centralized IT is back; but scalability remains an issue 2. Pairing: Port products of ECMS, EDMS, ERP and other recordmaking systems into a trustworthy RMA or ECMS+/EDMS+ recordkeeping 3. Upgrade recordmaking system to become a trustworthy RK systems—embed recordkeeping in business processes 4. Hybrid of above Ø Whichever way: implement at enterprise IM-IT architecture level Ø Implement small. Plan enterprise. © 2004, R. E. Barry 32

Procurement/Acquisition Managers Require bidding documents to require bidders to: Ø Commit to maintain 5015. Procurement/Acquisition Managers Require bidding documents to require bidders to: Ø Commit to maintain 5015. 2 certification Ø Specify which “Additional Baseline Requirements, ” (C 2. 2. 10) features are supported by its product(s) vs. expected of the user organization Ø Specify other compliance requirements supported by its product(s) Ø Include costs of data conversion from legacy information (including electronic records) to proposed system © 2004, R. E. Barry 33

Developers of B 2 E, B 2 B, B 2 C Design systems for Developers of B 2 E, B 2 B, B 2 C Design systems for ARM compliance Partner with a certified RMA until you get your own Gain 5015. 2 or similar certification for use in other countries Provide further functionality for major compliance requirements Adopt ISO/Do. D standards for own internal operations © 2004, R. E. Barry 34

CIOs and IT Directors Take your archivist/records manager to lunch © 2004, R. E. CIOs and IT Directors Take your archivist/records manager to lunch © 2004, R. E. Barry 35

Archivists & Records Managers Pay for the lunch Ask the CIO to pay for Archivists & Records Managers Pay for the lunch Ask the CIO to pay for the system © 2004, R. E. Barry 36

www. mybestdocs. com © 2004, R. E. Barry 37 www. mybestdocs. com © 2004, R. E. Barry 37