1 / 36

Trustworthy Electronic Records: An Information Systems Approach

Trustworthy Electronic Records: An Information Systems Approach. Shawn Rounds Minnesota Historical Society. Presentation Overview. Background and overview of the Trustworthy Information Systems (TIS) Methodology TIS Development Process TIS Handbook and Criteria Set Testing and Promotion

sappm
Download Presentation

Trustworthy Electronic Records: An Information Systems Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society

  2. Presentation Overview • Background and overview of the Trustworthy Information Systems (TIS) Methodology • TIS Development Process • TIS Handbook and Criteria Set • Testing and Promotion • Who’s Using the TIS Methodology • Current and Future Work October 2001, Minnesota Historical Society

  3. TIS Milestones • Nov. 1997: Initial funding from the NHPRC • May 1999: Additional funding from Minnesota State Legislature • Dec. 1999: TIS Handbook online • Jan. 2000: TIS final report to the NHPRC • Nov. 2000: TIS Legal Risk Analysis Tool • Oct. 2001: Version 3 released October 2001, Minnesota Historical Society

  4. TIS Methodology is a Toolkit • It is an evaluation toolkit, in the form of a handbook, for information systems development projects of all sizes and types. • TIS tools were tested in real work settings and endorsed by the partner agencies that used them. • The TIS criteria are the foundation for the TIS methodology. October 2001, Minnesota Historical Society

  5. Focus on the System • If an information system can be shown to be trustworthy, then it follows that the records it contains are trustworthy as well. • It’s easier to focus on the system than on all of the individual records. • Trustworthy Information System = Authentic + Reliable Records. October 2001, Minnesota Historical Society

  6. Authenticity and Reliability • Authentic and reliable information is a recurring theme throughout the methodology • Authenticity: The record’s reliability over time; function of the record’s preservation • Reliability: The measure of a record’s authority; determined by the circumstances of the record’s creation October 2001, Minnesota Historical Society

  7. TIS Criteria Basics • Technical and non-technical considerations for systems to ensure reliable and authentic information • Can be implemented at any time during the information systems life cycle • They are practical and flexible; can be adapted to fit unique needs in any enterprise October 2001, Minnesota Historical Society

  8. The TIS Criteria Set • Tool for establishing trustworthiness • Asked: what characteristics are essential for a trustworthy information system? For trustworthy records? • Surveyed a variety of sources (records management, archives, legal, audit, government) October 2001, Minnesota Historical Society

  9. Special RM / Archival Concerns • Records disposition plan • Details of creation, modification, storage • Relation to other records • Managed as a unit; can reconstruct on demand • Officially incorporated into recordkeeping system October 2001, Minnesota Historical Society

  10. Special Legal Concerns • Created and managed during routine course of business: must be able to prove continuous operation of established procedures • Produced in a timely manner: must be able to document delays and anomalies • Business transactions conducted only through designated recordkeeping system • Maintained by appropriate authorized office October 2001, Minnesota Historical Society

  11. Special Audit Concerns • User access/identification procedures • Appropriate user privilege assignments • Prevention of modification of record identifier and content; altered records considered new entries and assigned new identifiers • Audit trails for creation and access October 2001, Minnesota Historical Society

  12. Criteria Set • Incorporates records management, archival, legal, and audit requirements with special emphasis on Minnesota laws and policies - best practices • Easily updated with new sources October 2001, Minnesota Historical Society

  13. Criteria Set • Grouped by topic: • System documentation • Access and security • Audit trails and accountability • Disaster recovery plans • Record metadata • Bibliography of sources October 2001, Minnesota Historical Society

  14. 1. Documentation System administrators should maintain complete and current documentation of the entire system including policies, operating procedures, and audit trails of documentation revisions. October 2001, Minnesota Historical Society

  15. 1B. Policy and Procedure Documentation • Programming conventions and procedures • Record formats and codes • Applications and associated procedures such as methods of entering/accessing data, modification, duplication, deletion, indexing techniques, and outputs • Record migration • Etc….. October 2001, Minnesota Historical Society

  16. 5. Each record should have metadata Might include: • Unique identifier • Date, time of creation • Date, time of modification • System or mechanism used for capture • Indication of authoritative version • Sensitivity classification October 2001, Minnesota Historical Society

  17. Criteria Set: Other Items • Questions to Ask: general items in sidebar to consider while using the criteria; includes special ones for data warehouses • Did You Know: highlights criteria-related items drawn from Minnesota government sources • Consider This: items expand upon particular criteria October 2001, Minnesota Historical Society

  18. Implementation Taken as a whole, the criteria set represents an ideal-world trustworthy information system. But not all records are of equal value! You determine what your needs are and which criteria are appropriate for your situation. October 2001, Minnesota Historical Society

  19. General Considerations • What are the laws and regulations that apply to your records? • What are the industry standards for system security? Record security and retention? • What areas/records might lawyers and auditors target? • Which records are of permanent/historical value? October 2001, Minnesota Historical Society

  20. For Legal Investigations, Audits,etc. Must be shown that: • Informed choices were made that were appropriate for the records • Appropriate policies and procedures are in place and are followed during the routine course of business October 2001, Minnesota Historical Society

  21. Tool for Risk Assessment For systems in the development phase: • Determine the value / sensitivity of the records • Weigh the value of the records against the cost (time, money, etc.) of implementing each criterion • Choose only those that support chosen level of risk October 2001, Minnesota Historical Society

  22. Tool for Risk Assessment For existing information systems: • Determine the value / sensitivity of the records • Determine which criteria are already in place and decide whether the current configuration meets chosen risk level • Choose additional criteria for implementation as appropriate after weighing costs October 2001, Minnesota Historical Society

  23. Documentation is Key! • Document that each criterion was considered, what the decision was regarding implementation, and the rationale. Note the date, the personnel involved, etc. • Follow through with consistent application of choices October 2001, Minnesota Historical Society

  24. TIS Test Systems • An enterprise-wide information system for administering various home mortgage programs • A human resources / benefits / payroll system • A mission-critical data warehouse accessed by virtually all Minnesota state agencies • A web-based curriculum repository for educators • An online bidding system for contracts October 2001, Minnesota Historical Society

  25. TIS Handbook • Centered around the TIS criteria set • Based on field test findings • Applicable to any type of information system • Directed toward policy makers and technical staff October 2001, Minnesota Historical Society

  26. TIS Handbook Components • What’s in it for you? • How do you use the Handbook? • What is a trustworthy information system? • What is the process for establishing trustworthiness? • Who should participate? October 2001, Minnesota Historical Society

  27. TIS Handbook Components • Why are metadata and documentation important? • How do you use the criteria set? • Criteria set • Glossary, bibliography • Appendices: TIS development, versioning, laws, field tests, tools October 2001, Minnesota Historical Society

  28. Legal Risk Analysis Tool • Helps determine legal risk related to records: • Scenarios for different situations (e.g., records are lost, mishandled, inaccurate) • By Minnesota Government Data Practices Act classification • By possible legal consequences • General questions to consider • Suggestions for mitigation keyed to TIS criteria • Tips for completing the assessment process October 2001, Minnesota Historical Society

  29. TIS Meets A Need • TIS fills an important gap in information policy in Minnesota government. • TIS addresses information technology AND information policy…at the same time. • TIS presents a practical way to get this job done. October 2001, Minnesota Historical Society

  30. TIS Promotion and Education • Policy makers • Government advisory bodies • Government and industry IT and records management groups • Interested staff at a variety of agencies We went anywhere and everywhere! October 2001, Minnesota Historical Society

  31. Who’s Using TIS? • In Minnesota: • Approved and supported by the state Information Policy Council • Gradual adoption by state and local agencies like the Minnesota Department of Health • Other places adapting/adopting/studying: • Ohio Electronic Records Committee; Kansas ERC; City of Henderson, NV; Smithsonian Institution Archives; Canadian agencies… October 2001, Minnesota Historical Society

  32. TIS Handbook Distribution • Primary distribution through the World Wide Web • Separate online sections, tutorial approach, PDFs for downloads • Easy to revise as necessary – current version always readily available October 2001, Minnesota Historical Society

  33. Current and Future Work • Minnesota recordkeeping metadata standard now in development http://www.mnhs.org/preserve/records/metadev.html • Expand data warehouse section October 2001, Minnesota Historical Society

  34. What’s the Bottom Line? • TIS methodology based on variety of best practices • Brings together policy, IT, and records management • Designed to be flexible to meet differing needs with respect to system and record types • Centered around idea of risk assessment and documentation October 2001, Minnesota Historical Society

  35. TIS Handbook and other tools: http://www.mnhs.org/preserve/records/ index.html State Archives Department Minnesota Historical Society 651.297.2605 shawn.rounds@mnhs.org For More Information October 2001, Minnesota Historical Society

More Related