640 likes | 801 Views
Digital Continuity: An introduction. Digital continuity…. The ability to use your information in the way you need for as long as you need. Information is usable if you can…. Find it when you need it Open it as you need it Work with it in the way that you need to
E N D
Digital continuity… The ability to use your information in the way you need for as long as you need
Information is usable if you can… • Find it when you need it • Open it as you need it • Workwith it in the way that you need to • Understand what it is and what it’s about • Trust that it is what it says it is
We haven’t made this up… • “Any electronic data degrades over time. Some of this information is more than 20 years old. I'm not even sure that the xxx still has the tools needed to retrieve data from that era. You're talking about technology that would qualify as museum pieces now.” • “The transition to the new system has, however brought to light discrepancies in our existing records and this is resulting in a number of incorrect notices being issued. “ • “The only evidence beyond surmise that Dept X rely upon to support their assertion that the document is not held, is their failure to locate it. “ • “Transfer of records from Dept Y to Depts Z and A has resulted in two scenarios that have effectively rendered metadata captured in the EDRMS as lost.”
Digital information is vulnerable… • Risks are inherent in change • Organisational change • Technology change • Process and policy change in how information is managed
The impact of change… • information ownership becomes unclear - risks are missed or unmanaged • information is not disposed of appropriately • information is not migrated to new technologies effectively • information is trapped in legacy IT systems – or locked in a format that can’t be opened or used • information is no longer understood by the organisation – or cannot be trusted
Why it matters… • Efficiency and effectiveness • Transparency and accountability • Managing information risk
Managing digital continuity… Plan for action Define what you need Assess and manage risks Maintain digital continuity
The Digital Continuity Service… • Guidance • Risk Assessment Self-Assessment Tool • Procurement Framework • DROID
Managing digital continuity… Plan for action Define what you need Assess and manage risks Maintain digital continuity
Plan for Action… • Key roles understand risk and responsibilities • SRO for digital continuity • Multi-disciplinary team • Embed approach in business as usual
Role of the SRO… • Champion digital continuity • Lead action to manage risk and embed • Co-ordinate across disciplines • Prioritise resources • Escalate issues
Introducing DoRA… • You are the SRO • Who do you need to be involved in managing digital continuity? • What are their drivers for taking action?
Roles and responsibilities… • SIRO and information risk management • IAOs • Information assurance • Information management • Information technology • Change and project management
Managing digital continuity… Plan for action Define what you need Assess and manage risks Maintain digital continuity
Technical Environment Information Assets Digital Continuity Business Needs
Technical Environment Information Assets Digital Continuity Business Needs
Technical Environment Information Assets Business Needs
Technical Environment Information Assets Business Needs
Technical Environment Information Assets Business Needs
Technical Environment Information Assets Business Needs
Technical Environment Information Assets Business Needs
Understand what information you have and how it’s managed… • What information do you have? • Where is it? • How is it organised and managed? • Have you defined all your information assets?
Understand what information you have and how it’s managed… • An information asset is a body of information defined and managed as a single unit so that it can be understood, shared, protected and exploited effectively
Understand how you need to use your information… • Who needs to be able to find it? • What do they need to be able to open it? • How do they need to work with it? • Can they understand what it is and what it is about? • Can they trust that it is what they think it is?
Understand your technical environment… • What IT systems do you have? • What is their lifecycle? • What hardware are they reliant on? • What is their lifecycle? • What file formats is your information in? • What storage media are you using?
Define what you need for digital continuity… Usable = complete + available
Documenting what you know… • Information Asset Register • Configuration Management Database • Maintenance as important as capture
Understanding DoRA… • You have to build an: • Information Asset Register • Configuration Management Database • What information do you need to capture? • How can you maintain the relationships between the information assets and technology?
IAR CMDB • Name and description • Owners and users • Retention period • Usability requirements • Technology dependencies • Lifecycle • Support and warranties • Dependencies and relationships • Owners and users • Information assets
Over lunch…. • Questions • Confessions • DROID demo
Managing digital continuity… Plan for action Define what you need Assess and manage risks Maintain digital continuity
Technical Environment Information Assets Digital Continuity Business Needs
Identify your risks (and opportunities)… • Do you know what information you have, where it is, what it’s for? • Does the way you manage your information and IT environment keep your information usable as you need? • Are there opportunities to get rid of information and technology you don’t need?
Risk assessment… • You can assess your whole organisation • You can assess risks to particular assets – perhaps at point of change • Regularly review and update risk assessments
Risk assessing DoRA… • What risks to digital continuity is DoRA facing? • How can you mitigate against them? • Can you identify just FIVE mitigations to address all of the risks you’ve found? • Feedback: What is your highest priority mitigation and what risks will this address?
Mitigation strategies… • Change your : • technology • information • policies and procedures • Governance • And test for continuity
Managing digital continuity… Plan for action Define what you need Assess and manage risks Maintain digital continuity
Maintain your digital continuity… • Plan for change • Build your digital continuity and usability requirements into your plans and processes • Manage your IT and information for future flexibility and agility • Manage digital continuity through change • Change Projects to assess impact on information
Technology Change at DoRA… • Supplier is withdrawing support for BlackHole 2.0. • Three choices of what to do now: • Keep using the legacy system • Buy an off-the-shelf product • Build another bespoke system • Assess the risk to digital continuity of your information from each option • Identify potential mitigations in each case • Feedback - Decide what option you would choose and why
Assessing the risks… • Legacy technology hard to maintain – risks increase over time • Bespoke technology becomes legacy eventually • Bespoke technology requires specialist knowledge to maintain • Off-the-shelf may not meet all business needs • Off –the-shelf might still bring interoperability issues – can you migrate data in?
Organisational change at DoRA… Review of ALBs prompts reorganisation of DoRA with its agencies being closed, transferred or merged. • Assess the risks to digital continuity from these changes • Identify possible mitigations in each case • Decide how you will tackle the operational process of managing this change • Feedback – what are the key elements of your action plan?
Managing change … • Think about prevention and preparation for change • Manage the process • Learn lessons • Key things to remember: • Ownership • Usability requirements • Relationships between technology and information • Knowledge and skills needed • Mapping policies and procedures • Maintaining governance