180 likes | 497 Views
Records Inventory & Data Classification Workshop. Data Classification Project
E N D
Records Inventory & Data Classification Workshop Data Classification Project Note: This is an example of one agency’s approach to meeting the state records inventory and data classification requirements. Material may need to be modified to meet your particular needs. The project has been successful, thus far.
Welcome & Introductions • INSTRUCTOR INFORMATION • PROJECT LEAD INFORMATION
Workshop Agenda • Role & Responsibility of Designee • Introduction to State Policies • Records Inventory & Retention • Records Classification & Security • Scope of Effort & Process • Access to Materials on the Intranet • Conducting the Inventory & Classification • Part I – Records Management Practices • Part II – Records Inventory & Classification • Workshop Exercises
Role & Responsibility of Designee • Role: • Records management: the management of records within your functional division and/or unit(s). • Responsibilities: • Identify and classify records used and maintained. • Complete or oversee the completion of the survey and periodic updates. • If overseeing the completion, must: • train and assist the person completing the survey • verify accuracy of information reported
State Policy Agencies must comply with the following requirements: • INVENTORY – (SAM section 1666) • Inventory records at least once every 5 years • Use Records Inventory Worksheet form (STD. 70) • Use Records Retention Handbook as guide for preparing and conducting the inventory • RETENTION – (SAM section 1665) • Establish a Records Retention Schedule Program consistent with state/agency laws • Use Records Retention Handbook and Addenda
General Retention Schedule • Personnel & Payroll • Delegated Testing • Fiscal • Information Technology • Records Management • Administrative & Common Use • Email
STD. 70 – Worksheet • Per SAM this is the form used to comply with inventory requirement: std070-Records Inventory Worksheet-DGS.pdf • This form is being used as the basis of this inventory and classification effort • Phase II Activity • (4 and 9 on modified form)
State Policy • Information records are essential public resources • We are the protectors of the public’s information • All agencies must: • IDENTIFY • CLASSIFY • PROTECT
State Data Classification Criteria • Data classification is a key element to identifying appropriate levels of precautions to protect these resources (BL-05-08). • Every agency must classify each file and database using the following classification structure (SAM Section 5320.5).
Data Classifications • Primary • Public • Confidential • Sensitive • Secondary (Confidential) • Personal • Notice-triggering • Protected Health Information (PHI) • Electronic Health Information (EHI)
Record System • Also referred to as a Record Series. • Group of related records under a single filing category that deal with a particular subject or result from the same activity. • Maintained by an agency for official purposes • A physical record system may be an output of an electronic record system (e.g., lists, reports).
Scope of Effort • B-I-G! Really, really BIG! • Identify all records used and maintained by the agency • Triggers: • “What records are your office and/or staff using and maintaining to support this specific business function, process or service?” • “Have employees created reports, spreadsheets, databases or other tools to assist them with their work?”
Initial Inventory Process • Each division/program identifies a person responsible for management of records = “Designee” • Designees are trained on completing the inventory for their offices • Designees complete or oversee the completion of Inventory Worksheets • Information feeds and serves to facilitate compliance with: • Inventory and classification requirements • Other requirements (e.g., retention, security and operational recovery processes)
Goal and Process for Updates • Develop a mechanism to: • Continually update as required to support annual reporting • Minimize further impact to business operations • Project lead is currently working with IT to develop an Access Database • The information gathered through this process will be input/imported into the database. • Records management designees will be able to update database as changes occur and generate report forms versus repeating the comprehensive survey process each year.
Timeline Initial Process: • Designee Training – 9/28/06 to 10/19/06 • Offices complete survey – 2 Months from date of training • Project lead reviews and clarifies responses – 2 Months • Project lead inputs and/or imports data into database – <DATE> Subsequent Process: • Offices update inventory database on a continuous basis • Designee Training – September/October each year
Important “Go Forward” Thoughts • Maintain awareness of record inventory and classification requirements • As more records are created, used, maintained or transmitted we must ensure they are added to the inventory, and properly classified and protected • Ensure we are only collecting data that we have the authority and need to collect • Plan for the protection of records during the system design phase
Intranet Access • Download Data Classification Documents
Hands-On Exercises • Part I –Records Management Practices • Part II – Records Inventory & Classification