1 / 13

Long-Term Preservation Permission Procedure for Governmental Agencies

Learn about the permission procedure for long-term preservation in the National Archives of Finland for governmental agencies. Explore the auditing and certification system for ensuring compliance with requirements. Topics include information classification, disposal of non-permanent records, document management, file formats, error handling, good governance, information security, and more.

zimmermanc
Download Presentation

Long-Term Preservation Permission Procedure for Governmental Agencies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Archives of Finland long-term preservation permission procedure for governmental agencies and development of national auditing and certification system Markus Merenmies National Archives of Finland DLM Forum MembersMeeting Budapest, Hungary 12th-13th May 2011

  2. Topics • Why permission? • What is required to have it? • Auditing and certification system

  3. Why permission? • Based on archives act • Permanent preservation only in digital format requires a permission • ”Proactive risk mitigation” • To verify the fullfillment of requirements before records are produced

  4. Requirement categories • Information and taskclassification • Quality and accordancewith ”real life” • Maintenanceclassification • Records management process • Howtaskclassification is used • Disposal of non-permanentrecords • Documented and managedadministrativeprocess • Requiredaudit-trail of disposal • Transfer • Documented and managedadministrativeprocess • Properfileformats (and content) and validXML-structure • Errorhandling and transfer management • General ”Goodgovernance” • Log-file management • Informationsecurity

  5. Governmental agencies What we have to do? information security Software functionalities Process and metadata Records Management schedule Records Transfer Test Service Request For permission What we have to know? Long-termpreservation Permissionprocedure Auditing and certification system Have they done It right? Security requirements Auditing service Sähke requirements preservation agreement Quality control National Archives State Treasury Office What we want to have?

  6. Auditing Management of processes and information Pre-defined requirements and measuring quidelines (auditing toolbox) Documented awareness of responsibilities ERMS should be sertified, if not, then auditing should cover it also

  7. Auditing process • Outsourcedpre-definedauditingpackage • 3 days, 2800€ • Securityaudit: 6 days, 5500€ • Assistedsystematicself-assesment • Pre-requirements for documentation • Self-assesmentquestions • Auditing workshop • To recommend (ornot) permission for long-termpreservation • Separatetechnicaltransfer-testservice

  8. Sertification of ERMS ERMS Functionalities and Sähke2-requirements Challenge: How requirements are stated and how to measure? Status: re-writing Sähke2-requirements and development of sertification framework But… Normally products are customized

  9. Good governance • How ownership of the system/process is defined and managed? • Logfiles: how produced, why used? • Security audit and risk management • Development of Governmental Enterprise Architecture • General rules for information management and responsibilities

  10. Should we do it ourselves? • Yes • Difficult to outsource • Required expertice only in archives • No • Not enough own resources • Software auditing requires special skills

  11. What we’ve learnt? • How to verify? That must be clear when writing requirements. • Sähke3 should support certification • Compliance with Moreq2010 • Define first, what you need to know • Different tools for different means • What you measure, that you’ll get. Keep focus on important issues • Everything is simple, until you try it

  12. Environment of requirements Ministry of Finance Public organization Board of antiqueties National library National archives Ministry of Education and culture

  13. Thank you Markus Merenmies National Archives of Finland markus.merenmies@narc.fi +358504094011

More Related