Geum.ru

Manual for the Design and Implementation of Recordkeeping Systems (dirks)

Вид материалаДокументы

Содержание


Example: Using the design strategy to integrate systems
Example: Using the design strategy to improve metadata
Example: Using the design strategy to improve information security
Подобный материал:
1   ...   33   34   35   36   37   38   39   40   ...   71

Compliance issues


Developing policies and procedures for your department/section will help with a range of compliance requirements you may be subject to, including ARMS requirements.

The International standard on records management, ISO 15489


This standard says that all organizations must develop and implement policies and procedures, as a means of ensuring its recordkeeping requirements are met.  

Quality management standards


Organizations seeking to comply with international quality management standards need to be aware that the production of policy documentation is a requirement for certification. The current ISO 9000 family of standards, particularly, ISO 9001: Quality Management Systems - Requirements, highlight the importance of policy and procedure to quality management frameworks. 

Design strategy


Overview

What is the design strategy?

When should the design strategy be used?

Examples of the design strategy

How far can you take the design strategy?

Overview


This section examines what the design strategy is and explains how it can be used to help you meet your recordkeeping requirements. It provides a number of examples of uses of the design strategy. 

What is the design strategy?


The design strategy enables you to design or redevelop recordkeeping systems in ways that enable your department/section to automatically meet its recordkeeping requirements. 

Design strategy applies to the technical components of recordkeeping systems and to business processes. Using the design strategy makes recordkeeping less obvious or intrusive to employees by rendering it a routine or automatic part of doing business using the systems and technology available. An employee's direct involvement in recordkeeping tasks is thereby removed or reduced.

When should the design strategy be used?


Design should be used when:
  • it is critical that recordkeeping requirements are satisfied, and
  • users do not need to be aware of recordkeeping functionality.

As it frequently involves technical design work, implementation of the design strategy can be costly. Application of the design strategy will often require the involvement of IT specialists, working together with records staff to build the necessary technological components. It is therefore effective to employ the design strategy when:
  • new business information systems are being developed
  • business information systems are being redesigned, or
  • business processes are being reengineered.

Tip: Not all design work has to be expensive

Remember that design can also be about using existing technology in different ways. For example, if you already have records management software, you could decide to adopt the design strategy and configure the software in a different way so that certain fields are displayed to all users and others are not.

This form of design work is not expensive, if you already have the records management software.  

Examples of the design strategy


Examples of the design strategy include:
  • designing a system that will prohibit users from completing an electronic business transaction until a record has been registered
  • deciding to purchase an off-the-shelf records management software package
  • making certain fields mandatory in a database or registration box
  • ensuring that audit trails are activated in systems
  • prescribing 'read-only' access to electronic records retrieved from a corporate data store
  • maintain a history of authorized system users
  • link disposal decisions to records to assist data storage and migration
  • preventing the deletion of records without authorization, and
  • configuring e-mail systems so that copies of outgoing messages are automatically saved into a shared corporate data store rather than personal e-mail folders.

^ Example: Using the design strategy to integrate systems 

Your Step D assessments may have revealed that systems cannot communicate, contain duplicate information or that efficiency is hampered because data cannot be inherited between systems. 

You can flag this as an issue and in Step E develop an integration strategy that you can begin to develop in Step F of the methodology. 

The integration strategy could be to build interfaces between systems, or could involve the development of a business portal that brings together all relevant business applications.

 

^ Example: Using the design strategy to improve metadata

In your Step C analysis you identified that, in order to efficiently manage the complaints management process you need to:
  • document the complaint
  • record name of complainant, date of receipt, nature of complaint, action taken

In Step D you determined that you current complaints management system does not provide you with the capacity to create or manage this metadata. The system does not:
  • allow for documentation of nature of complaint
  • track action undertaken in response to complaint.

In Step E you decide to utilize the design strategy, and redesign the complaints management system so that it has the capacity to capture and manage metadata describing the complaint and the action undertaken. 

 

^ Example: Using the design strategy to improve information security 

In your Step D assessment, you may have had concerns about the security of information and may have recommended that stronger security controls and audit logs be captured to document system use. 

In Step E, you would decide to implement a design strategy and redesign the system to capture when, how and by whom records have been accessed. You could also ensure that user logins are utilized to make sure that only persons with appropriate authority can access records within the system.