Manual for the Design and Implementation of Recordkeeping Systems (dirks)

Вид материалаДокументы

Содержание


Conduct regular design reviews
Tip: Remember to separate development and operational facilities
Develop a migration and/or conversion strategy
Example: When migration is needed
Documenting technical design
Подобный материал:
1   ...   44   45   46   47   48   49   50   51   ...   71
^

Conduct regular design reviews


Remember that it is important to involve system users in the process of the design or redesign of your technical components. Liaise with users about aspects of the design that affect them through both formal and informal means, and use this as a mechanism for obtaining useful feedback. Do not forget to have formal design reviews at critical stages in the design process, such as the completion of the design of a major system component.

Design reviews help to maintain links between the requirements you are aware of or articulated in Step C of your analysis, and the design activities you are now undertaking. These reviews will highlight requirements that have:
  • not been properly addressed
  • changed, or
  • become infeasible due to other changes or new constraints.

Design reviews often result in requests for changes to requirements and/or to parts of the design itself. For this reason, it is essential to document the outcomes of the review. It is also vital that you maintain a visible documentary trail from the requests for change to resulting changes in requirements or design. Requested changes which are not implemented, or which are implemented only partially, must also be documented.

 

^ Tip: Remember to separate development and operational facilities

According to ISO 17799, the International code of practice for information security management, it is important to ensure that design and testing operations for significant system redevelopment are separated from your operational environment. In clause 8.1.5, the standard states that the following controls should be in place:

a) development and operational software should, where possible, run on different computer processors, or in different domains or directories

b) development and testing activities should be separated as far as possible

c) compilers, editors and other system utilities should not be accessible from operational systems when not required

d) different log-on procedures should be used for operational and test systems, to reduce the risk of error. Users should be encouraged to use different passwords for these systems, and menus should display appropriate identification messages

e) development staff should only have access to operational passwords where controls are in place for issuing passwords for the support of operational systems. Controls should ensure that such passwords are changed after use. 

The standard also states that 'rules for the transfer of software from development to operational status should be defined and documented.'
^

Develop a migration and/or conversion strategy


If, at the end of your work in applying the design and standards tactics, you have developed new systems or redeveloped old ones, you may need to develop record migration and conversion strategies to ensure records are carried forward from old frameworks into new ones. You plan for and undertake these activities in Step F, Design of recordkeeping systems

Migration is the 'act of moving records from one system to another, while maintaining the records' authenticity, integrity, reliability and usability'. [6]

Conversion is the 'process of changing records from one medium to another or from one format to another'. [7]

 

^ Example: When migration is needed

You would need to undertake migration activities if: 
  • business information systems were to be decommissioned or superseded as a result of your DIRKS work and the records they contain need to be maintained in an active system, 
  • as a result of your system assessment it has been decided to upgrade to the next version of a software application and records need to be carried over into this new environment, or
  • existing business information systems have undergone significant transformation and records need to be migrated into new system components.

 



Example: When conversion is needed

You would need to undertake conversion activities if: 
  • you have decided to implement technical standards for records management and need to convert existing records to the new standard format
  • you have decided to adopt a digitization strategy and need to convert all paper records into an electronic format, or
  • you have identified that records stored on one format are at risk, such as records stored on floppy disks, and want to move these to a more secure format, such as CD-ROM.

 

Both migration and conversion activities need to be conducted carefully and need to be tested and well documented. See ARMS' guideline: Ensuring the accessibility of equipment/technology dependent records. This document contains a range of clear guidelines to help ensure you conduct conversion and migration activities in an accountable and efficient manner. 
^

Documenting technical design


In most design projects documentation is an ongoing and prolific activity. System design documentation is developed progressively at different stages (or 'milestones') in the design process. In addition to the policies and procedures you may develop, each design solution generated by the project team or tendered by an external party should incorporate extensive design documentation, including:
  • design diaries, detailing original design decisions and rationale, and documenting changes made to the design over time
  • introductory, non-technical design descriptions which can be understood by senior management, staff and other stakeholders
  • descriptions of redesigned or newly designed business processes
  • logical and physical models of different aspects of the system
  • metadata specifications
  • structured, precise hardware and software design specification(s), aimed at computer system developers and vendors
  • initial testing plans
  • initial training plans, and
  • skeletal system implementation plan.