Manual for the Design and Implementation of Recordkeeping Systems (dirks)
| Вид материала | Документы |
СодержаниеTip: Don't be over prescriptive Tip: Discuss your recommendations with colleagues Tip: Do not forget public access |
- Design and installation of pipelines for heating systems usingpipes, 616.28kb.
- Design and installation of pipelines for heating systems usingpipes, 608.87kb.
- 1 Примеры программ ecad, 243.4kb.
- Audi Group Design Center. Уникальный проект audi ag и Audi Russia, направленный, 105.22kb.
- Тематика лекций по дисциплине «Механика грунтов, основания и фундаменты», 8.01kb.
- Web-дизайн Понятие веб-дизайна, 215.6kb.
- Web дизайн включает в себя визуальный дизайн (вообще), дизайн представления информации, 1039.6kb.
- Assessing Implementation of the eecca environmental Partnership Strategy – a baseline, 147.38kb.
- Государственный стандарт союза СССР информационная технология Комплекс стандартов, 428.01kb.
- Experience of tqm principles and iso 9000 implementation in the Pridneprovsky region, 67.13kb.
Reviewing your recordkeeping metadata
Step H: Post implementation review
Ongoing monitoring and review of your metadata requirements is important to the success of your metadata strategy. You may want to assess how metadata is being captured, to ensure this is efficient, test the security of metadata or examine the capacity of metadata to be migrated through system change.
Liaison with staff is a key means by which you can determine the adequacy of your metadata capture and whether it needs to be improved to better meet your recordkeeping needs.
Further information
Recordkeeping metadata is referenced throughout the DIRKS Manual (particularly in Steps D and F), so read the manual for more guidance.
For further information you can also read ARMS' Standard on Recordkeeping Metadata.
Doing DIRKS to manage records access and security
Records access and security
Identifying records access and security requirements
Ensuring that your recordkeeping systems support access and security
Reviewing strategies for records access and security
Further information
Records access and security
Recordkeeping systems should provide timely and efficient access to, and retrieval of, records. Systems should also include and apply security controls on access to ensure the integrity of records is not compromised.
Having an effective access and security program in place will help to ensure that records:
- are available, when appropriate, for use
- are not subject to unauthorized use
- cannot be altered, and
- cannot be inappropriately destroyed.
Doing DIRKS to manage record access and security could involve:
- identifying access and security requirements that relate to specific business activities and/or business units
- allocating the appropriate classifications or access rules to records
- incorporating requirements in a suitable, responsible and compliant way in recordkeeping systems, and
- monitoring decreasing sensitivities and changing requirements in systems over time.
| ^ Tip: Don't be over prescriptive Access to records should only be restricted when there is a business need or when restricted access is required by law. Staff of your organization need access to records - try to facilitate this wherever possible. |
Ideally record access and security should be defined and implemented across your whole department/office. Such a project could however could be implemented in stages, so you could examine your office's access and security requirements by unit or function. Priority should be given to areas where you have identified higher risks for unauthorised disclosure.
Identifying records access and security requirements
Undertaking Steps A-C of the DIRKS methodology can help you to identify the types of requirements your office has concerning record access and security.
Step A: Preliminary investigation
Step A will provide you with a broad overview of the requirements relating to access and security that your department/office is subject to. In Step A you should identify:
- what existing rules for access and security operate in your department/office
- the access and security rules contained in:
- government-wide and industry-wide legislation
- policies and codes of practice, and
- specific regulatory sources.
- government-wide and industry-wide legislation
| Example: Your Step A analysis may reveal that you need to implement an access and security program in order to protect:
Your Step A analysis should reveal the need to comply with public rights of access to your records contained in: ST/AI/326 The United Nations Archives, 28 December 1984. Your development of access and security frameworks will need to take these requirements for both security and accessibility into account. |
The sources you examine in Step A will also help you to understand what business is performed in your department/office, how and why it is performed and who is involved. This is important knowledge if you wish to establish better access and security frameworks. Risks and stakeholders are also examined in Step A and both of these may impact on your decision making about access and security requirements.
| Tip: Security and access classification is a risk based decision - use your awareness of the risks faced by different areas of your business to prioritise how and where you need to most securely manage your organizational information. |
When your focus is on one business function or unit
Even if you are intending to develop access and security regimes for one function or business unit at a time, you should still broadly analyse your organization and its operations in Step A. You can then start to concentrate on those areas that relate to access and security in the particular function or business unit you have identified as a priority.
Legacy records
Remember you may also have legacy records that will require access decisions, so you may need to do some research into the history of your department/office or the particular function or area of business in Step A, and build up a base of knowledge about the sensitivities that may have been involved in the organization's past business activities.
Step B: Analysis of business activity
In Step B you learn about business processes and practices at a more detailed level, and identify the records that are generated from them. This assessment will help you to understand:
- which records require access and security management, and
- where the risks in relation to access and security management lie.
A key product of Step B is a business classification scheme. This is a tool that maps the business your department/office performs, by identifying the functions, activities and transactions that comprise your business operations. Your access and security requirements can be mapped to this framework to help you identify and manage these requirements.
When your focus is on one business function or unit
If you are developing access and security regimes for one business unit or function at a time, you should still look at this analysis broadly, and at least map a preliminary classification scheme before concentrating your attention on one particular area.
Step C: Identification of recordkeeping requirements
In Step C you will need to identify all of the recordkeeping requirements - requirements contained in UN rules, best practice requirements or community expectations - that relate to giving or restricting access. The regulatory environment in which the U.N. operates will establish broad principles on access rights, conditions and restrictions.
If you have completed Step A: Preliminary investigation, this will involve examining in closer detail many of the sources already identified. In Step C you need to consider and assess the risks of not meeting the requirements and ideally you should map these back to your functions and activities (in the business classification scheme if you have completed Step B: Analysis of business activity) to understand the business context in which the requirement applies.
At the end of Step C you will have identified the range of specific requirements that govern access and security in the area or areas you are assessing. You can then start translating these into specific decisions concerning record accessibility or restriction that you want to implement in your recordkeeping system.
| ^ Tip: Discuss your recommendations with colleagues Do not forget to discuss the access and security decisions you come up with in Step C with your colleagues, particularly those in the business areas that will be affected by your decisions. |
| ^ Tip: Do not forget public access During the course of your Step A to C assessments, keep your public access requirements in mind. Under ST/AI/326 The United Nations Archives, 28 December 1984, the public is entitled to access any United Nations record in that is over twenty years of age unless it has a security classification of Strictly Confidential or equivalent or is in some other way considered “Privileged” and not to be released to the public. |