Add to collection(s) Add to saved
  1. Business
  2. Management

Document 11144711

advertisement 
Digital Continuity:
An introduction
Digital continuity…
The ability to use your information in
the way you need for as long as
you need
Information is usable if you can…
• Find it when you need it
• Open it as you need it
• Work with it in the way that you need to
• Understand what it is and what it’s about
• Trust that it is what it says it is
It does make the headlines…
NatWest's IT meltdown
“NatWest owner, Royal Bank of Scotland,
has 40 years' experience running these
systems and banks as a rule don't drop the
ball like this”
The Guardian 25 June 2012
This happens in UK government too....
“The transition to the new system has,
however brought to light discrepancies
in our existing records and this is
resulting in a number of incorrect
notices being issued.”
“The only evidence beyond surmise
that Dept X rely upon to support their
assertion that the document is not
held, is their failure to locate it.”
“Transfer of records from Dept Y to
Depts Z and A has resulted in two
scenarios that have effectively
rendered metadata captured in the
EDRMS as lost.”
“Any electronic data degrades over
time. Some of this information is more
than 20 years old. I'm not even sure
that the xxx still has the tools needed
to retrieve data from that era. You're
talking about technology that would
qualify as museum pieces now.”
Digital information is vulnerable…
• Risks are inherent in
change
o Organisational change
o Technology change
o Process and policy
change in how
information is managed
The impact of change…
o information ownership becomes
unclear - risks are missed or
unmanaged
o information is not disposed of
appropriately
o information is not migrated to new
technologies effectively
o information is trapped in legacy IT
systems – or locked in a format that
can’t be opened or used
o information is no longer understood by
the organisation – or cannot be trusted
Why it matters…
o Efficiency and
effectiveness
o Transparency and
accountability
o Managing
information risk
Managing digital continuity…
Plan
for
action
Define
what you
need
10
Assess
and
manage
risks
Maintain
digital
continuity
The Digital Continuity Service…
• Guidance
• Risk Assessment Self-Assessment Tool
• Procurement Framework
• DROID
• Training
11
Stage 1: Planning
Managing digital continuity…
Plan
for
action
Define
what you
need
13
Assess
and
manage
risks
Maintain
digital
continuity
Plan for Action…
• Key roles understand risk and
responsibilities
• SRO for digital continuity
• Multi-disciplinary team
• Embed approach in business
as usual
Role of the SRO…
• Champion digital continuity
• Lead action to manage risk and embed
• Co-ordinate across disciplines
• Prioritise resources
• Escalate issues
Workshop 1: roles and responsibilities
Think about your own organisations:
• Who do you need to be involved in
managing digital continuity?
• What are their drivers for taking action
(what is in it for them)?
Roles and responsibilities…
• SIRO and information risk management
• IAOs
• Information assurance
• Information management
• Information technology
• Change and project management
Stage 2:
Define Requirements
Managing digital continuity…
Plan
for
action
Define
what you
need
19
Assess
and
manage
risks
Maintain
digital
continuity
Technical
Environment
Information
Assets
Digital
Continuity
Business Needs
21
Understand what information you
have and how it’s managed…
• What information do you have?
• Where is it?
• How is it organised and managed?
• Have you defined all your
information assets?
Understand what information you
have and how it’s managed…
• An information asset is a body of
information defined and managed as
a single unit so that it can be
understood, shared, protected and
exploited effectively
Understand how you need to use
your information…
• Who needs to be able to find it?
• What do they need to be able to open it?
• How do they need to work with it?
• Can they understand what it is and what it
is about?
• Can they trust that it is what they think it is?
Understand your technical
environment…
• What IT systems do you have?
• What is their lifecycle?
• What hardware are they reliant on?
• What is their lifecycle?
• What file formats is your information in?
• What storage media are you using?
Define what you need for digital
continuity…
Usable
=
complete
+
available
Documenting what you know…
• Information Asset Register
• Configuration Management Database
• Maintenance as important as capture
Workshop 2: defining what you need
Imagine you are doing a survey of your information
and the technology that supports it:
• What information do you need to capture?
• How can you maintain the relationships between
the information assets and technology?
Possible headings
• Name and description
• Lifecycle
• Owners and users
• Support and
• Retention period
• Usability requirements
• Technology
dependencies
warranties
• Dependencies and
relationships
• Owners and users
• Information assets
Stage 3:
Risks and Impacts
Managing digital continuity…
Plan
for
action
Define
what you
need
31
Assess
and
manage
risks
Maintain
digital
continuity
Risk to digital continuity is…
Anything that might stop you being able to…
• find
• open
• work with
• understand
• trust
… your digital information in the way that you
need for as long as you need.
Does the organisation understand how the technical
environment supports its information usability requirements?
Does the organisation rely upon legacy technology to deliver
information usability requirements?
Does the organisation rely upon bespoke technology to
deliver information usability requirements?
Does the organisation understand the value of its
information, both the financial and value to business?
Does the organisation already have digital information that is
over 5, 10 or 20 years old?
How long does the organisation need to keep its information
for?
Does the organisation manage the interdependencies of the
various elements within its technical environment?
Has the organisation assessed continuity risks to individual
information assets?
Is the organisation regularly testing for continuity of its
information assets?
Identify your risks (and
opportunities)…
• Do you know what information you have, where it
is, what it’s for?
• Does the way you manage your information and
IT environment keep your information usable as
you need?
• Are there opportunities to get rid of information
and technology you don’t need?
Risk assessment…
• You can assess your whole organisation
• You can assess risks to particular assets –
perhaps at point of change
• Regularly review and update risk
assessments
Workshop 3: risk assessing
DoRA…
• What is putting DoRA’s digital continuity at
risk?
• What are the impacts on using the
information?
• What are the impacts on the organisation?
• What can you do to reduce the risk?
• Feedback: one risk and how to mitigate it
Risk mitigation strategies…
• Consider your:
o
governance
o
policies and procedures
o
information and technology
• And test for continuity
Lunch 13:05-13:55
• Questions
• Networking
Stage 4:
Maintaining
Managing digital continuity…
Plan
for
action
Define
what you
need
42
Assess
and
manage
risks
Maintain
digital
continuity
Maintain your digital continuity…
• Plan for change
o Build your digital continuity
and usability requirements
into your plans and
processes
o Manage your IT and
information for future
flexibility and agility
• Manage digital continuity through change
o Change Projects to assess impact on
information
Workshop 4: technology change at
DoRA…
DoRA’s 15 year IT contract is coming to an end which includes
support for their EDRM, BlackHole 2.0
• Three choices of what to do now:
o Continue using BlackHole
o Buy a new service or system
o Allow business areas to investigate their own solution
• Assess the risk to digital continuity of DoRA’s information
from each option
• Identify potential mitigations in each case
Feedback - Decide what option you would choose and why
Assessing the risks…
•
•
•
•
•
•
•
•
•
Unsupported technology
Ageing technology
Interoperability/incompatibility
Migration
Usability
User acceptance
Governance
Customisation
All technology becomes legacy eventually
Workshop 5: digital continuity in
action
There are 8 mini scenarios based around various incidents
within DoRA. Each group will be given two of these to work
through – take 15 minutes for each
• Why did the incident happen?
• What actions (if any) can you take now to rectify the
problem?
• How can you stop this happening again?
Feedback – answers to these questions for one of your
scenarios
A crisis of contact
The Central Pole Vaulting Office needs
the contact details of an old employee to
get some key information on a previous
project to allow them to understand a
database. This kind of issue is being
raised with HR on a regular basis and is
causing problems.
A sticky situation
The Bee-keeping Regulatory department
have just called. They are trying to send
out the yearly ‘Bee-keeping licensing
evasion fines’ but the system is not
showing who has evaded buying a bee-keeping licence.
It looks as though, when the ‘Bee-keeping licence’ and
‘Bee-keeping investigation’ systems were integrated, the
information about who had kept bees this year was not
properly linked to information on who had bought a beekeeping licence. The old systems were deleted after the
integration so they don’t know who kept bees without a
licence last year.
A jarring loss of honey
data
A Public Inquiry into the decline of UK honey
production has given the departments twenty
days to provide information on the
development of the statute that currently governs beekeepers. Nine years ago the information was transferred
between EDRM systems and the user generated
metadata was lost. The staff who understood this
information have now left the department.
The
department cannot understand the information it has and
cannot identify what to send to the inquiry.
A pole vault to nowhere
Staff working on the Pole Vaulting Review
project contact the IT helpdesk looking for
information missing after they saved it in
their My Documents folder rather than in a
corporate, managed information store. My
Documents folders are not backed-up and
the IT helpdesk are unable to recover or
restore the lost information.
An information black hole
DoRA has received an FOI request for
the
Spock
Report
which
was
commissioned in the late 1980s. An initial
exploration of DoRA’s information stores
proved fruitless. DoRA should have
inherited the information when it took on
responsibility for space exploration
around five years ago but there is no
record of what was transferred. The FOI
team suspect that the information is held
somewhere and are not sure how to
proceed.
Look before you leap
Two pole vaulting associations have
been accused by the Pole Vaulting
Standards Authority of foul play and
collusion. They must provide emails
from a specific date for the court case.
They are unable to do so as the files
were corrupted when they were moved
to a new system.
Lost in space
The Office of Outer Space Photography
is continuing to use a digital tape format
which can no longer be produced and
for which manufacturer support has
been withdrawn. They routinely transfer
data from this format onto lower quality
storage. This results in some data
quality loss for the organisation.
No knowledge-transfer
The Minister needs some information
collected in the 1990s as part of the
National Honey Bee Survey. The
information is held on an old, password
protected system. You have just
discovered that the only two people who
held the passwords have died in a bee
related incident and now you cannot get
into the system.
Final Thoughts
What to do now…
1) Find out more about digital continuity
2) Find out more about your
organisation
3) Build bridges and ask questions
4) Manage digital continuity as a key
information risk
5) Advocate and influence upwards
What to take home with you…
1) Ownership is important
2) Cross-disciplinary approach
3) Prevention not restoration
4) Focus on information usability
5) Embed in operational processes
And how we can help…
• Guidance
• Risk Self-Assessment
Tool
• Procurement
Framework
• DROID
• Advice
58
And how we can help…
• Guidance
• Risk Self-Assessment
Tool
• Procurement
Framework
• DROID
• Advice
59
And how we can help…
• Guidance
• Risk Self-Assessment
Tool
• Procurement
Framework
• DROID
• Advice
60
And how we can help…
• Guidance
• Risk Self-Assessment
Tool
• Procurement
Framework
• DROID
• Advice
61
And how we can help…
• Guidance
• Risk Self-Assessment
Tool
• Procurement
Framework
• DROID
• Advice
62
And more training…
14th November
The National Archives, Kew
Digital continuity…
The ability to use your information in
the way you need for as long as
you need
And how we can help…
nationalarchives.gov.uk/digitalcontinuity
Information.management@nationalarchives.
gsi.gov.uk
Related documents
Unit 10: Course Summary and Final Exam
Unit 10: Course Summary and Final Exam
CENTENNIAL HONORS COLLEGE Western Illinois University Undergraduate Research Day 2015
CENTENNIAL HONORS COLLEGE Western Illinois University Undergraduate Research Day 2015
Continuity Formal Approach
Continuity Formal Approach
Continuity 6 Continuity 1
Continuity 6 Continuity 1
Social studies teachers should possess the knowledge, capabilities , and... organize and provide instruction at the appropriate school level for... II. TIME, CONTINUITY, AND CHANGE
Social studies teachers should possess the knowledge, capabilities , and... organize and provide instruction at the appropriate school level for... II. TIME, CONTINUITY, AND CHANGE
Digital Continuity Framework Supplier Project Assessment
Digital Continuity Framework Supplier Project Assessment
Business Continuity
Business Continuity
Download
advertisement