Add to collection(s) Add to saved
  1. Business
  2. Management

Document 11144712

advertisement 
Digital Continuity
Digital continuity is the ability to use information in the way that you need, for as long as you need.
If you do not actively work to ensure digital continuity, your information can easily become unusable.
Information is at the heart of good government, but without care and consideration the digital information on
which government depends is less likely to survive and remain usable than paper records.
USABLE = AVAILABLE + COMPLETE
Usable: your information meets your requirements for how your business needs to use it.
Available: you can find what you need and you have the technology to open it and work with it
in the way you need.
Complete: you have everything you need to use, understand and trust the information,
including the content, context and all the necessary metadata.
What is usable information?
Your information is usable if you can:
find it when you need it
open it as you need it
work with it in the way you need to
understand what it is and what it is about
trust that it is what it says it is.
Why is digital continuity at risk?
Using your digital information is dependent upon the technology you need to access it and the policies and
processes you have in place to manage it. This dependency makes it particularly sensitive to change and your
digital continuity is put at risk during changes in your organisation, management processes and technology.
You need to manage your information carefully over time and through such changes to maintain the usability
you need.
What agendas does digital continuity support?
Your responsibility to look after information may include:
managing personal data according to the Data Protection Act
meeting statutory responsibilities, such as the Public Record Act 1958
complying with the Freedom of Information Act 2000 (and managing records according to the revised
FOI section 46 Code of Practice)
meeting the Information Assurance Maturity Model and Assessment Framework
complying with obligations under government policies on transparency and the public’s “right to data”.
How do you maintain digital continuity?
Managing digital continuity is complex – but it is not unachievable and needn’t be expensive.
Digital continuity relies on effective IT, IM and IA policies and processes and active change
management – building it into existing practice is central.
Digital continuity should be seen as a key part of good information governance.
Four stage process for managing digital continuity
We’ve defined an easy-to-follow four stage process that you can follow to ensure you take a structured,
coherent approach to managing digital continuity in your organisation:
Stage 1: Plan for action
Stage 2: Define your digital continuity requirements
Stage 3: Assess and address risks to digital continuity
Stage 4: Maintain digital continuity
Help and information
See our website: nationalarchives.gov.uk/digitalcontinuity
Specific guidance:
o
Understanding Digital Continuity
nationalarchives.gov.uk/documents/understanding-digital-continuity.pdf
o
What Does Digital Continuity Mean for You? An Overview of the Benefits
nationalarchives.gov.uk/documents/an-overview-of-the-benefits.pdf
Related information assurance advice at: cesgiap.gsi.gov.uk
Full presentation of the day at:
nationalarchives.gov.uk/information-management/projects-and-work/dc-training.htm
We can come in to talk to you about digital continuity. Drop us an email at
digitalcontinuity@nationalarchives.gsi.gov.uk
-2-
Stage 1: Planning
Importance of top-level support
Senior managers need a good understanding of the benefits and risks to continuity in order to champion
appropriate governance and action at all levels in the organisation.
Information risk
Loss of digital continuity is an information risk as important as any other. This means:
the SIRO is required to ensure risks to digital continuity are recognised and managed in the
organisation through its information risk policy and assessment process
the Accounting Officer will hold the SIRO responsible if there is a loss of digital continuity.
Cross disciplinary approach
Individuals from several disciplines need to collaborate to help manage digital continuity, including:
information technology (IT)
information assurance (IA)
information management (IM)
change and project management.
Embed managed and structured approach into business as usual
It is important to build digital continuity management into your organisation’s business as usual policies and
processes to ensure it is managed in a structured, ongoing way, rather than reactively. This includes
embedding it into change and project management processes, as well as everyday operations.
Role of the Digital Continuity Senior Responsible Owner (SRO)
To achieve all of the above, the SIRO should appoint a Digital Continuity SRO. The SRO is responsible for:
overseeing and promoting digital continuity management in the organisation
ensuring that risks to digital continuity are managed
ensuring that the right systems and structures are in place
assessing where existing work practices, policies and systems can be built upon or amended
expressing the business requirement for digital continuity in any relevant strategies and plans
leading the cross-disciplinary group of individuals
allocating resources to embed this as part of business as usual operation and change management
elevating issues to board level as necessary.
-3-
Role
Responsibilities
Motivations
SIRO and
Ensure all information risks
responsible to Accounting Officer for information
information risk
are recognised and managed
risk management
management
managing digital continuity can help realise savings
and efficiencies.
Information
Protection of information and
loss of digital continuity is an information risk
assurance
information systems
build better relationships with IM and IT.
Information
Oversight of all information
ensure organisation can exploit its information fully
management
management and practice in
help them comply with legislation
organisation – creation,
support efficient and effective digital IM
capture, organisation and
build better relationships with IT and IA in the
discovery.
organisation.
Information
Provision and management of
develop fuller understanding of their technology and
technology
technology systems that
how it supports the organisation’s information
support the organisation’s
improved change management
information
reduce support queries
build better relationships with IM and IA.
IAOs
Protect and manage risks to
better protect and manage their asset(s)
their individual assets and
ensure asset(s) can be exploited by the business
maintain usability
(over the long term).
Change and project
Planning and managing
better manage the information risks inherent in
management
change projects in the
change.
organisation
Help and information
Specific guidance:
o
Managing Digital Continuity
nationalarchives.gov.uk/documents/managing-digital-continuity.pdf
o
The Role of the SIRO in Managing Digital Continuity
nationalarchives.gov.uk/documents/the-role-of-the-siro.pdf
o
Information Asset Owners and Digital Continuity
nationalarchives.gov.uk/documents/iao-and-digital-continuity.pdf
o
What Does Digital Continuity Mean for You? An Overview of the Benefits
nationalarchives.gov.uk/documents/an-overview-of-the-benefits.pdf
-4-
Stage 2: Understanding and Documenting Requirements
The digital continuity of your information is
Technical
services and
environment
Information
assets
maintained when your technology and information
management processes support your information
assets in meeting your business requirements both
now, and in the future. This is when:
you know what information you have, what it
is about and where it is
you understand how you want to use it, now
and in the future
assets not
supported
to meet
business
needs
your technology and information
management process enables you to use
your information, and is agile enough to cope
unneeded
technical
capability
unnecessary
support
unneeded
information
assets
complete
available
usable: digital
continuity
assets not
available to
meet business
needs
unmet business needs
with your changing requirements.
Once you understand the usability requirements for
your information, and the technology and processes
Business
needs
you are dependent on to provide this use, you can
effectively identify when change is likely to impact on your information, and manage it to ensure that your
digital continuity is maintained.
Information Asset Register – documenting the links
Configuration Management Database – documenting the
between information assets, their business requirements
details of the technical environment, what it is made up of,
and technical dependencies
how elements interact and management processes
Asset information: name, description, sensitivity
Lifecycle management: license expiry, predicted end of life
People: IAO, users, creator
Support: SLAs, warranty information
Management: risk, retention periods
Dependencies: how do systems rely on each other?
Usability Requirements: find, open work with, understand,
trust
Technical dependencies: hardware and software required
to deliver usability
Help and information
Specific guidance:
o
Identify Information Assets and Business Requirements
nationalarchives.gov.uk/documents/identify-information-assets.pdf
o
Mapping the Technical Dependencies of Information Assets
nationalarchives.gov.uk/documents/mapping-technical-dependencies.pdf
Tools:
o
Information Asset Register Template:
nationalarchives.gov.uk/documents/iar_template.xls
-5-
Stage 3: Risk Assessment
Risks to Digital Continuity
Digital continuity is most at risk when the information’s environment changes. For example, when technology
changes, there is a risk that existing information won’t be available to you via the applications you are now
using. There is a risk that when information is moved or altered, vital context becomes lost so that you cannot
interpret it correctly. Changes to business needs can mean that your information does not meet requirements,
with this risk increasing if it has not been managed with future flexibility in mind.
Loss of digital continuity often appears as a result of technology change – but this isn’t the only factor. The
wider risk is that change is not managed carefully or planned for and that this can, either immediately or over
time, leave information unusable. Mitigating risk depends on appropriate governance, policies and processes
that will ensure that you have the right technology and information management in place.
Assessing Risk
You will be at risk of losing digital continuity if:
information governance structures aren’t in place, and don’t include responsibilities for maintaining
digital continuity
you don’t understand what information you have, what it’s for and what technology you rely on to use it
– and your risks increase if you use bespoke or uncommon technologies
policies, processes and behaviours for managing information and technology do not ensure that
change is managed and planned for – your risks increase if your policies are too onerous to follow
specific business and technology changes are not managed with a clear outcome to maintain the
digital continuity of any affected information.
Undertaking a digital continuity risk assessment involves reviewing your organisation to identify factors that
may increase the likelihood that you will lose the ability to use your information as information management,
technology and business needs change. It also involves examining risks to individual information assets,
particularly to understand the impact that specific change may have on their usability.
Mitigating Risk
Actions to mitigate risks to digital continuity will necessarily vary in shape, cost and ease of implementation.
Strategies may include:
changing your technology, or the file format of the asset, so that information remains usable on the
applications and systems you have available
changing the information asset and how it is managed, organised or structured, so that it remains
complete, with the context and content needed to use it as required
-6-
improving the policies and procedures you use to manage information, technology and change projects
to include a requirement to assess and manage any impact on digital continuity – and improving
communications and training to ensure these are followed
establishing information governance structures with clear roles and responsibilities for digital continuity
regularly testing for the continuity of your information assets before and after change.
It is important that mitigating actions are appropriately prioritised and proportionate to the value of the
information to your business, the impact and likelihood of the risks and the cost and ease of implementation.
It may be appropriate to decide not to mitigate some of the risks you find – but a risk assessment is key to
allowing you to do this from an informed position.
Preventing vs restoring digital continuity
It is easier to prevent loss of digital continuity than it is to restore it – restoring digital continuity will take time
and money and may not even be possible. It can often be important to establish preventative approaches
before tackling significant legacy issues with your information, to make sure that you do not continue to build
up more risks as you do so.
Embed in existing information risk management
Assessing and managing risks to digital continuity should be embedded into your existing processes and
governance structures for managing information risk. Similarly, loss of digital continuity should be
incorporated into your incident management processes for information and technology.
Help and information
Specific guidance:
o
Risk assessment handbook:
nationalarchives.gov.uk/documents/Risk-Assessment-Handbook.pdf
Tools:
o
Testing for continuity checklist:
nationalarchives.gov.uk/documents/testing-for-continuity-checklist.pdf
o
Self assessment tool:
nationalarchives.gov.uk/documents/self-assessment-tool.xls
-7-
Stage 4: Maintaining Continuity through Change
Digital continuity is about managing the inter-dependencies between your information assets, your business
needs and your technological capability so that they remain aligned. Changes to any of these elements could
break this alignment and have a dramatic impact on your ability to use your digital information.
Technology change: making decisions
The table below outlines some of the risks to digital continuity you should think about when making decisions
about the type of technology you choose. Use your understanding of your business requirements and risk
appetite to inform your decision, as you will need to mitigate some risks in each case.
Retaining legacy technology
Using bespoke technology
Using off-the-shelf technology
No, or limited, support for updates to
Expensive to develop and maintain
Lack of flexibility in functionality to
technology – fixed functionality
support specific usability needs
Lack of resource for fixing failures, or
Eventually will become legacy
Compromises may be needed to
plugging security holes
technology
migrate information in to the system
May have to hire internal development
Potentially less interoperability with
Lack of influence on product roadmap
resources or contractors.
other systems
Interoperability with other systems will
Requires ongoing specialist
May still suffer incompatibility and
decline over time – future migration
knowledge to maintain – may cause
interoperability or vendor lock-in
becomes more difficult
vendor lock-in
issues (including reliance on vendor
for other related technology)
When choosing new technology, use the opportunity to increase your ability to maintain digital continuity:
Evaluate your overall IT environment and roadmap to ensure the compatibility of any new technology,
ensure that you realise efficiencies and to co-ordinate multiple changes.
Streamline your IT environment to reduce the number of applications and reduce reliance on legacy
and bespoke technology.
Ensure that IT systems where possible use open or common standards to ensure maximum
interoperability, including within your own environment.
Organisational change: managing change
Organisational change must be managed as a project, with a structured, co-ordinated and well planned
approach with appropriate business ownership and oversight. If multiple organisations are involved in the
change, the specific requirement for the digital continuity of the information affected must be recognised on
both sides.
-8-
Step 1: Plan for action – define and document the change
o
What is changing – what is it at the moment, what will it be afterwards?
o
What are the objectives of the change, what are the additional benefits?
o
How is the change being carried out, when is it occurring, who is involved?
Step 2: Define your digital continuity requirements
o
What information assets are effected?
o
What are the current usability requirements, are they changing or should they be maintained?
o
Are there any follow on impacts on technology or business processes?
Step 3: Asses and manage impact and risks to digital continuity
o
What are the risks? How will you test if these risks are realised?
o
What are the potential mitigations for each of these risks?
o
What contingency action would you take if the risk occurred?
Step 4: Maintain digital continuity – take action before and during the change to manage the continuity
o
Develop and enact testing processes to monitor the digital continuity during and after change.
o
Review the risk assessments.
o
Update IAR, CMDB and any other relevant logs and documentation.
Your business requirements drive the way that you need to use information. Any change to what your
business does, or how it does it, can have a corresponding effect on your information. A Machinery of
Government (MoG) change involving your organisation merging, dividing, or closing down altogether, may
necessitate a large-scale review of your information’s usability requirements, or importing or exporting assets
from your organisation.
Organisational change is likely to prompt data transfer, moving information into the new organisational
structure and functions, and often migrating into a different technology environment or system. Key things to
consider are:
information ownership – ensure information assets have owners and are incorporated into the
governance structure
identification of information and requirements – understand what you have, what it’s for, and where it is
as a key first stage in undertaking information transfer or migration projects
understand technology change implications – ensure you identify and plan when you need to migrate
data and assess the receiving technical environment to ensure you can still use the information as
needed
knowledge/skill loss – identify if any specialist knowledge or skill will be lost as result of the change that
could impact on your ability to use information, or maintain technology associated with it.
-9-
Watch out for small changes – even if you are not going through a major organisational restructure, your
organisation will be subject to regular changes. Ensure that your information and technology management
focus on maintaining digital continuity as an explicit business outcome.
Managing technology change
Any technology change is likely to threaten digital continuity and present risks that need managing. The
process of managing technology change will have issues around:
data management – metadata, context, history and audit trails are very easily lost, especially during
migration
access rights – security and protection must be maintained through any changes
file formats – the ability to open and use information depends on the applications available
contracts and supplier management – digital continuity should be included in managing the end of
contracts and specifying new system requirements
policies and process – technology change should not be managed in isolation from policies for
information management.
Help and information
Specific guidance:
o
Change Management for Digital Continuity SROs
nationalarchives.gov.uk/documents/change-management-for-sro(1).pdf
o
Digital Continuity for Change Managers
nationalarchives.gov.uk/documents/digital-continuity-for-change-managers.pdf
o
Migrating Information between EDRMS
nationalarchives.gov.uk/documents/edrms.pdf
o
File Format Conversion
nationalarchives.gov.uk/documents/format-conversion.pdf
o
Machinery of Government Changes: Guidance on Transfer of Records, Information and
Knowledge
nationalarchives.gov.uk/documents/machinery_of_government.pdf
o
Cabinet Office Machinery of Government Changes Best Practice Handbook
umbr4.cabinetoffice.gov.uk/media/332838/mog-handbook.pdf
The Digital Continuity Framework has several tools which may help manage change including
information management consultancy, data conversion services and data quality solutions:
nationalarchives.gov.uk/dc-framework
- 10 -
Managing Your Continuity
5 key messages from today…
Ownership is important – digital continuity needs to be a strategic objective recognised at the highest
level. An SRO is needed to drive and co-ordinate action.
Cross-disciplinary approach – digital continuity can only be managed with collaboration across IT,
IM, IA and change and project teams.
Prevention not restoration – preventing a loss of digital continuity is easier than restoring it – but
learn from incidents to improve your risk management.
Focus on information usability – put how the business needs to use its information at the centre of
your approach to managing digital continuity.
Embed in operational processes – make sure digital continuity management is part of existing IT, IM,
IA, project and change management policies and processes.
5 things you can do now…
Find out more about digital continuity – understand the issues and how they affect your own
organisation.
Find out more about your organisation – understand the policies and processes in place for
managing information, risk, technology and change.
Build bridges and ask questions – identify who needs to work on digital continuity related issues and
start connecting with them.
Manage digital continuity as a key information risk – talk to the SIRO or information risk team and
find out if they are aware of digital continuity and their responsibility to manage it.
Advocate and influence upwards – influence as best you can, and push for a digital continuity SRO
to be identified to drive this forwards.
- 11 -
Related documents
Unit 10: Course Summary and Final Exam
Unit 10: Course Summary and Final Exam
CENTENNIAL HONORS COLLEGE Western Illinois University Undergraduate Research Day 2015
CENTENNIAL HONORS COLLEGE Western Illinois University Undergraduate Research Day 2015
Continuity Formal Approach
Continuity Formal Approach
Continuity 6 Continuity 1
Continuity 6 Continuity 1
Social studies teachers should possess the knowledge, capabilities , and... organize and provide instruction at the appropriate school level for... II. TIME, CONTINUITY, AND CHANGE
Social studies teachers should possess the knowledge, capabilities , and... organize and provide instruction at the appropriate school level for... II. TIME, CONTINUITY, AND CHANGE
Digital Continuity Framework Supplier Project Assessment
Digital Continuity Framework Supplier Project Assessment
Lecture 7 - mh-lectures.co.uk
Lecture 7 - mh-lectures.co.uk
Download
advertisement