disposition - ARMA Alaska Chapter

advertisement
Alaska Chapter of ARMA International
Presented by: Dawn Kewan, ARMA Board Member & Treasurer
February 6, 2014
Based on Generally Accepted Recordkeeping Principles ©
disposition
Range of processes associated with implementing records retention, destruction or
transfer decisions which are documented in disposition authorities or other
instruments.
ISO 15489 3
2
destruction
Process of eliminating or deleting records, beyond any possible reconstruction.
transfer
Change of custody, ownership and/or responsibility for records.
Moving records from one location to another.
ISO 15489 3
3
Involves the following steps:
 Identify record that captures the transaction or business activity
 Classify the records appropriately
 Determine relevant retention period
 Identify anticipated date for disposition
 Document the retention period and anticipated disposition in the records system
 Determine what metadata to retain with record
ISO 15489 4.3.6
4
 Applied systematically
 Performed routinely
 Conducted as normal course of business
 Irreversible
 Secure
 Documented
ISO 15489 9.9
5
Not without assurance that records are:
 No longer required to be retained
 No work is outstanding
 No litigation or audit holds (current or pending)
ISO 15489 9.9
6
 Physical destruction
 Extending retention
 Transfer to storage (organization or vendor)
 Transfer to another organization or agency
 Transfer management responsibility to authorized party
 Transfer to organizational archives
 Transfer to external archives
ISO 15489 9.9
7
The Principles identify the critical hallmarks of information governance, which Gartner
describes as
an accountability framework that “includes the processes, roles, standards, and metrics
that ensure the effective and efficient use of information in enabling an organization to
achieve its goals.”
http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/metrics
8
Accountability
Compliance
Transparency
Availability
Integrity
Retention
Protection
Disposition
9
An organization shall provide secure and appropriate disposition for records that are no
longer required to be maintained by applicable laws and the organization’s policies.
10
 Provides a picture of what effective IG looks like
 Based on the eight Principles
 Defines characteristics of various levels of recordkeeping programs
 Associates various characteristics that are typical for each of the five levels
http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/metrics
11
Transformational
(Level 5)
Proactive (Level
4)
Essential (Level
3)
In Development
(Level 2)
Sub-Standard
(Level 1)
• Recordkeeping
concerns are either not
addressed at all.
• Developing
recognition that
recordkeeping has an
impact on the
organization
• Has minimum
requirements that must
be addressed in order
to meet the legal and
regulatory
requirements.
• Initiating information
governance program
improvements
throughout its business
operations.
• Integrated information
governance into its
overall corporate
infrastructure and
business processes.
12
Sub-Standard (Level
1)
 No documentation of the processes to guide transfer or disposition
 No process or inconsistent for suspending disposition in the event of litigation or audit
(Records Hold)
13
In Development
(Level 2)
 Preliminary guidelines for transfer or disposition
 Recognize importance of Records Hold process consistently
 Lack of enforcement and auditing or disposition
14
Essential (Level 3)
 Developed official procedures for records disposition and transfer
 Developed official policy and procedures for Records Hold
 Policies and procedures exist, but not standardized across the organization
 Inconsistent procedures amongst individual departments
 Defined specific goals related to disposition
15
Proactive (Level 4)
 Disposition procedures are understood and consistently applied
 Process for suspending disposition defined, understood, and used consistently
 Electronic information is expunged in accordance with retention policies
16
Transformational
(Level 5)
 Disposition process covers all records and information in all media
 Disposition is integrated into all applications, data warehouses, and repositories
 Disposition processes are consistently applied
 Processes for disposition are regularly evaluated and improved
 Organization's stated goals related to disposition have been met
17
 It saves time and storage costs;
 It enables organization to focus on higher priority records; and
 It prevents unauthorized access and use of company records
18
 Burning – in an enclosed incinerator or secure facility
 Pulping – reduces paper to pulp and often used in recycling
 Pulverizing – crush or grind to a powder or dust
 Shredding – reducing paper to fine ribbons
19
 Hard-drive shredding or cutting
 Disk encryption – encoding messages
 Image overwrite
 On demand – executed prior to removal or as needed to remove all image data from disk
 Immediately – automatically executed immediately after jobs are completed to remove
image data from disk
 Scheduled – automatic, daily overwrite of all image data from disk
 Magnetic degaussing – erasing data on magnetic media by passing a powerful
magnet over the media.
20
Physical Destruction
 Destruction should always be authorized
 Records on hold should not be destroyed
 Preserve confidential information
 Include all types of copies:
 Security
 Preservation
 Backup
 Vital Records
ISO 15489 9.9
21
Records Systems
 Removed in accordance to retention and disposition guidelines
 Or with conversion and migration strategies
 Must be documented!
 Conversion plans
 Data mapping
ISO 15489 8.3.7
22
Website Records
 Destruction
 Ensure record is destroyed completely
 Document what was destroyed and when
 Include in master RIM policy
 Transfer
 Ensure entire record (including metadata) is appropriately transferred
 Educate receiver its RIM responsibilities
 Permanent Preservation
 Ensure record content (including metadata) are properly stored
 Provide periodic backups
 Transfer data periodically
 Ensure accessibility is guaranteed
ARMA Website Records Management
23
Mobile Communications
 Disposition applied to all records on device owned by organization
 Subject to Records Holds and e-Discovery
ARMA Mobile Communications and Records and Information Management
24
Mobile Communications
 Must have a method to capture content





E-mail
Text messages
Video
Still images
Downloaded content
 Recommended to be able to collect and lock down device or create a forensic copy or
image of the content
ARMA Mobile Communications and Records and Information Management
25
Social Media
 Content created, captured, accessed, transmitted, and/or stored can be a record
 Applies to Retention Schedule
 Must have ability to suspend destruction based on legal holds
ARMA Using Social Media in Organizations
26
Don’t forget about …
Copy/Scan Machine
Fax Machine
27
Outsourced Electronic Records Storage - Ask
 What is their records destruction process?
 What about destroying eligible records stored in…
 backup systems?
 disaster recovery systems?
 Other media?
 Will they produce destruction certificates?
 Related metadata and indexing related data also destroyed?
ARMA Guideline for Outsourcing Electronic Records Storage and Disposition
28
 Records holds due to potential or current litigation or audit
 Changes to the retention schedule that is pending approval
29
 Records holds due to potential or current litigation or audit
 Communicate to all appropriate staff about the hold
 Don’t forget to place records back into disposition process once hold has been
released
30
 Document reason for extending the retention period
 Identify who is requesting the extension
 Research the request
 Make a recommendation
 Re-submit for approval
31
Document chain of custody or transfer records transfer log to track records moving
from one location to another.
 Describe the record that captures the transaction or business activity
 Classify the records appropriately
 Determine relevant retention period
 Identify anticipated date for disposition
32
 Document chain of custody or transfer records transfer log
 Records appraised by qualified professional
 Appraisal based upon historical value of records
Transfer vs. Accession
transfer – moving records into physical custody of a NARA Records Center, sender
retains legal custody until final disposition.
accession – when permanent records are sent, NARA takes legal custody.
Guidance and Policy for Accessioning Records to the National Archives
http://www.archives.gov/records-mgmt/accessioning/
33
Document!
Document!
Document!
 Retention periods apply to all records within the organization
 Never destroy records until retention requirements have ceased
 Require authorization for destruction
 Ensure security and confidentiality of all records within custody
 Define process and appropriate method and verify
 Develop a process to suspend destruction when required
35
Authorization for Destruction/Transfer Form
 Date of destruction
 Method of destruction
 Description of the disposed records
 Inclusive dates
 A statement that the records were destroyed in the normal course of business
 The signatures of the individuals approving, supervising and witnessing the destruction
or transfer
36
Certification of Destruction/Transfer
 Provides evidence that the records in question have in fact been destroyed or transferred
 Destruction Method
 Date of Destruction
 Materials Destroyed
37
Don’t forget to ….
 Monitor
 Audit
 Train & Educate
38
Are all records, in all media, eligible for disposition according to retention included?
Is your retention schedule up-to-date with the applicable laws?
Authorities for disposition appropriately assigned and up-to-date?
Did you confirm that records related to a pending or ongoing litigation or audit are
suspended from disposition?
Has the destruction process been documented?
Are the records required for any further legal, administrative or business use?
Were the records approved for destruction by an authorized member of the
organization?
Was the method of destruction appropriate for the type of media and the sensitivity of
the record?
39
Destruction
 Records are transported securely and destroyed completely (irreversibly)
Transfer
 Document chain of custody or transfer records transfer log
 Records appraised by qualified professional
 Appraisal based upon historical value of records
40
 Principles are interdependent.
 Real value comes from implementing them as a whole framework.
 Together they support an organization’s overall records and information
management program.
 Provides tool to benchmark and continuously make improvements to your
program.
41
CohassetAssociates
2011/2012 ARMA International Survey Results
Records Management & Governance of
Electronically Stored Information (ESI)
42
March 6 – Principle of Retention
April 10 – Principle of Transparency
May 16 – Annual Spring Conference
43
Download