Add to collection(s) Add to saved
  1. Business
  2. Management

Audit Compliance Training for ImageNow Managers

advertisement 
IMAGENOW
Meeting Compliance
Understanding Standards & Procedures
WHY ARE WE HERE?
• To learn the steps each office needs to take to meet the
compliance requirements for NDSU’s internal document
imaging audit.
• Campus Audit is reported to NDUS each year (June) by
NDSU Chief IT Security Officer
• Audit is conducted to meet requirements of NDUS Policy
1901.4
NDUS POLICY 1901.4
Purpose:
“The purpose of this procedure is to establish an imaging
procedure for all NDUS institutions that create, use, and
manage digital images on optical imaging systems.”
NDUS POLICY 1901.4
Procedure Summary:
2. “Institutions shall create and follow documentation that
outlines and describes system hardware and software
specifications and written policies and procedures that
document the creation, maintenance, use and
preservation of digital images within the system.”
3. “Training schedules that include initial instruction as
well as regular, ongoing retraining must be implemented
to ensure that employees understand the policies and
procedures and any changes that may occur.”
INITIAL ACCESS & TRAINING
Checklist Item #1
• Procedures for electronic imaging of documents have
been formally documented and are provided to
individuals who have been given access or duties related
to imaging documents.
Translation:
• Do you have training documents and/or user manuals
prepared for first-time ImageNow users?
INITIAL ACCESS & TRAINING
Create Tutorials for the Basics:
•
•
•
•
•
Logging In, Logging Off, & Password Changes
Toolbar Icons, Interface & Default Settings
How to Search
How to Scan/QA/Link
How to Upload & Link using ImageNow Printer
Resources:
• ImageNow User Manual (PDF, hard copy, Client Help)
• Internal Customized Tutorials
CONFIDENTIAL DATA TRAINING
Checklist Item #2
• Individuals with access to data and system have been
given appropriate training regarding policies and
procedures for security and safety of data stored and
manipulated within system. The training is ongoing and
is updated according to changes in policy and federal law.
Checklist Item #9
• All those assigned access and use the system have
undergone basic training on handling and use of
confidential data and have signed confidentiality
agreements.
CONFIDENTIAL DATA TRAINING
Translation:
• Have users reviewed data privacy policy & completed
confidential data training before using ImageNow?
How do we Comply?
• Log and file (date of training, who attended, who provided training)




NDUS Data Privacy Training
Signed Confidentiality Agreement
Responsibility Review
Security/Confidentiality Topic during Staff Meeting
SCANNING & QA TRAINING
Checklist Item #10
• Individuals who perform the scan or validation function
have received additional training on document quality
assurance.
How do we Comply?
• Create separate training tutorial for scanning process
• Make sure VRS settings are optimized for all documents
• Do not allow “Bypass QA” setting for scanning profiles
SYSTEM OVERSIGHT
Checklist Item #3
• An individual(s) has been assigned the responsibility to
oversee and manage the training of assigned personnel.
Translation:
• Each participating office needs to have a designated
ImageNow “Manager”
Why is this Required?
• Act as a “point of contact” for each office
• Limits number of users who can access & change security
• In charge of keeping & collecting audit compliance data
SYSTEM OVERSIGHT
Checklist Item #12
• Logs of individual training are maintained by the
person(s) managing the oversight of those who use the
system.
Translation:
• ImageNow “Managers” need to keep track of which users
have received which types of training and when.
How do we Comply?
• A spreadsheet will be developed and distributed to help
managers track user training.
SYSTEM OVERSIGHT
Proposed Spreadsheet:
• Record completed training dates for each user
• Submit copy of spreadsheet for audit each year
Name
Role
Data
Privacy
Conf.
Data
1st Time
User
Scan
& QA
Resp.
Review
Staff
Meeting
User #1
Power
User
08/23/2004
07/01/2012
09/15/2010
10/10/2010
03/01/2011
04/26/2012
User #2
Manager
11/03/1995
07/01/2012
05/21/2007
10/10/2010
06/01/2011
04/26/2012
User #3
Staff
03/17/2008
07/01/2012
09/15/2010
10/10/2010
09/01/2011
04/26/2012
User #4
Student
09/30/2011
07/01/2012
10/15/2011
10/15/2011
12/01/2011
04/26/2012
SECURITY MANAGEMENT
Checklist Item #4
• Separation of duties is in place for individuals who have
been given access to the imaging system. (For example
the person who scans in a document does not have the
ability to delete a document.)
Checklist Item #6
• Formally documented procedures have been established
to ensure that only authorized personnel can create,
copy, annotate, or access digital images within the
system. This access is granted based on specific need for
use of the system.
SECURITY MANAGEMENT
Translation:
• Assign user security settings according to function
• Don’t grant more access than absolutely necessary
Keep track of:
•
•
•
•
•
•
Who is responsible for scanning?
Who can delete linked documents?
Who can view documents in which drawers?
Who can view certain document types?
Who can edit custom properties, notes, annotations?
Who can print, save, or email imaged documents?
DOCUMENT VALIDATION
Checklist Item #5
• A validation process using a sampling technique has been
implemented to verify that the scanned document
matches the original document. This process is
conducted and documented each quarter.
Checklist Item #11
• Logs are collected, monitored and documented to verify
reproduction accuracy and reliability according to the
original document.
DOCUMENT VALIDATION
Validation Process:
• ImageNow Documents
1.
2.
3.
4.
Search for documents created on certain date
Randomly select documents (note Date, ID#, DocType, & # of pages)
Locate selected documents in hard copy archive
Confirm quality of the documents
• Hard Copy Documents
1. Randomly select documents from hard copy archive
2. Search for documents in ImageNow
3. Confirm quality of scanned documents
DOCUMENT VALIDATION
VALIDATION PROCESS DEMONSTRATION
Nancy Kasper
Registration & Records
USER MANAGEMENT
Checklist Item #7
• Those employees no longer needing access to the system
have been removed.
Process:
• ImageNow “Manager” deactivates user account in
ImageNow and removes user from all associated groups
 Or contact Viet to have him deactivate the user
• Notify your IT Liaison to include removal of “ImageNow
service tag” when the Help Desk ticket requesting end of
IT services is submitted
DOCUMENT MANAGEMENT
Checklist Item #8
• Digital images that are the records of documented
business processes have been linked to the business
processes that created them.
Translation:
• Documents are stored in “Drawers” of the department
that created them
• Drawer names are changed when documents transfer
between departments
 “View” access is usually retained by original department
DOCUMENT MANAGEMENT
Checklist Item #13
• All digital images are destroyed according to NDSU
Records and Retention policy and procedure 713.
Translation:
• Documents need to be purged based on the document
retention schedule (www.ndsu.edu/recordsmanagement)
Process:
1. Query is run for ID#s of “inactive students” (last 5 years?)
2. ImageNow is searched for documents “In List”
3. Index fields & custom properties determine purge items
DOCUMENT MANAGEMENT
Checklist Item #14
• All data that is stored as an image is classified according
to NDUS policy and procedure 1901.2.
Translation:
• “Any electronic data asset of the NDUS or Institution shall
be classified as Public, Private or Confidential according
to the following standards.” – NDUS 1901.2
How do we comply?
• “Confidential” drawers can be created for highly sensitive
documents that can only be accessed by designated
users
DOCUMENT AUDITING
Checklist Item #15
• A system “audit trail” is in place to document who, the
date and time, and what was accessed for the previous
12 months. This “audit trail” is maintained and available
for review.
How do we comply?
• “Audit” setting in ImageNow is turned on for:






Add Annotations
Document Copy
Document Create
Document Create via Batch
Document Delete
Document Move





Document Page Delete
Document Restore
Document Send to Recycle Bin
Document View
User Login
QUESTIONS?
Related documents
Travel & AP Imaging What does that mean to me?
Travel & AP Imaging What does that mean to me?
Historical Story Revising and Editing Checklist
Historical Story Revising and Editing Checklist
Lessons Learned - Missouri University of Science and Technology
Lessons Learned - Missouri University of Science and Technology
Project Transition Checklist
Project Transition Checklist
Students Chart Progress - Hastings Public Schools
Students Chart Progress - Hastings Public Schools
Self-Evaluation and Checklist for Essay #2
Self-Evaluation and Checklist for Essay #2
documentation checklist
documentation checklist
Board Training Checklist - National Center for Farmworker Health
Board Training Checklist - National Center for Farmworker Health
draft NDUS System-wide master plan.
draft NDUS System-wide master plan.
Download
advertisement