[an error occurred while processing this directive]
Speaker Presentation Preservation and Access for Electronic College and University Records
October 12 – 13, 2001
Trustworthy Electronic Records: An Information Systems Approach
1
Presentation Overview
Background and overview of the Trustworthy Information Systems (TIS) Methodology
TIS Development Process
TIS Handbook and Criteria Set
Testing and Promotion
Who’s Using the TIS Methodology
Current and Future Work
October 2001, Minutes of Minnesota Historical Society
2
TIS Milestones
Nov. 1997: Initial funding from the NHPRC
May 1999: Additional funding from Minnesota State Legislature
Dec. 1999: TIS Handbook online
Jan. 2000: TIS final report to the NHPRC
Nov. 2000: TIS Legal Risk Analysis Tool
Oct. 2001: Version 3 released
October 2001, Minutes of Minnesota Historical Society
3
TIS Methodology is a Toolkit
It is an evaluation toolkit, in the form of a handbook, for information systems development projects of all sizes and types.
TIS tools were tested in real work settings and endorsed by the partner agencies that used them.
The TIS criteria are the foundation for the TIS methodology.
October 2001, Minutes of Minnesota Historical Society
4
Focus on the System
If an information system can be shown to be trustworthy, then it follows that the records it contains are trustworthy as well.
It’s easier to focus on the system than on all of the individual records.
Trustworthy Information System = Authentic + Reliable Records.
October 2001, Minutes of Minnesota Historical Society
5
Authenticity and Reliability
Authentic and reliable information is a recurring theme throughout the methodology
Authenticity: The record’s reliability over time; function of the record’s preservation
Reliability: The measure of a record’s authority; determined by the circumstances of the record’s creation
October 2001, Minutes of Minnesota Historical Society
6
TIS Criteria Basics
Technical and non-technical considerations for systems to ensure reliable and authentic information
Can be implemented at any time during the information systems life cycle
They are practical and flexible; can be adapted to fit unique needs in any enterprise
October 2001, Minutes of Minnesota Historical Society
7
The TIS Criteria Set
Tool for establishing trustworthiness
Asked: what characteristics are essential for a trustworthy information system? For trustworthy records?
Surveyed a variety of sources (records management, archives, legal, audit, government)
October 2001, Minutes of Minnesota Historical Society
8
Special RM / Archival Concerns
Records disposition plan
Details of creation, modification, storage
Relation to other records
Managed as a unit; can reconstruct on demand
Officially incorporated into recordkeeping system
October 2001, Minutes of Minnesota Historical Society
9
Special Legal Concerns
Created and managed during routine course of business: must be able to prove continuous operation of established procedures
Produced in a timely manner: must be able to document delays and anomalies
Business transactions conducted only through designated recordkeeping system
Maintained by appropriate authorized office
October 2001, Minutes of Minnesota Historical Society
10
Special Audit Concerns
User access/identification procedures
Appropriate user privilege assignments
Prevention of modification of record identifier and content; altered records considered new entries and assigned new identifiers
Audit trails for creation and access
October 2001, Minutes of Minnesota Historical Society
11
Criteria Set
Incorporates records management, archival, legal, and audit requirements with special emphasis on Minnesota laws and policies - best practices
Easily updated with new sources
October 2001, Minutes of Minnesota Historical Society
12
Criteria Set
Grouped by topic:
System documentation
Access and security
Audit trails and accountability
Disaster recovery plans
Record metadata
Bibliography of sources
October 2001, Minutes of Minnesota Historical Society
13
1. Documentation
System administrators should maintain complete and current documentation of the entire system including policies, operating procedures, and audit trails of documentation revisions.
October 2001, Minutes of Minnesota Historical Society
14
1B. Policy and Procedure Documentation
Programming conventions and procedures
Record formats and codes
Applications and associated procedures such as methods of entering/accessing data, modification, duplication, deletion, indexing techniques, and outputs
Record migration
Etc….
October 2001, Minutes of Minnesota Historical Society
15
5. Each record should have metadata
Might include:
Unique identifier
Date, time of creation
Date, time of modification
System or mechanism used for capture
Indication of authoritative version
Sensitivity classification
October 2001, Minutes of Minnesota Historical Society
16
Criteria Set: Other Items
Questions to Ask: general items in sidebar to consider while using the criteria; includes special ones for data warehouses
Did You Know: highlights criteria-related items drawn from Minnesota government sources
Consider This: items expand upon particular criteria
October 2001, Minutes of Minnesota Historical Society
17
Implementation
Taken as a whole, the criteria set represents an ideal-world trustworthy information system.
But not all records are of equal value!
You determine what your needs are and which criteria are appropriate for your situation.
October 2001, Minutes of Minnesota Historical Society
18
General Considerations
What are the laws and regulations that apply to your records?
What are the industry standards for system security? Record security and retention?
What areas/records might lawyers and auditors target?
Which records are of permanent/historical value?
October 2001, Minutes of Minnesota Historical Society
19
For Legal Investigations, Audits,etc.
Must be shown that:
Informed choices were made that were appropriate for the records
Appropriate policies and procedures are in place and are followed during the routine course of business
October 2001, Minutes of Minnesota Historical Society
20
Tool for Risk Assessment
For systems in the development phase:
Determine the value / sensitivity of the records
Weigh the value of the records against the cost (time, money, etc.) of implementing each criterion
Choose only those that support chosen level of risk
October 2001, Minutes of Minnesota Historical Society
21
Tool for Risk Assessment
For existing information systems:
Determine the value / sensitivity of the records
Determine which criteria are already in place and decide whether the current configuration meets chosen risk level
Choose additional criteria for implementation as appropriate after weighing costs
October 2001, Minutes of Minnesota Historical Society
22
Documentation is Key!
Document that each criterion was considered, what the decision was regarding implementation, and the rationale. Note the date, the personnel involved, etc.
Follow through with consistent application of choices
October 2001, Minutes of Minnesota Historical Society
23
TIS Test Systems
An enterprise-wide information system for administering various home mortgage programs
A human resources / benefits / payroll system
A mission-critical data warehouse accessed by virtually all Minnesota state agencies
A web-based curriculum repository for educators
An online bidding system for contracts
October 2001, Minutes of Minnesota Historical Society
24
TIS Handbook
Centered around the TIS criteria set
Based on field test findings
Applicable to any type of information system
Directed toward policy makers and technical staff
October 2001, Minutes of Minnesota Historical Society
25
TIS Handbook Components
What’s in it for you?
How do you use the Handbook?
What is a trustworthy information system?
What is the process for establishing trustworthiness?
Who should participate?
October 2001, Minutes of Minnesota Historical Society
26
TIS Handbook Components
Why are metadata and documentation important?
How do you use the criteria set?
Criteria set
Glossary, bibliography
Appendices: TIS development, versioning, laws, field tests, tools
October 2001, Minutes of Minnesota Historical Society
27
Criteria
In Place?
Yes/No
Planned?
Yes/No
Rationale/Notes
What laws and/or regulations apply to the records within your system?
1.B.1 System Documentation: programming conventions and procedures
28
Legal Risk Analysis Tool
Helps determine legal risk related to records:
Scenarios for different situations (e.g., records are lost, mishandled, inaccurate)
By Minnesota Government Data Practices Act classification
By possible legal consequences
General questions to consider
Suggestions for mitigation keyed to TIS criteria
Tips for completing the assessment process
October 2001, Minutes of Minnesota Historical Society
29
TIS Meets A Need
TIS fills an important gap in information policy in Minnesota government.
TIS addresses information technology AND information policy… at the same time.
TIS presents a practical way to get this job done.
October 2001, Minutes of Minnesota Historical Society
30
TIS Promotion and Education
Policy makers
Government advisory bodies
Government and industry IT and records management groups
Interested staff at a variety of agencies
We went anywhere and everywhere!
October 2001, Minutes of Minnesota Historical Society
31
Who’s Using TIS?
In Minnesota:
Approved and supported by the state Information Policy Council
Gradual adoption by state and local agencies like the Minnesota Department of Health
Other places adapting/adopting/studying:
Ohio Electronic Records Committee; Kansas ERC; City of Henderson, NV; Smithsonian Institution Archives; Canadian agencies…
October 2001, Minutes of Minnesota Historical Society
32
TIS Handbook Distribution
Primary distribution through the World Wide Web
Separate online sections, tutorial approach, PDFs for downloads
Easy to revise as necessary — current version always readily available
October 2001, Minutes of Minnesota Historical Society