Alaska Chapter of ARMA International Presented by: Dawn Kewan, ARMA Board Member & Treasurer...
-
Upload
ezequiel-neal -
Category
Documents
-
view
219 -
download
0
Transcript of Alaska Chapter of ARMA International Presented by: Dawn Kewan, ARMA Board Member & Treasurer...
PRINCIPLE OF DISPOSITION
Alaska Chapter of ARMA International
Presented by: Dawn Kewan, ARMA Board Member & Treasurer
February 6, 2014
Based on Generally Accepted Recordkeeping Principles ©
2
WHAT DOES DISPOSITION MEAN?disposition
Range of processes associated with implementing records retention, destruction or transfer decisions which are documented in disposition authorities or other instruments.
ISO 15489 3
3
TYPES OF DISPOSITIONdestruction
Process of eliminating or deleting records, beyond any possible reconstruction.
transfer
Change of custody, ownership and/or responsibility for records.
Moving records from one location to another.
ISO 15489 3
4
IDENTIFY DISPOSITION STATUSInvolves the following steps:
Identify record that captures the transaction or business activity
Classify the records appropriately
Determine relevant retention period
Identify anticipated date for disposition
Document the retention period and anticipated disposition in the records system
Determine what metadata to retain with record
ISO 15489 4.3.6
5
DISPOSITION IN THE ORGANIZATION Applied systematically
Performed routinely
Conducted as normal course of business
Irreversible
Secure
Documented
ISO 15489 9.9
6
WHEN NOT TO APPLY DISPOSITIONNot without assurance that records are:
No longer required to be retained No work is outstanding No litigation or audit holds (current or pending)
ISO 15489 9.9
7
DISPOSITION ACTION Physical destruction
Extending retention
Transfer to storage (organization or vendor)
Transfer to another organization or agency
Transfer management responsibility to authorized party
Transfer to organizational archives
Transfer to external archives
ISO 15489 9.9
8
THE PRINCIPLES - INTRODUCTION
The Principles identify the critical hallmarks of information governance, which Gartner describes as
an accountability framework that “includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in
enabling an organization to achieve its goals.”
http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/metrics
9
THE PRINCIPLES Compliance
Availability
Retention
Disposition
Accountability
Transparency
Integrity
Protection
10
PRINCIPLE OF DISPOSITION
An organization shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws and the
organization’s policies.
11
MATURITY MODEL FOR INFORMATION GOVERNANCE Provides a picture of what effective IG looks like
Based on the eight Principles
Defines characteristics of various levels of recordkeeping programs
Associates various characteristics that are typical for each of the five levels
http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/metrics
12
Sub-Standard (Level 1)• Recordkeeping
concerns are either not addressed at all.
In Development (Level 2)• Developing
recognition that recordkeeping has an impact on the organization
Essential (Level 3)• Has minimum
requirements that must be addressed in order to meet the legal and regulatory requirements.
Proactive (Level 4)• Initiating information
governance program improvements throughout its business operations.
Transformational (Level 5)• Integrated
information governance into its overall corporate infrastructure and business processes.
MATURITY MODEL – METRICS FOR DISPOSITION
13
USING THE MATURITY MODEL AS A TOOL
No documentation of the processes to guide transfer or disposition
No process or inconsistent for suspending disposition in the event of litigation or audit (Records Hold)
Sub-Standard (Level 1)
14
USING THE MATURITY MODEL AS A TOOL
Preliminary guidelines for transfer or disposition
Recognize importance of Records Hold process consistently
Lack of enforcement and auditing or disposition
In Development (Level 2)
15
USING THE MATURITY MODEL AS A TOOL
Developed official procedures for records disposition and transfer
Developed official policy and procedures for Records Hold
Policies and procedures exist, but not standardized across the organization
Inconsistent procedures amongst individual departments
Defined specific goals related to disposition
Essential (Level 3)
16
USING THE MATURITY MODEL AS A TOOL
Disposition procedures are understood and consistently applied
Process for suspending disposition defined, understood, and used consistently
Electronic information is expunged in accordance with retention policies
Proactive (Level 4)
17
USING THE MATURITY MODEL AS A TOOL
Disposition process covers all records and information in all media
Disposition is integrated into all applications, data warehouses, and repositories
Disposition processes are consistently applied
Processes for disposition are regularly evaluated and improved
Organization's stated goals related to disposition have been met
Transformational (Level 5)
18
REASONS FOR DESTRUCTION It saves time and storage costs;
It enables organization to focus on higher priority records; and
It prevents unauthorized access and use of company records
19
DESTRUCTION - METHODS Burning – in an enclosed incinerator or secure facility
Pulping – reduces paper to pulp and often used in recycling
Pulverizing – crush or grind to a powder or dust
Shredding – reducing paper to fine ribbons
20
DESTRUCTION - METHODS Hard-drive shredding or cutting
Disk encryption – encoding messages
Image overwrite On demand – executed prior to removal or as needed to remove all image data
from disk Immediately – automatically executed immediately after jobs are completed to
remove image data from disk Scheduled – automatic, daily overwrite of all image data from disk
Magnetic degaussing – erasing data on magnetic media by passing a powerful magnet over the media.
21
PRINCIPLE OF DISPOSITION – PROCESSESPhysical Destruction
Destruction should always be authorized
Records on hold should not be destroyed
Preserve confidential information
Include all types of copies: Security Preservation Backup Vital Records
ISO 15489 9.9
22
PRINCIPLE OF DISPOSITION – PROCESSESRecords Systems
Removed in accordance to retention and disposition guidelines
Or with conversion and migration strategies
Must be documented! Conversion plans Data mapping
ISO 15489 8.3.7
23
PRINCIPLE OF DISPOSITION – CONSIDERATIONSWebsite Records
Destruction Ensure record is destroyed completely Document what was destroyed and when Include in master RIM policy
Transfer Ensure entire record (including metadata) is appropriately transferred Educate receiver its RIM responsibilities
Permanent Preservation Ensure record content (including metadata) are properly stored Provide periodic backups Transfer data periodically Ensure accessibility is guaranteed
ARMA Website Records Management
24
PRINCIPLE OF DISPOSITION – CONSIDERATIONSMobile Communications
Disposition applied to all records on device owned by organization
Subject to Records Holds and e-Discovery
ARMA Mobile Communications and Records and Information Management
25
PRINCIPLE OF DISPOSITION – CONSIDERATIONSMobile Communications
Must have a method to capture content E-mail Text messages Video Still images Downloaded content
Recommended to be able to collect and lock down device or create a forensic copy or image of the content
ARMA Mobile Communications and Records and Information Management
26
PRINCIPLE OF DISPOSITION – CONSIDERATIONSSocial Media
Content created, captured, accessed, transmitted, and/or stored can be a record
Applies to Retention Schedule
Must have ability to suspend destruction based on legal holds
ARMA Using Social Media in Organizations
27
PRINCIPLE OF DISPOSITION – CONSIDERATIONSDon’t forget about …
Copy/Scan Machine
Fax Machine
28
PRINCIPLE OF DISPOSITION – CONSIDERATIONSOutsourced Electronic Records Storage - Ask
What is their records destruction process?
What about destroying eligible records stored in… backup systems? disaster recovery systems? Other media?
Will they produce destruction certificates?
Related metadata and indexing related data also destroyed?
ARMA Guideline for Outsourcing Electronic Records Storage and Disposition
29
REASONS FOR SUSPENDING DESTRUCTION Records holds due to potential or current litigation or audit
Changes to the retention schedule that is pending approval
30
RECORDS HOLD Records holds due to potential or current litigation or audit
Communicate to all appropriate staff about the hold
Don’t forget to place records back into disposition process once hold has been released
31
EXTENDING RETENTION Document reason for extending the retention period
Identify who is requesting the extension
Research the request
Make a recommendation
Re-submit for approval
32
TRANSFER TO STORAGEDocument chain of custody or transfer records transfer log to track records moving from one location to another.
Describe the record that captures the transaction or business activity
Classify the records appropriately
Determine relevant retention period
Identify anticipated date for disposition
33
TRANSFER TO IN/EXTERNAL ARCHIVES, OR RESPONSIBILITIES Document chain of custody or transfer records transfer log
Records appraised by qualified professional
Appraisal based upon historical value of records
Transfer vs. Accession
transfer – moving records into physical custody of a NARA Records Center, sender retains legal custody until final disposition.
accession – when permanent records are sent, NARA takes legal custody.
Guidance and Policy for Accessioning Records to the National Archives
http://www.archives.gov/records-mgmt/accessioning/
STEPS TO ACHIEVE COMPLIANCEDocument! Document!
Document!
35
DOCUMENTATION - POLICY Retention periods apply to all records within the organization
Never destroy records until retention requirements have ceased
Require authorization for destruction
Ensure security and confidentiality of all records within custody
Define process and appropriate method and verify
Develop a process to suspend destruction when required
36
DOCUMENTATION - FORMSAuthorization for Destruction/Transfer Form
Date of destruction Method of destruction Description of the disposed records Inclusive dates A statement that the records were destroyed in the normal course of business The signatures of the individuals approving, supervising and witnessing the
destruction or transfer
37
DOCUMENTATION - FORMSCertification of Destruction/Transfer
Provides evidence that the records in question have in fact been destroyed or transferred
Destruction Method Date of Destruction Materials Destroyed
38
STEPS TO ACHIEVE COMPLIANCEDon’t forget to ….
Monitor
Audit
Train & Educate
39
CHECKLISTAre all records, in all media, eligible for disposition according to retention
included?
Is your retention schedule up-to-date with the applicable laws?
Authorities for disposition appropriately assigned and up-to-date?
Did you confirm that records related to a pending or ongoing litigation or audit are suspended from disposition?
Has the destruction process been documented?
Are the records required for any further legal, administrative or business use?
Were the records approved for destruction by an authorized member of the organization?
Was the method of destruction appropriate for the type of media and the sensitivity of the record?
40
SUMMARYDestruction
Records are transported securely and destroyed completely (irreversibly)
Transfer
Document chain of custody or transfer records transfer log
Records appraised by qualified professional
Appraisal based upon historical value of records
41
THE PRINCIPLES Principles are interdependent.
Real value comes from implementing them as a whole framework.
Together they support an organization’s overall records and information management program.
Provides tool to benchmark and continuously make improvements to your program.
42
“BETTER SAFE THAN SORRY” ISN’T ALWAYS SAFE!
CohassetAssociates
2011/2012 ARMA International Survey Results
Records Management & Governance of
Electronically Stored Information (ESI)
43
COMING SOON….March 6 – Principle of Retention
April 10 – Principle of Transparency
May 16 – Annual Spring Conference