Mark Merifield, The National Archives

July 4 2013

Digital Continuity:

Making sure your bits don’t bite

(…or how we jump from the

Carlisle - Presley Paradox to the

mitigation of information risk

through information

management, defining what we

do via a supermarket analogy

along the way)

Because today is about Information Assurance

“IA is a measured confidence about how we manage our information assets, managing risk as we go”

Paul Dodgson, DSA

4

And since we’re talking about assets

“An information asset is a body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited effectively.

Information assets have recognisable and manageable value, risk, content and lifecycles. “

The National Archives

5

And since we’re talking about understanding, sharing, protecting and exploiting

The Information Principles (2012)

And since we’re talking about digital continuity

“The ability to use digital information for as long as you need in the way you need, over time and through change.”

Information is usable when it is complete and available. In other words when it can be: found, opened, worked with, understood and trusted.

The National Archives

7

TNA Catalogue reference: INF 3/318

Consistent and unified

http://blog.nationalarchives.gov.uk/wp-content/uploads/2013/06/Untitled-1.jpg

Of the web not on the web

“… the future of collaboration and governance in government digital and technology: browser-based, iterative, owned by many, and with a strong bias towards action”

GDS

9

“…we can't build our dreams, on suspicious minds” - Elvis Presley

“We dream the same dream, we want the same thing,”

- Belinda Carlisle

The Carlisle-Presley Paradox

Man Alive! 2010, Flickr.com

TNA Catalogue reference DEFE 1/322

So, what is it we really do?

We’re a supermarket!

Making goods (read: information) available

• Deliver what the user wants (and not what they don’t) and where

• Organise it in a logical manner so it can be easily found

• Label the goods so we understand their value

• Keep similar products together

• Support easy delivery of goods to the user’s location

• Get rid of goods when they’re too old

• Protect the goods, especially the important (expensive) goods

• Keep an audit of what’s coming in and going out

• Keep an evidence base of activities and transactions

• Have staff on hand to help when it all gets too much

• Deliver online services

14

7 business requirements

1. Information must be managed within an environment with governance

2. Decisions must be based on value and risk

3. Information must be available and usable

4. The evidence base must be maintained

5. Context and ownership must be managed (through transfer)

6. Information must be disposed of when no longer required

7. Risks must be managed to non-compliance, information loss and costs

7 business risks

1. We don’t know what we have, where it is or what anyone is doing with it

2. We don’t know what it’s for

3. We can’t use it

4. We can’t prove anything

5. We don’t understand it

6. We’re compounding the problem

7. We’re breaking the law and spending too much

Where the bits start to bite

Information

Technology

The risks – what do we need to do?

1. We don’t know what we have, where it is or what anyone is doing with it

2. We don’t know what it’s for

3. We can’t use it

4. We can’t prove anything

5. We don’t understand it

6. We’re compounding the problem

7. We’re breaking the law and spending too much

Mitigating risks?

1. Consistent and unified management, standards and processes

2. Business and user analysis with risk / value criteria

3. Centralised mapping of information to technology to use requirements

4. Minimise user decision making, apply corporate decisions at point of creation

5. Export requirements, planning and testing

6. Disposal schedules (value = retention, includes historical value)

7. Action all of the above

20

Growing teeth

Business Need (what is it for)

Information (what have you got)

Technical Environment (where is it)

It’s not going to be easy It is going to be worth it

Good Luck!