Na#onal Archives and Records Administra#on Brewer-Rosen.pdf · Moderniza#on Goals Require...
Transcript of Na#onal Archives and Records Administra#on Brewer-Rosen.pdf · Moderniza#on Goals Require...
Na#onalArchivesandRecordsAdministra#onSeptember26,2017
FederalAuditExecu9veCouncil
AnnualConference
LaurenceBrewer–ChiefRecordsOfficerfortheU.S.GovernmentDonaldRosen–Director,RecordsManagementOversightand
Repor#ng
ModernizingRecordsManagement
• Presiden9alMemorandum
• ManagingGovernmentRecordsDirec9ve
• NARADraGStrategicPlan
Moderniza#onGoals
Requireelectronicrecordkeepingtoensuretransparency,efficiency,andaccountability
DemonstratecompliancewithFederalrecordsmanagementstatutesandregula9ons
Transforma#onalTargets
4
By2016,agenciesmanageallemailinanaccessible,electronicformat
By2019,agenciesmanageallpermanentelectronicrecordsinelectronicformats
TheDirec9verequiredNARAtotakeac9onon18othertargets,mostcompletedby2016
DraGStrategicPlan• FourStrategicGoals
– MakeAccessHappen– ConnectwithCustomers– MaximizeNARA’sValuetotheNa9on– BuildOurFutureThroughOurPeople
• ByFY2020,NARAwillhavepoliciesandprocessesinplacetosupportFederalagencies’transi9ontofullyelectronicrecordkeeping.
• ByDecember31,2022,NARAwill,tothefullestextentpossible,nolongeraccepttransfersofpermanentortemporaryrecordsinanalogformatsandwillacceptrecordsonlyinelectronicformatandwithappropriatemetadata.
• ByFY2019,NARAwillconductinspec2onsofrecordsmanagementprac2cesat10percentofFederalagenciesperyear,toensurethatFederalemailandotherpermanentelectronicrecordsarebeingmanagedinanelectronicformat.
5
CurrentandFuturePriori#es• 2019SuccessCriteria
• ERMRequirements,FIBFandUseCases,GSASchedule36
• WebGuidanceRefresh
• Digi9za9onandMetadataGuidance
• Advocacy,Outreach,andSAORMEngagement
SAORMEngagement• LeadershipofSAORMsiscri9caltosuccess
• SAORMpost-transi9onemailsandmee9ngs
• NARABulle9ndefinesroles,responsibili9es,andexpecta9ons
Na#onalArchivesandRecordsAdministra#onSeptember26,2017
FederalAuditExecu9veCouncil
AnnualConference
DonaldRosen–Director,RecordsManagementOversightandRepor#ng
RecordsManagementOversight
h`p://www.archives.gov/records-mgmt/resources/inspec9ons.html
h`ps://www.archives.gov/records-mgmt/resources/rm-inspec9ons
AgencyInspec9ons• Purpose
– Basedon36CFR1239,PartofNARA’sregulatoryoversightrole– Iden9fychallengesandrecommendsolu9ons– Monitorimprovementsandprogress
• Doagencieshave– Policies,direc9ves,SOPs,trainingprograms,evalua9onofrecordsprograms,– Recordsmanagementawarenessandoutreach
• RecordsProgramandScheduleimplementa9on– Accessandretrieval,Storageareasandissueswithrecordscenters– Retainedrecords,Dounscheduledrecordsexist
• Rela9onshipwithIT– Informa9onResourcesManagementPlans–isrecordsmanagementincluded?– SystemsDevelopmentLifeCycle–howwellis(orif)recordsmanagement
embeddedintheprocess• ElectronicRecordsManagement(includingemail),M-12-18goalsstatus
Authori9es• 44UnitedStatesCode(U.S.C.)2904(c)(7)and2906toinspectrecordsmanagementprogramsandprac9cesofFederalagencies
– 2904(c)(7)…theArchivistshallhavetheresponsibility…toconductinspec9onsorsurveysoftherecordsandtherecordsmanagementprogramsandprac9ceswithinandbetweenFederalagencies…
– 2906(a)(1)…theArchivist(ordesignee)mayinspecttherecordsortherecordsmanagementprac9cesandprogramsofanyFederalagencysolelyforthepurposeofrenderingrecommenda9onsfortheimprovementofrecordsmanagementprac9cesandprograms…
Inspec9onProcesses
Inspec9onPrepara9on
Communica9onswithTargetAgency
ReviewdocumentsfromTargetAgency
ConductSiteVisitsandTelecons
Report
PlansofCorrec9veAc9on
Agenciesarerequiredtocreateaplaninresponsetoinspec9onfindingsandrecommenda9ons
Wetrackprogressthroughsemi-annualreportsandfollowupsitevisitsastravelallows
ComplianceAchievementRepor9ngSystem(CARS)
UnauthorizedDisposi9on• Whatisunauthorizeddisposi9on?
– Unlawfuloraccidentalremoval,defacing,altera9on,ordestruc9onofrecords
• WhyarewerequiredtoreportthistoNARA– CFR:Title36,ChapterXII,SubchapterB,Part1230
• HowtoNo9fyNARAofAllega9ons
– Verballyandinwri9ng
• Whereshouldcorrespondencebesent?OfficeoftheChiefRecordsOfficerNa9onalArchivesandRecordsAdministra9on8601AdelphiRoad,Suite2100CollegePark,Maryland20740
AgencyRepor#ngAgencyrecordsofficersprovideanevalua9onoftheirindividualagency’scompliancewithFederalrecordsmanagementstatutes,regula9onsandprogramfunc9ons.Oldestofourrepor9ngtools,requiredsince2010.
Agencyrecordsofficersassessedtheirindividualagency’semailmanagementusingamaturitymodeltemplate.Thisisthenewestofourrepor9ngtools,firstused2016.
Responsesfromhigh-levelofficialsaboutprogresstowardsMGRDtargetsandrequirementsandotherstrategictopics.Firstrequiredin2013.
UsingResults
NARA
• Gatherinforma9on• Iden9fytrends• Providefeedback
Agencies• Determineweaknesses• Managelimitedresources• Measureeffec9veness
18
AgencyIndividualReportsfor2016
79%66%
98%
82%93%
21%34%
2%
18%7%
Q2EmailManagement
Q3RecordsScheduling
Q4PermanentE-Records
Q5Digi9za9on Q6Informa9onResource
Management
SeniorAgencyOfficialReports2016
Yes No
h`p://www.archives.gov/records-mgmt/resources/self-assessment.html
36%
28%
20%17%
12%
44% 43%47% 47%
43%
20% 29%
34% 36%
45%
2012 2013 2014 2015 2016
RMSARISKLEVELCOMPARISON2012-2016
HighRisk ModerateRisk LowRisk
48%
42%
34%
41%
EmailPolicies-Level3
EmailSystems-Level3
EmailAccess-Level3
EmailDispositon-Level2
MaturityModelDomainsandLevelsAchievedMostOUen
23
Statement 2-3:RiskManagement
Level0 (a)Little/noriskanalysis;reactiveandmanualprocesses(b)Highlevelofexposuretoriskduringlitigationand/orinteractionswithregulatorybodies
Level1 (a)SomeRIMfunctionshavebeeninformallydevelopedtoidentify,address,andmanagerisk(b)Little/noRIMriskanalysisinfrastructure(c)Riskmitigationprocessesaremostlymanual(d)Limitedstandardizationofriskmanagementacrosstheagency/component(e)Highlevelofexposuretoriskduringlitigationand/orinteractionswithregulatorybodies
Level2 (a)RIMfunctionsaredefinedtoidentifyandaddressriskmitigationneeds(b)RIMriskanalysisisconductedattheagency/componentlevel(c)Initialeffortsatstandardizedmeasurementandreporting(d)Disparateautomationwithlimitedstandardizationofprocesses(e)Moreunifiedandactiveapproachtomitigatingexposuretorisk
Level3 (a)RIMfunctionsarefullyimplementedtoidentify,address,manage,measure,andreducerisks(b)RIMriskanalysisisconductedattheagency/componentlevel(c)Consolidatedsystemswithhigherlevelofstandardizationofprocessesfacilitateaproactiveapproachthatfurtherreducesexposuretorisk
Level4 (a)RIMfunctionsareintegratedintoagency/componentstrategyandbusiness/missionpracticestoincreasecompliancelevelsmaximizingresourcesforincreasedefficiencies(b)Agency/componentRIMsystemswithembeddedmanagementfunctionsfacilitateoptimalmanagementofexposuretorisk
Notes:Assessment: Level1-Developing 1
(a)Agency/componentidentifiesandanalyzesinternalandexternalrisktoagency/componentrecordsandinformation.(b)Agency/componentdetermineswhoisbesttomanageormitigatetheriskandwhatspecificactionsshouldbetaken.(c)Agency/componentmonitorstheimplementationofactionstomanagementormitigaterisk.
RIMMaturityModel–choosethelevelthatfitsbest
24
SummaryResults
Statement Level Score1-1:StrategicPlanning Level3-Engaged 3.01-2:LeadershipandManagement Level2-Functioning 2.01-3:Resources Level2-Functioning 2.01-4:Awareness Level1-Developing 1.0
Domain1MaturityScore: 2.0
Statement Level Score2-1:Policy,Standards,andGovernanceFramework Level2-Functioning 2.02-2:ComplianceMonitoring Level0-Absent 0.02-3:RiskManagement Level1-Developing 1.02-4:Communications Level2-Functioning 2.02-5:InternalControls Level1-Developing 1.0
Domain2MaturityScore: 1.2
Statement Level Score3-1:LifecycleManagement Level3-Engaged 3.03-2:RetrievalandAccessibility Level4-Embedded 4.03-3:Integration Level2-Functioning 2.03-4:SecurityandProtection Level3-Engaged 3.03-5:Training Level0-Absent 0.0
Domain3MaturityScore: 2.4
1.9
MaturitySummary
CompositeMaturityScore:
Domain1:ManagementSupportandOrganizationalStructure
Domain2:Policy,Standards,andGovernance
Domain3:RIMProgramOperations
25
MoreInforma#onFollowRecordsExpressath`p://records-express.blogs.archives.gov/NARARecordsManagementwebpageh`p://www.archives.gov/records-mgmt/[email protected]@nara.gov