State Government Recordkeeping in Cloud Computing Environments Lori Richards, SILS, UNC – Chapel Hill | AERI 2012 | July 10, 2012.

Slides:

Advertisements

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

Advertisements

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.

Introduction to Records Management Policy

Presentation by Priyanka Sawarkar

Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

Developing a Records & Information Retention & Disposition Program:

Managing the Digital University Desktop: In the university environment, individual information management behaviors determine the level of success of records.

Office of Inspector General (OIG) Internal Audit

Richard MARCIANO Chien-Yi HOU School of Information and Library Science (SILS) Sustainable Archives & Leveraging Technologies Group (SALT) University of.

Author(s): David A. Wallace and Margaret Hedstrom, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative.

RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

ICPL Institute for Computer Policy & Law H. David Lambert Vice President for Information Services and Chief Information Officer Georgetown University e-Discovery:

C2- How Businesses Use Information Systems. BMW Oracle’s USA in the 2010 America’s Cup.

Integrating Digital Curation in a Digital Library curriculum: the International Master DILL case study Anna Maria Tammaro University of Parma Florence,

G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.

Electronic Records Management: What Management Needs to Know May 2009.

Global Program Management Dawn Davis, SVP Global Records Management.

(SIA) 14 Internal Audit in an Information Technology Environment Standard should be read in the conjunction with the “Preface to the Standards on Internal.

Managing the Retention of Electronic Records Ann Marie Przybyla Electronic Records Symposium Region 9, November 2007.

Records Liaison Training City of Oregon City. The Role of Records Liaisons As Records Liaison you will:  Be your department’s “point person” for records.

Principle of Protection By C’Les Jensema About ARMA International and the Generally Accepted Recordkeeping Principles® ARMA International (

BUSINESS PLUG-IN B15 Project Management.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Records Management in Microsoft Exchange & Office 2007 Tina Torres, Corporate Records Director Ethan Gur-esh, Program Manager Microsoft Corporation.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Impact: Cloud Computing Theresa Rowe Educause Live.

Richard MarcianoChien-Yi Hou Caryn Wojcik University of University of State of Michigan North Carolina North Carolina Records Management ServicesSALT DCAPE.

M a k i n g w o r k e r s ’ c o m p w o r k ® Content Management & Records Retention “A RIM Perspective” Nancy M. Maglothin, Records and Information Manager.

SacProNet An Overview of Project Management Techniques.

1.Summary of Needs Analysis 2.Summary of Action Plan 3.Systems Analysis between Microsoft SharePoint® and OpenText Content Server 4.System Recommendation.

An introduction to records management at Clemson University Records Management Office 139 Anderson Hwy, Suite 100 Clemson, S.C

Archiving and Record Retention Service Cammy Webster Assistant Director - CSD DIS Jan 23, 2007.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.

Microsoft.com/publicsector Records Management Microsoft Records Management for Government Agencies.

1 Records Management Organization The Committee provides guidance on operating the company’s records management program.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

Record Authenticity as a Measure of Trust: A View Across Records Professions, Sectors, and Legal Systems Corinne Rogers University of British Columbia.

An introduction to records management at Clemson University Records Center is located at the Library Depot 103 Clemson Research Blvd Anderson, S.C

Enterprise Archiving, Retention and Discovery System Jim Albert Deputy Director Department of Information Services April 19 th 2007.

Legal Holds Department of State Division of Records Management Kevin Callaghan, Director.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

RECORDS MANAGEMENT TRAINING. WHAT HAS RECORDS MANAGEMENT GOT TO DO WITH ME? Records management is everyone’s responsibility. The three examples which.

The Claromentis Digital Workplace An Introduction

@ulccwww.ulcc.ac.uk IRMS Cymru October 2015 From EDRMS to digital archive: a wish-list for ways to preserve digital records.

Microsoft Collaboration Survey Research Results Survey of Business and Technology Decision-Makers.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

An FBI Case Study: Incorporate RIM Into System Development Processes Tammy J. Strickler, CRM Records Automation Section Records Management Division, FBI.

Records Management with MOSS, K2, & PsiGen Deepa Patadia

UW-Madison Guidelines for Managing the Records of Departing Employees*

Understanding The Cloud

Leveraging the Data Map – A Case Study November 15, 2016

Evaluating Survey Data Collection Methods

Warren Binford, Willamette U. College of Law

Brandon Botes #SPSJHB Records Management – Friend or Foe ???

Microsoft 365 Get help with regulatory compliance

Originating the role of Information Governance Officer

Download Latest CompTIA CAS-002 Exam Dumps PDF Questions - CAS-002 Best Study Material - Realexamdumps.com

Brandon Botes #SPSJHB Records Management – Friend or Foe ???

What is Interesting in the CCSP certification?

IUC Records Retention Tool: Zasio’s Versatile Retention

Oh Documents, Where Art Thou

Presentation transcript:

State Government Recordkeeping in Cloud Computing Environments Lori Richards, SILS, UNC – Chapel Hill | AERI 2012 | July 10, 2012

To understand how emerging technologies affect the theory and practice of archives and records management in complex organizational settings o This motivation is not entirely new to the field of archives and records management

In the past 40 years, ARM researchers have examined the changing nature of the field as technology has advanced, asking questions about things like o Computerized index systems and automated retrieval mechanisms (1970s – 1980s) o How moving to electronic from paper-based records creation and storage impacts archival processes and user access patterns o How the notion of records lifecycle changes in electronic environments o Concerns about personal privacy and security in digital environments o Concerns about government and organization accountability in a world where erasure of documents is an ever-present risk o How concepts such as record, provenance, and document change in electronic environments

Studies do not yet exist that examine how digital curation roles and responsibilities within complex organizations change in the light of highly distributed electronic information processing infrastructures o The information processes are highly distributed, but o They are often managed in highly centralized and controlled ways, often using o combination of internal and external resources that manage the information through several layers of service provision

Examine how the functions of archives and records management are instantiated in state government cloud computing environments Gain a clearer understanding of how the various parties who play a role in the records continuum understand their roles and responsibilities, understand how operating in the cloud affects those roles and the risks to the resulting records, and impacts incentives to engage in accountability-sensitive and preservation-sensitive professional activities

Develop a digital curation governance model that could serve records managers in organizations moving into the cloud and that could provide clues as to the types of knowledge and skills these people will need to gain in educational programs or on the job

Multi-case study embedded in a wider study that includes semi- structured interviews with professionals from a variety of states that are performing recordkeeping (i.e., digital curation) activities in cloud environments o Minnesota – Statewide implementation of Microsoft 365 and collaboration system, including SharePoint in the Cloud (externally hosted cloud, dedicated statewide environment) o Kentucky – Department of Education movement of their entire Instructional Technology environment into the Cloud (externally hosted cloud, dedicated educational institution environment) o North Carolina – Movement of syndromic surveillance healthcare data into a newly developed Cloud-based system managed by the CDC, which shares data with other state and local agencies nationwide Documentary analysis o Requirements documents, business case and/or TCO analysis, IT governance documents, organizational charts, retention schedules, and data practices legislation

We Keep Everything Forever (Except what IT destroys according to its contract-negotiated schedule)

*WHOSE job is this, anyway?*

Interviews: o Executive level management in state CIO offices o State Archivists o Archivists and collections managers o Records Managers o IT Management from central IT groups o Agency-level IT management o Agency directors o Product manager and systems engineers o Data Practices and Compliance liaisons o Experts from NASCIO and RTI International

Florida Kentucky Massachusetts Minnesota Nebraska New Jersey North Carolina South Carolina Wyoming

Of the risks that have been discussed in journals related to recordkeeping in the cloud, virtually no one seemed to be aware of them IT sees itself as an integrator rather than a builder. Hence, they dont really feel ownership of the information, although the program/agency personnel feel that they have LOST ownership of the information due to IT consolidation

Do we have the ability and right to audit written into our contracts with this vendor? Do we know who all the participants in the supply chain are, so that we can engage in our (legally mandated) contracts with every party that touches this information? What will happen to our data at the end of the contracting period? Can we move some or all of our data from one provider to another? Does the provider have the technical capabilities to destroy data according to our disposition schedules? If not, can they offer an acceptable proxy for destruction? Who owns our data and how does this impact our eDiscovery and other legal mandates? Can this vendor assure us that when a breach of privacy occurs we are immediately notified and that we can immediately notify those whose privacy was breached? How is our data segregated from other tenants of this provider? What security mechanisms do they use to ensure that the data is segregated? What encryption mechanisms do they use?

Cloud services are often layered o ALL service providers must meet your regulatory requirements Access-related issues o Ensuring that those who do not have permission to access records are barred from viewing them: what are your provider(s) security and data isolation techniques? o Ensuring that you continue to have access to records: data ownership must be contracted! Disposition schedules o You really cant destroy records in the cloud: encryption matters! eDiscovery o Ensure your SLAs specify how your provider will respond in the event of a subpoena or government request for information Provenance

Resource sharing can lead to new collaborative policy requirements o Records are shared, but the different partners have different retention requirements. The central repository has a 6 year retention policy – retention policies need to be negotiated during contracting, something that hasnt happened yet. o What if a partner picks up only a portion of a record? What is the status of the new information? o What happens to the data when the participant leaves the exchange or the cooperative goes out of business? No answer to this question yet; it remains an issue.

Lori Richards UNC Chapel Hill