Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director.

Published byNatasha Everage Modified over 10 years ago

Similar presentations

Presentation on theme: "E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director."— Presentation transcript:

1

2 E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director Modern Records Programs, NARA

3 Overview of Today’s Presentation  Ancient History, Lesson I  Current Environment  The Standards of the World Bank (WB)  My Standards  Case Study #1 - Electronic signatures  Case Study #2 Web Records  How Do the WB Standards Relate?  Life Cycle Management

4 DISCLAIMER!I! DISCLAIMER!!! DISCLAIMER!!!  My own personal views  Do not necessarily reflect the views of my current management, my former management, the NARA legal team, the Department of Justice, or any other dead or living people, etc.  Not NARA policies I do hereby declare under pain…...

5 Ancient History  Records management as volume management  Driver is space  Records management as document security  Driver is litigation  Records management as retrieval  Driver is access

6 Our Response  Keep as little as possible for as short a time as possible  Building blocks u Inventories u File plans u Retention schedules (mandatory) u Microform

7 The Present Climate  Push for E-Business & E- Government  Information as a resource  Multiple media for some time  Increased secondary uses u Litigation u Protecting individual rights u Public service and access u Public accountability

8 What’s Driving Records Management Today?  Electronic transactions u Interoperability & document exchange u Web enabled government & industry  Rising customer expectations  Mixed customer requirements  Concern for computer security  Concern for privacy  Concern for accountability  Increased litigation risks

9 Some Fallout From the Situation  There are no answers from the records management u No agreement on theory u Mostly pilot phase  There are no guidelines from the legal end u Falls back on systems issues  Procedures Are they good  Implemented Tested

10 A New Situation  More players in the records/information game  Services being redefined  Role of records evolves in an organization  Records are born digital  Information becoming separated from records  New skill set(s) required of records managers

11 Need to Reinvent Records Management to Meet These Needs  Records themselves u Rethink the definition of records u Rethink the role of records  Records management u Rethink the goals u Rethink the tools  Records Managers u Rethink our skill sets u Rethink role in the organization

12 What Are the Big Issues??  Defining what is an electronic record  Defining a “trustworthy” electronic record  Determining what of the old records management theory applies and what must be replaced  Developing standards  The relationship of records management to legal and security issues  Balancing multiple requirements and costs

13 The World Bank’s Perspective I  Content, Context, and Structure  Recordkeeping Systems Standards u Compliant u Reliable u Systematic u Managed u Routine Activity

14 The World Bank’s Perspective II  Records are: u Made u Retained u Complete u Comprehensive u Adequate u Accurate u Authentic u Usable u Inviolate

15 Components of a Recordkeeping System  The records themselves  A system of organization of the records  Policies and procedures for management  A program to train staff on using the records and system  An audit program to ensure compliance 12 3 4 5

16 A Working Definition Electronic Recordkeeping?  Creating and maintaining records in electronic form so that those records can successfully serve as the records to meet an agency’s legal, fiscal, administrative, and other business needs, and when necessary be preserved permanently as part of our Nation’s historical record

17 Success Factors for a Good Implementation u Core business process u Clear goals and objectives u Well financed u Process involves the public u Records are core to the business process u Answers are below the cutting edge u Close cooperation with RM

18 All Records Are Not Created Equal  Much of what we create qualifies as a record  To serve as a record of business activity the records must be trustworthy u Reliability Integrity u Authenticity Usability  Adequate and proper documentation doesn’t mean everything must be retained forever.

19 These Ideas Are Not Absolutes  Based on business needs u Administrative, legal, fiscal u Oversight u Appropriate public access u Historical preservation  Based on assessment of risk  No different from paper

20 What do We Mean by Risk?  Visibility - Issue of level of exposure u Low, Medium, High  Risk of having/not having the records u Litigation u Accountability  Sensitivity  Consequences

21 Case Study #1 - Electronic Signatures

22 Executive Summary Points (1 of 2)  Organizations must consider RM when implementing E-sig  E-sig systems will produce new records or augment existing records  Various approaches ensure trustworthy e-signed records  Organizations must maintain trustworthiness of e- signed records over time

23  Use of 3rd party contractors in implementing e-sig systems raise adequacy of documentation issues  Scheduling issues must be addressed before disposing of e-sig records  Records disposition authorities of e-signed records may need to be modified  Permanent e-signed records documenting legal rights have special considerations Executive Summary Points (2 of 2)

24  Content u The e-signature is part of the content of the e- signed record  Context u Records used to verify the reliability and authenticity of the e-signed record  Structure u Records used to re-validate the e-signed record Content, Context & Structure of E-signed Records

25 Examples of New Record Types (1 of 2)  Content u E-signatures u Documentation of individual identities  Context u Documentation of individual identities u Trust verification records (audit trails) u Certificates u Certificate revocation lists u Trust paths

26 Examples of New Record Types (2 of 2)  Content (cont.) u Certificate policies u Certificate practice statements  Structure u Hashing algorithms u Encryption algorithms

27 Possible Authentication Alternatives  Maintaining adequate documentation of e-sig validity gathered at or near the time of signing  Maintaining the ability to re-validate e-sigs  Maintain log file of e-signed record acceptability at time of receipt  Other alternatives may exist  Organization selects method based on business need & risk analysis

28 Methods for Protection  Evidence of message origin and verification  Evidence of message receipt  Transaction time stamping  Long-term storage facility stores evidence and lets an adjudicator settle disputes

29 One Framework  Crfeate and maintain documentation of the systems used to create the e-sigs.  Ensure a secure storage environment  Implement standard operating procedures  Create and maintain records according to those procedures  Train staff in the procedures  Develop disposition authorities

30 Scheduling E-signed Records Is Necessary When...  New content, context or structure records (as determined by your risk analysis/ business practices) are being created  Organization determines incorporation of e-sig will result in changes in retention period of e-signed record  Incorporation of e-sig and/or changes in work processes significantly change the character of the record

31 Case Study #2 - The Web

32 Does It Qualify As Record Material?  Depends on definition u Federal government - yes u Most other governments - yes  What is covered?  What are the records?  Why is it a record?  What are the risks?

33 What Are the Records?  Web site(s) themselves - content  Records used to manage the web - context  Records of how the web appeared - structure  Records of activity u Who was there u What they did  Records of transactions  Records behind the site

34 Examples of Web Records - 1  Content u Html pages u Images of pages u Comprehensive list of urls u Interactively generated records u Referenced files

35 Examples of Web Records – 2 Context records Web design records Copyrighted materials Program management Software to operate the site Logs and statistical compilations

36 Examples of Web Records – 3  Structural records u Web site map u Self executing files u COTS software configuration files

37 Managing Web Records  Develop policy  Assign responsibilities  Conceptualizing your site  Identifying the role of the site/components for your organization  Determining risks  Determine recordkeeping requirements  Determine strategy for capturing records

38 Preservation Strategies & Techniques  Look at the question of risk – how complete a record is necessary  Three approaches u Know generally what was up there – record of postings and removals and a snapshot  Know exactly what was up there – record of all changes and snapshots  Recreate the site as it was – ability to rebuild to a point in time.

39 Possible Strategies  Two approaches u Object-driven u Event-driven  Snapshots as a tool  Tracking changes  Source - National Archives of Australia  http://www.naa.gov.au/recordkeeping/er/web_records

40 Let’s Summarize  Get Involved in the Team  Know the Records  Learn the Technology  Rethink as You Reengineer  Identify Recordkeeping Requirements  Reexamine Your Retention Periods  Make Changes Where Needed

41 Contact Information  Michael L. Miller, Director  Modern Records Programs  301-713-7110x229  michael.miller@nara.gov  www.nara.gov/records/index.html www.nara.gov/records/index.html

42 And Now for Some Questions...

Download ppt "E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director."

Similar presentations

A centre of expertise in data curation and preservation London :: ARK Group Workshop: Archiving the Web :: 28 Sept 2006 Funded by: This work is licensed.

A centre of expertise in data curation and preservation London :: ARK Group Workshop: Archiving the Web :: 28 Sept 2006 Funded by: This work is licensed.
The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.
Software Quality Assurance Plan

Software Quality Assurance Plan
Data Quality Considerations

Data Quality Considerations
2009 Data Protection Seminar

2009 Data Protection Seminar
IMPLEMENTING FINANCIAL AND ACCOUNTING SYSTEMS FOR GOVERNMENT CHRISTIAN T. SOTTIE THE CONTROLLER AND ACCOUNTANT-GENERAL GHANA.

IMPLEMENTING FINANCIAL AND ACCOUNTING SYSTEMS FOR GOVERNMENT CHRISTIAN T. SOTTIE THE CONTROLLER AND ACCOUNTANT-GENERAL GHANA.
Records Management at Queen’s University By Shan Jin November 2008.

Records Management at Queen’s University By Shan Jin November 2008.
Introduction to Records Management Policy

Introduction to Records Management Policy
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Health Records Management Practitioner

Health Records Management Practitioner
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
Records Management What to Keep and What to Toss.

Records Management What to Keep and What to Toss.
National Archives and Records Administration, 2003 Federal Records Management for Managers What’s in it for me?

National Archives and Records Administration, 2003 Federal Records Management for Managers What’s in it for me?
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
LBSC 708X The Record Nature of Electronic Records College of Information Studies.

LBSC 708X The Record Nature of Electronic Records College of Information Studies.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:

Similar presentations

Ads by Google