Presentation is loading. Please wait.

Presentation is loading. Please wait.

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906.

Similar presentations


Presentation on theme: "and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906."— Presentation transcript:

1 and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance

2 Records  Any document that is created or received in the course of State business  The medium of a record is irrelevant. Paper records, electronic files, s, images, etc. are all state records

3 Objective of Records Management  To keep records for periods of time required by federal and state statutes, in order to demonstrate that proper business operations are being followed  To dispose of records in an organized manner to save space  To limit legal liability by disposing of records that no longer have business value  BUT, to hold records that are needed in litigation

4 Record Series  Record Series are groups of records related by their content  The Record Series Number determines the retention period  The retention period consists of an active period and a storage period The active period is the time during which a record is accessed frequently The storage period is the time when the record is accessed little or not at all

5 Archiving  In record management terms, archiving a record series means storing a permanent record

6 Vital Records  Vital records are those that need to be backed up so that they can be restored in the event that an agency has a disaster and must implement its business continuity plan  Only some records are defined in the Record Retention Schedule as being vital records

7 Important Record Series for this Presentation  Calendars [ ]—retention period is 1 year following the end of the previous calendar year (2005 calendar entries can be deleted 1/1/2007)  Transitory Information [ ]— retention period is “when the purpose of the record has been fulfilled”

8 Important Records Series (cont.)  Administrative Correspondence [ ]—retention period is 3 years  General Correspondence [ ]— retention period is 1 year

9 Other Record Series  The custodian of a document (the person who created it or received it) is responsible for determining the record series into which any other type of document falls  The retention period is determined by the record series  For s, this is based on the content of the and/or its attachments

10

11 Records  All s, regardless of content, that are created by a state agency, or that come into a state agency, are state records  However, the record retention schedule enables the custodian to determine the record series of any

12 Record Series  Administrative Correspondence— relating to policies, procedures, strategic planning, etc.  General Correspondence— relating to general operations  Other Records—record series is determined by the content of the message and/or its attachments

13 Transitory Information  Identify transitory information Bulk mail Junk mail Spam  Delete “when the purpose has been served,” i. e., immediately or within a short period of time (e. g., 24 hours)  Free storage space

14 Transitory Information (cont.)  Recipient of an can determine that other s are transient Everyone s referring to an event on a specific date, or an action that contains a deadline The can be put into a “Transient” folder (i. e., the Trash) when the has served its purpose  User can establish rules, or global rules can be developed if possible

15 Official Records  Some s will require classification into record series based on their content  It may take time for the user to place s into the proper folders  Ideally, the folder system should be standardized and not up to the user Users can create subfolders in the standardized folder system  The user is responsible for filing the s appropriately

16 Work Space  s stay in this space until they can be filed as transient or official records  Work Space can have time or space limits that are established by policy or by written operating procedures  These limitations are imposed to handle users who do not dispose of transitory information

17 Issues  A written policy or procedure needs to define whether the sender of an , the receiver, or both are custodians of the record  A written policy or procedure needs to identify the auto-delete time frames for transitory and work space s  There is the potential for auto-deleting vital records inappropriately  The record custodian will be responsible for violating the law, not the IT staff

18 Backups  Vital records MUST be backed up  The number of backup tapes used before they are recycled is based on a written policy or operating procedure  Depends on the requirements of the business continuity plan—how many backups are needed to create a reliable image of business operations?  Generally no more than 30 days

19 Backups (cont.)  It is illegal to use backup tapes as a way of retaining records, in lieu of an established, effective records management system  It is illegal to keep records indefinitely  Any records that exist on backup tapes must be restored and retrieved in response to legal discovery or an open records request  Backup tapes cannot be recycled once a record hold is declared

20 Training  The success of any retention system is user training  This training has a records retention component Responsibility of the Compliance Office  And an use component Responsibility of the Groupwise staff and Network managers

21 Training (cont.)  We will need to collaborate to develop an efficient and cost effective way of delivering the training, whether it be Classroom Online s/websites One-on-one

22 Consequences for Users  State employees only have immunity if they operate in the course and scope of their duties  State employees may not have immunity in cases of federal prosecution  More courts are considering failure to manage records as failure to act in the course and scope of duties  Results are fines and prison sentences

23 Consequences for Management  In Danis v. USN Communications, the federal judge fined the CEO for failure to maintain oversight of the company’s record management program  CEO’s are considered responsible for the actions of all their employees, UNLESS there is an effective system for records management that an employee flagrantly violates after being trained

24 Views of IT Staff  They control the hardware and applications so much that they determine the records management paradigm  They provide a service to management and employees, who are responsible for determining the records management implementation

25 Consequences for IT Staff  The objective is to be viewed as a service component, which implements the policies and operating procedures approved by management In this case, IT has no legal responsibility for failures, unless they are malicious IT must have input in the development of policies and procedures, since IT acquisitions flow from defined business processes and needs  If IT is viewed as determining the records management paradigm, it could be assigned responsibility for mismanagement of records and bear the legal consequences

26 Immediate Objectives

27 Compliance Status  No organization is currently in compliance  Organizations decrease their liability by articulating and implementing a plan to get into compliance  At some unknown future time, organizations without evidence of planning will be highly vulnerable

28 Implementation Steps  Compliance Office will conduct an inventory of electronic records (where are they stored, by whom, etc.) Will take one year for vital records, three years for all records  Will enable departments to establish a standardized filing structure for electronic records  Policies—other than for a brief overarching policy, policies should NOT be developed for getting into compliance

29 Implementation Steps  Operating procedures should be developed that are approved by Associate VP for Computing and CIO Vice President for Finance and Business Affairs Records Manager (Compliance Officer) [President]

30 Operating Procedures  Define custodian for s (sender, receiver, both) Establishes responsibility for management  Define categories of storage (transitory, official records, work space)  Determine rules for auto-deleting transitory and work space s  Determine how backups will be done and how many tapes will be used

31 Operating Procedures  Define records management roles for users  Define how vital records will be identified by the user  Define how record holds will be implemented  Define communication responsibilities for procedures that are implemented  Establish consequences for violation of procedures

32 Other Tasks  Determine what training is needed  Define applications needs for retention  Determine if any vendors can meet these needs  Determine if funds are available or can be acquired

33 Thank you!! Questions and Suggestions...


Download ppt "and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906."

Similar presentations


Ads by Google