Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director.

Similar presentations

Presentation on theme: "E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director."— Presentation transcript:


2 E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director Modern Records Programs, NARA

3 Overview of Today’s Presentation  Ancient History, Lesson I  Current Environment  The Standards of the World Bank (WB)  My Standards  Case Study #1 - Electronic signatures  Case Study #2 Web Records  How Do the WB Standards Relate?  Life Cycle Management

4 DISCLAIMER!I! DISCLAIMER!!! DISCLAIMER!!!  My own personal views  Do not necessarily reflect the views of my current management, my former management, the NARA legal team, the Department of Justice, or any other dead or living people, etc.  Not NARA policies I do hereby declare under pain…...

5 Ancient History  Records management as volume management  Driver is space  Records management as document security  Driver is litigation  Records management as retrieval  Driver is access

6 Our Response  Keep as little as possible for as short a time as possible  Building blocks u Inventories u File plans u Retention schedules (mandatory) u Microform

7 The Present Climate  Push for E-Business & E- Government  Information as a resource  Multiple media for some time  Increased secondary uses u Litigation u Protecting individual rights u Public service and access u Public accountability

8 What’s Driving Records Management Today?  Electronic transactions u Interoperability & document exchange u Web enabled government & industry  Rising customer expectations  Mixed customer requirements  Concern for computer security  Concern for privacy  Concern for accountability  Increased litigation risks

9 Some Fallout From the Situation  There are no answers from the records management u No agreement on theory u Mostly pilot phase  There are no guidelines from the legal end u Falls back on systems issues  Procedures Are they good  Implemented Tested

10 A New Situation  More players in the records/information game  Services being redefined  Role of records evolves in an organization  Records are born digital  Information becoming separated from records  New skill set(s) required of records managers

11 Need to Reinvent Records Management to Meet These Needs  Records themselves u Rethink the definition of records u Rethink the role of records  Records management u Rethink the goals u Rethink the tools  Records Managers u Rethink our skill sets u Rethink role in the organization

12 What Are the Big Issues??  Defining what is an electronic record  Defining a “trustworthy” electronic record  Determining what of the old records management theory applies and what must be replaced  Developing standards  The relationship of records management to legal and security issues  Balancing multiple requirements and costs

13 The World Bank’s Perspective I  Content, Context, and Structure  Recordkeeping Systems Standards u Compliant u Reliable u Systematic u Managed u Routine Activity

14 The World Bank’s Perspective II  Records are: u Made u Retained u Complete u Comprehensive u Adequate u Accurate u Authentic u Usable u Inviolate

15 Components of a Recordkeeping System  The records themselves  A system of organization of the records  Policies and procedures for management  A program to train staff on using the records and system  An audit program to ensure compliance 12 3 4 5

16 A Working Definition Electronic Recordkeeping?  Creating and maintaining records in electronic form so that those records can successfully serve as the records to meet an agency’s legal, fiscal, administrative, and other business needs, and when necessary be preserved permanently as part of our Nation’s historical record

17 Success Factors for a Good Implementation u Core business process u Clear goals and objectives u Well financed u Process involves the public u Records are core to the business process u Answers are below the cutting edge u Close cooperation with RM

18 All Records Are Not Created Equal  Much of what we create qualifies as a record  To serve as a record of business activity the records must be trustworthy u Reliability Integrity u Authenticity Usability  Adequate and proper documentation doesn’t mean everything must be retained forever.

19 These Ideas Are Not Absolutes  Based on business needs u Administrative, legal, fiscal u Oversight u Appropriate public access u Historical preservation  Based on assessment of risk  No different from paper

20 What do We Mean by Risk?  Visibility - Issue of level of exposure u Low, Medium, High  Risk of having/not having the records u Litigation u Accountability  Sensitivity  Consequences

21 Case Study #1 - Electronic Signatures

22 Executive Summary Points (1 of 2)  Organizations must consider RM when implementing E-sig  E-sig systems will produce new records or augment existing records  Various approaches ensure trustworthy e-signed records  Organizations must maintain trustworthiness of e- signed records over time

23  Use of 3rd party contractors in implementing e-sig systems raise adequacy of documentation issues  Scheduling issues must be addressed before disposing of e-sig records  Records disposition authorities of e-signed records may need to be modified  Permanent e-signed records documenting legal rights have special considerations Executive Summary Points (2 of 2)

24  Content u The e-signature is part of the content of the e- signed record  Context u Records used to verify the reliability and authenticity of the e-signed record  Structure u Records used to re-validate the e-signed record Content, Context & Structure of E-signed Records

25 Examples of New Record Types (1 of 2)  Content u E-signatures u Documentation of individual identities  Context u Documentation of individual identities u Trust verification records (audit trails) u Certificates u Certificate revocation lists u Trust paths

26 Examples of New Record Types (2 of 2)  Content (cont.) u Certificate policies u Certificate practice statements  Structure u Hashing algorithms u Encryption algorithms

27 Possible Authentication Alternatives  Maintaining adequate documentation of e-sig validity gathered at or near the time of signing  Maintaining the ability to re-validate e-sigs  Maintain log file of e-signed record acceptability at time of receipt  Other alternatives may exist  Organization selects method based on business need & risk analysis

28 Methods for Protection  Evidence of message origin and verification  Evidence of message receipt  Transaction time stamping  Long-term storage facility stores evidence and lets an adjudicator settle disputes

29 One Framework  Crfeate and maintain documentation of the systems used to create the e-sigs.  Ensure a secure storage environment  Implement standard operating procedures  Create and maintain records according to those procedures  Train staff in the procedures  Develop disposition authorities

30 Scheduling E-signed Records Is Necessary When...  New content, context or structure records (as determined by your risk analysis/ business practices) are being created  Organization determines incorporation of e-sig will result in changes in retention period of e-signed record  Incorporation of e-sig and/or changes in work processes significantly change the character of the record

31 Case Study #2 - The Web

32 Does It Qualify As Record Material?  Depends on definition u Federal government - yes u Most other governments - yes  What is covered?  What are the records?  Why is it a record?  What are the risks?

33 What Are the Records?  Web site(s) themselves - content  Records used to manage the web - context  Records of how the web appeared - structure  Records of activity u Who was there u What they did  Records of transactions  Records behind the site

34 Examples of Web Records - 1  Content u Html pages u Images of pages u Comprehensive list of urls u Interactively generated records u Referenced files

35 Examples of Web Records – 2 Context records Web design records Copyrighted materials Program management Software to operate the site Logs and statistical compilations

36 Examples of Web Records – 3  Structural records u Web site map u Self executing files u COTS software configuration files

37 Managing Web Records  Develop policy  Assign responsibilities  Conceptualizing your site  Identifying the role of the site/components for your organization  Determining risks  Determine recordkeeping requirements  Determine strategy for capturing records

38 Preservation Strategies & Techniques  Look at the question of risk – how complete a record is necessary  Three approaches u Know generally what was up there – record of postings and removals and a snapshot  Know exactly what was up there – record of all changes and snapshots  Recreate the site as it was – ability to rebuild to a point in time.

39 Possible Strategies  Two approaches u Object-driven u Event-driven  Snapshots as a tool  Tracking changes  Source - National Archives of Australia 

40 Let’s Summarize  Get Involved in the Team  Know the Records  Learn the Technology  Rethink as You Reengineer  Identify Recordkeeping Requirements  Reexamine Your Retention Periods  Make Changes Where Needed

41 Contact Information  Michael L. Miller, Director  Modern Records Programs  301-713-7110x229  

42 And Now for Some Questions...

Download ppt "E-Commerce and Evidence: Standards for Recordkeeping in the Electronic Environment Quick Start Program World Bank May 22, 2001 Michael L. Miller, Director."

Similar presentations

Ads by Google