Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECM and Compliance Marcelle Blasl ECMm² (AIIM) 2014-07-01.

Published byDennis Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "ECM and Compliance Marcelle Blasl ECMm² (AIIM) 2014-07-01."— Presentation transcript:

1 ECM and Compliance Marcelle Blasl ECMm² (AIIM) 2014-07-01

2 Agenda Compliance Overview ECM Records Management Compliance in Context Q&A

3 Merriam-webster dictionary Compliance The act or process of doing what you have been asked or ordered to do. To act according with any acceptable standard or criteria. The “acceptable standard” can refer to any kind of criteria including business goals, performance measurements, laws, regulations or quality targets. A level of quality, achievement, etc., that is considered acceptable or desirable.

4 Why Compliance? Transacting business is evident in the records of such activities. Non-Compliance to legislation e.g. Section 13 of NARS Act dealing with management of records Non-Conformance to Audits with respect to records keeping Audit: – Unqualified / Clean – Qualified – Disclaimers It is all about the records

5 Government Drivers –The Constitution of the Republic of South Africa, 1996 Section 32 –White Paper on e-Government –The Batho Pele White Paper (“People First”) Regulatory drivers –Companies Act –National Archives of South Africa Act (Act No 43 of 1996) (NARS) –Promotion of Administrative Justice Act (Act No 3 of 2000) (PAJA) –Promotion of Access to Information Act (Act No 2 of 2000) (PAIA) –Electronic Communications and Transactions Act, (Act No 25 of 2002) (ECT) –DPSA Regulations regarding Information Management –Public Finance Management Act, 1999 (PFMA) –Municipal Finance Management Act, 1999 (MFMA) –Sarbanes-Oxley (SOX) –King 3 –Protection of Private Information (POPI) –Other organisation specific Compliance?

6 Regulations Estimated

7 Compliance continued Internal drivers – Lacks formal policies and standards and standardised structures for the management of information and records – Problems to retrieve documents and information – Insufficient security – Problems with reporting and auditing – Lack of good corporate governance on records and information management – Lacks accountability – no CIO or records manager as specified in MFMA and PAIA Acts – Cumbersome processes and approvals – Non compliance with legislation open to risk (PFMA, PAJA, PAIA Acts) – Performance Management – Filing space problems – Backlogs of filing in registries – Business operations at risk with lack of a disaster recovery plan regarding all records under its control External drivers – The public demands better services – Other similar organisations are doing it better (competition) – Emerging technologies (many products and vendors)

8 ECM Enterprise Content Management (ECM) Solution is the strategies, methods and tools used to capture, manage, store, preserve, and deliver content and documents related to organizational processes.

9 High-Level ECM Architecture

10 Policies Internet Policy Records Managemnt Policy Records Management Policy Records Centre Policy Records Centre Policy Information Security Policy Information Classification Policy Enterprise Content Management (ECM) Policy Enterprise Content Management (ECM) Policy Archiving Policy Other Affected Policies Printing / Copying Policy Printing / Copying Policy Intranet Policy Scanning Policy Scanning Policy Digital Signatures / Approval Policy E-Mail Policy Information Management Policy Telephone policy Social Media & Collaboration Social Media & Collaboration

11 Good Records Keeping According to the NARSSA records management is: A process of ensuring the proper creation, maintenance, use and disposal of records throughout their life cycle to achieve efficient, transparent and accountable governance

12 Records Management Section 13 S.13(1)S. 3(5) SANS (ISO) 15489 Information and documentation – Records management S. 13(2)(a)S.13(2)(b)(i)S. 13(2)(b)(ii) and (iii) S. 13(2)

13 Section 13 (1) Mandates National Archivist to regulate records management practices Aligned with international best practice and international standards – SANS (ISO) 15489 Information and documentation – Records management supports the records management requirements in section 13 of the National Archives and Records Service Act

14 Section 13 (5) Designate a records manager to take responsibility for the records management practices and to ensure that the office complies with the National Archives Act

15 Section 13 (2) (a) No public record shall be : - transferred - destroyed - otherwise disposed of without written authorization of the National Archivist

16 Section 13 (2) (b) (i) The National Archivist shall determine the records classification systems to be used by governmental bodies

17 File Plan A plan to file records Paper environment – File into physical folders opened according to the File Plan Electronic environment – Metadata Structured Visible

18 Section 13 (2) (b) (ii) and (iii) The National Archivist shall determine the conditions subject to which – electronic records systems shall be managed – records may be reproduced electronically Conditions contained in Managing electronic records in governmental bodies: Policy, principles and requirements

19 Conditions for the management of electronic records From a records management perspective – Capturing of authentic and reliable records (authoritative records) – Subject classification – Retrieval – Disposal – Long term preservation

20 Manage records in an Integrated Document and Records Management System managing a corporate file plan according to which records are filed; – Including an e-mail integration that ensures that e- mails are filed to the corporate file plan; maintaining the relationships between records and files, and between file series and the file plan; identifying records that are due for disposal and managing the disposal process;

21 Manage authenticity Metadata – Guidelines in Managing electronic records in governmental bodies: Metadata requirements – Based on SANS 23081: Information and documentation – Records management processes – Metadata for records – Part 1: Principles

22 Manage authenticity Audit trail – Guidelines in Managing electronic records in governmental bodies: Metadata requirements – Based on SANS 15801: Electronic imaging – Information stored electronically – Recommendations for trustworthiness and reliability

23 Long term accessibility Electronic records preservation plan – Technology watch – Migration – Budget

24 Conclusion If it cannot be read, it does not exist

25 Security and Access Control Financial Resources- PeopleRegulatory Business – Processes Technology & Infrastructure ECM Compliance Data and Information

26 RM Standards StandardCompliance US DoD168 UK RIMTech105 Fortune 1000105 Victoria Public Records Office ICA275 ISO 15489 NARSSA441

27 NARRSA (441) ICA (275) SP2013 OotB Baseline US DoD 5015.2 (168) Fortune 1000 (105) SP OotB (72)

28 Differences

29 Technology Out of the Box implementation does not give adherence to compliance Customisation does not guarantee compliancy Require 3rd party tools

30 Managing Compliance 1.Determine what the criteria should be 2.Develop techniques (controls) to ensure that the criteria are followed 3.Identify the risks that an organisation faces and advise on them 4.Design and implement controls to protect an organisation from those risks (prevention) 5.Monitor and report on the effectiveness of those controls in the management of an organisations exposure to risks (monitoring and detection) 6.Resolve compliance difficulties as they occur (resolution) 7.Advise the business on rules and controls (advisory)

31 References: http://www.national.archives.gov.za http://www.rimtech.ca/f1000-requirements.html http://www.gimmalsoft.com Marcelle Blasl blasl@global.co.za Cell: 082 859 1507

Download ppt "ECM and Compliance Marcelle Blasl ECMm² (AIIM) 2014-07-01."

Similar presentations

Why an international standard on Record Management?

Why an international standard on Record Management?
A centre of expertise in data curation and preservation DCC Workshop: Curating emailsApril 24 – 25, 2006 Funded by: This work is licensed under the Creative.

A centre of expertise in data curation and preservation DCC Workshop: Curating sApril 24 – 25, 2006 Funded by: This work is licensed under the Creative.
The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.
Digital Futures International Forum - Tuesday 18th September 1 Digital Futures International Forum The Digitisation Standard: Back & Forth Stephen Clarke.

Digital Futures International Forum - Tuesday 18th September 1 Digital Futures International Forum The Digitisation Standard: Back & Forth Stephen Clarke.
Introduction to Records Management Policy

Introduction to Records Management Policy
© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.

1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.

Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Kevin L. Glick Electronic Records Archivist Manuscripts and Archives Yale University ECURE Arizona State University March 2, 2005 Fedora and the Preservation.

Kevin L. Glick Electronic Records Archivist Manuscripts and Archives Yale University ECURE Arizona State University March 2, 2005 Fedora and the Preservation.
IS Audit Function Knowledge

IS Audit Function Knowledge

Similar presentations

Ads by Google