trustworthy electronic records: an information systems approach shawn rounds minnesota historical...
TRANSCRIPT
![Page 1: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/1.jpg)
Trustworthy Electronic Records: An Information
Systems Approach
Shawn RoundsMinnesota Historical Society
![Page 2: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/2.jpg)
October 2001, Minnesota Historical Society
Presentation Overview• Background and overview of the Trustworthy
Information Systems (TIS) Methodology
• TIS Development Process
• TIS Handbook and Criteria Set
• Testing and Promotion
• Who’s Using the TIS Methodology
• Current and Future Work
![Page 3: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/3.jpg)
October 2001, Minnesota Historical Society
TIS Milestones• Nov. 1997: Initial funding from the NHPRC
• May 1999: Additional funding from Minnesota State Legislature
• Dec. 1999: TIS Handbook online
• Jan. 2000: TIS final report to the NHPRC
• Nov. 2000: TIS Legal Risk Analysis Tool
• Oct. 2001: Version 3 released
![Page 4: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/4.jpg)
October 2001, Minnesota Historical Society
TIS Methodology is a Toolkit
• It is an evaluation toolkit, in the form of a handbook, for information systems development projects of all sizes and types.
• TIS tools were tested in real work settings and endorsed by the partner agencies that used them.
• The TIS criteria are the foundation for the TIS methodology.
![Page 5: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/5.jpg)
October 2001, Minnesota Historical Society
Focus on the System
• If an information system can be shown to be trustworthy, then it follows that the records it contains are trustworthy as well.
• It’s easier to focus on the system than on all of the individual records.
• Trustworthy Information System = Authentic + Reliable Records.
![Page 6: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/6.jpg)
October 2001, Minnesota Historical Society
Authenticity and Reliability• Authentic and reliable information is a
recurring theme throughout the methodology
• Authenticity: The record’s reliability over time; function of the record’s preservation
• Reliability: The measure of a record’s authority; determined by the circumstances of the record’s creation
![Page 7: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/7.jpg)
October 2001, Minnesota Historical Society
TIS Criteria Basics• Technical and non-technical
considerations for systems to ensure reliable and authentic information
• Can be implemented at any time during the information systems life cycle
• They are practical and flexible; can be adapted to fit unique needs in any enterprise
![Page 8: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/8.jpg)
October 2001, Minnesota Historical Society
The TIS Criteria Set• Tool for establishing trustworthiness
• Asked: what characteristics are essential for a trustworthy information system? For trustworthy records?
• Surveyed a variety of sources (records management, archives, legal, audit, government)
![Page 9: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/9.jpg)
October 2001, Minnesota Historical Society
Special RM / Archival Concerns
• Records disposition plan
• Details of creation, modification, storage
• Relation to other records
• Managed as a unit; can reconstruct on demand
• Officially incorporated into recordkeeping system
![Page 10: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/10.jpg)
October 2001, Minnesota Historical Society
Special Legal Concerns
• Created and managed during routine course of business: must be able to prove continuous operation of established procedures
• Produced in a timely manner: must be able to document delays and anomalies
• Business transactions conducted only through designated recordkeeping system
• Maintained by appropriate authorized office
![Page 11: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/11.jpg)
October 2001, Minnesota Historical Society
Special Audit Concerns
• User access/identification procedures
• Appropriate user privilege assignments
• Prevention of modification of record identifier and content; altered records considered new entries and assigned new identifiers
• Audit trails for creation and access
![Page 12: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/12.jpg)
October 2001, Minnesota Historical Society
Criteria Set
• Incorporates records management, archival, legal, and audit requirements with special emphasis on Minnesota laws and policies - best practices
• Easily updated with new sources
![Page 13: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/13.jpg)
October 2001, Minnesota Historical Society
Criteria Set
• Grouped by topic:– System documentation
– Access and security
– Audit trails and accountability
– Disaster recovery plans
– Record metadata
• Bibliography of sources
![Page 14: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/14.jpg)
October 2001, Minnesota Historical Society
1. Documentation
System administrators should maintain complete and current documentation of the entire system including policies, operating procedures, and audit trails of documentation revisions.
![Page 15: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/15.jpg)
October 2001, Minnesota Historical Society
1B. Policy and Procedure Documentation
• Programming conventions and procedures
• Record formats and codes
• Applications and associated procedures such as methods of entering/accessing data, modification, duplication, deletion, indexing techniques, and outputs
• Record migration
• Etc…..
![Page 16: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/16.jpg)
October 2001, Minnesota Historical Society
5. Each record should have metadata
Might include:– Unique identifier
– Date, time of creation
– Date, time of modification
– System or mechanism used for capture
– Indication of authoritative version
– Sensitivity classification
![Page 17: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/17.jpg)
October 2001, Minnesota Historical Society
Criteria Set: Other Items
• Questions to Ask: general items in sidebar to consider while using the criteria; includes special ones for data warehouses
• Did You Know: highlights criteria-related items drawn from Minnesota government sources
• Consider This: items expand upon particular criteria
![Page 18: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/18.jpg)
October 2001, Minnesota Historical Society
Implementation
Taken as a whole, the criteria set represents an ideal-world trustworthy information system.
But not all records are of equal value!
You determine what your needs are and which criteria are appropriate for your
situation.
![Page 19: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/19.jpg)
October 2001, Minnesota Historical Society
General Considerations
• What are the laws and regulations that apply to your records?
• What are the industry standards for system security? Record security and retention?
• What areas/records might lawyers and auditors target?
• Which records are of permanent/historical value?
![Page 20: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/20.jpg)
October 2001, Minnesota Historical Society
For Legal Investigations, Audits,etc.
Must be shown that:
• Informed choices were made that were appropriate for the records
• Appropriate policies and procedures are in place and are followed during the routine course of business
![Page 21: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/21.jpg)
October 2001, Minnesota Historical Society
Tool for Risk Assessment
For systems in the development phase:
• Determine the value / sensitivity of the records
• Weigh the value of the records against the cost (time, money, etc.) of implementing each criterion
• Choose only those that support chosen level of risk
![Page 22: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/22.jpg)
October 2001, Minnesota Historical Society
Tool for Risk AssessmentFor existing information systems:• Determine the value / sensitivity of the
records• Determine which criteria are already in
place and decide whether the current configuration meets chosen risk level
• Choose additional criteria for implementation as appropriate after weighing costs
![Page 23: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/23.jpg)
October 2001, Minnesota Historical Society
Documentation is Key!
• Document that each criterion was considered, what the decision was regarding implementation, and the rationale. Note the date, the personnel involved, etc.
• Follow through with consistent application of choices
![Page 24: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/24.jpg)
October 2001, Minnesota Historical Society
TIS Test Systems• An enterprise-wide information system for
administering various home mortgage programs
• A human resources / benefits / payroll system
• A mission-critical data warehouse accessed by virtually all Minnesota state agencies
• A web-based curriculum repository for educators
• An online bidding system for contracts
![Page 25: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/25.jpg)
October 2001, Minnesota Historical Society
TIS Handbook
• Centered around the TIS criteria set
• Based on field test findings
• Applicable to any type of information system
• Directed toward policy makers and technical staff
![Page 26: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/26.jpg)
October 2001, Minnesota Historical Society
TIS Handbook Components
• What’s in it for you?
• How do you use the Handbook?
• What is a trustworthy information system?
• What is the process for establishing
trustworthiness?
• Who should participate?
![Page 27: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/27.jpg)
October 2001, Minnesota Historical Society
TIS Handbook Components
• Why are metadata and documentation important?
• How do you use the criteria set?
• Criteria set
• Glossary, bibliography
• Appendices: TIS development, versioning, laws, field tests, tools
![Page 28: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/28.jpg)
Criteria In Place?
Yes / No
Planned?
Yes / No
Rationale / Notes
What laws and/or regulations apply to the records within your system?
1.B.1 System Documentation: programming conventions and procedures
![Page 29: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/29.jpg)
October 2001, Minnesota Historical Society
Legal Risk Analysis Tool• Helps determine legal risk related to records:
– Scenarios for different situations (e.g., records are lost, mishandled, inaccurate)
– By Minnesota Government Data Practices Act classification
– By possible legal consequences
• General questions to consider
• Suggestions for mitigation keyed to TIS criteria
• Tips for completing the assessment process
![Page 30: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/30.jpg)
October 2001, Minnesota Historical Society
TIS Meets A Need
• TIS fills an important gap in information policy in Minnesota government.
• TIS addresses information technology AND information policy…at the same time.
• TIS presents a practical way to get this job done.
![Page 31: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/31.jpg)
October 2001, Minnesota Historical Society
TIS Promotion and Education
• Policy makers
• Government advisory bodies
• Government and industry IT and records
management groups
• Interested staff at a variety of agencies
We went anywhere and everywhere!
![Page 32: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/32.jpg)
October 2001, Minnesota Historical Society
Who’s Using TIS?
• In Minnesota:– Approved and supported by the state
Information Policy Council
– Gradual adoption by state and local agencies like the Minnesota Department of Health
• Other places adapting/adopting/studying:– Ohio Electronic Records Committee; Kansas
ERC; City of Henderson, NV; Smithsonian Institution Archives; Canadian agencies…
![Page 33: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/33.jpg)
October 2001, Minnesota Historical Society
TIS Handbook Distribution
• Primary distribution through the World Wide Web
• Separate online sections, tutorial approach, PDFs for downloads
• Easy to revise as necessary – current version always readily available
![Page 34: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/34.jpg)
October 2001, Minnesota Historical Society
Current and Future Work
• Minnesota recordkeeping metadata standard now in development
http://www.mnhs.org/preserve/records/metadev.html
• Expand data warehouse section
![Page 35: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/35.jpg)
October 2001, Minnesota Historical Society
What’s the Bottom Line?• TIS methodology based on variety of best
practices • Brings together policy, IT, and records
management• Designed to be flexible to meet differing
needs with respect to system and record types
• Centered around idea of risk assessment and documentation
![Page 36: Trustworthy Electronic Records: An Information Systems Approach Shawn Rounds Minnesota Historical Society](https://reader035.vdocuments.us/reader035/viewer/2022062216/56649d145503460f949e8317/html5/thumbnails/36.jpg)
October 2001, Minnesota Historical Society
For More Information
TIS Handbook and other tools:http://www.mnhs.org/preserve/records/index.html
State Archives DepartmentMinnesota Historical [email protected]