Digital Continuity: An introduction Digital continuity… The ability to use your information in the...

transcript

Digital Continuity:

An introduction

Digital continuity…

The ability to use your information in the way you need for as long as

you need

Information is usable if you can…• Find it when you need it

• Open it as you need it

• Work with it in the way that you need to

• Understand what it is and what it’s about

• Trust that it is what it says it is

It does make the headlines…

We haven’t made this up…

• “Any electronic data degrades over time. Some of this information is more than 20 years old. I'm not even sure that the xxx still has the tools needed to retrieve data from that era. You're talking about technology that would qualify as museum pieces now.”

• “The transition to the new system has, however brought to light discrepancies in our existing records and this is resulting in a number of incorrect notices being issued. “

• “The only evidence beyond surmise that Dept X rely upon to support their assertion that the document is not held, is their failure to locate it. “

• “Transfer of records from Dept Y to Depts Z and A has resulted in two scenarios that have effectively rendered metadata captured in the EDRMS as lost.”

Digital information is vulnerable…

• Risks are inherent in change

o Organisational change

o Technology change

o Process and policy change in how information is managed

The impact of change…o information ownership becomes

unclear - risks are missed or unmanaged

o information is not disposed of appropriately

o information is not migrated to new technologies effectively

o information is trapped in legacy IT systems – or locked in a format that can’t be opened or used

o information is no longer understood by the organisation – or cannot be trusted

Why it matters…

oEfficiency and effectiveness

oTransparency and accountability

oManaging information risk

Managing digital continuity…

Plan for

actionDefine

what you need

Assess and

manage risks Maintain

digital continuity

The Digital Continuity Service…

• Guidance

• Risk Assessment Self-Assessment Tool

• Procurement Framework

• DROID

Stage 1: Planning

Define what you

needAssess

and manage

risks Maintain digital

continuity

Plan for

action

Plan for Action…

• Key roles understand risk and responsibilities

• SRO for digital continuity

• Multi-disciplinary team

• Embed approach in business as usual

Role of the SRO…

• Champion digital continuity

• Lead action to manage risk and embed

• Co-ordinate across disciplines

• Prioritise resources

• Escalate issues

Introducing DoRA…

• You are the SRO

• Who do you need to be involved in managing digital continuity?

• What are their drivers for taking action?

Roles and responsibilities…

• SIRO and information risk management

• IAOs

• Information assurance

• Information management

• Information technology

• Change and project management

Stage 2:

Define Requirements

Assess and

digital continuity

Plan for

actionDefine

what you need

InformationAssets

Technical Environment

Business Needs

DigitalContinuity

InformationAssets

Business Needs

DigitalContinuity

InformationAssets

Business Needs

InformationAssets

Business Needs

InformationAssets

Business Needs

InformationAssets

Business Needs

InformationAssets

Business Needs

Understand what information you have and how it’s managed…

• What information do you have?

• Where is it?

• How is it organised and managed?

• Have you defined all your information assets?

• An information asset is a body of

information defined and managed as

a single unit so that it can be

understood, shared, protected and

exploited effectively

Understand what information you have and how it’s managed…

Understand how you need to use your information…

• Who needs to be able to find it?

• What do they need to be able to open it?

• How do they need to work with it?

• Can they understand what it is and what it is about?

• Can they trust that it is what they think it is?

Understand your technical environment…

• What IT systems do you have?

• What is their lifecycle?

• What hardware are they reliant on?

• What is their lifecycle?

• What file formats is your information in?

• What storage media are you using?

Define what you need for digital continuity…

Usable

complete

available

Documenting what you know…

• Information Asset Register

• Configuration Management Database

• Maintenance as important as capture

Understanding DoRA…

• You have to build an:

o Information Asset Register

o Configuration Management Database

• What information do you need to capture?

• How can you maintain the relationships between

the information assets and technology?

• Name and description

• Owners and users

• Retention period

• Usability requirements

• Technology

dependencies

• Lifecycle

• Support and

warranties

• Dependencies and

relationships

• Owners and users

• Information assets

Over lunch….

• Questions

• Confessions

• DROID demo

Stage 3:

Risk Assessment

Maintain digital

continuity

Plan for

actionDefine

what you need

Assess and

manage risks

InformationAssets

Business Needs

DigitalContinuity

Identify your risks (and opportunities)…

• Do you know what information you have, where it is, what it’s for?

• Does the way you manage your information and IT environment keep your information usable as you need?

• Are there opportunities to get rid of information and technology you don’t need?

Risk assessment…

• You can assess your whole organisation

• You can assess risks to particular assets – perhaps at point of change

• Regularly review and update risk assessments

Risk assessing DoRA…

• What risks to digital continuity is DoRA facing?

• How can you mitigate against them?

• Can you identify just FIVE mitigations to address all of the risks you’ve found?

• Feedback: What is your highest priority mitigation and what risks will this address?

Mitigation strategies…

• Change your :

o technology

o information

o policies and procedures

o Governance

• And test for continuity

Stage 4:

Maintaining

Plan for

actionDefine

what you need

Assess and

digital continuity

Maintain your digital continuity…• Plan for change

o Build your digital continuity and usability requirements into your plans and processes

o Manage your IT and information for future flexibility and agility

• Manage digital continuity through changeo Change Projects to assess impact on

information

Technology Change at DoRA…• Supplier is withdrawing support for BlackHole 2.0.

• Three choices of what to do now:o Keep using the legacy systemo Buy an off-the-shelf producto Build another bespoke system

• Assess the risk to digital continuity of your information from each option

• Identify potential mitigations in each case

• Feedback - Decide what option you would choose and why

Assessing the risks…• Legacy technology hard to maintain – risks increase

over time

• Bespoke technology becomes legacy eventually

• Bespoke technology requires specialist knowledge to maintain

• Off-the-shelf may not meet all business needs

• Off –the-shelf might still bring interoperability issues – can you migrate data in?

Organisational change at DoRA…

Review of ALBs prompts reorganisation of DoRA with its agencies being closed, transferred or merged.

•Assess the risks to digital continuity from these changes•Identify possible mitigations in each case•Decide how you will tackle the operational process of managing this change

•Feedback – what are the key elements of your action plan?

Managing change …

• Think about prevention and preparation for change

• Manage the process

• Learn lessons

Key things to remember:o Ownershipo Usability requirementso Relationships between technology and informationo Knowledge and skills neededo Mapping policies and procedureso Maintaining governance

Final Thoughts

What to take home with you…

• 1) Ownership is important – digital continuity needs to be a strategic objective recognised at the highest level. An SRO is needed to drive and co-ordinate action.

• 2) Cross-disciplinary approach – digital continuity can only be managed with collaboration across IT, IM, IA and change and project teams.

• 3) Prevention not restoration – preventing a loss of digital continuity is easier than restoring it – but learn from incidents to improve your risk management.

• 4) Focus on information usability – put how the business needs to use its information at the centre of your approach to managing digital continuity.

• 5) Embed in operational processes – make sure digital continuity management is part of existing IT, IM, IA, project and change management policies and processes.

And what to do now…

• 1) Find out more about digital continuity – understand the issues and how they affect your own organisation.

• 2) Find out more about your organisation – understand the policies and processes in place for managing information, risk, technology and change.

• 3) Build bridges and ask questions – identify who needs to work on digital continuity related issues and start connecting with them.

• 4) Manage digital continuity as a key information risk – talk to the SIRO or information risk team and find out if they are aware of digital continuity and their responsibility to manage it.

• 5) Advocate and influence upwards – influence as best you can, and push for a digital continuity SRO to be identified to drive this forwards.

• Guidance

• Risk Assessment Self-Assessment Tool

• Procurement Framework

• DROID

And how we can help…

nationalarchives.gov.uk/digitalcontinuity

digitalcontinuity@nationalarchives.gsi.gov.uk

Digital continuity…

The ability to use your information in the way you need for as long as

you need

Digital Continuity: An introduction Digital continuity… The ability to use your information in the...

Documents