Post on 14-Dec-2015
transcript
Mark Mandel, CRM, CIP, ERMm, BPMm, CDIA+Records Management Solution ArchitectOpenText Public Sector Solutions
BEST PRACTICE STRATEGIES NARA/OMB MANAGING GOVERNMENT RECORDS
MANAGEMENT DIRECTIVE
M-12-18 Deadlines
NARA/OMB M-12-18, the Managing Government Records
Directive, has the following key deadlines for federal
agencies:
• 2016 – all Email must be managed electronically in a
records management system – no more "print and file"
• 2019 – all permanent records must be delivered to NARA
in electronic format only
2
NARA Automation PlanThe NARA Automation Plan states,
“Although the Directive uses the term “records management” and this report inherits that language, NARA recognizes that well-conceived automation can improve the management of all government information for a wide range of information governance purposes. These include information security, privacy, eDiscovery, Freedom of Information Act (FOIA), and proactive disclosure of government information as part of open government and open data programs.
While records management is stressed here because of this report’s origin in the Directive, the greatest efficiencies and improvements in effectiveness will be achieved if agencies consider the automation of their information management in a holistic way.”
3
The Solution: Agency ECM Strategic Plan
• Implement an Agency-Wide Enterprise Content and Records Management System
• Manage All Records Policy with One Integrated Electronic Records Management System
• Single Unified Enterprise Repository • Disaster Recovery Infrastructure• Cloud or Virtual Services• Integration with Business Applications, E-mail, Office
Applications• Apply Governance to All Records – Content Lifecycle
Management
4
NARA/OMB Managing Government Records Directive“The current federal records management system is based on an outdated approach involving paper and filing cabinets. Today’s action will move the process into the digital age so the American public can have access to clear and accurate information about the decisions and actions of the Federal Government.” President Obama
Benefits:• Reduction in Cost Related to Storing and Filing Paper• Reduction in Cycle Times and Cost for Transactions• Increased Access to Information• Complete Audit Trail of Transactions• Compliance with FOIA, Privacy Act and eDiscovery• Unified Repository Reduces Information Silos• Supports PortfolioStat Model
5
Concept of Operations – Best Practices
• Records Management is Transparent to the End User• ECM – with embedded RM - is Integrated with Existing Applications
and Email• User Interface Best Suited to the End User
• SharePoint• Email• ECM• ERP• BPM• Business Application
• E-mail Journaling with Auto Classification• E-mail Treated as Another Document Type• Document Management with Versioning
6
Copyright © 1995-2007 Open Text Inc. All rights reserved. Slide 21
SharePoint
ERP
Enterprise Storage and Cloud ServicesDisaster Recovery Infrastructure
Mobile
Fax/Copy
7
Record Centers
FOIA / Privacy Act E-Discovery
Federated Search Auto Classification
Social
5015.2BPM
IRS Email Under Scrutiny
8
VA Cancels Email Cloud Contract"The OIG wanted new contract language inserted into all VA cloud contracts designed to facilitate access and visibility into the system, preserve emails and increase the security rating under the Federal Information Security Management Act. There was pending guidance from NARA on records retention that would affect the disposition of email storage. It was determined that the necessary changes were out of scope with the … contract, and it was terminated."
9
There Are Many Approaches to Managing Email
• Different approaches serve the needs of different stakeholders in different ways
• It is important to understand the different approaches and their strengths vs. weaknesses
• A short-sighted approach that does not meet the needs of all stakeholders will likely need to replaced later on
10
Email RequirementsCompeting Priorities; Multiple Stakeholders
Requirement Stakeholder
Optimize production Email system IT
Consolidate multiple Email systems IT
Lower operational and storage costs IT
Provide oversight for compliance Legal
FOIA Legal
eDiscovery Legal
Email stored with business records as part of the audit trail of transactions
Business, Audit, RM
Capstone RM, Legal, Archivists
11
Email in the CloudThree levels of maturity
• Level 1 – Email in the Cloud, no Records Management
Requirement Stakeholder Meets Requirement
Optimize production Email system IT Yes
Consolidate multiple Email systems IT Yes
Lower operational and storage costs IT Yes
Provide oversight for compliance Legal No
FOIA Legal No
eDiscovery Legal No
Email stored with business records as part of the audit trail of transactions
Business, Audit, RM No
Capstone RM, Legal, Archivists No
12
Email in the CloudThree levels of maturity
• Level 2 – Email in the Cloud, with Email Archive and Records Management, but not integrated with ECM
Requirement Stakeholder Meets Requirement
Optimize production Email system IT Yes
Consolidate multiple Email systems IT Yes
Lower operational and storage costs IT Yes
Provide oversight for compliance Legal Yes
FOIA Legal Yes
eDiscovery Legal Yes
Email stored with business records as part of the audit trail of transactions
Business, Audit, RM No
Capstone RM, Legal, Archivists Yes
13
Email in the CloudThree levels of maturity
• Level 3 – Email in the Cloud, with integrated ECM
Requirement Stakeholder Meets Requirement
Optimize production Email system IT Yes
Consolidate multiple Email systems IT Yes
Lower operational and storage costs IT Yes
Provide oversight for compliance Legal Yes
FOIA Legal Yes
eDiscovery Legal Yes
Email stored with business records as part of the audit trail of transactions
Business, Audit, RM Yes
Capstone RM, Legal, Archivists Yes
14
Role Based Classification
Business Records
Auto ClassificationBig Bucket
Temporary RecordsAnd Transitory
Level 3 Email Pyramid
Enterprise Connect
Process Automation
ECM Repository
"Capstone"
Auto ClassificationTransitory Records
Permanent
Key Issues to Address in Your Email and ECM Solution
• Classification strategies to minimize user involvement in declaring records
• Managing growth of content to reduce storage costs• DoD 5015.02-STD
16
When adding a document to a folder that has classification inheritance enabled, all items in that folder inherit the same classification.
Add Document
17
Folder Classification Inheritance
Process Driven ClassificationDocuments can be classified as part of a business process
18
Role-based ClassificationDocuments can be classified according to the group to which the user belongs
19
Auto-ClassificationAutomatically classify high volume, low-touch records such as E-mail and file system content.
Step-by-step tuning guide and feedback
Transparent DefensibleBuilt-in statistical sampling and quality assurance
20
5015.02-STD Demystified• Baseline
• Chapter 2, Mandatory Requirements
• Chapter 5, Transfers
• Chapter 6, Non-Mandatory Features
• Classified - Chapter 3 is Management of Classified Records
• FOIA/PA - Chapter 4 is Managing Records for the Privacy Act and the Freedom of Information Act
The Joint Interoperability Test Command (JITC) provides a list of certified products.
DoD organizations may only purchase records management products that are on this list
21
5015.02-STDThis should be a requirement in your enterprise architecture.
Why?• It sets metadata standards for all records• It defines the best methodology for destruction of electronic
records at the end of their lifecycle• It provides a standard approach for transfer of records from one
agency to another, and for transfer from an agency to NARA• It defines requirements for classified records• It defines requirements for FOIA and Privacy Act solutions
This approach promotes consistency across all agencies and NARA
22
JITC RMA Register List of Certified Products under 5015.02-STD
23
My agency is being tasked with moving to digital recordkeeping, but it is an unfunded mandate. There is no budget for Records Management modernization. Where do I find the money?
• Even in these tough economic times, agencies are spending money in their IT budget
• Their top priorities include Records Management, but they don't call it that
• The key is to align your plans with your agency top IT priorities
24
What are the Priorities for Federal Agency IT Spending?
Key Requirements and Market DriversU.S. Federal Government
• Cloud First• Storage Costs• Cyber Security• Compliance (eDiscovery, FOIA, HIPAA, 5015.2)• Audit Readiness
Managing Government Records DirectiveA foundational element for meeting agency IT priorities
25
• Cloud First – Shared Services Strategy• Data Center Consolidation
Cloud FirstSteven Van Roekel, U.S. Chief Information Officer, Office of Management and Budget
"With information technology at the core of nearly everything the Federal Government does, we must use IT as a strategic asset and drive cost savings to pay for new and emerging technologies that can fundamentally improve the way government does business and delivers services to the American people…
We recently issued new guidance to help agencies manage their investment in IT and drive low-value spending into more innovative efforts. The initiative—known as PortfolioStat—focuses on improving agency portfolio management to better deliver what we purchase and build."
26
Only 4% of Web content is available via search engines like Google
The Public Web
Source: The Deep Web: Semantic Search Takes Innovation to New Depths
The Deep Web
The Deep Web
~96% of information is inside the firewall
80% of data is unstructured
Information is trapped in application silos
Content is doubling every 90 days
7.9 Zettabytes
Storage Costs
27
Federal Agencies Hacked• Red October• Anonymous• WikiLeaks• AntiSec
Cyber Security
28
Governance, Compliance and Risk
SEC 17a-4
HIPAA
Canadian ElectronicEvidence Act
DoD
Basel IICapital Accord
Electronic LedgerStorage Law
11 MEDIS-DC
VERS
AIPA
GDPdU & GoBS& DOMEA
NF Z 42-013
BSI PD5000
Financial Services Authority
MoReq 2010
ISO/PRFTR15081
Sarbanes-Oxley Act
Federal Rules ofCivil Procedure
FDA 21 CFR Part 11
ATIP
FOIA/Privacy Act
Compliance
29
DOD Financial Improvement and Audit Readiness (FIAR)
FIAR Plan priorities were established in August 2009 and require the Components to first focus on improving processes, controls, and systems supporting information most often used to manage the Department. This is the starting point for achieving the goal of obtaining auditable financial statements.
To achieve these objectives, the FIAR priorities are:
• Budgetary information• Mission critical asset information
The program objective is full audit readiness by 2016.
Audit Readiness
30
Cost Savings Examples• In 2010, Federal agencies spent nearly a half billion taxpayer dollars on
processing FOIA requests. Source: FOIA.gov.
• PortfolioStat could save or help the government avoid spending $2.5 billion over the next three years. In the first year alone, agencies saved or avoided spending $300 million.
• Cobell v. Salazar is a class-action lawsuit brought by Native American representatives against two departments of the United States government. The case was settled for $3.4 billion in 2009, with $1.4 billion going to the plaintiffs and $2 billion allocated to repurchase land and return it to communal tribal ownership.
• The Government Accountability Office said in January 2013 that it could not complete an audit of the federal government, pointing to serious problems with the Department of Defense.
31
BPM Example - Current Process Costs
32
Future Process Costs
Savings of $38,848.60 per transaction
33
A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan
1. Perform a Complete Records Inventory• Paper, Film, Digital• Content Sources, Storage Locations, Systems of Record• Develop volume counts, document all issues
2. Constitute a Steering Committee• Include top officials, including CFO, Legal, IT, Records Officers, FOIA,
Business Units• Sign Off on Records Schedule, Strategic Plan, Funding• Meet Quarterly
3. Update your Records Retention Schedule• Big Bucket, No More than 20 Record Series, 10 or less is optimal
34
A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan
4. Create Collaboration Site for All Things Records• Post events, policies, schedules, links to content, online
courses, FAQs, Progress Against Strategic Plan• Records Officer User Group to Meet Quarterly – include related
roles such as FOIA, Privacy, Security, Legal• Ongoing Training on Policies, Procedures, and Technology
5. Conduct Agency Wide Taxonomy Study• Develop Standardized Search and Index Criteria
6. Move File Shares to Document Management System, Place Under Version Control – Eliminate PST Files
35
A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan
7. Document Your ECM/RM Enterprise Architecture • Enterprise Content/Records Repository, DoD 5015.2 STD
• Enterprise Storage Architecture
• Content Capture and Ingestion
• E-Fax, E-Signature, E-Filing
• Records Policy – Content Lifecycle Management
• E-Discovery, FOIA, Full Text and Enterprise Search
• E-Mail Classification, E-Mail Archive
• IM, Social Media, Mobile
• Disaster Recovery Infrastructure
• Integrate with Existing Applications (ERP, HR, Case Management)
• Integrate the ECM/RM EA with the Agency EA
36
A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan8. Digitize Paper Records
• Scan Paper That is Frequently Accessed• Scan on Demand• Digital Copiers• Central Scan Centers• Outsource
37
A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan
9. Implement Agency Wide Document/Records Management System
9. Establish Central Repository
10. Basic Feature Set
11. Establish RM Policy
10. Integrate with Existing Systems• E-Mail• ERP• Case Management• Migrate Data From Other ECM Systems
38
A Proposed Blueprint Basis For an Agency 5 Year Strategic Plan
11. Add Advanced Features• Workflow/BPM• E-Discovery• Auto Classification
12. Ensure Funding for Ongoing Operations, Backfile Scanning
13. Move Paper Based Processes to Constituent Self Service Using Electronic Forms
39
Strategic Plan Timeline
40
Key Take-AwaysGet started with your ROUG and Steering CommitteeInvolve the SAOStart your inventory if you have not alreadyStart your taxonomy study if you not have alreadyModernize your records scheduleGet funding by aligning your ECM solution requirements with agency IT
priorities – don't call it Records Management! PortfolioStat E-mail Management Cloud First Security Audit Lower Operations Cost
Make your enterprise architecture drive deployment decisions
41