Past Practices Managing Government Records Directive

Report
BEST PRACTICE STRATEGIES
NARA/OMB MANAGING GOVERNMENT RECORDS
MANAGEMENT DIRECTIVE
Mark Mandel, CRM, CIP, ERMm, BPMm, CDIA+
Records Management Solution Architect
OpenText Public Sector Solutions
2
M-12-18 Deadlines
NARA/OMB M-12-18, the Managing Government Records
Directive, has the following key deadlines for federal
agencies:
• 2016 – all Email must be managed electronically in a
records management system – no more "print and file"
• 2019 – all permanent records must be delivered to NARA
in electronic format only
3
NARA Automation Plan
The NARA Automation Plan states,
“Although the Directive uses the term “records management” and this
report inherits that language, NARA recognizes that well-conceived
automation can improve the management of all government information
for a wide range of information governance purposes. These include
information security, privacy, eDiscovery, Freedom of Information Act
(FOIA), and proactive disclosure of government information as part of
open government and open data programs.
While records management is stressed here because of this report’s
origin in the Directive, the greatest efficiencies and improvements in
effectiveness will be achieved if agencies consider the automation
of their information management in a holistic way.”
4
The Solution: Agency ECM Strategic Plan
• Implement an Agency-Wide Enterprise Content and
•
•
•
•
•
•
Records Management System
Manage All Records Policy with One Integrated Electronic
Records Management System
Single Unified Enterprise Repository
Disaster Recovery Infrastructure
Cloud or Virtual Services
Integration with Business Applications, E-mail, Office
Applications
Apply Governance to All Records – Content Lifecycle
Management
5
NARA/OMB Managing Government
Records Directive
“The current federal records management system is based on an outdated
approach involving paper and filing cabinets. Today’s action will move the
process into the digital age so the American public can have access to clear
and accurate information about the decisions and actions of the Federal
Government.” President Obama
Benefits:
• Reduction in Cost Related to Storing and Filing Paper
• Reduction in Cycle Times and Cost for Transactions
• Increased Access to Information
• Complete Audit Trail of Transactions
• Compliance with FOIA, Privacy Act and eDiscovery
• Unified Repository Reduces Information Silos
• Supports PortfolioStat Model
6
Concept of Operations – Best Practices
• Records Management is Transparent to the End User
• ECM – with embedded RM - is Integrated with Existing
Applications and Email
• User Interface Best Suited to the End User
•
•
•
•
•
•
SharePoint
Email
ECM
ERP
BPM
Business Application
• E-mail Journaling with Auto Classification
• E-mail Treated as Another Document Type
• Document Management with Versioning
Federated Search
SharePoint
FOIA / Privacy Act
Copyright © 1995-2007 Open Text Inc. All rights reserved.
Auto Classification
E-Discovery
Slide 21
E-mail
ERP
BPM
5015.2
Record Centers
Mobile
Fax/Copy
Social
Enterprise Storage and Cloud Services
Disaster Recovery Infrastructure
7
8
IRS Email Under Scrutiny
9
VA Cancels Email Cloud Contract
"The OIG wanted new contract
language inserted into all VA cloud
contracts designed to facilitate
access and visibility into the
system, preserve emails and
increase the security rating under
the Federal Information Security
Management Act. There was
pending guidance from NARA on
records retention that would
affect the disposition of email
storage. It was determined that the
necessary changes were out of
scope with the … contract, and it
was terminated."
10
There Are Many Approaches to Managing Email
• Different approaches serve the needs of different
stakeholders in different ways
• It is important to understand the different approaches
and their strengths vs. weaknesses
• A short-sighted approach that does not meet the
needs of all stakeholders will likely need to replaced
later on
11
Email Requirements
Competing Priorities; Multiple Stakeholders
Requirement
Stakeholder
Optimize production Email system
IT
Consolidate multiple Email systems
IT
Lower operational and storage costs
IT
Provide oversight for compliance
Legal
FOIA
Legal
eDiscovery
Legal
Email stored with business records as part of the audit trail of
transactions
Business, Audit, RM
Capstone
RM, Legal, Archivists
12
Email in the Cloud
Three levels of maturity
• Level 1 – Email in the Cloud, no Records Management
Requirement
Stakeholder
Meets Requirement
Optimize production Email system
IT
Yes
Consolidate multiple Email systems
IT
Yes
Lower operational and storage costs
IT
Yes
Provide oversight for compliance
Legal
No
FOIA
Legal
No
eDiscovery
Legal
No
Email stored with business records as part of the audit trail of
transactions
Business, Audit, RM
No
Capstone
RM, Legal, Archivists
No
13
Email in the Cloud
Three levels of maturity
• Level 2 – Email in the Cloud, with Email Archive and
Records Management, but not integrated with ECM
Requirement
Stakeholder
Meets Requirement
Optimize production Email system
IT
Yes
Consolidate multiple Email systems
IT
Yes
Lower operational and storage costs
IT
Yes
Provide oversight for compliance
Legal
Yes
FOIA
Legal
Yes
eDiscovery
Legal
Yes
Email stored with business records as part of the audit trail of
transactions
Business, Audit, RM
No
Capstone
RM, Legal, Archivists
Yes
14
Email in the Cloud
Three levels of maturity
• Level 3 – Email in the Cloud, with integrated ECM
Requirement
Stakeholder
Meets Requirement
Optimize production Email system
IT
Yes
Consolidate multiple Email systems
IT
Yes
Lower operational and storage costs
IT
Yes
Provide oversight for compliance
Legal
Yes
FOIA
Legal
Yes
eDiscovery
Legal
Yes
Email stored with business records as part of the audit trail of
transactions
Business, Audit, RM
Yes
Capstone
RM, Legal, Archivists
Yes
Level 3 Email Pyramid
"Capstone"
Role Based Classification
Permanent
Enterprise Connect
Business
Records
Auto Classification
Transitory Records
Process Automation
ECM Repository
Auto Classification
Big Bucket
Temporary Records
And Transitory
16
Key Issues to Address in Your Email and ECM Solution
• Classification strategies to minimize user involvement in
declaring records
• Managing growth of content to reduce storage costs
• DoD 5015.02-STD
17
Folder Classification Inheritance
When adding a document to a
folder that has classification
inheritance enabled, all items
in that folder inherit the same
classification.
Add Document
18
Process Driven Classification
Documents can be classified as part of a business process
19
Role-based Classification
Documents can be classified according to the group to which the user belongs
20
Auto-Classification
Automatically classify high volume, low-touch records such as E-mail and file
system content.
Transparent
Step-by-step tuning guide
and feedback
Defensible
Built-in statistical sampling and
quality assurance
21
5015.02-STD Demystified
• Baseline
• Chapter 2, Mandatory Requirements
• Chapter 5, Transfers
• Chapter 6, Non-Mandatory Features
• Classified - Chapter 3 is Management of Classified Records
• FOIA/PA - Chapter 4 is Managing Records for the Privacy Act and the
Freedom of Information Act


The Joint Interoperability Test Command (JITC) provides a list of
certified products.
DoD organizations may only purchase records management
products that are on this list
22
5015.02-STD
This should be a requirement in your enterprise
architecture.
Why?
• It sets metadata standards for all records
• It defines the best methodology for destruction of electronic
records at the end of their lifecycle
• It provides a standard approach for transfer of records from one
agency to another, and for transfer from an agency to NARA
• It defines requirements for classified records
• It defines requirements for FOIA and Privacy Act solutions
This approach promotes consistency across all agencies and NARA
23
JITC RMA Register
List of Certified Products under 5015.02-STD
24
My agency is being tasked with moving to digital
recordkeeping, but it is an unfunded mandate.
There is no budget for Records Management
modernization. Where do I find the money?
• Even in these tough economic times, agencies are
spending money in their IT budget
• Their top priorities include Records Management, but
they don't call it that
• The key is to align your plans with your agency top IT
priorities
25
What are the Priorities for Federal Agency
IT Spending?
Key Requirements and Market Drivers
U.S. Federal Government
•
•
•
•
•
Cloud First
Storage Costs
Cyber Security
Compliance (eDiscovery, FOIA, HIPAA, 5015.2)
Audit Readiness
Managing Government Records Directive
A foundational element for meeting agency IT priorities
26
Cloud First
Steven Van Roekel, U.S. Chief Information Officer, Office of
Management and Budget
"With information technology at the core of nearly everything the
Federal Government does, we must use IT as a strategic asset
and drive cost savings to pay for new and emerging
technologies that can fundamentally improve the way
government does business and delivers services to the American
people…
We recently issued new guidance to help agencies manage their
investment in IT and drive low-value spending into more innovative
efforts. The initiative—known as PortfolioStat—focuses on
improving agency portfolio management to better deliver what we
purchase and build."
• Cloud First – Shared Services Strategy
• Data Center Consolidation
27
Storage Costs
The Deep Web
The Public Web
Only 4% of Web content
is available via search engines like Google
7.9
Zettabytes
Source: The Deep Web: Semantic Search Takes Innovation to New Depths
The Deep Web
~96% of information is inside the firewall
80% of data is unstructured
Information is trapped in application silos
Content is doubling every 90 days
28
Cyber Security
Federal Agencies Hacked
•
•
•
•
Red October
Anonymous
WikiLeaks
AntiSec
29
Compliance
Governance, Compliance and Risk
Canadian Electronic
Evidence Act
ATIP
SEC 17a-4
HIPAA
Electronic Ledger
Basel II
Capital Accord Storage Law
11 MEDIS-DC
DoD
FOIA/Privacy Act
AIPA
ISO/PRFTR15081
GDPdU & GoBS
& DOMEA
FDA 21 CFR Part 11
Sarbanes-Oxley Act
NF Z 42-013
Federal Rules of
Civil Procedure
Financial Services Authority
MoReq 2010
VERS
BSI PD5000
30
Audit Readiness
DOD Financial Improvement and Audit
Readiness (FIAR)
FIAR Plan priorities were established in August 2009 and require
the Components to first focus on improving processes, controls, and
systems supporting information most often used to manage the
Department. This is the starting point for achieving the goal of
obtaining auditable financial statements.
To achieve these objectives, the FIAR priorities are:
• Budgetary information
• Mission critical asset information
The program objective is full audit readiness by 2016.
31
Cost Savings Examples
• In 2010, Federal agencies spent nearly a half billion taxpayer
dollars on processing FOIA requests. Source: FOIA.gov.
• PortfolioStat could save or help the government avoid spending
$2.5 billion over the next three years. In the first year alone,
agencies saved or avoided spending $300 million.
• Cobell v. Salazar is a class-action lawsuit brought by Native
American representatives against two departments of the United
States government. The case was settled for $3.4 billion in 2009,
with $1.4 billion going to the plaintiffs and $2 billion allocated to
repurchase land and return it to communal tribal ownership.
• The Government Accountability Office said in January 2013 that it
could not complete an audit of the federal government, pointing to
serious problems with the Department of Defense.
32
BPM Example - Current Process Costs
33
Future Process Costs
Savings of $38,848.60 per transaction
34
A Proposed Blueprint
Basis For an Agency 5 Year Strategic Plan
1.
Perform a Complete Records Inventory
• Paper, Film, Digital
• Content Sources, Storage Locations, Systems of Record
• Develop volume counts, document all issues
2.
Constitute a Steering Committee
• Include top officials, including CFO, Legal, IT, Records Officers, FOIA,
Business Units
• Sign Off on Records Schedule, Strategic Plan, Funding
• Meet Quarterly
3.
Update your Records Retention Schedule
• Big Bucket, No More than 20 Record Series, 10 or less is optimal
35
A Proposed Blueprint
Basis For an Agency 5 Year Strategic Plan
4.
Create Collaboration Site for All Things Records
•
•
•
5.
Conduct Agency Wide Taxonomy Study
•
6.
Post events, policies, schedules, links to content, online
courses, FAQs, Progress Against Strategic Plan
Records Officer User Group to Meet Quarterly – include related
roles such as FOIA, Privacy, Security, Legal
Ongoing Training on Policies, Procedures, and Technology
Develop Standardized Search and Index Criteria
Move File Shares to Document Management System,
Place Under Version Control – Eliminate PST Files
36
A Proposed Blueprint
Basis For an Agency 5 Year Strategic Plan
7.
Document Your ECM/RM Enterprise Architecture
•
Enterprise Content/Records Repository, DoD 5015.2 STD
•
Enterprise Storage Architecture
•
Content Capture and Ingestion
•
E-Fax, E-Signature, E-Filing
•
Records Policy – Content Lifecycle Management
•
E-Discovery, FOIA, Full Text and Enterprise Search
•
E-Mail Classification, E-Mail Archive
•
IM, Social Media, Mobile
•
Disaster Recovery Infrastructure
•
Integrate with Existing Applications (ERP, HR, Case Management)
•
Integrate the ECM/RM EA with the Agency EA
37
A Proposed Blueprint
Basis For an Agency 5 Year Strategic Plan
8.
Digitize Paper Records
•
•
•
•
•
Scan Paper That is Frequently Accessed
Scan on Demand
Digital Copiers
Central Scan Centers
Outsource
38
A Proposed Blueprint
Basis For an Agency 5 Year Strategic Plan
9.
Implement Agency Wide Document/Records
Management System
9. Establish Central Repository
10. Basic Feature Set
11. Establish RM Policy
10.
Integrate with Existing Systems
•
•
•
•
E-Mail
ERP
Case Management
Migrate Data From Other ECM Systems
39
A Proposed Blueprint
Basis For an Agency 5 Year Strategic Plan
Add Advanced Features
11.
•
•
•
12.
13.
Workflow/BPM
E-Discovery
Auto Classification
Ensure Funding for Ongoing Operations, Backfile
Scanning
Move Paper Based Processes to Constituent Self
Service Using Electronic Forms
40
Strategic Plan Timeline
41
Key Take-Aways
 Get started with your ROUG and Steering Committee
 Involve the SAO
 Start your inventory if you have not already
 Start your taxonomy study if you not have already
 Modernize your records schedule
 Get funding by aligning your ECM solution requirements with agency IT
priorities – don't call it Records Management!






PortfolioStat
E-mail Management
Cloud First
Security
Audit
Lower Operations Cost
 Make your enterprise architecture drive deployment decisions
MARK MANDEL
[email protected]
703-347-5944

similar documents